AWS Solutions Architect Associate

Ace your homework & exams now with Quizwiz!

An IT company has a set of EC2 instances hosted in a VPC. They are hosted in a private subnet. These instances now need to access resources stored in an S3 bucket. The traffic should not traverse the internet. The addition of which of the following would help to fulfill this requirement? A. VPC B. NAT instance C. NAT Gateway D. Internet Gateway

A

An IT firm is using AWS cloud infrastructure for its three-tier web application. They are using memory optimized EC2 instances for application hosting and SQL based database servers deployed in multi-az with auto-failover. Recently there are observing heavy loads on database servers and this is impacting user data lookup from application servers resulting in slow access. As an AWS consultant, they are looking for guidance to resolve the issue. Which of the following will provide a faster scalabl

A

An organization is planning to use AWS for its production roll-out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3, and set up the ELB. Which AWS service would meet these requirements for making an orderly deployment of the software? A. AWS elastic Beanstalk B. AWS CloudFront C. AWS CloudFormation D. AWS DevOps

A

Currently, you have a set of Lambda functions which have business logic embedded in them. You want customers to have the ability to call these functions via HTTPS. How could this be achieved? A. Use the API Gateway and provide integration with the AWS Lambda functions B. Enable HTTP access on the AWS Lambda functions C. Add EC2 instances with an API server installed. Integrate the server with AWS Lambda functions D. Use S3 websites to make calls to the Lambd function

A

Developer Team is working on a new mobile game which will be using Amazon DynamoDB for storing player details. Team is unsure of the success of this game but need to make sure it will meet demand for any number of concurrent players. During the initial creation of the table, they are planning to create a local secondary index to create a top ten players scores dashboard. also, a global secondary index is created to create a separate top 10 players per country. IT Head is concerned about the perf

A

Instances in your private subnet hosted in AWS, need access to important documents in S3. Due to the confidential nature of these documents you have to ensure that the traffic does not traverse through the internet. As an architect, how would you implement this solution? A. consider using a VPC endpoint B. consider using an EC2 endpoint C. Move the instances to a public subnet D. Create a VPN connection and access the S3 resources from the EC2 instance

A

The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement? A. AWS KMS (Key Management Service) API B. AWS Certificate Manager C. API Gateway with STS D. IAM Access Key

A

Third-party sign-in (Federation) has been implemented in your web application allow users who need access to AWS resources. Users have been successfully logging in using Google, Facebook, and other third-party credentials. Suddenly, their access to some AWS resources has been restricted. What is the most likely cause of the restricted use of AWS resources? A. IAM policies for resources were changed, thereby restricting access to AWS resources B. Federation protocols are used to authorize servi

A

What is the data processing engine behind Amazon Elastic MapReduce? A. Apache Hadoop B. Apache Hive C. Apache Pig D. Apache HBase

A

Which of the following use cases is well suited for Amazon RedShift? A. A 500TB data warehouse used for market analytics B. A NoSQL, unstructured database workload C. A high traffic, e-commerce web application D. An in-memory cache

A

You are deploying an application to track the GPS coordinates of delivery trucks in the United States. Coordinates are transmitted from each delivery truck once every 3 seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. Which service should you use to implement data ingestion? A. Amazon Kinesis B. AWS Data Pipeline C. Amazon AppStream D. Amazon Simple Queue Service

A

You are designing an architecture on AWS with disaster recovery in mind. Currently, the architecture consists of an ELB and underlying EC2 instances lie in a primary and secondary region. How could you establish a switchover in case of failure in the primary region? A. Use Route 53 Health Checks and then do a failover B. Use CloudWatch metrics to detect the failure and then do a failover C. Use scripts to scan CloudWatch logs to detect the failure and then do a failover D. Use CloudTrail to d

A

You are developing a mobile application for your company with DynamoDB as the back end and JavaScript as the front end. During application usage, you notice that there are spikes in the application especially in the DynamoDB write throughput. What would be the most cost-effective and scalable architecture for this application? A. Autoscale DynamoDB to meet the requirements B. Increase write capacity of DynamoDB tables to meet the peak loads C. Create a service that pulls SQS messages and writ

A

You are the architect for business intelligence application that reads data from a MySQL database on an EC2 instance. The application experiences a high number of read and write requests. Which Amazon EBS volume type can meet the performance requirements of this database? A. EBS Provisioned IOPS SSD B. EBS Throughput Optimized HDD C. EBS General Purpose SSD D. EBS Cold HDD

A

You are using Amazon RDS as a relational database for your web application in AWS. All your data stored in Amazon RDS is encrypted using AWS KMS. Encrypting this data is handled by a separate team of 4 users (User A,B,C&D) in Security Team. They have created 2 CMK's for encryption of data. During annual audit, there were concerns raised by Auditors for access to these CMK's for each user. Security Team has following IAM policy & Key policy set for AWS KMS. -CMK1 is created by AWS KMS API and ha

A

You are working as an AWS Administrator for a software firm that has a popular Web application hosted on EC2 instance in various regions. You are using AWS CloudHSM for offloading SSL/TLS processing from web servers. Since this is a critical application for the firm, you need to ensure that proper backups are performed for data in AWS CloudHSM on a daily basis. What does the AWS CloudHSM use to perform a secure and durable backup? A. Ephemeral backup key (EBK) is used to encrypt data and Persis

A

You are working as an AWS Architect for a Global IT firm. You need to set up a pilot blockchain project in the US East region using Amazon Managed Blockchain. You have created multiple nodes for this project to perform a secure transaction within the Blockchain network. Which of the following peer node will be used as Resource Endpoint to verify and complete transaction with other members? A. ResourceID.MemberID.NetworkID.managedblockchain.us-east-1.amazonaws.com:PortNumber B. NetworkID.MemberI

A

You are working as an AWS Architect for a global insurance firm. For the web application, you are using S3 buckets and have configured CloudFront to cache image files. For audit purposes, you have created a CloudTrail trail in each region and the events logs files are logged in S3 bucket in the us-west-1 region. There have been changes in CloudFront which have caused all traffic being routed the origin, resulting in increased latency for users in other continents. After scrutinizing CloudTrail l

A

You are working as an AWS Architect for a software company. You are working on a new project which involves an application, deployed on 20 C5 EC2 On-Demand instances with Elastic IP attached to each instance. During peak hours when you are initiating new instances, a considerable delay is observed. You perform a pilot test for the option of initiating these instances and hibernating so that during peak hours, these instances could be quickly launched. It works fine during a pilot phase and you a

A

You are working as an AWS Architect in a global financial firm. They provide daily consolidated reports to their clients for trades in stock markets. For large amount of data processing, they store daily trading transaction data in S3 buckets which triggers AWS Lambda function. This function submits a new AWS Batch job in job queue. These queues use compute resources having EC2 On Demand instance with Amazon ECS-optimized AMI having enough resources to complete the job. Due to large volumes of d

A

You are working as an AWS consultant for an E-commerce organization. the organization is planning to migrate to a managed database service using Amazon RDS. To avoid any business loss due to any deletion in the database, the management team is looking for a backup process which will restore Database at any specific time during the last month. Which action should be performed as a part of Amazon RDS Automated backup process? A. AWS performs storage volume snapshot of database instance during the

A

You are working for a Pharma firm. You are using S3 buckets to save a large amount of sensitive project document for new medicine research. You need to ensure all data at rest in these buckets is encrypted. All the keys need to be managed by the inhouse Security team. Which of the following can be used as a best practice to encrypt all data securely? A. Generate a data key using Customer managed CMK's. Encrypt data with data key and delete data keys. Store encrypted data keys and data in S3 buc

A

You are working for a financial institute using AWS cloud infrastructure. All project related data is uploaded to Amazon EFS. This data is retrieved from on-premises data center connecting to VPC via AWS Direct Connect. You need to ensure that all client access to EFS is encrypted using TLS 1.2 to adhere to latest security guidelines issues by security team. Which of the following is cost effective recommended practice for securing data in transit while accessing data from the Amazon EFS? A. Us

A

You are working in a financial company and you need to establish the network connections between on-premises data centers and AWS VPCs. The connectivity needs to be secure with IPsec connections. A predictable and high-performance network is also required over private lines. Which of the following methods would you select? A. AWS Direct Connect + VPN B. AWS Managed VPN C. AWS Direct Connect D. Software VPN

A

You have 2 AWS organizations. All the AWS accounts in Organization A need to be moved to Organization B. You have already moved all the member accounts and now you need to migrate the master account. Which of the following options should you choose? A. Delete Organization A and invite the master account to join Organization B B. Remove the master account from Organization A and send an invitation to the account to join Organization B C. Send an invitation to the master account. Accept the invi

A

You have a set of IIS Servers running on EC2 instances. You want to collect and process the log files generated from these IIS servers. Which service would be ideal to run in this scenario? A. Amazon S3 for storing the log files and Amazon EMR for processing the log files B. Amazon S3 for storing the log files and EC2 instances for processing the log files C. Amazon EC2 for storing and processing the log files D. Amazon DynamoDB to store the logs and EC2 for running custom log analysis scrip

A

You have a web application that processes customer orders. The front end application forwards the order messages to an SQS queue. The backend contains an Elastic Load Balancer and an Auto Scaling group. You want the ASG to auto scale depending on the queue size. Which of the following CloudWatch metrics would you choose to discover the SQS queue length? A. ApproximateNumberofMessagesVisible B. NumberofMessagesReceived C. Number of MessagesDeleted D. ApproximateNumberofMessagesNotVisible

A

You have an S3 bucket that receives photos uploaded by customers. When an object is uploaded, an event notification is sent to an SQS queue with the object details. You also have an ECS cluster that gets messages from the queue to do the batch processing. The queue size may change greatly depending on the number of incoming messages and backend processing speed. Which metric would you use to scale up/down the ECS cluster capacity? A. The number of messages in the SQS queue B. Memory usage of t

A

You have an application that will run on an Amazon EC2 instance. The application will make requests to Amazon S3 and Amazon Dynamo DB. Using best practices, what type of AWS IAM identity should you create for your application to access the identified services? A. IAM role B. IAM user C. IAM group D. IAM directory

A

You have been instructed by your supervisor to devise a disaster recovery model for the resources in the AWS account. The key requirement while devising the solution is to ensure that the cost is at a minimum. Which disaster recovery mechanism would you employ in such a scenario? A. Backup and Restore B. Pilot Light C. Warm standby D. Multi-Site

A

You have created an AWS Lambda function that will write data to a DynamoDB table. Which of the following must be in place to ensure that the Lambda function can interact with the DynamoDB table? A. Ensure an IAM Role is attached to the Lambda function which the required DynamoDB privileges B. Ensure an IAM user is attached to the Lambda which has the required DynamoDB privileges C. Ensure the Access Keys are embedded in the AWS Lambda function D. Ensure the IAM user password is embedded in t

A

You need a new S3 bucket to store objects using the write-once-read-many (WORM) model. After objects are saved in the bucket, they are not allowed to be deleted or overwritten for a fixed amount of time. Which option would you select to achieve this requirement? A. Enable the Amazon S3 object lock when creating the S3 bucket B. Enable versioning for the S3 bucket C. Modify the S3 bucket policy to only allow the read operation D. Enable the WORM model in the S3 Access Control List (ACL) confi

A

You need to ensure that new objects being upload to an S3 bucket are available in another region, due to the criticality of the data hosted in the S3 bucket. How could you achieve this in the easiest way possible? A. Enable Cross-REgion replication for the bucket B. Write a script to copy the objects to another bucket in the destination region C. Create a S3 snapshot in the destination region D. Enable versioning that will copy the objects to the destination region

A

You need to have a data storage layer in AWS. Following are the key requirements: a) Storage of JSON Documents b) Availability of indexes c) Automatic scaling What would be an ideal storage layer for the above requirements? A. AWS DynamoDB B. AWS EBS Volumes C. AWS S3 D. AWS Glacier

A

You run an ad-supported photo sharing website using S3 to serve photos to visitors of your site. At some point, you find out that other sites have been linking to the photos on your site, causing loss to your business. What would be an effective method to mitigate this? A. Remove public read access and use signed URLs with expiry dates B. Use CloudFront distributions for static content C. Block the IPs of the offending websites in Security Groups D. Store photos on an EBS Volume of the web s

A

You want to use AWS to host your own website with a unique domain name that uses the format www. example.com. How would you achieve this? A. Register a domain with Route53 and use it to route requests to your website B. Create an auto-scaling group of EC2 instances and manage the web hosting on these instances C. Create one large EC2 instance to host the website and replicate it in every region D. Create a Content Delivery Network (CDN) to deliver your images and files

A

You work as an architect for a company. An application is going to be deployed on a set of EC2 instances in a VPC. The instances will be hosting a web application. You need to design the security group to ensure that users have the ability to connect from the internet via HTTPS. Which of the following needs to be configured for the security group? A. Allow inbound access on port 443 for 0.0.0.0/0 B. Allow outbound access on port 443 for 0.0.0.0/0 C. Allow inbound access on port 80 for 0.0.0.0/0

A

Your app uses AWS Cognito Identity for authentication and stores user profiles in a User Pool. To expand the availability and ease of signing in to the app, your team is requesting advice on allowing the use of OpenID Connect (OIDC) identity providers as additional means of authenticating users and saving the user profile information. What is your recommendation on OIDC identity providers? A. This is support, along with social and SAML based identity providers B. This is not supported, only so

A

Your application has 2 tiers in AWS: the frontend layer and the backend layer. The frontend includes an Auto Scaling group deployed in a public subnet. The backend Auto Scaling group is located in another private subnet. The backend instances should only allow the incoming traffic from the frontend ASG through a custom port. For the backend security group, how would you configure the source in its inbound rule? A. Configure the fronted security group ID as the source B. Configure the public su

A

Your company authenticate users in a very disconnected network requiring each user to have several username/password combinations for different applications. You have been assigned a task of consolidating and migrating services to the cloud and reducing the number of usernames and passwords, employees need to use. what would you recommend? A. AWS Directory Service allows users to sign in with their existing corporate credentials-reducing the need for additional credentials B. Create 2 active d

A

Your company currently has a set of virtual servers that need to be migrated to the AWS Cloud. These instances are normally 70% utilized and used throughout most of the year. As a solutions architect, which of the following instance pricing model would you suggest? A. Reserved Instances B. On-Demand instances C. Spot instances D. Regular instances

A

Your company has a requirement to host an application in AWS that requires access to a NoSQL database. But there are no human resources available who can take care of the database infrastructure. In addition to this, the database should have the capability to scale automatically based on demand and also have high availability. Which of the following databases would you use for this purpose? A. DynamoDB B. ElasticMap Reduce C. Amazon RDS D. Amazon Aurora

A

Your company has a set of EC2 instances hosted on the AWS cloud. As an architect, you have been told to ensure that if the status of any of the instances is related to failure, then the instances should restart automatically. How can you achieve this in the most efficient way possible? A. Create CloudWatch alarms that stop and start the instance based off of status check alarms B. Write a script that queries the EC2 API for each instance status check C. Write a script that periodically shuts

A

Your company has an application that takes care of uploading, processing, and publishing videos, posted by users. The current architecture for this application includes the following: a) a set of EC2 instances to transfer user-uploaded videos to S3 buckets b) a set of EC2 worker processes to process and publish the videos c) An auto scaling group for the EC2 worker processes Which of the following can be added to the architecture to make it more reliable? A. Amazon SQS B. Amazon SNS C. Amazo

A

Your company has migrated their production environment into AWS VPC 6 months ago. As a cloud architect, you are required to revise the infrastructure and ensure that it is cost-effective in the long term. There are more than 50 EC2 instances that are up and running all the time to support the business operation. what can you do to lower the cost? A. Reserved instances B. On-Demand instances C. Spot instances D. Regular instances

A

Your company is planning on hosting its development, test and production applications on EC2 instances in AWS. The team is worried about how access control would be given to relevant IT admins for each of the above environments. As an architect, what would you suggest to manage the relevant accesses? A. Add tags to the instances marking each environment and then segregate access using IAM policies B. Add Userdata to the underlying instances to mark each environment C. Add metadata to underlyin

A

Your company is planning on migrating code written in C# from their on-premises infrastructure onto AWS. They want to ensure to limit the amount of maintenance that would be required for the underlying infrastructure. Which of the following would they choose for hosting the code base? A. AWS Lambda B. AWS EC2 C. AWS ECS D. AWS SQS

