Whizlabs mistake
For which of the following scenarios should a Solutions Architect consider using ElasticBeanStalk? (Choose TWO.)
A Java web application using Amazon Linux EC2 instances A worker environment with an SQS queue and an Auto Scaling group
Your team uses Amazon ECS to manage containers for several micro-services. To save cost, multiple ECS tasks should run at a single container instance. When a task is launched, the host port should be dynamically chosen from the container instance's ephemeral port range. The ECS service should select a load balancer that supports dynamic mapping. Which types of load balancers are appropriate?
Application Load Balancer or Network Load Balancer
You have a web application that processes customer orders. The frontend application forwards the order messages to an SQS queue. The backend contains an Elastic Load Balancer and an Auto Scaling group. You want the ASG to auto-scale depending on the queue size. Which of the following CloudWatch metrics would you choose to discover the SQS queue length?
ApproximateNumberOfMessagesVisible
A company is building a service using Amazon EC2 as a worker instance to process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. You do not know what the storage capacity requirements are. Which storage option is both cost-efficient and scalable?
A single Amazon S3 bucket
You are building an automated transcription service where Amazon EC2 worker instances process an uploaded audio file and generate a text file. You must store both of these files in the same durable storage until the text file is retrieved. Customers fetch the text files frequently. You do not know about the storage capacity requirements. Which storage option would be both cost-efficient and highly available in this situation?
A single Amazon S3 bucket
As the company's cloud administrator, you notice that one of the EC2 instances is frequently restarting. There is a need to troubleshoot and analyze the system logs with an embedded metric format. What can be used in AWS to store and analyze the log files from the EC2 Instance?
AWS CloudWatch Logs
Your Organization is planning to move its on-premise databases to the AWS Cloud. You have been selected to migrate the main production database, and there are some requirements. The production database should remain active during the migration. You need to monitor the progress of the migration. The database is an SQL Server Database. You need to find an easy way to convert the actual schemas to MySQL schemas. What services could help to achieve this? (Select two)
AWS Database Migration Hub AWS Migration Hub
You have an application hosted in EC2. This application is accessed by users in different countries and needs high performance. The application also needs static IPs that should not be changed. What service could be used to achieve these requirements?
AWS Global Accelerator.
You are working in a financial company. The company needs to create a serverless application in AWS, including the serverless resources such as Lambda functions and API gateways. You prefer using a framework to build the application on AWS as quickly as possible. Which of the following frameworks is built for serverless applications?
AWS Serverless Application Model (AWS SAM)
You are working as an AWS consultant in an E-Commerce organization. Your organization is planning to migrate its database from on-premises data centers to Amazon RDS. The automated backup helps to restore the Database to any specific time during the backup retention period in Amazon RDS. Which of the following actions are performed as a part of the Amazon RDS automated backup process?
AWS creates a storage volume snapshot of the database instance during the backup window once a day. AWS RDS also captures transactions logs and uploads them to S3 buckets every 5 minutes.
You are responsible for deploying a critical application to AWS. It is required to ensure that the controls set for this application meet PCI compliance. Also, there is a need to monitor web application logs to identify any malicious activity. Which of the following services could be used to fulfill this requirement? (Select TWO)
Amazon CloudWatch Logs Amazon CloudTrail
Your company is planning to use Amazon EMR service for testing a new application and also wants to minimize the cost of running the EMR service. How would you achieve this?
Choose Spot Instances for the underlying nodes.
A Media firm is saving all its old videos in S3 Glacier Deep Archive. Due to the shortage of new video footage, the channel has decided to reuse all these old videos. Since these are old videos, the channel is not sure of its popularity & response from users. Channel Head wants to make sure that these huge size files do not shoot up their budget. For this, as an AWS consultant, you advise them to use the S3 intelligent storage class. The Operations Team is concerned about moving these files to the S3 Intelligent-Tiering storage class. Which of the following actions can be taken to move objects in Amazon S3 Glacier Deep Archive to S3 Intelligent-Tiering storage class?
C. Use Amazon S3 console to restore objects from S3 Glacier Deep Archive & then copy these objects to required S3 Intelligent-Tiering storage class.
Your team has deployed an application that consists of a web and database tier hosted on separate EC2 Instances. Both EC2 Instances are using General Purpose SSD for their underlying volume type. Of late, there are performance issues related to the read and writes of the database EC2 Instance. Which of the following could be used to alleviate the issue?
Change the EBS volume to Provisioned IOPS SSD.
You need to deploy a high performance computing (HPC) and machine learning application in AWS Linux EC2 instances. The performance of inter-instance communication is very critical for the application. You want to attach a network device to the instance so that the computing performance can be greatly improved. Which of the following options can achieve the best performance?
Configure Elastic Fabric Adapter (EFA) in the instance.
Your company would like to leverage the AWS storage option and integrate it with the current on-premises infrastructure. There is a requirement of low latency access to the entire dataset and backup. Which of the following options would be best suited for this scenario?
Configure Storage Gateway Stored Volume.
You have a lifecycle rule for an S3 bucket that archives objects to the S3 Glacier storage class 60 days after creation. The archived objects are no longer needed one year after being created. How would you configure the S3 bucket to save more cost?
Configure the S3 lifecycle rule to expire the objects after 365 days from object creation.
You own a MySQL RDS instance in AWS Region us-east-1. The instance has a Multi-AZ instance in another availability zone for high availability. As business grows, more and more clients come from Europe (eu- west-2), and most of the database workload is read-only. What is the proper way to reduce the load on the source RDS instance?
Create a Read Replica in the AWS Region eu-west-2.
You own a MySQL RDS instance in AWS Region us-east-1. The instance has a Multi-AZ instance in another availability zone for high availability. As business grows, more and more clients come from Europe (eu-west-2), and most of the database workload is read-only. What is the proper way to reduce the load on the source RDS instance?
Create a Read Replica in the AWS Region eu-west-2.
A large IT company is using Amazon CloudFront for its web application. Static Content for this application is saved in the Amazon S3 bucket. Amazon CloudFront is configured for this application to provide faster access to these files for global users. IT Team is concerned about some critical files that need to be accessed only by users from certain white-list countries that you have defined in Amazon CloudFront geo-restriction. There is a requirement that no users should access these files directly using the Amazon S3 URL. Which of the following is the best way to achieve the given requirement?
Create an OAI user to associate with distribution & modify permission on Amazon S3 bucket using object ACL's.
A retailer exports data daily from its transactional databases into an S3 bucket in the Sydney region. The retailer's Data Warehousing team wants to import this data into an existing Amazon Redshift cluster in their VPC in Sydney. Corporate security policy mandates that data can only be transported within the AWS's private network. Which steps would satisfy the security policy? (SELECT TWO.)
Create and configure an Amazon S3 VPC endpoint. Enable Amazon Redshift Enhanced VPC Routing.
A legal consultant firm is using versioning enabled S3 buckets to save all its legal documents. To avoid any deletion/ modification of these documents, they have locked these files with a retention period of 6 months. In some cases, these legal documents are getting updated with new information that the firm requires to set a different retention period than the original object. Which of the following actions will meet this requirement with the least efforts?
Create another version of the object with the same name and have a separate retention period than the current object.
A Solutions Architect is designing an online shopping application running in a VPC on EC2 Instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer-managed database cluster. There should be no access to the database from the Internet. But the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
Create public subnets for the application tier and NAT Gateway, and private subnets for the database cluster.
A Solutions Architect is designing an online shopping application running in a VPC on EC2 Instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer-managed database cluster. There should be no access to the database from the Internet. But the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
Create public subnets for the application tier and NAT Gateway, and private subnets for the database cluster.
You configure an Amazon S3 bucket as the origin for a new CloudFront distribution. The traffic should not hit the S3 URLs directly instead, they should be directed to the CloudFront distribution and the files should be fetched through the CloudFront URL. Which method is the most appropriate?
Create the origin access identity (OAI) and associate it with the distribution.
Your recent security review revealed a large spike in attempted logins to your AWS account. For sensitive data stored in encryption enabled S3, the data has not been encrypted and is susceptible to fraud if it was to be stolen. You've recommended AWS Key Management Service as a solution. Which of the following is true regarding the server-side encryption of KMS?
Data is encrypted at rest with KMS.
You have both production and development based instances running on your VPC. It is required to ensure that people responsible for the development instances do not have access to work on production instances for better security. Which of the following would be the best way to accomplish this using policy with minimal efforts?
Define the tags on the Development and production servers and add a condition to the IAM Policy which allows access to specific tags.
You have two AWS Organizations. All the AWS accounts in Organization A need to be moved to Organization B. You have already moved all the member accounts, and now you need to migrate the master account. Which of the following options should you choose?
Delete Organization A and invite the master account to join Organization B.
A company has a Redshift Cluster defined in AWS. The IT Operations team has ensured that both automated and manual snapshots are in place. Since the cluster will be run for a couple of years, Reserved Instances have been purchased. There has been a recent concern about the cost being incurred by the cluster. Which step should be carried out to minimize the costs being incurred by the cluster?
Delete the manual snapshots.
You are working as an AWS Architect for a start-up company. The company has a two-tier production website on AWS with web servers in the front end & database servers in the back end. The third-party firm has been looking after the operations of these database servers. They need to access these database servers in private subnets on the SSH port. As per standard operating procedure provided by the Security team, all access to these servers should be over a jump box accessible from internet. What will be the best solution to meet this requirement?
Deploy Bastion hosts in Public Subnet
You are working as an AWS Architect for an IT Company. Your Company is using EC2 instances in multiple VPCs spanning Availability Zones in (US-EAST-1) Region. The Development Team has deployed a new Intranet application that needs to be accessed via VPC. You need to make sure that the connectivity to this particular application uses the internal AWS network between different VPCs, and the solution is highly scalable and secure. Which of the following solution would you recommend?
Deploy Network Load Balancers along with VPC endpoint service (AWS PrivateLink) to establish connectivity between the VPC's in the "US-EAST-1" region.