A

Your company is planning to use Route 53 as the DNS provider. There is a need to ensure that the company's domain name points to an existing CloudFront distribution. How could this be achieved? A. Create an Alias record which points to the CloudFront distribution B. Create a host record which points to the CloudFront distribution C. Create a CNAME record which points to the CloudFront distribution D. Create a Non-Alias record which points to the CloudFront distribution

A

Your company is planning to use the API Gateway service to manage APIs for developers and users. There is a requirement to segregate access right for both developers and users. How could this be accomplished? A. Use IAM permissions to control the access B. Use AWS access keys to manage the access C. Use AWS KMS service to manage the access D. Use AWS Config service to control the access

A

Your company is running a photo sharing website. Currently all the photos are stored in S3. At some point the company finds out that other sites have been linking to the photos on your site, causing loss to your business. You need to implement a solution for the company to mitigate this issue. Which of the following would you look at implementing? A. Remove public read access and use signed URLs with expiry dates B. Use CloudFront distributions for static content C. Block the IPs of the offen

A

Your company stores a big amount of archive data in expensive on-premises storage systems. You need to move the data to low cost storage such as Amazon S3 Glacier. Which of the following tools is the most suitable to simplify and automate the data transfer from on-premises to S3 Glacier? A. AWS DataSync B. Server Migration Service C. Database Migration Service D. Direct Connect

A

Your company uses KMS to fully manage the master keys and performing encryption and decryption operations on your data and in your applications. As an additional level of security, you now recommend AWS rotate your keys. What would happen after enabling this additional feature? A. Nothing needs to be done. KMS will manage all encrypt/decrypt actions using the appropriate keys B. Your company must instruct KMS to re-encrypt all data in all services each time a new key is created C. You have 30

A

Your company uses an S3 bucket to store data for an application. Sometimes the team also downloads the S3 files for further analysis. As the data is very important, you need to protect against accidental deletions initiated by someone or an application. Which of the following options is appropriate? A. Enable the versioning feature in the S3 bucket B. Modify the S3 bucket to be read-only C. Use an S3 Lifecycle policy to transfer objects to a lower cost storage D. Enable the Server-Side Encryp

A

Your company wants to enable encryption of services such as S3 and EBS volumes so that the data it maintains is encrypted at rest. They want to have complete control over the keys (including hardware) and the entire lifecycle around the keys. How can you accomplish this? A. Use the AWS CloudHSM B. Use the KMS service C. Enable S3 server side encryption D. Enable EBS Encryption with the default KMS keys

A

Your development team wants to use EC2 instances to host their application and web servers. In the automation space, they want the instances to always download the latest version of the web and application servers when they are launched. As an architect, what would you recommend for this scenario? A. Asks the Development team to create scripts which can be added to the User Data section when the instance is launched B. Ask the Development team to create scripts which can be added to the Meta D

A

Your supervisor asks you to create a decoupled application whose process includes dependencies on EC2 instances where you would be using Polling Strategy to trigger messages once the defined criteria are fulfilled. Which of the following would you include in the architecture? A. An SQS queue as the messaging component between the instances and servers B. An SNS topic as the messaging component between the instances and servers C. An elastic load balancer to distribute requests to your EC2 inst

A

Your team has developed an application and now needs to deploy that application onto an EC2 instance. This application interacts with a DynamoDB table. Which of the following is the correct and MOST SECURE to ensure that the application interacts with DynamoDB table? A. Create a role which has the necessary permissions and can be assumed by the EC2 instance B. Use the API credentials from an EC2 instance. Ensure the environment variables are updated with the API access keys C. Use the API cre

A

A concern raised in your company is that developers could potentially delete production-based EC2 resources. As a cloud admin, what would you do to help alleviate this concern? (Choose 2) A. Tag the production instances with production-identifying tag and add resource-level permissions to the developers with an explicit deny on the terminate API call to instances with the production tag B. Create a separate AWS account and move the developers to that account C. Modify the IAM policy on the pro

A,B

Amazon CloudWatch offers which types of monitoring plans (Choose 2) A. Basic B. Detailed C. Diagnostic D. Precognitive E. Retroactive

A,B

You are designing the application architecture for a company. the architecture is going to consist of a web tier that will be hosted on EC2 instances placed behind an Elastic Load Balancer. Which of the following would be considered as the basic requirements for the components of the application architecture? Choose 2. A. Determine the required I/O operations B. Determine the minimum memory requirements for an application C. Determining where the traffic has to be routed D. Determining what

A,B

You have an application hosted on AWS consisting of EC2 instances launched via an Auto Scaling group. You notice that the EC2 instances are not scaling on demand. Which checks should be done to ensure that the scaling occurs as expected? (Select 2) A. Ensure that the right metrics are being used to trigger the scale-out B. Check your scaling policies to see whether more than one policy is triggered by an event C. Ensure that AutoScaling Health checks are being used D. Ensure that you are usi

A,B

You have the following architecture deployed in AWS: a) set of EC2 instances which set behind an ELB b) a database hosted in amazon RDS Of late, the performance on the database has been slacking due to a high number of read requests. Which of the following can be added to the architecture to alleviate the performance issue?(select 2) A. Add read replica to the primary database to offload read traffic B. Use ElastiCache in front of the database C. Use AWS cloudFront in front of the database

A,B

Your company currently has a set of EC2 instances hosted in AWS. The states of these instances need to be monitored and each state needs to be changed when a metric breaches a threshold value. Which step could be helpful to fulfill this requirement? (Choose 2) A. Use CloudWatch logs to store the state change of the instances B. Create an Amazon CloudWatch alarm that monitors an Amazon EC2 instance C. Use SQS to trigger a record to be added to a DynamoDB table D. Use AWS Lambda to store a chan

A,B

Your company has a set of VPC's. There is now a requirement to establish communication across the instances in the VPC's .Your supervisor has asked you to implement the VPC peering connection. Which of the following considerations would you keep in mind for VPC peering. (Choose 2) A. Ensuring that the VPC's don't have overlapping CIDR blocks B. Ensuring that no on-premises communication is required via transitive routing C. Ensuring that the VPC's only have public subnets for communication D

A,B

What administrative tasks are handled by AWS for Amazon Relational Database Service (RDS) databases? (Choose 3) A. Regular backups of the database B. Deploying virtual infrastructure C. Deploying the schema (for example, tables and stored procedures) D. Patching the operating system and database software E. Setting up non-admin database accounts and privileges

A,B, D

A company wants to build a brand new application on the AWS Cloud. They want to ensure that this application follows the Microservices architecture. Which of the following services can be used to build this type of architecture (select 3) A. AWS Lambda B. AWS ECS C. AWS API Gateway D. AWS Config

A,B,C

An IT company wants to secure their resources in their AWS Account. Which of the following options would secure data at rest and in transit in AWS? (Choose 3) A. Encrypt all EBS volumes attached to EC2 instances B. Use server-side encryption for S3 C. Use SSL/HTTPS when using the elastic load balancer D. Use IOPS volumes when working with EBS volumes on EC2 instances

A,B,C

Which of the following are true about the AWS shared responsibility model? (Choose 3) A. AWS is responsible for all infrastructure components (AWS Cloud Services) that support customer deployments B. The customer is responsible for the components from the guest operating system upward (including updates, security patches, and antivirus software) C. The customer may rely on AWS to manage the security of their workloads deployed on AWS D. While AWS manages security of the cloud, security in the

A,B,D

You are planning on hosting a static website on EC2 instances. You need to ensure that environment is highly available and scalable to meet demand. Which of the below aspects can be used to create a highly available environment. (Choose 3) A. Auto Scaling group B. Elastic Load Balancer C. SQS Queue D .Multiple Availability Zones

A,B,D

You are responsible for deploying a critical application to AWS. It is required to ensure that the controls set for this application meet PCI compliance. Also, there is a need to monitor web application logs to identify any malicious activity. Which of the following services could be used to fulfill this requirement? A. Amazon CloudWatch Logs B. Amazon VPC Flow Logs C. Amazon Trusted Advisor D. Amazon Cloudtrail

A,B,D

Your company is hosting an application in AWS. The application is read intensive and consists of a set of web servers and AWS RDS. It has been noticed that the response time of the application increases due to the load on the AWS RDS instance. Which of the following measures can be taken to scale the data tier? (Choose 3) A. Create Amazon DB Read Replicas. configure the application layer to query the Read Replicas for query needs B .Use Auto Scaling to scale out and scale in the database tier

A,B,D

You are working with an educational website that provides online content for professional exams using word press. You have recently added amazon polly plugins to the website to provide students audio recordings for exam contents. You are getting customer feedback on the speech rate being too fast and continuous. What changes would you make in your content to resolve this? (Choose 3) A. add a pause using SSML tag between appropriate words and paragraphs B. convert commas in content into the per

A,B,E

A company has an application hosted in AWS. This application consists of EC2 instances that sit behind an ELB. The following are the requirements from an administrative perspective: a. Must be able to collect and analyze logs with regard to ELB's performance b. Ensure that notifications are sent when the latency goes beyond 10 seconds. What should be used to achieve this requirement? (Choose 2) A. Use CloudWatch for monitoring B. Enable VPC flow logs and then investigate the logs whenever th

A,C

A company has set up some EC2 instances in a VPC with the default Security group and NACL settings. They want to ensure that the IT admin staff can connect to the EC2 instance via SSH. As an architect what would you ask the IT admin team to do to ensure that they can connect to the EC2 instance from the internet? Choose 2. A. Ensure that the instance has a public or elastic IP B. Ensure that the instance has a private IP C. Ensure to modify the security group s D. Ensure to modify the NACL ru

A,C

A company is planning to build a 2-tier architecture with web server and a database server with separate environments for development and testing. The architecture will be hosted on EC2 instances accordingly, and database server would require less than 16,000 IOPS per volume. Which of the following EBS volumes are optimum for the underlying EC2 instances? A. General Purpose SSD for the web server B. Provisioned IOPS for the web server C. General Purpose SSD for the database server D. Provision

A,C

A company stores its log data in an S3 bucket. There is a current need to have search capabilities available for the data in S3. What could be helpful to achieve this in an efficient manner? (Choose 2) A. Use Amazon Athena to query the S3 bucket B. Create a Lifecycle Policy for the S3 bucket C. Load the data into Amazon Elasticsearch D. Load the data into Amazon S3 Glacier

A,C

An application currently allows users to upload files into an S3 bucket. You want to ensure that the file name for each uploaded file is stored in a DynamoDB table. How could this be achieved? (Select 2) A. Create an AWS Lambda function to insert the required entry for each uploaded file B. Use AWS CloudWatch to probe for any S3 event C. Add an event in S3 with notification send to Lambda D. Add the CloudWatch event to the DynamoDB table streams section

A,C

You are using a c5.large EC2 instance with one 300GB EBS General purpose SSD volume to host a relational database. You noticed that the read/write capacity of the database need to be increased. Which of the following approaches can help achieve this? Choose 2. A. Use a larger EC2 instance type B. Enable Multi-AZ feature for the database C. Consider using Provisioned IOPS volumes D. Put the database behind an Elastic Load Balancer

A,C

You are working for a construction firm that is using Amazon WorkDocs for sharing project planning document with third party external contract teams. Last week there was an incident where a sensitive document was shared by a user that leaked financial information to external third-party users. Security team revoked access for all users and only nominated users should be allowed to grant access to use WorkDocs or share links with third-party users. How could this be achieved? (Choose 2) A. For ex

A,C

You want to host a static website on AWS. As a solutions architect, you have been given a task to establish a serverless architecture for the webiste. Which of the following could be included in the proposed architecture? (Select 2) A. Use DynamoDB to store data in tables B. Use EC2 to host data on EBS volumes C. Use the simple Storage service to store data D. Use AWS RDS to store data

A,C

Your company currently has a web distribution hosted using the AWS CloudFront service. The IT security department has confirmed that the application using this web distribution now falls under the scope of PCI compliance. what are the possible ways to meet the requirements? (choose 2) A. Enable CloudFront access logs B. enable cache in cloudfront C. Capture requests that are sent to CloudFront API D. Enable VPC Flow Logs

A,C

Your company stores a large set of files in Amazon S3. They need to ensure that if any new files are added to an S3 bucket, an event notification would be sent to the IT admin staff. Which of the following could be used to fulfill this requirement? Choose 2. A. Create an SNS topic B. Create an SQS queue C. Add an event notification to the S3 bucket D. Add an event notification to the S3 object

A,C

A media firm has a global presence for its sports programming and broadcasting network which uses AWS infrastructure. They have multiple AWS accounts created based upon verticals and to manage these accounts they have created AWS organizations. Recently this firm is acquired by another media firm which is also using AWS Infrastructure for media streaming services. Both these firms need to merge AWS Organizations to have new policies created and enforce in all the member AWS accounts of merged en

A,C,D

Your development team has created a web application in a subnet that needs to be tested. you need to advice the IT admin team on how they should configure the VPC to ensure the application can be accessed from the internet. Which of the following components would be part of the design? (Choose 3) A. An Internet Gateway attached to the VPC B. A NAT Gateway attached to the VPC C. Custom route table entry added for the internet gateway D. All instances launched with a public IP

A,C,D

A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. Each division has its own AWS account and there is a need to ensure that the security policies are kept in place at the Account Level. How can you achieve this? (Choose 2) A. Use AWS organizations B. Club all divisions under a single account instead C. Use IAM Policies to segregate access D. Use Service control policies

A,D

A retailer exports data daily from its transactional databases into an S3 bucket in the Sydney region. The retailer's Data Warehousing team wants to import this data into an existing Amazon Redshift cluster in their VPC at Sydney. Corporate security policy mandates that data can only be transported within a VPC. Which steps would satisfy the security policy? (Choose 2) A. Enable Amazon Redshift Enhanced VPC Routing B. Create a Cluster Security Group to allow the Amazon Redshift cluster to acces

A,D

For which of the following scenarios should a Solutions Architect consider using ElasticBeanStalk? A. A web application using Amazon RDS B. An Enterprise Data Warehouse C. A long-running worker process D. Capacity provisioning and load balancing of website E. A management task run once on nightly basis

A,D

You are designing the following application in AWS. Users will use the application to upload videos and images. The files will then be picked up by a worker process for further processing. Which of the below services should be used in the design of the application? (Choose 2) A. AWS S3 for storing the videos and images B. AWS Glacier for storing the videos and images C. AWS SNS for distributed processing of messages by the worker process D. AWS SQS for distributed process of messages by the w

A,D

You have a requirement to host a web based application. You need to enable high availability for the application, so you create an Elastic Load Balancer and place the EC2 instances behind the Elastic Load Balancer. You need to ensure that users only access the application via the DNS name of the load balancer. How would you design the network part of the application? (Choose 2) A. Create 2 public subnets for the Elastic Load Balancer B. Create 2 private subnets for the Elastic Load Balancer C. C

A,D

Your company currently has a set of EC2 instances running a web application which sits behind an Elastic Load Balancer. You also have an Amazon RDS instance which is accessible from the web application. You have been asked to ensure that this architecture is self-healing in nature. What would fulfill this requirement? (Choose 2) A. Use CloudWatch metrics to check the utilization of the web layer. Use Auto Scaling group to scale the web instances accordingly based on the CloudWatch metrics B. Us

A,D

Your company is planning on deploying an application which will consist of a web and database tier. The database tier should not be accessible from the internet. How would you design the networking part of the application? (Choose 2) A. A public subnet for the web tier B. A private subnet for the web tier C. A public subnet for the database tier D. A private subnet for the database tier

A,D

If you launch five Amazon EC2 instances in an Amazon VPC without specifying a security group, the instances will be launched into a default security group that provides which of the following? (Choose 3) A. The five Amazon EC2 instances can communicate with each other B. The five Amazon EC2 instances can't communicate with each other C. All inbound traffic will be allowed to the 5 Amazon EC2 instances D. No inbound traffic will be allowed to the 5 Amazon EC2 instances E. All outbound traffic wi

A,D,E

You are performing a Load Testing exercise on your application that is hosted on AWS. while testing your Amazon RDS MySQL DB instance, you notice that your application becomes non-responsive when you reach 100% CPU utilization. Your application is read-heavy. Which methods would help scale your data-tier to meet the application's needs? (Choose 3) A. Add Amazon RDS DB Read Replicas and have your application direct read queries to them B. Add your Amazon RDS DB instance to Storage Auto Scaling,

A,D,E

A company has a Redshift cluster defined in AWS. The IT Operations team have ensured that both automated and manual snapshots are in place. Since the cluster is going to be run for a couple of years, Reserved Instances have been purchased. There has been a recent concern on the cost, being incurrent by the cluster. Which step should be carried out to minimize the costs being incurred by the cluster? A. Delete the manual snapshots B. Set the retention period of the automated snapshots to 35 days

A

A company has a lot of data hosted on their on-premises infrastructure. Running out of storage space, the company wants a quick win solution using AWS. Which of the following would allow easy extension of their data infrastructure to AWS? A. The company could start using Gateway Cached Volumes B. The company could start using Gateway Stored Volumes C. the company could start using the DEEP_ARCHIVE storage class D. the company could start using Amazon Glacier

A

A company has a requirement for block level storage that should be able to store 800GB of data. Also, encryption of the data is required. What can be used in this case? A. AWS EBS volumes B. AWS S3 C. AWS Glacier D. AWS EFS

A

A company is building a two-tier web application to serve dynamic transaction-based content. Which services would you leverage to enable an elastic and scalable Web Tier? A. Elastic Load Balancing, Amazon EC2, and Auto Scaling B. Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3 C. Amazon RDS with Multi-AZ and Auto Scaling D. Amazon EC2, Amazon DynamoDB, and Amazon S3

A

A company is planning to run a number of admin-related scripts using the AWS Lambda service. There is a need to detect errors that occur while these scripts run. How could this be accomplished in the most effective manner? A. Use cloudwatch metrics and logs to detect the errors B. Use cloudtrail to monitor the errors C. Use the AWS Config service to monitor the errors D. Use the AWS Inspector service to monitor the errors

A

A company is planning to use the AWS ECS service to work with containers in "us-east-1" region. There is a need for the least amount of administrative overhead while launching containers. How could this be achieved? A. Use the Fargate launch type in AWS ECS B. Use the EC2 launch type in AWS ECS C. Use the Auto Scaling launch type in AWS ECS D. Use the ELB launch type in AWS ECS

A

A company requires an open-source system for automating the deployment, scaling, and management of containerized applications. Which of the following would be ideal for such a requirement? A. Use the Amazon Elastic Container Service for Kubernetes B. Install a custom orchestration tool on EC2 instances C. Use SQS to orchestrate the messages between docker containers D. Use AWS Lambda functions to embed the logic for container orchestration

A

A company wants to host a selection of MongoDB instances. They are expecting a high load and want to achieve high performance. As an architect, you need to ensure that the right storage is used to host the MongoDB database. Which of the following would you incorporate as the underlying storage layer? A. Provisioned IOPS B. General Purpose SSD C. Throughput Optimized HDD D. Cold HDD

A

A customer has a single 3 TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. the customer is becoming increasingly constrained with their storage and wants to utilize the cloud to store the data, but the customer is concerned about latency while trying to access most frequent data from the cloud. Which AWS Storage Gateway configuration would meet the customer

A

A customer wants to import the existing virtual machines to the cloud. Which service should they use for this purpose? A. VM Import/Export B. AWS Import/Export C. AWS Storage Gateway D. DB Migration Service

A

A financial firm is developing a new web application which has static informational content as well as dynamic functional content with server-side scripting. They are expecting heavy traffic for this application on launching which they are planning to launch using AWS Cloud Infrastructure. Application Data should be seamlessly saved in AWS to meet growing demands without any further manual interactions. Which of the following solutions can be used in case there are no budget constraints? A. Use

A

A large medical institute is using a legacy database for saving all its patient details. Due to compatibility issues with the latest software they are planning to migrate this database to AWS cloud infrastructure. This large size database will be using a NoSQL database Amazon DynamoDB in AWS. As an AWS Consultant you need to ensure that all tables of the current legacy database are migrated without a glitch to Amazon DynamoDB. Which of the following is the most cost-effective way of transferring

A

A legal consultant firm is using version enabled S3 buckets to save all its legal documents. To avoid any deletion/modification of these documents, they have locked these files with a retention period of 6 months. In some of the cases, these legal documents are getting updated with new information that the firm requires to set a different retention period than the original object. Which of the following actions will meet this requirement with the least efforts? A. Create another version with th

A

A security audit discovers that one of your RDS MySQL instances is not encrypted. The instance has a Read Replica in the same AWS region which is also not encrypted. You need to fix this issue as soon as possible. What is the proper way to add encryption to the instance and its replica? A. Copy a DB snapshot and encrypt the snapshot. Restore a new DB instance from the encrypted snapshot and add a Read Replica B. Encrypt the DB instance. Launch a new Read Replica and the replica is encrypted au

A

A start-up firm has created a cloud storage application which gives users the ability to store any amount of personal data and share with their contacts. For this, they are using Amazon S3 buckets to store user data. During the last quarter, the costing team has observed a surge in storage cost for S3 bucket. Further checking observed that there are many 100 GB files which are uploaded by users and are in partially completed state. AS an AWS consultant, the IT team is requesting you for deleting

A

An EC2 instance hosts a Java-based application that accesses a DynamoDB table. This EC2 instance is currently serving production users. What would be a secure way for the EC2 instance to access the DynamoDB table? A. Use IAM roles with permissions to interact with DynamoDB and assign it to the EC2 instance B. Use KMS keys with the right permissions to interact with DynamoDB and assign it to the EC2 instance C. Use IAM Access Keys with the right permissions to interact with DynamoDB and assign

A

A company has set up its data layer in the Simple Storage Service. There are a number of requests which include read/write and updates to objects in an S3 bucket. Users sometimes complain that updates to an object are not being reflected. What could be the most likely reason for this? A. Versioning is not enabled for the bucket, so the newer version does not reflect the right data B. Updates made to the objects usually take sometime to reflect C. Encryption is enabled for the bucket, hence it

B

A company is currently utilizing RedShift cluster as their production warehouse. As a cloud architect, you are tasked to ensure that the disaster recovery is in place. Which would be the bets option in addressing this issue? A. Take a copy of the underlying EBS volumes to S3 and then do Cross-Region Replication B. Enable Cross-Region Snapshots for the Redshift Cluster C. Create a CloudFormation template to restore the Cluster in another region D. Enable Cross Availability Zone Snapshots for t

B

A company is hosting their website on a cluster of web servers that are behind a public-facing load balancer. The web application interacts with an AWS RDS database. It has been noticed that a set of similar types of queries is causing a performance bottleneck at the database layer. Which of the following architecture additions can help alleviate this issue? A. Deploy ElastiCache in front of the web servers B. Deploy ElastiCache in front of the database servers C. Deploy Elastic Load Balancer

B

A company is hosting their website on a cluster of web servers that are behind a public-facing load balancer. The web application interfaces with an AWS RDS database. The management has specified that the database needs to be available in case of a hardware failure on the primary database. The secondary needs to be made available in the least amount of time. Which of the following would you opt for? A. Made a snapshot of the database B. Enabled Multi-AZ failover C. Increased the database insta

B

A company is planning on setting up a web-based application. They need to ensure that users across the world have the ability to view the pages from the web site with the least amount of latency. How can you accomplish this? A. Use Rt. 53 with latency-based routing B. Place a cloudfront distribution in front of the web application C. Place an Elastic Load balancer in front of the web application D. Place an Elasti CAche in front of the web application

B

A Singapore based large Architect firm is using Amazon S3 bucket to save all architecture drawings. This firm works globally and multiple accounts are created within the Singapore region as well in other regions to access AWS resources. Users in all these accounts access the Amazon S3 bucket for architectural drawings. AWS Organization is created for accounts in the Singapore region. Central IT teams are managing access to S3 buckets using Service Control Policies with AWS Organization. While ap

B

A Solutions Architect is designing a highly scalable system to track records. These records must remain available for immediate download for up to three months and then must be deleted. What is the most appropriate decision for this use case? A. Store the files in Amazon EBS and create a Lifecycle Policy to remove files after 3 months B. Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months C. Store the files in Amazon Glacier and create a Lifecycle Policy

B

A company has a set of Hyper-V machines and VMware virtual machines. They are now planning to migrate these resources to the AWS Cloud. What should they use to move these resources to the AWS cloud? A. DB Migration utility B. AWS Server Migration Service C. Use AWS Migration Tools D. Use AWS Config Tools

B

A company has a set of VPC's defined in AWS. They need to connect this to their on-premises network. They need to ensure that all data is encrypted in transit. Which of the following would you use to connect the VPC's to the on-premises networks? A. VPC peering B. VPN connections C. AWS Direct Connect D. Placement groups

B

A company has a set of web servers. It is required to ensure that all the logs from these web servers can be analyzed in real-time for any sort of threat detection. What could be the right choice in this regard? A. Upload all the logs to the SQS Service and then use EC2 instances to scan the logs B. Upload the logs to Amazon Kinesis and then analyze the logs accordingly C. Upload the logs to CloudTrail and then analyze accordingly D. Upload the logs to Glacier and then analyze the logs accor

B

A company has an AWS account that contains 3 VPCs (Dev, Test, and Prod) in the same region. There is a requirement to ensure that instances in the Development and Test VPC's can access resources in the Production VPC for a limited amount of time. Which of the following would be ideal way to get this in place A. Create an AWS Direct Connect connection between the Development, Test VPC to the Production VPC B. Create a separate VPC peering connection from Development to Production and from Test

B

A company has an application that stores images and thumbnails on S3. The thumbnail needs to be available for download immediately. Additionally, both the images and thumbnails are not accessed frequently. What would be the cost-efficient storage option that meets the above-mentioned requirements? A. Amazon Glacier with Expedited Retrievals B. Amazon S3 Standard Infrequent Access C. Amazon EFS D. Amazon S3 Standard

B

A company has an entire infrastructure hosted on AWS. It requires to create code templates used to provision the same set of resources in another region in case of a disaster in the primary region. Which AWS service can be helpful in this regard? A. AWS Beanstalk B. AWS CloudFormation C. AWS CodeBuild D. AWS CodeDeploy

B

A company has been using AWS Cloud services for 6 months and have just finished a security review. Which of the following is considered a best practice in the security pillar of the well-architected framework? A. Using the root user to create all-new user accounts, at any time B. Monitoring and using alerts using CloudTrail and CloudWatch C. Assigning Private IP address ranges to VPCs that do not overlap D. Designing the system using elasticity to meet changes in demand

B

As a Solutions Architect for a multinational organization having more than 150,000 employees, management has decided to implement a real time analysis for their employees' time spent in offices across the globe. You are tasked to design an architecture that will receive the inputs from 10,000+ sensors with swipe machine sending in and out data across the globe, each sending 20KB data every 5 seconds in JSON format. The application will process and analyze the data and upload the results to dashb

B

Elastic Load Balancing allows you to distribute traffic across which of the following? A. Only within a single AZ B. Multiple AZ's within a region C. Multiple AZ's within and between regions D. Multiple AZ's within and between regions and on-premises virtualized instances running OpenStack

B

For a new application, you need to build up the logic tier and data storage tier in AWS. The whole architecture needs to be serverless so that designers can quickly deploy the application without the need to manage servers. Which of the following AWS services would you choose? A. Logic tier: "Amazon Cognito + Lambda". Data storage tier: "Amazon RDS" B. Logic tier: "API Gateway + Lambda". Data Storage tier: "Amazon DynamoDB" C. Logic tier: "API Gateway + Lambda". Data Storage tier: "Amazon Red

B

How is data stored in Amazon S3 for high durability? A. Data is automatically replicated to other regions? B. Data is automatically replicated to different AZ's within a region C. Data is replicated only if versioning is enabled on the bucket D. Data is automatically backed up on tape and restored if needed

B

It is expected that only certain specified customers can upload images to the S3 bucket for a certain period of time. What would you suggest as an architect to fulfill this requirement? A. Create a secondary S3 bucket. Then, use an AWS Lambda to sync the contents to the primary bucket B. Use pre-signed URLs for uploading the images C. Use ECS Containers to upload the images D. Upload the images to SQS and then push them to the S3 bucket

B

A company is planning on storing their files from their on-premises location onto the simple Storage service. After a period of 3 months, they want to archive the files, since they would be rarely used. which of the following would be the right way to service this requirement? A. Use an EC2 instance with EBS volumes. After a period of 3 months, keep on taking snapshots of the data B. Store the data on S3 and then use Lifecycle policies to transfer the data to Amazon Glacier C. Store the data o

B

A company is planning on testing a large set of IoT enabled devices. These devices will be streaming data every second. A proper service needs to be chosen in AWS which could be used to collect and analyze these streams in real-time. Which AWS service would be the most appropriate for this purpose. A. Use AWS EMR to store and process the streams B. Use AWS Kinesis to process and analyze the data C. Use AWS SQS to store the data D. Use SNS to store the data

B

A company is planning to build an application using the services available on AWS. This application will be stateless in nature, and the service must have the ability to scale according to the demand. Which compute service should be used in this scenario? A. AWS DynamoDB B. AWS Lambda C. AWS S3 D. AWS SQS

B

Videos are uploaded to an S3 bucket, and you need to provide access to users to view the same. What is the best way to do so, while maintaining a good user experience for all users regardless of the region in which they are located? A. Enable cross-region replication for the S3 bucket to all regions B. Use CloudFront with the S3 bucket as the source C. Use API Gateway with S3 bucket as the source D. Use AWS Lambda functions to deliver the content to users

B

A company is running 3 production web server reserved EC2 instances with EBS-backed root volumes. These instances have a consistent CPU load of 80% traffic is being distributed to these instances by an Elastic Load Balancer. They also have production and development Multi-AZ RDS MySQL databases. What recommendation would you make to reduce cost in this environment without affecting the availability of mission-critical systems? A. Consider using on-demand instances instead of reserved EC2 instan

B

A company plan to use SQS queues and AWS Lambda to leverage the serverless aspects of the AWS Cloud. Each invocation to AWS Lambda will send a message to an SQS queue. What should be done to achieve this? A. The queue must be a FIFO queue B. An IAM Role must have the required permissions C. The code for Lambda must be written in C# D. An IAM Group must ahve the required permissions

B

A company requires to deploy an existing Java-based application to AWS. Which of the following should be used to fulfill this requirement in the quickest way possible? A. Deploy to an S3 bucket and enable website hosting B. Use the Elastic Beanstalk service to provision the environment C. Use EC2 with Auto Scaling for the environment D. Use AMIs to build EC2 instances for deployment

B

A company requires to use the AWS RDS service to host a MySQL database. This database is going to be used for production purposes and is expected to experience a high number of read/write activities. Which EBS Volume type would be ideal for this database? A. General Purpose SSD B. Provisioned IOPS SSD C. Throughput Optimized HDD D. Cold HDD

B

A company wants to have a fully managed data store in AWS. It should be a compatible MySQL database, which is an application requirement. Which AWS database engine could be used for this purpose? A. AWS RDS B. AWS Aurora C. AWS DynamoDB D. AWS RedShift

B

A company wants to implement a data store in AWS. The data store needs to have the following requirements 1) Completely managed by AWS 2) Ability to store JSON objects efficiently 3) Scale based on demand Which of the following would you use as the data store? A. AWS Redshift B. AWS DynamoDB C. AWS Aurora D. AWS Glacier

B

A company with a set of Admin jobs (.NET core) currently set up in the C# programming language, is moving its infrastructure to AWS. What would be an efficient mean of hosting the Admin related jobs in AWS? A. Use AWS DynamoDB to store the jobs and then run them on demand B. Use AWS lambda functions with C# for the admin jobs C. Use AWS S3 to store the job and then run them on demand D. Use AWS Config functions with C# for the Admin jobs

B

A consulting firm repeatedly builds large architectures for their customers using AWS resources from several AWS services including IAM, Amazon EC2, Amazon RDS, DynamoDB, and Amazon VPC. The consultants have architecture diagrams for each of their architectures and are frustrated that they can't use them to automatically create their resources. Which service should provide immediate benefits to the organization? A. AWS Beanstalk B. AWS Cloudformation C. AWS CodeBuild D. AWS CodeDeploy