You have a business-critical two-tier web application, currently deployed in 2 Availability Zones in the US East region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication at the database layer. The application needs to remain fully available even if one application AZ suddenly goes offline and Auto Scaling cannot launch new instances in the remaining AZ. How could the current Elastic Load Balancing be enhanced to ensure this?
Deploy in 3 AZs with Auto Scaling, set to handle a minimum 50 percent peak load per zone.
An organization has an on-premises messaging application. They want to migrate this application to the AWS cloud without making much code changes while running an on-prem system parallel with the AWS cloud in the hybrid model.
Design the solutions using Amazon MQ in 2 private subnets across multiple Availability Zones.
There is a requirement to load a lot of data from your on-premises network to AWS S3, bypassing the internet service. What can be used for this data transfer? (SELECT TWO)
Direct Connect Snowball
A company is planning to deploy an application in AWS. This application requires an EC2 Instance to continuously perform log processing activities requiring Max 500MiB/s of data throughput. Which of the following is the most cost-effective storage option for this requirement?
EBS Throughput Optimized
A company is building a two-tier web application to serve dynamic transaction-based content. Which services would you leverage to enable an elastic and scalable WEB TIER?
Elastic Load Balancing, Amazon EC2, and Auto Scaling
A company currently hosts a Redshift cluster in AWS. It should ensure that all traffic from and to the Redshift cluster does not go through the Internet for security reasons. Which features can be used to fulfill this requirement in an efficient manner?
Enable Amazon Redshift Enhanced VPC Routing.
Developer Team is working on a new mobile game that will use Amazon DynamoDB to store player details. The team is unsure of the success of this game, but needs to make sure it will meet demand for any number of concurrent players. During the table's initial creation, they are planning to create a local secondary index to create a top ten players scores dashboard. Also, a global secondary index is created to prepare a separate top ten players per country. IT Head is concerned about the game's performance, which will be used as a reference for all future games. Which of the following can be used to meet this requirement?
Enable Auto-Scaling for DynamoDB Table with same setting applied to Global Secondary Index.
Your company currently has a web distribution hosted using the AWS CloudFront service. The IT Security department has confirmed that the application using this web distribution now falls under the scope of PCI (Payment Card Industry) compliance. What are the necessary steps to be followed before auditing? (SELECT TWO)
Enable CloudFront access logs Capture requests that are sent to the CloudFront API
Your company currently has a web distribution hosted using the AWS CloudFront service. The IT Security department has confirmed that the application using this web distribution now falls under the scope of PCI (Payment Card Industry) compliance. What are the necessary steps to be followed before auditing? (SELECT TWO)
Enable CloudFront access logs. Capture requests that are sent to the CloudFront API.
You are developing a mobile application for your company with DynamoDB as the back end and JavaScript as the front end. During the daytime, you notice that sometimes there are spikes in the application, especially in the DynamoDB write throughput. What would be the most cost-effective and scalable architecture for this application?
Enable DynamoDB Auto Scaling to meet the requirements.
You are developing a mobile application for your company with DynamoDB as the back end and JavaScript as the front end. During the daytime, you notice that sometimes there are spikes in the application, especially in the DynamoDB write throughput. What would be the most cost-effective and scalable architecture for this application?
Enable DynamoDB Auto Scaling to meet the requirements.
A cash-starved start-up firm is using AWS Storage Gateway to back up all on-premise data to Amazon S3. For this, they have set up VPN connectivity to VGW from client end devices using existing internet links. They are recently observing data backups taking a long time to complete due to large data size. They are also looking for an immediate resolution for quick data backup. Which of the following is a cost-effective way to faster data backups on the VPN tunnel?
Enable ECMP with multiple VPN tunnels associated with a transit gateway.
Your company currently has setup their data store on AWS DynamoDB. One of your main revenue generating applications uses the tables in this service. Your application is now expanding to 2 different other locations and you want to ensure that the latency for data retrieval is the least from the new regions. Which of the following can help accomplish this?
Enable global tables for DynamoDB
You have been hired as an AWS Architect in a global financial firm. They provide daily consolidated reports to their clients for trades in stock markets. For a large amount of data processing, they store daily trading transaction data in S3 buckets, which triggers the AWS Lambda function. This function submits a new AWS Batch job in the Job queue. These queues use EC2 compute resources with this customized AMI and Amazon ECS to complete the job. You have been working on an application created using the above requirements. While performing a trial for the application, even though it has enough memory/CPU resources, the job is stuck in a Runnable state. Which of the following checks would help to resolve the issue?
Ensure that AWS logs driver is configured on compute resources.
Your current architecture consists of a set of web servers spun up as part of an Autoscaling group. These web servers then communicate with a set of database servers. You need to ensure that the database servers' security groups are set properly to accept traffic from the web servers. Which of the following is the best way to accomplish this?
Ensure that the web server security group is placed as the source for the incoming rules in the database server security group.