B

A famous mobile brand is launching its much-awaited mobile phone on Christmas weekend. The IT team managing their website is expecting a huge surge in traffic. Web applications are deployed in multiple regions. They want to prioritize their Platinum customers in us-east-1 over new global customers to give them preferential treatment for selection of various models of new mobile. The IT team wants infrastructure to handle huge amounts of traffic without any impact on latency to global users. Whic

B

What is the primary use case of Amazon Kinesis Firehose? A. Ingest huge streams of data and allow custom processing of data in flight B. Ingest huge streams of data and store it to Amazon S3, Amazon RedShift, or Amazon Elasticsearch Service C. Generate a huge stream of data from an Amazon S3 bucket D. Generate a huge stream of data from Amazon DyamoDB

B

What type of AWS Elastic Beanstalk environment tier provisions resources to support a web application that handles background processing tasks? A. Web Server environment tier B. Worker environment tier C. Database environment tier D. Batch environment tier

B

A financial firm is planning to build a highly resilient application with primary database servers at on-premise data centers while DB snapshots at Amazon S3 bucket. IT team is looking for a cost-effective secure way of the initial transfer of large customer financial databases between on-premise servers to Amazon S3 bucket with no impact on client usage of these applications. Also, post this data transfer, the on-premise application will be fetching data from the database in Amazon S3 in case o

B

A financial institute is using a web-based application for its customers. They are planning to migrate to a serverless application for reducing cost and providing better user experience with less latency. Since this is a critical application, any downtime will incur losses to this institute. For this Programme Director wants to have proper testing of application and post-deployment during initial period traffic should be shared with existing and new serverless application. As an AWS consultant w

B

Which of the following is true if you stop an Amazon EC2 instance with an Elastic IP address in an Amazon VPC? A. The instance is disassociated from its Elastic IP address and must be re-attached when the instance is restarted B. The instance remains associated with its Elastic IP address C. The Elastic IP address is released from your account D. The instance is disassociated from the Elastic IP address temporarily while you restart the instance

B

Which process in an Amazon Simple Workflow Service workflow implements a task? A. Decider B. Activity Worker C. Workflow starter D. Business Rule

B

A global conglomerate is looking for a multi-site DR plan for an application deployed on a server fleet at the data center. All regional locations send data to the Head Office from where the daily backup is done to AWS Cloud infrastructure. This is a large database that needs to backup daily. Incomplete backups can impact RPO in case of failure in any site. For this, they are looking for high bandwidth links having higher throughput for faster data transfer securely. which of the following would

B

A global infrastructure firm is saving all its architectural drawing and project files in a S3 Glacier. These files will be randomly accessed by third-party vendors while performing Structural Audits. you need to ensure that only legitimate users will be able to read the contents of these files and no users should be able to delete these files for 3 years under any circumstances. Access to third-party vendors should be reviewed often as per security SOP. Which of the following can be done to mee

B

A global media firm is using AWS CodePipeline as an automation service for releasing new features to customers. All the codes are uploaded in the Amazon S3 bucket. Changes in files stored in the S3 bucket should trigger AWS CodePipeline that will further initiate AWS Elastic Beanstalk for deploying additional resources. What is the additional requirement that should be configured to trigger CodePipeline in a faster way? A. Enable periodic checks and create a Webhook which triggers pipeline once

B

A global pharma firm has a tie-up with hospitals across the globe. These hospitals share patient reports with pharma firms which are further analyzed and used for creation of new drug formulation. Daily large numbers of reports are shared by these hospitals which are uploaded from various sources. Pharma firm is looking to tie-up with additional hospitals which will further increase in data load. These uploadings should be scalable which should be able to save a large amount of data to further a

B

A large educational institute is using Amazon S3 buckets to save data for its all graduation streams . During annual external audits from local government bodies, institutes need to fetch data of specific streams to get it audited from auditors. Large amount of data is saved in these S3 buckets which makes its cumbersome to download whole data and retrieve only a small amount of information from it. The IT team is looking for your consultation for this issue without incurring additional cost or

B

A media firm is saving all its old videos in S3 Glacier Deep Archive. Due to shortage of new video footage, the channel has decided to reuse all these old videos. Since these old videos, the channel is not sure of its popularity and response from users. Channel Head wants to make sure that these huge size files do not shoot up their budget and for this as an AWS consultant you advise them to use S3 intelligent storage class. The operations team is concerned for moving these files to S3 Intellige

B

A start-up firm has a corporate office at New York and regional office in Washington and Chicago. These offices are interconnected over Internet links. Recently they have migrated a few application servers to EC2 instance launched in AWS US-east-1 region. The developer team located at the corporate office requires secure access to these servers for initial testing and performance checks before go-live of new application. Since the go-live date is approaching son, the IT team is looking for quick

B

A storage solution is required in AWS to store videos uploaded by the user. After accessing these videos frequently for a period of a month, these videos can be deleted. How could this be implemented in the most cost-effective manner? A. Use EBS Volumes to store the videos. Create a script to delete the videos after a month B. Configure object expiration on the S3 bucket and the policy will take care of deleting the videos on the completion of 30 days C. Store the videos in Amazon Glacier and

B

A website runs on EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple AZ's and deliver several static files that are stored on a shared Amazon EFS file system. The company needs to avoid serving the files from EC2 instances every time a user requests these digital assets. What should the company do to improve the user experience of the website? A. Move the digital assets to Amazon Glacier B. Cache static content using Cloudfront C. Res

B

An AWS Solutions Architect who is designing a solution to store and archive corporate documents has determined Amazon Glacier as the right choice. An important requirement is that the data must be delivered within 10 minutes of a retrieval request. Which feature in Amazon Glacier could help to meet this requirement? A. Vault Lock B. Expedited retrieval C. Bulk retrieval D. Standard retrieval

B

An instance is launched into a VPC subnet with the network ACL configured to allow all outbound traffic and deny all inbound traffic. The security group of the instance is configured to allow SSH from any IP address. What changes are required to allows SSH access to the instance? A. Th Outbound Security Group needs to be modified to allow outbound traffic B. The Inbound Network ACL needs to modified to allow inbound traffic C. Nothing, it can be accessed from any IP address using SSH D. Both

B

An organization hosts a multi-language website on AWS, which is served using CloudFront. Language is specific in the HTTP request as shown below: -http://d11111f8.cloudfront.net/main.html?language=de -http://d11111f8.cloudfront.net/main.html?language=en -http://d11111f8.cloudfront.net/main.html?language=es How should AWS Cloudfront be configured to deliver cached data in the correct language? A. Forward cookies to the origin B. Based on query string parameters C. Cache objects at the origin

B

A company website is set to launch in the upcoming weeks. There is a probability that the traffic will be quite high during the initial weeks. In the event of a load failure, how is it possible to set up DNS failover to a static website? A. Duplicate the exact application architecture in another region and configure DNA Weight-based routing B. Enable failover to an on-premises data center to the application hosted there C. Use Route 53 with the failover option, to failover to a static S3 webs

C

A customer has an instance hosted in the AWS Public Cloud. The VPC and subnet used to host the instance have been created with the default settings for the Network access control lists. An IT administrator needs to be provided secure access to the underlying instance. How could this be accomplished? A. Ensure the Network Access Control Lists allow Inbound SSH traffic from the IT administrator's workstation B. Ensure the Network Access Control Lists allow Outbound SSH traffic from the IT Admini

C

A database hosted in AWS is currently encountering an extended number of write operations and is not able to handle the load. What should be done to other architecture to ensure that the write operations are not lost under any circumstances? A. Add more IOPS to the existing EBS Volume used by the database B. Consider using DynamoDB instead of AWS RDS C. Use SQS FIFO to queue the database writes D. Use SNS to send notification on missed database writes and then add them manually at a later sta

C

A hybrid architecture is used for popular blogging website. Application servers are spread between On-premise data center and EC2 instance deployed in a customer VPC. An Application Load Balancer is used to offload traffic to the cloud due to capacity constraints at Data Center. From traffic trends, it observed that the first week of every months when new blogs are uploaded, a spike in traffic observed. For this period, they are looking for an automated faster option to mitigate additional load

C

A large IT company is using Amazon CloudFront for its web application. Static Content for this application is saved in Amazon S3 bucket. Amazon CloudFront is configured for this application to provide faster access to these files for global users. IT team is concerned for some critical files which needs to be accessed only by users from certain white-list IP pools which you have defined in Amazon CloudFront and no users should be able to access these files directly using Amazon S3 URL. Which of

C

While managing permissions for the API Gateway, what could be used to ensure that the right level of permissions is given to Developers, IT Admins, and users? Also, the permission should be easily managed? A. Use the secure token service to manage the permissions for different users B. Use IAM Policies to create different policies for different types of users C. Use the AWS Config tool to manage the permissions for different users D. Use IAM Access Keys to create sets of keys for different ty

B

With a Redshift cluster in AWS, you are trying to use SQL Client tools from an EC2 instance, but aren't able to connect to the Redshift cluster. what must you do to ensure that you are able to connect to the Redshift cluster from the EC2 instance? A. Install Redshift client tools on the EC2 instance first B. Modify the security groups C. Use the AWS CLI instead of the Redshift client tools D. Modify the Route table of the subnet

B

You are building a large-scale confidential documentation web server on AWS such that all of its documentation will be stored on S3. One of the requirements is that it should not be publicly accessible from S3 directly, and CloudFront would be needed to accomplish this. Which method would satisfy the outlined requirements? A. Create an IAM user for CloudFront and grant access to the objects in your S3 bucket to that IAM user B. Create an Origin Access Identity (OAI) for CloudFront and grant ac

B

You are developing a new mobile application which is expected to be used by thousands of customers. You are considering to store user preferences in AWS, and need a data store to save the same. Each data item is expected to be 20 KB in size. The solution needs to be cost-effective, highly available, scalable, and secure. How would you design the layer? A. Create a new Amazon RDS instance and store the user data there B. Create a Amazon DynamoDB table with the required Read and Write capacity a

B

You are planning to use Auto Scaling groups to maintain the performance of your web application. How would you ensure that the scaling activity has sufficient time to stabilize without executing another scaling action? A. Modify the instance user data property without a timeout interval B. Increase the auto scaling cooldown timer value C. Enable the auto scaling cross zone balancing feature D. Disable cloudwatch alarms till the application stabilizes

B

You are working as an AWS Administrator for a global IT company. The Software team has developed a new application for Project delivery deployed on AWS. Changes in the application are done on a quarterly basis and will be deployed on a new redundant infrastructure. The company would like to automate this process of development changes and provisioning of resources. For deploying new features, AWS codePipeline will be used for an automated release cycle. What would you recommend as a source stage

B

You are working as an AWS Architect for a media firm. The firm has large text files which needs to be converted into Audio files. They are using S3 buckets to store this text files. AWS Batch is used to process these files along with Amazon Polly. For compute environment you have a mix of EC2 On Demand and Spot instance. Critical jobs are required to be completed quickly while non-critical Jobs can be scheduled during non-peak hours. While using AWS Batch, management wants a cost-effective solut

B

You are working as an AWS Architect for a start-up company. They have a two-tier production website. Database servers are spread across multiple Availability Zones and are stateful. You have configured Auto Scaling group for these database servers with a minimum of 2 instances and maximum of 6 instances. During post-peak hours, you observe some data loss. Which feature needs to be configured additionally to avoid future data loss (and copy data before instance termination) A. Modify the cool dow

B

You are working as an AWS Architect for a start-up company. You have developed an application that will read out AWS Blogs to AWS professional using "Amazon Polly". You need to perform a trial with the "Amazon S3" blog, in which the first "S3" should be read as "amazon Simple Storage Service" while all subsequent "S3" should be read as "S3". This test needs to be done in 2 different regions, us-west-1 and us-east-1. What could be done to perform the test successfully? A. Using multiple Lexicons

B

You are working as an AWS Architect for an IT company. Your company is using EC2 server in multiple Availability Zones in (US-EAST-1) region. the development team has deployed a new intranet application that needs to be accessed via VPC. Each of the availability zones has its own VPC. You have been asked to establish connectivity between all the VPCs and to make sure the solution is highly scalable and secure. Which of the following solution would you recommend? A. Attach an internet gateway to

B

You are working as an AWS consultant for a banking institute. They have deployed a digital wallet platform for clients using multiple EC2 instances in us-east-1 region. The application establishes a secure encrypted connection between clients and EC2 instances for each transaction using custom TCP port 5810. Due to the increasing popularity of this digital wallet, they are observing load on backend servers resulting in delay in transaction. For security purpose, all client IP address accessing t

B

You are working for a start-up company that develops mobile gaming applications using AWS resources. For creating AWS resources, the project team is using CloudFormation templates. The Project Team is concerned about the changes made in EC2 instance properties by the Operations Team, apart from parameters specified in CloudFormation Templates. To observe changes in AWS EC2 instance, you advise using CloudFormation Drift Detection. After Drift detection, when you check drift status for all AWS EC

B

You are working for a start-up firm, working on a POC project, in which multiple EC2 instances are launched for an internal project to check Web application performance. During test, you are observing a delay in new EC2 instance moving from booting to full load mode. You perform another test to pre-warm EC2 instance by initiating EC2 instance into the desired mode an then moving to Hibernate state. You are looking for IP addressing changes post Hibernate state to provide this IP address details

B

You are working in a Global Pharma firm, having its Head Office in Washington & Branch offices in Chicago & Paris. The firms has a 2-tier intranet website deployed in us-east-1 region and database servers deployed on-premise at head office. It has a direct connect link to VPC and it is connected to Chicago & Paris via WAN links while each of these offices has separate internet links from the local ISP. Recently they faced link outage issues with WAN links that resulted in the isolation of Branch

B

You company has a new web application that needs to be deployed in AWS as soon as possible. The application is backed in an AMI and you plan to use an Application Load Balancer to distribute the traffic to an AutoSCaling group. Which of the following methods helps you to achieve a highly available system? A. Assign an Elastic IP to each instance under the Auto Scaling group B. Use the Application Load Balancer to send traffic across instances in multiple availability zones C. Configure the Ap

B

You create several SQS queues to store different types of customer requests. Each SQS queue has a backend node that pulls messages for processing. Now you need a service to collect messages from the frontend and push them to the related queues using the publish/subscribe model. Which service would you choose? A. Amazon MQ B. Amazon Simple Notification Service (SNS) C. Amazon Simple Queue Service (SQS) D. AWS Step Functions

B

You currently have your EC2 instances running in multiple availability zones. You have a NAT gateway defined for your private instances and you want to make this highly available. How could this be accomplished? A. Create another NAT Gateway and place it behind and ELB B. Create a NAT Gateway in another Availability Zone C. Create a NAT Gateway in another region D. Use Auto Scaling groups to scale the NAT gateway

B

You have a lifecycle rule for an S3 bucket that archives objects to the S3 Glacier storage class 60 days after creation. The archived objects are no longer needed one year after being created. How would you configure the S3 bucket to save more cost? A. Configure a rule in S3 glacier to place delete markers for objects that are one year old B. Configure the S3 lifecycle rule to expire the objects after 365 days from object creation C. Modify the S3 lifecycle rule to clean up expired object del

B

You have a local data center on premise which stores archived files. The total amount of the files is about 70TB. The data needs to be transferred to Amazon S3. After the data transfer is finished, the local data center will not be used. Which solution is the most appropriate? A. AWS Direct Connect B. AWS Snowball C. Amazon S3 Transfer Acceleration D. AWS Global Accelerator

B

You have an AWS RDS PostgreSQL database hosted in the Singapore region. You need to ensure that a copy of the database exists and that the data is asynchronously copied. What would be helpful to fulfill this requirement? A. Enable Multi-AZ for the database B. Enable Read Replicas for the database C. Enable Asynchronous replication for the database D. Enable manual backups for the database

B

You have an EC2 instance in the AWS us-east-1 region. The application in the instance needs to access a DynamoDB table that is located in the AWS us-east-2 region. The connection must be private without leaving the Amazon network and instance should not use any public IP for communication. How would you configure this? A. Configure an inter-region VPC endpoint for the DynamoDB service B. Configure inter-region VPC peering and create a VPC endpoint for DynamoDB in us-east-2 C. Create an inter-r