You have several instances doing machine learning to compute. You have all the data required for the machine learning in an S3 bucket. You need to find a high-performance storage in which all the instances can read and write data simultaneously. Which of the following options is the best suited solution for this?
FSx for Lustre
A solutions Architect has been asked to design a serverless media upload web application that will have the functionality to upload thumbnail images, transcode videos, index files, validate contents, and aggregate data in real-time. He needs to visualize the distributed components of his architecture through a graphical console.
Host a static web application using Amazon S3, upload images to Amazon S3, use S3 event notification to trigger a Lambda function when media files are uploaded, coordinate other media files processing Lambda using Step functions, and store the aggregated data in DynamoDB.
You need to ensure that instances in a private subnet can access the Internet. The solution should be highly available and ensure less maintenance overhead. Which of the following would ideally fit this requirement?
Host the NAT Gateway in the public subnet
You need to ensure that instances in a private subnet can access the Internet. The solution should be highly available and ensure less maintenance overhead. Which of the following would ideally fit this requirement?
Host the NAT Gateway in the public subnet.
A global company has an Amazon Aurora database to store a large amount of customer data. The database is deployed in an AWS account owned by the development team, and the AWS account is within the AWS Organization A. Now the database needs to be shared with AWS accounts in another AWS Organization B. Which of the following can be done to achieve the requirement?
In the Management AWS account of Organization A, share the database to the AWS accounts of AWS Organization B in Resource Access Manager.
A solutions architect is designing the cloud architecture of a new application being deployed onto AWS Cloud. This application has a set of instances that are required to be placed in a placements group. The instances should be placed on distinct racks, with each rack having its own network and power source.
Place the instances into a spread placement group that can span multiple Availability Zones in the same Region.
A Financial firm is planning to build a highly resilient application with primary database servers located at on-premises data centers while maintaining its DB snapshots in an S3 bucket. The IT Team is looking for a cost- effective and secure way of transferring the large customer financial databases from on-premises servers to the Amazon S3 bucket with no impact on the client usage of these applications. Also, post this data transfer, the on-premises application will be fetching data from the Amazon S3 bucket in case of a primary database failure. So, your solution should ensure that the Amazon S3 data is fully synced with the on-premises database. Which of the following can be used to meet this requirement?
Use AWS Data Sync for transferring data between the on-premises & Amazon S3 bucket while using AWS Storage Gateway for accessing these S3 bucket data from the on-premises application.
A Financial firm is planning to build a highly resilient application with primary database servers located at on-premises data centers while maintaining its DB snapshots in an S3 bucket. The IT Team is looking for a cost-effective and secure way of transferring the large customer financial databases from on-premises servers to the Amazon S3 bucket with no impact on the client usage of these applications. Also, post this data transfer, the on-premises application will be fetching data from the Amazon S3 bucket in case of a primary database failure.
Use AWS Data Sync for transferring data between the on-premises & Amazon S3 bucket while using AWS Storage Gateway for accessing these S3 bucket data from the on-premises application.
You are responsible for performing a migration from your company's on-premise data to the AWS cloud. You have about 400 GB of data stored in an NFS. One requirement of this migration is to transfer some of this data to AWS EFS and the other part to S3. Which is the easiest to use and with the most cost-effective solution?
Use AWS DataSync.
A global pharma company has a tie-up with hospitals across the globe. The hospitals share patient reports with the pharma company, which are further analyzed & used to create new drug formulations. Daily large numbers of reports are shared by these hospitals, which are uploaded from various sources. Pharma firm is planning to tie up with more hospitals, which will increase the data load. These uploadings should be scalable to save a large amount of data for further analysis. Which of the following can be used for a scalable application solution in AWS?
Use AWS Kinesis Firehose to upload data to Amazon Redshift.
You are part of the IT sector at the finance department of your country. Your organization has implemented AWS Organizations for each internal department, and you have access to the master account. You need to manage Amazon EC2 Dedicated Hosts centrally, and share the host's instance capacity with other AWS accounts in the AWS Organizations. How can you accomplish this in the easiest way?
Use AWS Resource Access Manager to manage the EC2 Dedicated Hosts centrally and share them with other member accounts.
A start-up firm has a corporate office in New York & a regional office in Washington & Chicago. These offices are interconnected over Internet links. Recently they have migrated a few application servers to EC2 instance launched in the AWS US-east-1 region. The Developer Team located at the corporate office requires secure access to these servers for initial testing & performance checks before go-live of the new application. Since the go-live date is approaching soon, the IT team is looking for quick connectivity to be established. As an AWS consultant, which link option will you suggest as a cost-effective & quick way to establish secure connectivity from on-premise to servers launched in AWS?
Use AWS Site-to-Site VPN to establish IPSEC VPN connectivity between VPC and the on-premises network.
A large retail firm saves its global sales reports in the S3 bucket & uses S3 Lifecycle rules to move this data from Standard_IA storage class to AWS S3 Glacier post 180 days. Due to the financial year-end, the Finance team is looking for a sales report for only the Europe region where a mismatch is reported in the sales figure. Which of the following is a recommended way to fetch this data with the least effort?