B

You have an S3 bucket hosted in AWS that is used to store the promotional videos you upload. You need to provide users access to S3 bucket for a limited duration of time. How could this be achieved? A. Use versioning and enable a timestamp for each version B. Use pre-signed URLs with session duration C. Use IAM roles with a timestamp to limit the access D. Use IAM policies with a timestamp to limit the access

B

You have enabled CloudTrail Logs for your company's AWS account. In addition, the IT Security department has mentioned that the logs need to be encrypted. How could this be achieved? A. Enable SSL certificates for the CloudTrail logs B. There is no need to do anything since the logs will already be encrypted C. Enable server-side encryption for the trail D. Enable server-side encryption for the destination S3 bucket

B

You have implemented AWS Cognito services to require users to sign in and sign up to your app through social identify providers like Facebook, Google, etc. Your marketing department wants users to try out the app anonymously as they think that the current log-in requirement is excessive and will reduce demand for products and services offered through the app. What would you suggest to the marketing department in this regard? A. It's too much of a security risk to allow unauthenticated users acc

B

You need to deploy a machine learning application in AWS EC2. The performance of inter-instance communication is very critical for the application and you want to attach a network device to the instance so that the performance can be greatly improved. Which option is the most appropriate to improve the performance? A. Enable enhanced networking feature in the EC2 instance B. Configure Elastic Fabric Adapter (EFA) in the instance C. Attach high speed Elastic Network Interface (ENI) in the inst

B

You need to host a set of web servers and database servers in an AWS VPC. What would be a best practice in designing a multi-tier infrastructure? A. Use a public subnet for the web tier and a public subnet for the database layer B. use a public subnet for the web tier and a private subnet for the database layer C. Use a private subnet for the web tier and a private subnet for the database layer D. Use a private subnet for the web tier and a public subnet for the database layer

B

You want to build a decoupled, highly available and fault tolerant architecture, including buffered request for your application in AWS. You decide to use EC2, the Classic Load Balancer, Auto Scaling and Route 53. Which one of the following additional services you involve in this architecture? A. AWS SNS B. AWS SQS C. AWS API Gateway D. AWS Config

B

You work in a large organization. Your team creates AWS resources such as Amazon EC2 dedicated hosts and reserved capacities that need to be shared by other AWS accounts. You need an AWS service to centrally manage these resources so that you can easily specify which accounts or organization can access the resources. Which AWS service would you choose to meet this requirement? A. IAM B. Resource Access manager C. Service Catalog D. AWS Single Sign-On

B

You work in the media industry and have created a web application where users will be able to upload photos they create to your website. This web application must be able to call the S3 API in order to function properly. Where would you store your API credentials while maintaining the maximum level of security? A. Save the API credentials to your PHP files B. Don't save API credentials. Instead, create a role in IAM and assign this role to an EC2 instnce when you first create it. C. Save your

B

Your IT Security department has mandated that all the traffic flowing in and out of EC2 instances needs to be monitored. The EC2 instances in question are launched in a VPC. Which services would you use to achieve this? A. Trusted Advisor B. VPC Flow Logs C. Use CloudWatch metrics D. Use CloudTrail

B

Your architecture for an application currently consists of EC2 instances sitting behind a classic ELB. The EC2 instances are used to serve an application and are accessible through the internet. What could be done to improve this architecture in the event that the number of users accessing the application increases regularly? A. Add another ELB to the architecture B. Use Auto Scaling groups C. Use an Application Load Balancer instead D. Use the Elastic Container Service

B

Your company currently has a set of EC2 instances hosted on the AWS cloud. There is a requirement to ensure the restart of instances if a CloudWatch metric goes beyond a certain threshold. As a solution architect, how would you ask the IT admin staff to implement this? A. Look at the Cloudtrail logs for events and then restart the instance based on the events B. Create a CloudWatch metric which looks into the instance threshold, and assign this metric against an alarm to reboot the instance C

B

Your company has 17 TB of financial trading records that need to be stored for 7 years by law. Experience has shown that any record more than a year old is unlikely to be accessed. Which of the following storage plans meets these needs in the most cost-efficient manner? A. Store the data on Amazon EBS volume attached to t2.large instances B. Store the data on Amazon S3 with lifecycle policies that change the storage class to Amazon Glacier after 1 year, and delete the object after 7 years C. S

B

Your company has a set of AWS RDS instances. Your management has asked you to disable automated backups to save on cost. When you disable automated backups for AWS RDS, what are you compromising on? A. Nothin, you are actually saving resources on aws B. You are disabling the point-in-time recovery C. Nothin really, you can still take manual backups D. You cannot disable automated backups in RDS

B

Your company has a web application hosted in AWS that makes use of an Application Load Balancer. You need to ensure that the web application is protected from web-based attacks such as cross site scripting etc. Which of the following implementation steps can help protect web applications from common security threats from the outside world? A. Place a NAT instance in front of the web application to protect against attacks B. Use the WAF service in front of the web application C. Place a NAT gat

B

Your company has been hosting a static website in an S3 bucket for several months and gets a fair amount of traffic. Now you want your registered .com domain to serve content from the bucket. Your domain is reached via https://www.myfavoritedomain.com. However, any traffic requested through https://www.myfavoritedomain is not getting through. What could be the most likely cause of this disruption? A. The new domain name is not registered in CloudWatch monitoring B. The S3 bucket has not been c

B

Your company has started hosting their data store on AS by using the Simple Storage Service. They are storing files which are downloaded by users on a frequent basis. After a duration of 3 months, the files need to be transferred to archive storage since they are not used beyond this point. Which of the following could be used to effectively manage this requirement? A. Transfer the files via scripts from S3 to Glacier after a period of 3 months B. Use Lifecycle policies to transfer the files on

B

Your company is planning on hosting a set of EC2 instances in AWS. The instances would be configured in a way that one will be used as a web tier and the other as a database (EC2 hosted). The web tier should be exposed to the internet in the public subnet and database is in private subnet in the same VPC with the default configuration.What configuration needs to be done in order to let Web server communicate with database server? A. Change the main route tables to have the desired routing betwe

B

Your company is planning on launching a set of EC2 instances for hosting their production-based web application. As an architect, you have to instruct the operations department on which service they can use to trigger AWS Lambda based on real-time events. Which of the following would you recommend? A. AWS Cloudtrail B. AWS CloudWatch C. AWS SQS D. AWS SNS

B

Your company is planning to use the EMR service available in AWS to run its big data framework and wants to minimize the cost of running the EMR service. How would you achieve this? A. Running the EMR cluster in a dedicated VPC B. Choosing Spot instances for the underlying nodes C. Choosing On-Demand instances for the underlying nodes D. Disable automated backups

B

Your company wants to use an S3 bucket for web hosting but have several different domains to perform operations on the S3 content. In the CORS configuration, you have added CORSRule AllowedOrigin for the following Domains: http://www.domainnamea.com, https://www.secure.domainnamea.com, and http://www.domainnameb.com. following Domains, https://www.domainnameb.com and http://www.domainnameb.com:80 are not allowed to access the S3 bucket. What could be the likely cause behind it? A. Both request

B

Your current setup in AWS consists of the following architecture: 2 public subnets, one subnet which has web servers accessed by users across the Internet and another subnet for the database server. Which of the following changes to the architecture would add a better security boundary to the resources hosted in this setup? A. Consider moving the web server to a private subnet B. Create a private subnet and move the database server to a private subnet C. Consider moving both the web and datab

B

Your organization is building a collaboration platform for which they chose AWS EC2 for web and application servers and MySQL RDS instance as the database. Due to the nature of the traffic to the application, they would like to increase the number of connections to RDS instance. How could this be achieved? A. Loginto RDS instance and modify database config file under /etc/mysql/my.cnf B. Create a new parameter group, attach it to DB instance and change the setting C. Create a new option group,

B

Your recent security review revealed a large spike in attempted logins to your AWS account. With respect to sensitive data stored in encryption enabled S3, the data has not been encrypted and is susceptible to fraud if it was to be stolen. You've recommended AWS Key Management Service as a solution. Which of the following is true regarding the operation of KMS? A. Only KMS generated keys can be used to encrypt or decrypt data B. Data is encrypted at rest C. KMS allows all users and roles to us

B

A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a default VPC private subnet created with default ACL settings. The web servers must be accessible only to customers on an SSL connection and the database must only be accessible to web servers in a public subnet. Which solution would meet these requirements without impacting other applications?(Select 2) A. Create a network ACL on the Web Sever's subnets, allow HTTPS port 443 inbound and specif

B,C

A company plans to deploy a batch processing application in AWS. Which of the followings would ideally help to host this application? (Choose 2) A. Copy the batch processing application to an ECS Container B. Create a docker image of your batch processing application C. Deploy the image as an Amazon ECS task D. Deploy the container behind the ELB

B,C

An application consists of the following architeture: a. EC2 instances in a single AZ behind an ELB b. A NAT Instance which is used to ensure that instances can download updates from the internet What could be done to ensure better fault tolerance in this set up? (Choose 2) A. Add more instances in the existing Availability Zone B. Add na Auto Scaling Group to the setup C. Add more instances in another Availability Zone D. Add another ELB for more fault tolerance

B,C

There is a requirement to load a lot of data from your on-premises network to AWS S3, bypassing the internet service. What can be used for this data transfer? (Select 2) A. Data Pipeline B. Direct Connect C Snowball D. AWS VPN

B,C

You are working for a global financial company. Company locations spread across various countries upload transaction details data to S3 bucket in the us-west region. A large amount of data is uploaded on a daily basis from each of these locations simultaneously. You are using Amazon Athena to query this data and create reports using Amazon QuickSight to create a daily dashboard to the management team. In some cases, while running queries, you are observing Amazon S3 exception errors. Also, in th

B,C

You create an Auto Scaling group which is used to spin up instances on demand. As an architect, you need to ensure that the instances are pre-installed with software when they are launched. What are the different ways to achieve this? (Choose 2) A. Add the software installation to the configuration for the Auto Scaling group B. Add the scripts for the installation in the user data section C. Create an AMI and then create a launch configuration D. Ask the IT operations team to install the sof

B,C

You have a set of EC2 instances that support an application. They are currently hosted in the US region. In the event of a disaster, you need a way to ensure that you can quickly provision the resources in another region. How could this be accomplished? (Select 2) A. Copy the underlying EBS Volumes to the destination region B. Create EBS Snapshots and then copy them to the destination region C. Create AMIs for the underlying instances and copy them to the destination region D. Copy the metad

B,C

You have been instructed to establish a successful site-to-site VPN connection from your on-premises network to the VPC. As an architect, which of the following pre-requisites shoudl you ensure are in place for establishing the site to site VPN connection. Choose 2 A. The main route table to route traffic through a NAT instance B. A public IP address on the customer gateway for the on-premises network C. A virtual private gateway attached to the VPC D. An Elastic IP address to the Virtual Priv

B,C

You have planned to host a web application on AWS. You create an EC2 instance in a public subnet which needs to connect to an EC2 instance that will host an Oracle database. Which steps would ensure a secure setup? (Select 2) A. Place the EC2 instance with the Oracle database in the same public subnet as the Webserver for faster communication B. Place the EC2 instance in a public subnet and the Oracle database in a private subnet C. Create a database security group which allows incoming traffi

B,C

Your company is planning on moving to the AWS cloud. One of the web applications will be launched on a set of EC2 instances. You need to ensure that the architecture is fault tolerant and highly available. Which of the following would be considered during the design process? Choose 2. A. Have a single availability zone for the databases B. Use a load balancer in front of the EC2 instances C. Ensure that the EC2 instances are spread across multiple availability zones D. Ensure that the EC2 in

B,C

When a request is made to an AWS Cloud service, the request is evaluated to decide whether it should be allowed or denied. The evaluation logic follows which of the following rules (Choose 3) A. An explicit allow overrides any denies B. By default, all requests are denied C. An explicit allow overrides the default D. An explicit deny overrides any allows E. By default, all requests are allowed

B,C,D

Your IT supervisor is worried about users, accidentally deleting objects from an S3 bucket. Which of the following can help prevent accidental deletion of objects in an S3 bucket? (Choose 3) A. Enable encryption for the S3 bucket B. Enable MFA Delete on the S3 bucket C. Enable Versioning on the S3 bucket D. Enable IAM Roles on the S3 bucket

B,C,D

An Amazon EC2 instance in an Amazon VPC subnet can send and receive traffic from the Internet when which of the following conditions are met? (Choose 3) A. Network Access Control Lists and security group rules disallow all traffic except relevant Internet traffic B. Network ACLs and security group rules allow relevant Internet traffic C. Attach an Internet Gateway to the Amazon VPC and create a subnet route table to send all non-local traffic to that IGW D. Attach a Virtual Private Gateway to

B,C,E

You are working for a start-up firm that developed a new multilingual website for sharing images and video files. You are using EC2 instance to host this web application. to deliver these web content with the lowest latency to end users, you have configured Amazon CloudFront which forward query strings to origin servers based on selected parameter values and also cache web content based upon these parameter values. During the trial, it was observed that caching is not happening based upon query

B,C,E

You are creating a number of EBS volumes for the EC2 instances hosted in your company's AWS account. The company has asked you to ensure that the EBS volumes are available even in the case of an entire region facing an outage due to a natural disaster. How would you accomplish this? Choose 2 A. Configure Amazon Storage Gateway with EBS volumes as the data source and store the backups on premise through the storage gateway B. Create snapshots of the EBS volumes C. Ensure the snapshots are made a

B,D

You are working for a global software firm having offices in various continents. The pre-sales team need to provide a new application demo to a prospective customer. For this, they are looking urgently for a separate temporary connection between 3 regional offices at Sydney, London, and Tokyo & Demo VPC at the us-west-1 region. Also, there should connectivity between these offices for data synchronization of the new applications. You are planning to set up a VPN connection from these offices to

B,D

Your company has a set of EC2 instances that access data objects stored in an S3 bucket. Your IT security department is concerned about the security of this architecture and wants you to implement the following: 1) Ensure that the EC2 instance securely accesses the data objects stored in the S3 bucket 2)Prevent accidental deletion of objects What would be helpful to fulfill the requirements of the IT Security department? (Choose 2) A. Create an IAM user and ensure the EC2 instances use the IA

B,D

Your company has a set of resources defined in AWS. These resources consist of applications hosted on EC2 instances. Data is stored on EBS volumes and S3. The company mandates that all data should be encrypted at rest. How can you achieve this? Choose 2. A. Enable SSL with the underlying EBS volumes B. Enable EBS Encryption C. Make sure that data is transmitted from S3 via HTTPS D. Enable S3 server-side encryption

B,D

Your company wants to host its secure web application in AWS. The internal security policies consider any connection to or from the web server as insecure and require application data protection. What approaches should you use to protect data in transit for the application? (Choose 2) A. Use BitLocker to encrypt data B. Use HTTPS with server certificate authentication C. Use an AWS IAM role D. Use Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for database connection E. Use XML fo

B,D

A company needs to monitor the read and write IOPS metrics for its AWS MySQL RDS instance and send real-time alerts to its Operations team. Which AWS services could help to accomplish this? (Choose 2) A. Amazon Simple Email Service B. Amazon CloudWatch C. Amazon Simple Queue Service D. Amazon Rt. 53 E. Amazon Simple Notification Service

B,E

There is an urgent requirement to monitor some database metrics for a database hosted on AWS and send notification. which AWS services can accomplish this? (select 2) A. Amazon Simple Email Service B. Amazon CloudWatch C. Amazon Simple Queue Service D. Amazon route 53 E. Amazon Simple Notification Service

B,E

You lead a team to develop a new online game application in AWS EC2. The application will have a large number of users globally. For a great user experience, this application requires very low network latency and jitter. If the network speed is not fast enough, you will lose customers. Which tool would you choose to improve the application performance? (Select 2) A. AWS VPN B. AWS global accelerator C. Direct connect D. API Gateway E. Cloudfront

B,E

Your company has started hosting their databases on the Amazon RDS. As an architect, they have requested you to advice the IT admin staff on what they should use to monitor the underlying databases and notifications should be sent to IT admin staff if any issues are detected. Which AWS services can accomplish these requirements? Choose 2. A. Amazon Simple Email Service B. Amazon CloudWatch C. Amazon SQS D. Amazon Rt. 53 E. Amazon SNS

B,E

A popular blogging site is planning to save all its data to EFS as a redundancy plan. This database is constantly fetch and updated by client information. You need to ensure that all files saved at EFS using AWS DataSync are validated for data-integrity for each packet. Which of the following will ensure fast transfer for data between on-premise and EFS with data integrity done as per security guidelines? A. Enable Verification and perform all data transfer B. Enable verification during initial

C

A company is hosting a MySQL database in AWS using the AWS RDS service. To offload the reads, a Read Replica has been created and reports are run off the Read Replica database. But at certain times, the reports show stale data. What could be the possible reason behind this? A. The Read Replica has not been created properly B. The backup of the original database has not been set properly C. This is due to the replication lag D. The Multi-AZ feature is not enabled

C

A company is planning to deploy an application in AWS. This application requires an EC2 instance to continuously perform log processing activities requiring Max 500 MiB/s of data throughput. Which of the following is the best storage option for this requirement?