Use Amazon S3 Glacier Select to query specific continent data directly from Amazon S3 Glacier using simple SQL.
An application consists of frontend and backend EC2 Instances behind classic ELBs. The database is deployed in AWS RDS. You want both the application and the database should be highly scalable. What would you do? (Select TWO)
Use Auto Scaling for the backend EC2 instances. Use Auto Scaling for the frontend EC2 instances
Videos are uploaded to an S3 bucket, and you need to provide access to users to view the same. What is the best way to do so while maintaining a good user experience for all users regardless of the region in which they are located?
Use CloudFront with the S3 bucket as the source.
You are a solutions architect working for a data analytics company that delivers analytics data to politicians that need the data to manage their campaigns. Political campaigns use your company's analytics data to decide on where to spend their campaign money to get the best results for the efforts. Your political campaign users access your analytics data through an Angular SPA via API Gateway REST endpoints. You need to manage the access and use of your analytics platform to ensure that the individual campaign data is separate. Specifically, you need to produce logs of all user requests and responses to those requests, including request payloads, response payloads, and error traces. Which type of AWS logging service should you use to achieve your goals?
Use CloudWatch execution logging
A company has an application hosted in AWS. This application consists of EC2 Instances that sit behind an ELB. The following are the requirements from an administrative perspective. a) Must be able to collect and analyze logs about ELB's performance. b) Ensure that notifications are sent when the latency goes beyond 10 seconds. What should be used to achieve this requirement? (SELECT TWO)
Use CloudWatch for monitoring. Enable the logs on the ELB with Latency Alarm that sends an email and then investigate the logs whenever there is an issue.
A company has a business-critical standard three-tier highly available web portal in AWS. The web tier runs on different types of Amazon EC2 family. The application tier runs on one set of EC2 family, and the database tier runs on Amazon RDS. The company's leadership team asked the Solutions Architect to reduce the costs of this solution without any impact on the company's business. Which of the following options is the most cost-effective while maintaining reliability and a high availability?
Use Compute Savings Plans for the web tier, EC2 Instance Savings Plans for the application tier, and Reserved Instances for the database tier.
A company has set up an application in AWS that interacts with DynamoDB. It is required that when an item is modified in a DynamoDB table, immediate entry is made to the associating application. How can this be accomplished? (SELECT TWO.)
Use DynamoDB streams to monitor the changes to the DynamoDB table. Trigger a lambda function to make an associated entry in the application as soon as the DynamoDB streams are modified
A company has set up an application in AWS that interacts with DynamoDB. It is required that when an item is modified in a DynamoDB table, immediate entry is made to the associating application. How can this be accomplished? (SELECT TWO.)
Use DynamoDB streams to monitor the changes to the DynamoDB table. Trigger a lambda function to make an associated entry in the application as soon as the DynamoDB streams are modified.
You want to host a new website on AWS. As a Solutions architect, you have been given a task to design a serverless architecture for the website. Which of the following services are suitable to store the application data? (Select TWO.)
Use DynamoDB to store dynamic data in tables. Use the Simple Storage Service (S3) to store data.
As an AWS Solutions Architect, you are designing a new Java application in EC2 with a relational database deployed in RDS. During proof of concept, it has been found that the database encounters an extended number of write operations at certain times and cannot handle the load. Which of the following options is appropriate to improve the write performance?
Use SQS to queue the database writes
You are developing an application using AWS SDK to get objects from AWS S3. The objects have big sizes. Sometimes there are failures when getting objects, especially when the network connectivity is poor. You want to get a specific range of bytes in a single GET request and retrieve the whole object in parts. Which method can achieve this?
Use the "Range" HTTP header in a GET request to download the specified range bytes of an object.
You are designing a website for a company that streams anime videos. You serve this content through CloudFront. The company has implemented a section for premium subscribers. This section contains more videos than the free section. You want to ensure that only premium subscribers can access this premium section. How can you achieve this easily?
Using CloudFront origin with signed cookies.
You got hired to implement a system for a movie theater company. This system will allow the user to rent movies for a limited period of time. In order to do this, the user will log in to an application and pay to rent the movie. Then a link will be sent to the user through email. The requisite here is only to allow the user to see this file through CloudFront for a limited period of time. What is the easiest way to achieve this?
Using CloudFront with signed URL
Your organization had asked to be cost-efficient in designing AWS solutions. You have created three VPCs(VPC A, VPC B, VPC C), peered VPC A to VPC B and VPC B to VPC C. You have created a NAT gateway in VPC B and would like to use the same NAT Gateway for resources within VPC A and VPC C. However, the resources within VPC A and VPC C cannot communicate to the internet through NAT Gateway, but resources in VPC B can communicate. What could be the reason?
Using another VPC's NAT Gateway is not supported in AWS.
Which of the following actions is required by Lambda execution role to write the logs into AWS CloudWatch?
logs:CreateLogGroup logs:CreateLogStream logs:PutLogEvents
You are part of the IT team of an insurance company. You have 4 M5.large EC2 instances used to compute some data of your core services. The amount of usage of these instances has been very consistent. So you predict that it will not increase in the next two or three years. However, your CFO is asking if there is a way to reduce costs in the EC2 instances. The only requirement will be to be able to change the size of the instances. What do you suggest to get the maximum cost reduction?