C

A company is planning to use the AWS Redshift service. The Redshift service and data on it would be used continuously for the next 3 years as per the current business plan. What would be the most cost-effective solution in this scenario? A. Consider using on-demand instances for the Redshift cluster B. Enable automated backup C. Consider using reserved instances for the redshift cluster D. Consider not using a cluster for the redshift nodes

C

You configure an Amazon S3 bucket as the origin for a new CloudFront distribution. You need to restrict access so that users cannot view the files by directly using the S3 URLs. The files should be only fetched through the CloudFront URL. Which method is the most appropriate? A. Configure Signed URLs to serve private content by using CloudFront B. Configure Signed Cookies to restrict access to S3 files C. Create the origin access identity (OAI) and associate it with the distribution D. Config

C

You create an Amazon SQS queue to decouple software components. The messages are processed by a Lambda function. Sometimes, the Lambda function fails to process messages in the queue. You need a mechanism to isolate the message failures to determine why the processing was unsuccessful. Which of the following options would you choose? A. FIFO (First-In First-Out) queue B. Visibility timeout C. SQS dead-letter queue D. SQS long polling

C

You have 2 development environments hosted in 2 different VPCs in an AWS account in the same region. There is now a requirement to access the resources of one VPC from another. How could this be accomplished? A. Establish a Direct Connect connection B. Establish a VPN connection C. Establish VPC Peering D. Establish Subnet Peering

C

You have a business-critical two-tier web application, currently deployed in 2 Availability Zones in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication at the database layer. The application needs to remain fully available even if one application AZ goes offline or Auto Scaling can't launch new instances in the remaining AZ. How could the current Elastic Load Balancing be enhanced to ensure this? A. Deploy in 2 regions using Weighted round

C

You have a read-intensive application hosted in AWS. The application is currently using the MySQL RDS feature in AWS. The CloudWatch metrics are showing high read throughput on the database and are causing performance issues on the database. Which of the following can be used to reduce the read throughput on the MySQL database? A. Enable the Multi-AZ on the MySQL RDS B. Use Cold Storage Volumes for the MySQL RDS C. Enable Read Replica D. Use SQS to queue up the reads

C

You have a requirement to get a snapshot of the current configuration of resources in your AWS account. Which service can be used for this purpose? A. AWS codeDeploy B. AWS Trusted Advisor C. AWS Config D. AWS IAM

C

You have been designing a CloudFormation template that creates one elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack? A. Resources B. Parameters C. Outputs D. Mappings

C

You have developed a new web application on AWS for a real estate firm. It has a web interface where real estate employees upload photos of newly constructed houses in S3 buckets. Prospective buyer's login to the website and access photos. The marketing team has initiated an intensive marketing event to promote new housing schemes which will lead to customers who frequently access these images. As this is a new application, you have no projection of traffic. You have created Auto Scaling across

C

You have instances hosted in a private subnet in a VPC. There is a need for instances to download updates from the Internet. As an architect, what change would you suggest to the IT Operations team that would also be the most efficient and secure? A. Create a new public subnet and move the instance to that subnet B. Create a new EC2 instance to download the updates separately and then push them to the required instance C. Use a NAT Gateway to allow the instances in the private subnet to downlo

C

You maintain a DynamoDB table that stores customers' subscription data. High availability is very important for the table and even if there is an outage in an AWS region, the application should still be able to access the data from other regions. Which method would you take to achieve this requirement? A. Create a read replica in another region as a backup B. Configure a Multi-AZ backup for the DynamoDB table C. Configure a global table to use DynamoDB as a multi-region database D. No action

C

You manage the IT users for a large organization that is moving many services to AWS. You want a seamless way for your employees to log in and use cloud services. You also want to use AWS Managed Microsoft AD and have been asked if users will be able to access services in the on-premises environment. What would you respond? A. AWS Managed Microsoft AD requires data synchronization and replication to work properly B. AWS Managed Microsoft AD can only be used for cloud or on-premises environment

C

You run an ad-supported photo-sharing website using S3 to serve photos to visitors of your site. At some point, you find out that other sites have been linking to photos on your site, causing loss to your business. What would be an effective method to mitigate this? A. Use CloudFront distributions for static content B. Store photos on an EBS Volume of the web server C. Remote public read access and use signed URLs with expire dates D. Block the IPs of the offending websites in security groups

C

You work as an architect for a consulting company. The consulting company normally creates the same set of resources for their clients. They want some way of building templates, which can then be used to deploy the resources to the AWS accounts for the various clients. Also, your team needs to be ensured that they have control over the infrastructure. Which of the following service can help fulfill this requirement? A. AWS Elastic Beanstalk B. Custom AMI C. AWS Cloudformation D. EBS Snapshots

C

You work for a big company having multiple applications that are very different from each other. These applications are built using different programming languages. How could you deploy these applications as quickly as possible? A. Develop all the apps in a single docker container and deploy using elastic beanstalk B. Create a lambda function deployment package consisting of code and any dependencies C. Develop each app in a separate docker container and deploy using elastic beanstalk D. Dev

C

You work for a company that has a set of EC2 instances. There is an internal requirement to create another instance in another availability zone. One of the EBS volumes from the current instance needs to be moved from one of the older instances to the new instance. How can you achieve this? A. Detach the volume and attached to an EC2 instance in another AZ B. Create a new volume in the other AZ and specify the current volume as the source C. Create a snapshot of the volume and then create a vol

C

You've implemented AWS Key Management Service to protect your data in your applications and other AWS services. Your global headquarters is in Norther Virginia (US East (N. Virginia)) where you created your keys and have provided the appropriate permissions to designated users and specific roles within your organization. While the N. American users are not having issues, German and Japanese users are unable to get KMS to function. what is the most likely cause of it? A. KMS is only offered in N

C

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of Spot EC2 instances. Files submitted by your premium customers must be transformed at the highest priority. How would you implement such a system? A. use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level B. Use Route 53 latency-

C

Your company has a MySQL database deployed in an on-premise datacenter. You start using AWS Database Migration Service (AWS DMS) to migrate the database to AWS RDS. You have a replication instance in DMS to run the migration task. Which of the following options assigns permissions that determine who is allowed to manage AWS DMS resources? A. Transport Layer Security (TLS) connections between AWS DMS and local datacenter B. AWS Key Management Service (AWS KMS) encryption used by the replication

C

Your company has a set of EBS volumes and a set of adjoining EBS snapshots. They want to minimize the costs for the underlying EBS snapshots. Which of the following approaches provides the lowest cost for Amazon Elastic Block Store Snapshots while giving you the ability to fully restore data? A. Maintain 2 snapshots: the original snapshot and the latest incremental snapshot B. Maintain a volume snapshot; subsequent snapshots will overwrite one another C. Maintain a single snapshot: the latest

C

Your company has a set of applications that make use of Docker containers. There is a need to move these containers to AWS. Which option below is the BEST way to set up these Docker containers in a separate AWS environment? A. Create EC2 instances, install Docker, and then upload the containers B. Create EC2 container registries, install Docker, and then upload the containers C. Create an Elastic Beanstalk environment with the necessary Docker containers D. Create EBS optimized EC2 instances

C

Your company has designed an app and requires it to store data in DynamoDB. The company has registered the app with identity providers so users can sign-in using third parties like Google and Facebook. What must be in place such that the app can obtain temporary credentials to access DynamoDB? A. Multi-factor authentication must be used to access DynamoDB B. AWS CloudTrail needs to be enable to audit usage C. An IAM role allowing the app to have access to DynamoDB D. The user must additionall

C

Your company has enabled CORS on your S3 bucket to allow cross-origin resource sharing. In the CORS configuration, you need to specify the values for the "AllowedMethod" element. What would be your suggestion to the developer? A. Those 2 methods require special permission from AWS B. The developer's user profile was limited to and required to be updated C. Only these methods are supported: GET,PUT,POST, DELETE, and HEAD D. OPTIONS and CONNECT are controlled by other bucket policies

C

Your company is looking at decreasing the amount of time it takes to build servers that are deployed as EC2 instances. These instances always have the same type of software installed as per the security standards. As an architect what would you recommend in decreasing the server build time? A. Look at creating snapshots of EBS volumes B. Create the same master copy of the EBS volume C. Create a custom AMI D. Create a base profile

C

Your company is planning on setting up a VPC with private and public subnets and then hosting EC2 instances in the subnet. It has to be ensured that instances in the private subnet can download updates from the internet. Which of the following needs to be part of the architecture for this requirement? A. WAF B. Direct Connect C. NAT Gateway D. VPN

C

Your company is utilizing CloudFront to distribute its media content to multiple regions. The content is frequently accessed by users. As a cloud architect, which of the following options would help you improve the performance of the system? A. Change the origin location from an S3 bucket to an ELB B. Use a faster internet connection C. increase the cache expiration time D. Create an "invalidation" for all your objects, and recache them

C

Your company manages an application that currently allows users to upload images to an S3 bucket. These images are picked up by EC2 instances for processing and then placed in another S3 bucket. You need an area where the metadata for these images can be stored. What would be an ideal data store for this? A. AWS RedShift B. AWS Glacier C. AWS DynamoDB D. AWS SQS

C

Your company needs to provide streaming access to videos to authenticated users around the world. What is a good way to accomplish this? A. Use Amazon S3 buckets in each region with website hosting enabled B. Store the videos on Amazon Elastic Block store volumes C. Enable Amazon CloudFront with geolocation and signed URL's D. Run a fleet of Amazon EC2 instances to host the videos

C

Your company requires a Stack-based model for its resources in AWS. There is a need to have different stacks for the Development and Production environments. Which of the following can be used for this? A. Use EC2 tags to define different stack layers for your resources B. Define the metadata for the different layers in DynamoDB C. Use AWS OpsWorks to define the different layers for your application D. Use AWS Config to define the different layers for your application

C

Your company runs an automobile reselling company that has a popular online store on AWS. The application sits behind an Auto Scaling group and requires new instances of the Auto Scaling group to identify their public and private IP addresses. Which of the following is the correct AWS option to identify the IP addresses? A. By using IPconfig for windows or Ifconfig for LInux B. By using a CloudTrail C. Using a Curl or Get Command to get the latest meta-data from http://169.254.169.254/latest/m

C

Your company would like to leverage the AWS storage option and integrate it with the current on-premises infrastructure. Additionally, due to business requirements, low latency access to all the data is a must. Which of the following options would be best suited for this scenario? A. Configure the Simple Storage Service B. Configure Storage Gateway Cached Volume C. Configure Storage Gateway Stored Volume D. Configure Amazon Glacier

C

Your current log analysis application takes more than four hours to generate a report of the top 10 users of your web application. You have been asked to implement a system that can report this information in real time, ensure that the report is always up to date, and handle increases in the number of requests to your web application. Which of the following is a cost-effective option to fulfill these requirements? A. Publish your data to cloudWatch logs, and configure your application to Auto S

C

Your organization is using a CloudFront distribution to distribute content from an S3 bucket. It is required that only a a particular set of users get access to certain content. How could this be accomplished? A. Create IAM users for each user and then provide access to the S3 bucket content B. Create IAM group for each set of users and then provide each group access of the S3 bucket C. Create CloudFront signed URLs and then distribute these URLs to the users D. Use IAM policies for the unde

C

A company has set up an application in AWS that interacts with DynamoDB. It is required that when an item is modified in a DynamoDB table, immediate entry is made to the associating application. How can this be accomplished? (Choose 2) A. Setup CloudWatch to monitor the DynamoDB table for changes. Then trigger a Lambda function to send the changes to the application. B. Setup CloudWatch logs to monitor the DynamoDB table for changes. Then trigger AWS SQS to send the changes to the application

C,D

A company is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The customer also uses amazon route 53 to manage its public DNS. How should Route 53 be configured to ensure the custom domain is made to point to the load balancer and it should be cost-effective? Choose 2. A. Don't go for Rt. 53, choose 3rd party service B. Create a CNAME record pointing to the load balancer C. Create an alias record pointing to the load balancer D. Ensure

C,D

An organization is managing a RedShift cluster in AWS. They need to monitor the performance of this Redshift cluster to ensure that it is performing as efficiently as possible. Which of the following services should be used for achieving this requirement? (Choose 2) A. CloudTrail B. VPC Flow Logs C. CloudWatch D. AWS Trusted Advisor

C,D

You are planning to use Docker containers on a cluster of EC2 instances. These EC2 instances will be launched in a VPC and will require access to ECR and S3 to download Docker images and other images respectively. Additionally, the EC2 instances require secure connectivity to the ECS control plane. You have created public and private subnets to launch the EC2 instances. What would be helpful to enable secure connectivity and ensure all container orchestration traffic stays within the VPC? (Choos

C,D

You are working as an AWS Architect for a retail website having an application deployed on EC2 instance. You are using teh SQS queue for storing messages between Web server and database servers. Due to heavy load on the website, there are some cases where clients are getting price details before logging to the website. To resolve this issue, you are planning to migrate to the SQS FIFO queue that will preserve the order of messages. You have created a new FIFO queue with message delay time per qu

C,D

While reviewing the Auto Scaling event for your application, you notice that your application is scaling up and down multiple time in the same hour. What changes would you suggest in order to optimize costs while preserving elasticity? (Choose 2) A. Modify the Auto Scaling group termination policy to terminate the older instance first B. Modify the Auto Scaling group termination policy to terminate the newest instance first C. Modify the Auto Scaling group cool down timers D. Modify the Auto

C,E

You are working as an AWS developer for an online multiplayer game developing start-up company. Elasticache with Redis is used for gaming leaderboards along with application servers, to provide low latency and avoid stale data for these highly popular online games. Redist clusters are deployed within a dedicated VPC in the us-east-1 region. Last week, due to configuration changes in Redis clusters, the gaming application was impacted for 2 hours. To avoid such incidents, you have been requested

C,F

A company currently hosts its architecture in the US region. They now need to duplicate this architecture to the Europe region and extend the application hosted on this architecture to the new region. In order to ensure that users across the globe get the same seamless experience, what should be done? A. Create a Classic Elastic Load Balancer setup to route traffic to both locations B. Create a weighted Route 53 policy to route the policy based on the weightage for each location C. Create an

D

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances that pull transcoding jobs from SQS. As an architect, you need to design how the SQS service would be used in this architecture in order to achieve high throughput. Which of the following is the ideal way in which the SQS service should be used? A. SQS should be used to guarantee high throughput because of the order of messages B. SQS should be used to synchronousl

D

A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances to pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario? A. SQS guarantees the order of the messages B. SQS synchronously provides transcoding output C. SQS checks the health of the worker instances D. SQS helps to facilitate horizontal scaling of encoding tasks

D

A company has an application that delivers objects from S3 to users. Of late, some users spread across the globe have been complaining of slow response times. Which additional step would help in building a cost-effective solution and ensure that the users get an optimal response to objects from S3? A. Use S3 Replication to replicate the objects to regions closest to the users B. Ensure S3 Transfer Acceleration is enabled to ensure that all users get the desired response times C. Place an ELB

D

A company is migrating an on-premises 10 TB MySQL database to AWS. There's a business requirement that the replica lag should be kept under 100 milliseconds. In addition to this requirement, the company expects this database to quadruple in size. Which Amazon RDS engine meets the above requirements? A. MySQL B. Microsoft SQL Server C. Oracle D. Amazon Aurora