Purchase an EC2 instance saving plan.
Your company migrated its production environment into AWS VPC 6 months ago. As a cloud architect, you must revise the infrastructure and ensure that it is cost-effective in the long term. More than 50 EC2 instances are up and running all the time to support the business operation. What can you do to lower the cost?
Reserved instances
You want to set up a public website on AWS. Your requirements are as follows. You want the database and the application server running on AWS VPC. You want the database to be able to connect to the Internet, specifically for patch upgrades. You do not want to receive any incoming requests from the Internet to the database. Which of the following solutions would best satisfy all these requirements?
Set up the public website on a public subnet and setup the database in a private subnet that connects to the Internet via a NAT Gateway.
You are performing a Load Testing exercise on your application that is hosted on AWS. While testing your Amazon RDS MySQL DB Instance, you notice that your application becomes non-responsive when you reach 100% CPU utilization. Your application is read-heavy. Which methods would help scale your data-tier to meet the application's needs? (Select Three)
Add Amazon RDS DB Read Replicas, and have your application direct read queries to them. Use ElastiCache to cache common queries of your Amazon RDS DB. Shard your data set among multiple Amazon RDS DB Instances.
You have the following architecture deployed in AWS. a) A set of EC2 Instances which sit behind an ELB b) A database hosted in Amazon RDS Of late, the performance on the database has been slacking due to a high number of read requests. Which of the following can be added to the architecture to alleviate the performance issue? (Select TWO.)
Add read replica to the primary database to offload read traffic Use ElastiCache in front of the database
You work as an architect for a company. An application is going to be deployed on a set of EC2 instances in a VPC. The Instances will be hosting a web application. You need to design the security group to ensure that users have the ability to connect from the Internet via HTTPS. Which of the following needs to be configured for the security group?
Allow Inbound access on port 443 for 0.0.0.0/0
A large amount of structured data is stored in Amazon S3 using the JSON format. You need to use a service to analyze the S3 data directly with standard SQL. In the meantime, the data should be easily visualized through data dashboards. Which of the following services is the most appropriate?
Amazon Athena and Amazon QuickSight
An application needs to have a relational Datastore hosted in AWS. The following requirements are in place for the Datastore: a) The initial storage capacity of 8 TB b) The ability to accommodate a database growth of 8GB per day c) The ability to have 4 Read Replicas Which of the following Datastore is the best for this requirement?
Amazon Aurora
A company currently hosts its architecture in the us-east-1 region. They now need to duplicate this architecture to the eu-west-1 region and extend the application hosted on this architecture to the new AWS Region. In order to ensure that users in both AWS Regions get the same seamless experience, what should be done?
Create a Latency-based Route 53 Policy to route the traffic based on the location.
You are a solutions architect working for a social media company that provides a place for civil discussion of political and news-related events. Due to the ever-changing regulatory requirements and restrictions placed on social media apps that provide these services, you need to build your app in an environment where you can change your implementation instantly without updating code. You have chosen to build the REST API endpoints used by your social media app user interface code using Lambda. How can you securely configure your Lambda functions without updating code? (Select TWO)
Configure your Lambda functions to use key configuration Use encryption helpers
A company is running web server reserved EC2 Instances with EBS-backed root volumes. These instances have a consistent CPU load of 80%. Traffic is being distributed to these instances by an Elastic Load Balancer. They also have Multi-AZ RDS MySQL databases in both development and production environments. What recommendation would you make to reduce cost without affecting the availability of mission-critical systems? Choose the correct answer from the options given below.
Consider not using the Multi-AZ RDS deployment for the database in the development environment.
Your company has a set of EC2 Instances hosted in AWS. It is mandatory to prepare for regional disasters and come up with the necessary disaster recovery procedures. What would help to mitigate the effects of a disaster for the EC2 Instances?
Create AMIs from the EC2 Instances. Use them to recreate the EC2 Instances in another region.
A Solutions Architect has been asked to design a solution that will deliver digital content to users through Amazon CloudFront. You have set up an Amazon S3 bucket as the origin and by default, CloudFront never exposes Amazon S3 URLs. The contents should only be accessed through the CloudFront distribution. How can this be achieved?
Create OAI in CloudFront. Use the S3 bucket policy to ensure that only the OAI can access the files in the Amazon S3 bucket.
A company has applications running in multiple VPCs. These applications require interaction between Amazon S3 buckets and DynamoDB. The company's security policy requires that communication should be secure and should not go over the public internet.
Create VPC Gateway Endpoints for S3 and DynamoDB and update route tables for all the availability zones.
A security audit discovers that one of your RDS MySQL instances is not encrypted. The instance has a Read Replica in the same AWS region which is also not encrypted. You need to fix this issue as soon as possible. What is the proper way to add encryption to the instance and its replica?
Create a DB snapshot from the instance. Copy the DB snapshot with encryption enabled. Restore a new DB instance from the new encrypted snapshot and configure a Read Replica in the new DBinstance.
A company has its major applications deployed in AWS. The company is building a new office and requires a high-performance network connection between the local office network and the AWS network. The connection needs to have high bandwidth throughput and allow users in the office to connect with multiple AWS VPCs of multiple AWS Regions. How would you establish the connection in the most appropriate way?
Create a Direct Connect Gateway to connect the local network with multiple Amazon VPCs across different regions.
A company consists of 50 plus AWS accounts. Each account has multiple VPCs with egress internet connectivity using NAT gateway per Availability Zone (AZ). A solution architect has been asked to redesign the network architecture that will reduce costs, and manage egress traffic, and the growing needs of new accounts.
Create a Transit Gateway in one central AWS account that will work as a hub and spoke model to other accounts VPCs using VPC attachments. Setup an egress VPC for egress traffic with redundant Nat Gateways.
You are working as an AWS developer for an online multiplayer game start-up company. Elasticache with Redis is used for gaming leaderboards to provide low latency for online games. Redis clusters are deployed within a dedicated VPC in the us-east-1 region. Last week, due to configuration changes in Redis Clusters, the gaming application was impacted for two hours. To avoid such incidents, you have been requested to plan for secure access to all the new clusters. What would you prefer to use for secure access to Redis Clusters while accessing from EC2 instance, initialized in different VPC in the us-east-1 region? (SELECT TWO)
Create a Transit Gateway to have connectivity between 2 VPC's. Use Redis AUTH with in-transit encryption, enabled for clusters.
A company plans to deploy a batch processing application using docker containers. Which of the following would ideally help to host this application? (SELECT TWO)
Create a docker image of your batch processing application Deploy the image as an Amazon ECS task.
An application hosted in AWS allows users to upload videos to an S3 bucket. A user is required to be given access to upload some videos for a week based on the profile. How could this be accomplished in the best way possible?
Create a pre-signed URL for each profile which will last for one week.
A popular blogging site plans to use AWS DataSync to migrate all the data from the on-premises network file system (NFS) server to AWS EFS. The blogging application constantly updates its on-premises dataset. You need to ensure that all the files saved at EFS are validated for data integrity. How would you set up the data verification in AWS DataSync?
Disable verification during initial file transfers and enable it during the final cut-over.
You are working for a Pharma firm. You are using S3 buckets to save a large amount of sensitive project documents for new medical research. You need to ensure that all data at rest in these buckets are encrypted. All the keys need to be managed by the in-house Security team. Which of the following can be used as a best practice to encrypt all data securely?
Generate a data key using Customer managed CMK. Encrypt data with Plaintext data key & delete Plaintext data key. Store Encrypted data key & data in S3 buckets. For decryption, use CMK to decrypt the Encrypted data key into the Plaintext data key & then decrypt data using the Plaintext data key.
The development team is working on a new application for which they will be launching an EC2 Instance. To decrease time in launching the EC2 instance, they want you to pre-warm the instance & keep it ready for launching with all required patches & software. Which of the following can be done to meet this requirement?
Launch the Amazon EC2 instance with an Amazon EBS root volume and enable Hibernate.
Which of the following is the correct way to load streaming data into Amazon OpenSearch Service from different sources?
Load streaming data from Amazon S3 using AWS Lambda functions as event handlers.
You work for a start-up firm developing a new multilingual website to share images and video files. You are using EC2 instances to host this web application. To deliver these web content with the lowest latency to end-users, you have configured Amazon CloudFront, which forwards query strings to origin servers based on selected parameter values and caches web content based on these parameter values. During the trial, it was observed that caching was not happening based upon query strings and these requests hit origin servers. Which of the following need to be checked to see if CloudFront is caching properly based upon query strings? (Select TWO)
Make sure that the delimiter character between query string parameters is a '&' character. Check if parameters' names and values use the same case.
An application consists of the following architecture. EC2 Instances are in multiple AZ's behind an ELB. The EC2 Instances are launched via an Auto Scaling Group. There is a NAT instance used so that instances can download updates from the internet. Due to the high bandwidth being consumed by the NAT instance, it has been decided to use a NAT Gateway. How could this be implemented?
Migrate from NAT Instance to a NAT Gateway and host the NAT Gateway in the public subnet.
A company has an application that delivers objects from S3 to global users. Of late, some users have been complaining of slow response times. Which additional step would help to build a cost-effective solution and ensure that the users get an optimal response to objects from S3?
Place the S3 bucket behind a CloudFront distribution
A company has been using AWS cloud services for six months and has just finished a security review. Which of the following is considered a best practice in the security pillar of the well-architected framework?
Monitoring and using alerts using CloudTrail and CloudWatch
You are working for a global software firm having offices in various continents. The pre-sales team needs to provide a new application demo to a prospective customer. For this, they are looking urgently for a separate temporary connection between 3 on-premises regional offices at Sydney, London, and Tokyo & Demo VPC at the us-west-1 region.