D

A company is migrating an on-premises 5TB MySQL database to AWS and expects its database size to increase steadily. which Amazon RDS engine would meet these requirements? A. MySQL B. Microsoft SQL Server C. Oracle D. Amazon Aurora

D

A company needs to extend its storage infrastructure to the AWS Cloud. The storage needs to be available as iSCSI devices for on-premises application servers. What should be done to fulfill this requirement? A. Create a Glacier vault. Use a Glacier Connector and mount it as an iSCSI device B. Create an S3 bucket. Use an S3 Connector and mount it as an iSCSI device C. Use the EFS file service and mount the different file systems to the on-premises servers D. use the AWS Storage Gateway-cached

D

A popular educational website is facing a surge in demand for online video training. They have their large number of video content distributed on-premise data centers and on Amazon S3 bucket in the us-west region. Students from across the globe are facing glitches in videos and complaining about time required to get these videos running even though each video size is less than 1 Gb. The Marketing team is expecting a further increase in demand and you need to provide a scalable solution for this

C

A small company started using EBS backed EC2 instances for the cost improvements over their own running servers. The company's policy is to stop the development servers over weekend and restart them next week. First time when the servers were brought back, none of the developers were able to SSH into them. What did the servers most likely overlook? A. The associated Elastic IP address has changed and the SSH configurations were not updated B. The security group for a stopped instance needs to

C

A start-up firm is using AWS organization for managing policies across its Development and Production accounts. The development account is looking for an EC2 dedicated host that would provide visibility on the number of sockets used. The production account has subscribed to an EC2 dedicated host for its application but is currently not in use. which of the following can be done to share the Amazon EC2 dedicated host from the Production account to the Development account? A. Remove both Developm

C

A team is building an application that must persist and index JSON data in a highly available data store. The latency of data access must remain consistent despite very high application traffic. Which service would help the team to meet the above requirement? A. Amazon EFS B. Amazon Redshift C. DynamoDB D. AWS CloudFormation

C

A website is hosted 2 EC2 instances that sit behind an Elastic Load Balancer. The response time of the website has been slowed down dramatically, and customers are placing fewer orders due to the wait time. Troubleshooting showed that one of the EC2 instances has been failed and only 1 instance is running now. What is the best course of action to prevent this from happening in the future? A. Change the instance size to the maximum available to compensate for the failure B. Use CloudWatch to mo

C

Amazon S3 is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? A. GET after PUT of a new object B. GET or LIST after a DELETE C. GET after overwrite PUT (PUT to an existing key) D. DELETE after GET of new object

C

An AWS Organization has below hierarchy of Organizational Units (OUs): Root -> Project_OU-> Dev_OU. The root is attached with the default Service Control Policy (SCP). Project_OU is attached with an SCP that prevents users from deleting VPC Flow Logs. Dev__OU has an SCP that allows the action of "ec2:DeleteFlowLogs". Are the IAM users/roles in Dev_OU AWS accounts allowed to delete VPC Flow Logs? A. It is permitted because the SCP in Dev_OU allows it B. It is allowed because the Root has the de

C

An IT firm has deployed a new application on a fleet of EC2 instances in an AWS cloud Infrastructure. These EC2 instances are monitored by a legacy monitoring tool from on-premise. Some of these EC2 instances are hibernated based upon the response from users. Operations team is concerned about the IP address retention for EC2 instance post hibernation so that they will modify on-premise monitoring tools accordingly. Which of the following is TRUE with respect to EC2 hibernation? A. EC2 instance

C

An application consists of the following architecture: a. EC2 instances are in multiple AZ's behind an ELB b. The EC2 instances are launched via an auto scaling group c. There is a NAT instance used so that instances can download updates from the internet Due to the high bandwidth being consumed by the NAT instance, it has been decided to use a NAT Gateway. How could this be implemented? A. Use NAT instances along with the NAT gateway B. Host the NAT instance in the private subnet C. Migra

C

An application currently writes a large number of records to a DynamoDB table in one region. There is requirement for a secondary application to retrieve new records written to the DynamoDB table every 2 hours and process the updates accordingly. What would be an ideal method to ensure that the secondary application gets the relevant changes from the DynamoDB table? A. Insert a timestamp for each record and then, scan the entire table for the timestamp as per the last 2 hours B. Create another

C

An application with a 150 GB relational database runs on an EC2 instance. While the application is used infrequently with small peaks in the morning and evening, which storage type would be the most cost-effective option for the above requirement? A. Amazon EBS provisioning IOPS SSD B. Amazon EBS Throughput Optimized HDD C. Amazon EBS General Purpose SSD D. Amazon EFS

C

An organization has a requirement to store 10TB worth of scanned files across multiple availability zones. It plans to have a search application in place to search through the scanned files. Which of the following options is ideal for implementing the search facility? A. Use S3 with reduced redundancy to store and serve the scanned files. Install a commercial search application on EC2 instances and configure with Auto-scaling and an ElasticLoad Balancer B. Model the environment using CloudForma

C

As a solutions architect it is your job to design for high availability and fault tolerance. Company-A is utilizing Amazon S3 to store large amounts of file data. You need to ensure that the files are still available in the case of an entire region facing an outage due to a natural disaster. How can you achieve this? A. Copy the S3 bucket to an EBS optimized backend EC2 instance B. Amazon S3 is highly available and fault tolerant by design and requires no additional configuration C. Enable Cr

C

As a solutions architect, you need to design a multi-tier architecture for a project in AWS. The application contains 3 tiers: the frontend layer, the business logic layer, and storage layer. The frontend and business logic layers are implemented by Auto Scaling groups and Amazon DynamoDB is selected as the data storage option in the storage layer. Which of the following options is NOT a feature of this architecture? A. Each layer is modularized and managed independently B. The backend and dat

C

Currently, you're responsible for the design and architect of a highly available application. AFter building the initial environment, you discover that a part of your application does not work correctly until port 443 is added to the security group. After adding port 443 to the appropriate security group, how much time will it take for the application to work correctly? A. Generally, it takes 2-5 minutes for the rules to propagate B. Immediately after a reboot of the EC2 instances, belonging to

C

IoT sensors monitor the number of bags that are handled at an airport. The data is sent back to a Kinesis stream with default settings. Every alternate day, the data from the stream is sent to S3 for processing. But it is noticed that S3 is not receiving all of the data that is being sent to the Kinesis stream. What could be the reason for this? A. The sensors probably stopped working on somedays, hence data is not sent to the stream B. S3 can only store data for a day C. The default retentio

C

The Developers Team is working on a new application for which they will be launching a large number of EC2 instances. To decrease time in launching all these EC2 instance they want you to pre-warm these instances and keep ready for launching with all required patches and software. Which of the following can be done to meet this requirement? A. Launch an Amazon EC2 instance with the Auto-Scaling group and enable Hibernate on each instance with the Auto-Scaling group B. Launch an Amazon EC2 inst

C

There are two folders A and B in an S3 bucket. Folder A stores objects that are frequently accessed. Folder B saves objects that are long-lived, infrequently accessed and non-critical. The retrieval time for files in folder B should be within milliseconds. You want to use different storage classes for objects in these 2 folders to save cost. Which storage classes are proper? A. Standard for folder A and S3 Glacier for folder B B. Intelligent-Tiering for folder A and Reduced Redundancy for fold

C

Which Amazon EC2 pricing model allows you to pay a set hourly price for compute, giving you full control over when the instance launches and terminates? A. Spot Instance B. Reserved Instance C. On Demand Instance D. Dedicated Instances

C

You are building an automated transcription service in which Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know about the storage capacity requirements. Which storage option would be both cost-efficient and scalable in this situation? A. Multiple Amazon EBS volume with snapshot B. A single Amazon Glacier Vault C. A single Amazon S3 bucket D. Multi

C

You are desinging a systems which needs at minimum, 8 m4.large instances operating to service traffic. While designing a system for high availability in the us-east-1 region having 6 availability zones, your company needs to be able to handle the death of a full availability zone. How should you distribute the servers to save as much cost as possible, assuming all of the EC2 nodes are properly linked to an ELB? Your VPC account can utilize us-east-1's AZs a through f, inclusive A. 3 servers in

C

You are working as an AWS Architect for a retail company using AWS EC2 instance for a web application. The company is using Provisioned IOPS SSD EBS volumes to store all product database. This is a critical database and you need to ensure appropriate backups are accomplished every 12 hours. Also, you need to ensure that storage space is optimally used for storing all these snapshots removing all older files. Which of the following can help to meet this requirement with the least management overh

C

You are working as an AWS Architect for a start-up company. The company has web servers deployed in all AZ's in the eu-central-1 (Frankfurt) region. These web servers have German news and local web content for people accessing these websites within Germany. These web servers have multiple records created for a single domain. The company is looking for a random selection of web-servers that will increase its availability. What would be the most appropriate routing policy for this requirement? A.

C

You are working as an AWS Architect for an IT firm that is developing a new application for traders in the capital market. There would be multiple trading orders initiated by clients. You have multiple EC2 instances with Auto-Scaling groups to process these trades parallelly. Also, each trade should be stateful and processed independently. What could be used to meet this requirement? A. Use the SQS FIFO queue with Receive Request Attempt ID B. Use the SQS FIFO queue with a sequence number C. U

C

You are working as an AWS consultant for an online grocery store. They are using two-tier web application with web-servers hosted in VPC's at us-east-1 region and on-premise data-center. Network Load Balancer is configured in front end to distribute traffic between these servers. All traffic between clients and servers is encrypted. To reduce load on back-end servers, they are looking for an alternate solution to terminate TLS connection on this Network Load Balancer. Management team of this sto

C

A global content management company is using Amazon Aurora as a database for scaling millions of documents with high throughput. The Development team has created a new version of the database which needs to be shared with TEST and PRODUCTION accounts within the company which will run their own OLAP queries. The company is using AWS Organizations to manage policies and have consolidated billing across all AWS accounts. Which of the following can be done to share DB clusters with the TEST account?

D

A large retail firm is saving its global sales reports in S3 bucket and are using S3 Lifecycle Rules to move this data from Standard_IA storage class to AWS S3 Glacier post 180 days. Due to the financial year end, the Finance team is looking for a sales report for only Europe region where there is mismatch reported in sales figure. Which of the following is a recommended way to fetch this data with least efforts? A. Retrieve this data from Amazon Glacier to S3 bucket and use Amazon S3 select to

D

A solutions architect is designing a solution to store and archive corporate documents. He has determined that Amazon Glacier is the right solution. Data has to be retrieved within 3-5 hours as directed by the management. Which feature in Amazon Glacier could be helpful to meet this requirement and ensure cost-effectiveness? A. Vault Lock B. Expedited Retrieval C. Bulk Retrieval D. Standard Retrieval

D

A start-up firm has deployed project files in the Amazon S3 bucket. This is accessed globally by intranet users for which they are using Amazon CloudFront. Last few days it was observed that these objects are being altered by unauthorized users directly from the S3 bucket. The Security Team wants to control access to these objects and make sure only authorized users are able to access these files only in a particular time period. You are working to find a resolution for the same. Which of the fo

D

An application allows a manufacturing site to upload files, Each uploaded 3 GB file is processed to extract metadata, and this process takes a few seconds per file. The frequency at which the uploading happens is unpredictable. For instance, there may be no upload for hours, followed by several files being uploaded concurrently. Which architecture will address this workload in the most cost-efficient manner. A. Use a Kinesis Data Delivery Stream to store the file. Use Lambda for processing. B.

D

An application team needs to quickly provision a development environment consisting of a web and database layer. What would be the quickest and most ideal way to get this set up in place? A. Create Spot Instances and install the web and database components B. Create Reserved Instances and install the web and database components C. Use AWS Lambda to create the web components and AWS RDS for the database layer D. Use Elastic Beanstalk to quickly provision the environment

D

As a part of your application architecture requirements, the company has requested the ability to run analytics against all the combined log files from the Elastic Load Balancer. Which services would you use together to collect logs and process log file analysis in an AWS environment? A. Amazon DynamoDB to store the logs and EC2 to run custom log analysis scripts B. Amazon EC2 for storing and processing the log files C. Amazon S3 for storing the ELB log files and EC2 for processing the log fi

D

As the cloud administrator of company, you notice that one of the EC2 instances is restarting frequently. There is a need to troubleshoot and analyze the system logs. What can be used in AWS to store and analyze the log files from the EC2 instance? A. AWS SQS B. AWS S3 C. AWS CloudTrail D. AWS CloudWatch logs

D

Developer team is working on a new RTMP based flash application. They want to test this application with a few users spread across multiple in-house location before making this application live. For this they have created a RTMP distribution in Amazon CloudFront. IT Head has asked you to control access to application so that only specific users from these locations can access this application during a specific time. Which of the following can meet this requirement? A. Create signed cookies spec

D

In order to manage a large number of AWS accounts in a better way, you create a new AWS Organization and invite these accounts. You only enable the "Consolidated billing" feature set in the organization. Which of the below features does the AWS Organization have? A. Apply SCPs to restrict the services that IAM users can access B. Configure tag policies to maintain consistent tags for resources in the organization's accounts C. Configure a policy to prevent IAM users in the organization from d

D

One AWS Organization owns several AWS accounts. Recently, due to a change of company organizations, one member account needs to be moved from this AWS Organization to another one. How can you achieve this? A. In the AWS console, drag and drop this account from one organization to another B. In the AWS console, select the member account and migrate it to the destination AWS organization C. Delete the old AWS organization. Send an invite from the new organization and accept the invite for the m

D

There is a requirement to host a database server. The server should be able to connect to the internet while downloading the required database patches, but the ingress traffic to the instances are not allowed. which of the following solutions would satisfy all the above requirements at best? A. Setup the database in a private subnet with a security group that only allows outbound traffic B. Setup the database in a public subnet with a security group that only allows inbound traffic C. Setup t

D

Under a single AWS account, you have set up an Auto Scaling group with a maximum capacity of 50 Amazon EC2 instances in us-west-2. When you scale out, however, it only increases to 20 Amazon EC2 instances. What is the likely cause? A. Auto Scaling has a hard limit of 20 Amazon EC2 instances B. If not specified, the Auto Scaling group maximum capacity defaults to 20 Amazon EC2 instances C. The Auto Scaling group desired capacity is set to 20, so Auto Scaling stopped at 20 Amazon EC2 instances D.