Non-overlapping IP address pool should be configured at each of the regional offices. BGP (Border Gateway Protocol) ASN (Autonomous System Number) should be unique at these regional offices.
You are a solutions architect working for a financial services firm that operates applications in the hybrid cloud model. You have applications running on EC2 instances in your VPC that communicate with resources in your on-prem data center. You are using a transit gateway in the same VPC as your EC2 instances to communicate over your VPN to your on-prem resources. The transit gateway and your EC2 instances are in different subnets in your VPC. You have set up Network Access Control List (NACL) rules to control the traffic to and from your EC2 instances and transit gateway. Which of the following is true about the NACL rules for traffic from your EC2 instances to the transit gateway?
Outbound rules are not evaluated for the transit gateway subnet
You are working for a global financial company. Company locations spread across various countries upload transaction details data to the S3 bucket in the US-West region. A large amount of data is uploaded daily from each of these locations simultaneously. You are using Amazon Athena to query this data & create reports using Amazon QuickSight to create a daily dashboard for the management team. In some cases, while running queries, you are observing Amazon S3 exception errors. Also, in the monthly bills, a high percentage of cost is associated with Amazon Athena. Which of the following could help eliminate S3 errors while querying data and reducing the cost associated with queries? (SELECT TWO)
Partition data based upon date & location. Create a separate Workgroups based upon user groups.
You create an Amazon SQS queue to decouple software components. The messages are processed by a Lambda function. Sometimes, the Lambda function fails to process messages in the queue. You need a mechanism to isolate the message failures to determine why the processing was unsuccessful. Which of the following options would you choose?
SQS dead-letter queue
A company has a workflow that sends video files from their on-premise system to AWS for transcoding. They use EC2 worker instances to pull transcoding jobs from SQS. Why is SQS an appropriate service for this scenario?
SQS helps to facilitate horizontal scaling of EC2 worker instances when the queue grows.
You have a small company, running on Windows OS, that leverages cloud resources like AWS Workspaces and AWS Workmail. You want a fully managed solution to set policies and provide user management. Which of the minimum required AWS Directory Service would you recommend?
Simple AD for limited functionality and compatibility with desired applications
A Solutions Architect is designing a highly scalable system to track records. These records must remain available for immediate download for up to three months and then must be deleted. What is the most appropriate decision for this use case?
Store the files in Amazon S3 and create a Lifecycle Policy to remove files after 3 months.
An instance is launched into a VPC subnet with the network ACL configured to allow all inbound traffic and deny all outbound traffic. The instance's security group is configured to allow SSH from any IP address and deny all outbound traffic. What changes need to be made to allow SSH access to the instance?
The outbound network ACL needs to be modified to allow outbound traffic.
You have enabled CloudTrail logs for your company's AWS account and store the logs in an S3 bucket. In addition, the IT Security department has mentioned that the logs need to be encrypted. How could this be achieved?
There is no need to do anything since the logs are encrypted by default.
You have enabled CloudTrail logs for your company's AWS account and store the logs in an S3 bucket. In addition, the IT Security department has mentioned that the logs need to be encrypted. How could this be achieved?
There is no need to do anything since the logs are encrypted by default.
Your company has enabled CORS on your S3 bucket to allow cross-origin resource sharing. In the CORS configuration, you need to specify the values for the "AllowedMethod" element. In terms of configuring the "AllowedMethod" element, which statement is correct?
These methods are supported: GET, PUT, POST, DELETE, and HEAD.
A company is hosting a MySQL database in AWS using the AWS RDS service. A Read Replica has been created, and reports are run off the Read Replica database to offload the reads. But at certain times, the reports show stale data. What could be the possible reason behind this?
This is due to the replication lag.
You have been assigned the task of architecting an application in AWS. The architecture would consist of EC2, the Classic Load Balancer, Auto Scaling, and Route 53. You need to ensure that Blue-Green deployments are possible in this architecture. Which routing policy should you ideally use in Route 53 to achieve Blue-Green deployments?
Weighted
You are working in a Global Pharma firm, having its Head Office in Washington & Branch offices in Chicago & Paris. The Firm has a two-tier Intranet website deployed in US-East-1 Region & database servers deployed on-premise at the Head office. The Head Office has a Direct Connect link to VPC, and it is connected to Chicago & Paris offices via WAN links, while each of these offices has separate internet links from the local ISP. Recently they faced link outage issues with WAN links that resulted in the isolation of the branch offices from the head office. They are looking for a cost-effective backup solution that could be set-up quickly without any additional devices and links. What would be the most suitable connectivity option in this scenario?
With existing Internet connection in Chicago and Paris, set up a VPN connection with us-east-1 VGW advertising prefixes via BGP. BGP ASN should be unique at these locations. VGW at us-east-1 will re-advertise these prefixes to the Washington office.
A company is developing a big data analytics application that requires access to an object immediately after a write. A big amount of objects will be stored for the application. You need to design a proper service to store the data. Is AWS S3 service suitable?
Yes. AWS S3 delivers strong read-after-write and list consistency automatically.