D

Under what circumstances will Amazon EC2 instance store data not be preserved A. The associated security groups are changed B. The instance is stopped or rebooted C. The instance is rebooted or terminated D. The instance is stopped or terminated E. None of the above

D

What Amazon Relational Database Service (Amazon RDS) feature provides the high availability for your database? A. Regular maintenance windows B. Security groups C. Automated backups D. Multi-AZ deployment

D

What must you do to create a record of who accessed your Amazon S3 data and from where? A. Enable Amazon CloudWatch logs B. Enable versioning on the bucket C. Enable website hosting on the bucket D. Enable server access logs on the bucket E. Create an AWS IAM bucket policy

D

Which of the following statements about Amazon DynamoDB secondary indexes is true? A. There can be many per table, and they can be created at any time B. There can only be one per table, and it must be created when the table is created C. There can be many per table, and they can be created at any time. D. There can only be one per table, and it must e created when the table is created

D

You are a Solutions Architect in a startup company that is releasing the first iteration of its app. Your company doesn't have a directory service for its intended users but wants the users to be able to sign in and use the app. What would you advice to implement a solution quickly? A. Use AWS Cognito although it only supports social identity providers like Facebook B. Let each user create an AWS user account to be managed via IAM C. Invest heavily in Microsoft Active Directory as it's the in

D

You are an AWS Solutions Architect. Your company has a successful web application deployed in an AWS Auto Scaling group. The application attracts more and more global customers. However, the application's performance is impacted. Your manager you how to improve the performance and availability of the application. Which of the following AWS services would you recommend? A. AWS DataSync B. Amazon DynamoDB Accelerator C. AWS Lake Formation D. AWS Global Accelerator

D

You are building a microservice architecture in AWS for a web application. A Lambda function collects clients' requests and forwards them to a standard SQS queue. Another Lambda function gets messages from the queue and processes them. Your manager is worried about the availability of the SQS queue which may become a single point of failure. How would you address this concern? A. Create another SQS queue to provide a redundancy B. Select multiple availability zones when creating the SQS queue

D

You are deploying an application on Amazon EC2 that must call AWS APIs. Which method would you use to securely pass the credentials to the application? A. Pass API credentials to the instance using instance user data B. Store API credentials as an object in Amazon S3 C. Embed the API credentials into your application D. Assign IAM roles to the EC2 instances

D

You are hosting a web server on an EC2 instance. With a number of requests consuming a large part of the CPU, the response performance for the application is getting degraded. Which of the following would help to alleviate the problem and provide a better response time? A. Place the EC2 instance behind a classic load balancer B. Place the EC2 instance behind an application load balancer C. Place the EC2 instance in an Auto Scaling group with the max size as 1 D. Place a CloudFront Distributio

D

You are planning to host a web and MySQL database application in an AWS VPC. The database should only be accessible by the web server. what would you change to fulfill this requirement? A. Network Access Control Lists B. AWS RDS Parameter Groups C. Route Tables D. Security Groups

D

You are requested to provide guidance for a large Pharma company. They are looking for a solution to save all their R&D test analysis data in a secure way. Daily large numbers of reports are generated, this data would be accessed parallelly from multiple R&D centers spread across the globe. Company requires this data to be instantaneously available to all users. Which of the following is the most suitable way for storage in AWS to provide low latency access to users across the globe with least c

D

You are working as an AWS Architect for a global media firm. They have web servers deployed on EC2 instances across multiple regions. For audit purposes, you have created a CloudTrail trail to store all CloudTrail event log files to the S3 bucket. This trail applies to all regions and is stored in S3 buckets at the EU-Central region. During last year's audit, auditors have raised a query on the integrity of log files that are stored in the S3 buckets and tendered as Non-Compliance. Which feature

D

You are working as an AWS Architect for a start-up company. The company has a two-tier production website on AWS with web servers in front end and database servers in the back end. A third-party firm has been looking after the operations of these database servers. They need to access these database servers in private subnets on SSH port. As per the standard operating procedure provided by the Security team, all access to these servers should be over a secure layer. What will be the best solution

D

You are working as an AWS consultant for a start-up company. They have developed a web application for their employees to share files with external vendors securely. They created an AutoScaling group for the web servers which requires two m4.large EC2 instances running at all times, scaling up to a maximum of 12 instances. Post-deployment of the application, a huge rise in cost was observed. Due to a limited budget, the CTO has requested your advice to optimize the usage of instances in the Auto

D

You are working for a global financial company. Company locations spred across various countries upload transaction data to S3 bucket in the us-west region. You will be using AWS Glue and amazon Athena to further analyze this data. You are using Crawler that will scan all data from S3 buckets and populate Glue Data catalog, to which Amazon Athena will query. A large amount of CSV data is uploaded on a daily basis from all the global locations simultaneously. to decrease scanning time while scann

D

You are working for an electrical appliance company that has web-application hosted in AWS. This is a two-tier web application with web-servers hosted in VPC's and on-premise data-center. You are using a Network Load Balancer in the front end to distribute traffic between these servers. You are using instance ID for configuring targets for Network Load Balancer. Some clients are complaining about the delay in accessing this website. To troubleshoot this issue, you are looking for a list of Clien

D

You are working with a global IT firm that has web-application hosted in AWS. This is a 2 tier web application with web servers behind application load balancers. A new application is developed for which you need to analyze performance at each node. These parameters will be used as a reference before making this application into commercial services and henceforth for any operational challenges. You are using AWS X-ray for this purpose. which of the following would help to get traces while ensuri

D

You currently have the following architecture in AWS: a. a couple of EC2 instances located in us-west-2a b. the EC2 instances are launched via an auto Scaling group c. The EC2 instances sit behind a classic ELB Which additional step would ensure that the above architecture conforms to a well architected framework? A. Convert the Classic ELB to an Application ELB B. Add an additional Auto Scaling Group C. Add additional EC2 instances to us-west-2a D. Add or spread existing instances across

D

You currently manage a set of web servers hosted on EC2 servers with public IP addresses. These IP addresses are mapped to domain names. There was an urgent maintenance activity that had to be carried out on the servers and the servers had to be stopped and restarted. Now the web application hosted on these EC2 instances is not accessible via the domain names configured earlier. Which of the following could be a reason for this? A. The Route 53 hosted zone needs to be restarted B. The network

D

You currently work for a company that is specialized in baggage management. GPS devices installed on all the baggages deliver the coordinates of the unit every 10 seconds. You need to collect and analyze these coordinates in real-time from multiple sources. Which tool should you use to process the data? A. Amazon EMR B. Amazon SQS C. AWS Data Pipeline D. Amazon Kinesis

D

You have a set of docker images that you use for building containers. You want to start sing the Elastic Container Service and utilize the docker images. You need a place to store these docker images. What would you use for this purpose? A. Use AWS DynamoDB to store the Docker image B. Use AWS RDS to store the Docker images C. Use EC2 instances with EBS volumes to store the Docker images D. use the ECR service to store the docker imges

D

You have a small company, running on Windows OS, that is only leveraging cloud resources like AWS workspaces and AWS workmail. You want a fully managed solution to set policies and provide user management. Which of the minimum required AWS Directory Service would you recommend? A. AWS Managed Microsoft AD for its full-blown AD features and capabilities B. AD Connector to be used with on-premises applications C. AWS cognito for its scalability and customization D. Simple AD for limited functi

D

You have a web application hosted on an EC2 instance in AWS which is being accessed by users across the globe. The Operations team has been receiving support requests about extreme slowness from users in some regions. what can be done to the architecture to improve the response time for these users? A. Add more EC2 instances to support the load B. Change the instance type to a higher instance type C. Add route 53 health checks to improve the performance D. Place the EC2 instance behind Cloud

D

You have an EC2 instance in a particular region. This EC2 instance has a preconfigured software running on it. You have been requested to create a disaster recovery solution in case the instance in the region fails. Which of the following is the best solution? A. Create a duplicate EC2 instance in another AZ. Keep it in the shutdown state. When required, bring it back up B. Backup the EBS data volume. If the instance fails, bring up a new EC2 instance and attach the volume. C. Store the EC2 d

D

You have an RDS instance in a VPC. In the same AWS account, there is an EC2-classic instance that does not belong to any VPC. The EC2 instance needs to communicate with the RDS instance using its private IPv4 address. Which method would you use? A. Modify the security group of the RDS instance to allow the incoming traffic from the Ec2-classic instance B. Attach a security group to the EC2 instance to allow all outgoing traffic C. Enable PrivateLink for the VPC and link the EC2-classic instanc

D

You have an application running in AWS. The application has the frontend EC2 servers deployed in a public subnet. And the backend EC2 servers are hosted in a private subnet. The frontend servers can communicate with the backend servers properly. One day there is an issue in production and you need to login to one backend EC2 instance to troubleshoot. The connection to the backend servers should be done in the most secure way. Which of the following options is the most secure one to access the in

D

You have an application that has been dockerized. You plan to deploy the application in an AWS ECS cluster. As the application gets configuration files from an S3 bucket, the ECS containers should have the AmazonS3ReadOnly Access permission. What is the correct method to configure the IAM permission? A. Add an environment variable to the ECS cluster configuration to allow the S3 read only access B. Add the AmazonS3ReadOnlyAccess permission to the IAM entity that creates the ECS cluster C. Mod

D

You have been asked to create a VPC network topology for your company. The VPC network must support both internet-facing applications and internal-facing applications accessed only over VPN. both internet-facing and internal-facing applications must be able to leverage at least 3 AZs for high availability. How many subnets must you create within your VPC to accommodate these requirements? A. 2 B. 3 C. 4 D. 6

D

You have been assigned the task of architecting an application in AWS. The architecture would consist of EC2, the Classic Load Balancer, Auto Scaling, and Route 53. You need to ensure that Blue-Green deployments are possible in this architecture. Which routing policy should you ideally use in Route 53 in order to achieve Blue-Green deployments? A. Simple B. Multivalue Answer C. Latency D. Weighted

D

You have been hired as a consultant for a company to implement their CI/CD processes. They currently use an on-premises deployment of Chef for their configuration management on servers. You need to advice them on what they can use on AWS to leverage their existing capabilities. Which of the following service would you recommend? A. Amazon Simple Workflow Service B. AWS Elastic Beanstalk C. AWS CloudFormation D. AWS Opsworks

D

You have both production and development based instances running on your VPC. It is required to ensure that people responsible for the development instances do not have access to work on production instances for better security. Which of the following would be the best way to accomplish this using policies? A. Launch the development and production instances in separate VPCs and use VPC peering B. Create an IAM group with a condition that allows access to only those instances which are used for

D

You have designed an application that uses AWS resources, such as S3 to operate and store users' documents. You currently use Cognito identity pools and user pools. To increase usage and ease of signing up, you decide that adding social identity federation is the best path forward. How would you differentiate the Cognito identity pool and the federated identity providers? A. They are the same and just called different things. B. First, you sign-in via Cognito then through a federated site like

D

You need to ensure that instances in a private subnet can access the internet. The solution should be highly available and ensure less maintenance overhead. Which of the following would ideally fit this requirement? A. Host the NAT instance in the private subnet B. Host the NAT instance in the public subnet C. Host the NAT Gateway in the private subnet D. Host the NAT Gateway in the public subnet

D

You own a MySQL RDS instance in AWS Region us-east-1. The instance has a Multi-AZ instance in another availability zone for high availability. As business grows, there are more and more clients coming from Europe (eu-west-2) and most of the database workload is read-only. What is the proper way to reduce the load on the source RDS instance? A. Create a snapshot of the instance and launch a new instance in eu-west-2 B. Promote the Multi-AZ instance to be a Read Replica and move the instance to

D

You want to set up a public website on AWS. Your requirements are as follows: -You want the database and the application server running on AWS VPC -You want the database to be able to connect to the internet, specifically for patch upgrades -You do not want to receive any incoming requests from the internet to the database Which of the following solutions would best satisfy all these requirements? A. Setup the database in a private subnet with a security group that only allows outbound traff

D

You work as an architect for a company. An application is going to be deployed on a set of EC2 instances in a private subnet of VPC. You need to ensure that IT administrators can securely administer the instances in the private subnet. How can you accomplish this? A. Create a NAT Gateway, ensure SSH access is provided to the NAT gateway. Access the instances via the NAT gateway B. Create a NAT instance in a public subnet, ensure SSH access is provided to the NAT instance. Access the instances

D

You work as an architect for a company. There is a requirement for an application to be deployed on a set of EC2 instances. These would be part of a compute cluster that requires low inter-node latency. Which of the following would you use for this requirement? A. Multiple Availability Zones B. AWS Direct Connect C. EC2 dedicated instances D. Cluster placement groups E. VPC private subnets

D

You're an architect for your company. Your IT admin staff needs access to newly created EC2 instances for administrative purposes. Which of the following needs to be done to ensure that the IT admin staff can successfully connect via port 22 on to the EC2 instances A. Adjust security group to permit egress traffic over TCP port 443 from your IP B. Configure the IAM role to permit changes to security group settings C. Modify the instance security group to allow ingress of ICMP packets from you

D

Your company has a legacy application that uses the monolithic architecture. You need to design a new microservices architecture for the application and host it in AWS. The application should be dockerized so that it can be easily deployed. Which of the following AWS services would you choose to host the application? A. Elastic Kubernetes Engine B. Amazon Lambda C. Elastic Container Registry D. Elastic Container Service

D

Your company has a set of EC2 instances hosted in AWS. It is mandatory to prepare for disasters and come up with the necessary disaster recovery procedures. What would be helpful in mitigating the effects of a disaster for the EC2 instances? A. Place an ELB in front of the EC2 instances B. Use Auto Scaling to ensure that the minimum number of instances are always running C. Use CloudFront in front of the EC2 instances D. Use AMIs to recreate the EC2 instances in another region

D

Your company is building container-base applications. Currently, they use Kubernetes for their on-premises docker based orchestration. They want to move to AWS and preferably not have to manage the infrastructure for the underlying orchestration service. Which of the following could be used for this purpose? A. AWS DynamoDB B. AWS ECS with Fargate c. AWS EC2 with Kubernetes installed D. AWS Elastic Beanstalk

D

Your operations department is using an incident-based application hosted on a set of EC2 instances. These instances are placed behind an Auto Scaling group to ensure that the right number of instances are in place to support the application. The Operations department has expressed dissatisfaction with regard to poor application performance every day at 9:00 AM. However, it is also noted that the system performance returns to optimal at 9:45 AM. What could be done to fix this issue? A. Create an

D

You have an application running in us-west-2 that requires 6 EC2 instances running at all times. With 3 Availability Zones in the region viz. us-west-2a, us-west-2b, and us-west-2c, which of the following deployments provides fault tolerance if an Availability Zone in us-west-2 becomes unavailable (Choose 2) A. 2 EC2 Instances in us-west-2a, 2 EC2 Instances in us-west-2b, and 2 EC2 Instances in us-west-2c B. 3 EC2 instances in us-west-2a, 3 EC2 instances in us-west-2b, and no EC2 instances in us

D,E

A company currently hosts a Redshift cluster in AWS. For security reasons, it should ensure that all traffic from and to the Redshift cluster does not go through the Internet. Which features can be used to fulfill this requirement in an efficient manner? A. Enable Amazon Redshift Enhanced VPC Routing B. Create a NAT Gateway to route the traffic C. Create a NAT Instance to route the traffic D. Create a VPN connection to ensure traffic does not flow through the internet

A

A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer-managed database cluster. There should be no access to the database from the Internet but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements? A. Public subnets for b

C

A VPC has been set up with a subnet and an internet gateway. The EC2 instance is set up with a public IP but you are still not able to connect to it via the internet. The security groups are also in place. What should you do to connect to the EC2 instance from the internet. A. Set an elastic IP address to the EC2 instance B. Set a secondary private IP address to the ec2 instance C. Ensure that the right route route entry is there in the route table D. There must be some issue in the EC2 inst

C

A company currently hosts a lot of data on its on-premises location. It wants to start storing backups of this data with low latency access to data on AWS. How could this be achieved in the most efficient way? A. Create EBS Volumes and store the data B. Create EBS Snapshots and store the data C. Make use of Storage Gateway Stored volumes D. Make use of Amazon Glacier

C

A company has an on-premises infrastructure which they want to extend to the AWS cloud. There is a need to ensure that communication across both environments is possible over the internet when initiated from on-premises. What should be set up on the on-premise side? A. Create a VPC peering connection between the on-premises and the AWS environment B. Create an AWS Direct connection between the on-premises and the AWS environment C. Create a VPN connection between the on-premises and the AWS env

C

A company hosts a popular web application that connects to Amazon RDS MySQL DB instance running in a private VPC subnet created with default ACL settings. The IT Security department has identified a DoS attack from a suspecting IP. How would you protect the subnets from this attack? A. Change the Inbound Security Groups to deny access from the suspecting IP B. Change the outbound security groups to deny access from the suspecting IP C. Change the Inbound NACL to deny access from the suspectin

C

A company is building a service using Amazon EC2 as a worker instance that will process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable? A. Multiple Amazon EBS Volume with snapshots B. A single Amazon Glacier vault C. A single Amazon S3 bucket D. Multiple instance stores

C

A cash-starved start-up firm is using AWS Storage Gateway to backup all on-premise data to Amazon S3. For this, they have set-up VPN connectivity to VGW from client end devices using existing internet links. Recently they are observing data backups are taking a long time to complete due to large data size and looking for an immediate resolution for quick data backup. Which of the following is a cost-effective way to fast data backups on the VPN tunnel? A. Create a new VPN tunnel with ECMP enabl

D


Related study sets

Chapter 4 - The Relational Model

View Set

Patho/Pharm Exam 3 (SI questions)

View Set

Networking Chapter 3 - Data and Signals, [3] Data and Signal, chap 3 Data and Signals, DATA AND SIGNALS, chp 2 - fundamentals of data and signals, Chapter 2, Fundamentals of data and signals, terms, Chapter 2 Fundamentals of Data and Signals, Chapter...

View Set

apush 1-24 test (adapted from fall 2017 CB)

View Set

2: Sensations and Perception [EAR]

View Set

SGQ 13, SGQ 14, SGQ 15, SGQ 16, SGQ 18, SGQ 19

View Set