Summer Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

AWS Certified Solutions Architect - Associate (SAA-C03) Question and Answers

AWS Certified Solutions Architect - Associate (SAA-C03)

Last Update Jul 18, 2026
Total Questions : 954

We are offering FREE SAA-C03 Amazon Web Services exam questions. All you do is to just go and sign up. Give your details, prepare SAA-C03 free exam questions and then go for complete pool of AWS Certified Solutions Architect - Associate (SAA-C03) test questions that will help you more.

SAA-C03 pdf

SAA-C03 PDF

$36.75  $104.99
SAA-C03 Engine

SAA-C03 Testing Engine

$43.75  $124.99
SAA-C03 PDF + Engine

SAA-C03 PDF + Testing Engine

$57.75  $164.99
Questions 1

A company is running a media store across multiple Amazon EC2 instances distributed across multiple Availability Zones in a single VPC. The company wants a high-performing solution to share data between all the EC2 instances, and prefers to keep the data within the VPC only.

What should a solutions architect recommend?

Options:

A.  

Create an Amazon S3 bucket and call the service APIs from each instance ' s application.

B.  

Create an Amazon S3 bucket and configure all instances to access it as a mounted volume.

C.  

Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances.

D.  

Configure an Amazon Elastic File System (Amazon EFS) file system and mount It across all instances.

Discussion 0
Questions 2

A solutions architect creates an Auto Scaling group for a memory-intensive application. The solutions architect wants to scale up and scale down based on memory usage. Which solution will meet this requirement?

Options:

A.  

Install and configure the AWS Systems Manager Agent (SSM Agent). Create a step scaling policy that has step adjustments based on the memory usage trend.

B.  

Install and configure the Amazon CloudWatch agent. Create a target tracking policy to scale based on the mem_used_percent CloudWatch metric.

C.  

Install and configure the AWS Systems Manager Agent (SSM Agent). Create a target tracking policy to scale based on the mem_used_percent Amazon CloudWatch metric.

D.  

Install and configure the Amazon CloudWatch agent. Create a scheduled scaling policy to scale based on the memory usage trend.

Discussion 0
Questions 3

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration.

What should a solutions architect recommend?

Options:

A.  

Use AWS DataSync for the initial migration. Use AWS DMS to create a change data capture CDC replication task and a table mapping to select all tables.

B.  

Use AWS DataSync for the initial migration. Use AWS DMS to create a full load plus change data capture CDC replication task and a table mapping to select all tables.

C.  

Use the AWS SCT with AWS DMS using a memory optimized replication instance. Create a full load plus change data capture CDC replication task and a table mapping to select all tables.

D.  

Use the AWS SCT with AWS DMS using a compute optimized replication instance. Create a full load plus change data capture CDC replication task and a table mapping to select the largest tables.

Discussion 0
Questions 4

A financial service company has a two-tier consumer banking application. The frontend serves static web content. The backend consists of APIs. The company needs to migrate the frontendcomponent to AWS. The backend of the application will remain on premises. The company must protect the application from common web vulnerabilities and attacks.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Migrate the frontend to Amazon EC2 instances. Deploy an Application Load Balancer (ALB) in front of the instances. Use the instances to invoke the on-premises APIs. Associate AWS WAF rules with the instances.

B.  

Deploy the frontend as an Amazon CloudFront distribution that has multiple origins. Configure one origin to be an Amazon S3 bucket that serves the static web content. Configure a second origin to route traffic to the on-premises APIs based on the URL pattern. Associate AWS WAF rules with the distribution.

C.  

Migrate the frontend to Amazon EC2 instances. Deploy a Network Load Balancer (NLB) in front of the instances. Use the instances to invoke the on-premises APIs. Create an AWS Network Firewall instance. Route all traffic through the Network Firewall instance.

D.  

Deploy the frontend as a static website based on an Amazon S3 bucket. Use an Amazon API Gateway REST API and a set of Amazon EC2 instances to invoke the on-premises APIs. Associate AWS WAF rules with the REST API and the S3 bucket.

Discussion 0
Questions 5

A company has resources across multiple AWS Regions and accounts. A newly hired solutions architect discovers that a previous employee did not provide details about the resources inventory. The solutions architect needs to build and map the relationship details of the various workloads across all accounts.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.  

Use AWS Systems Manager Inventory to generate a map view from the detailed view report.

B.  

Use AWS Step Functions to collect workload details. Build architecture diagrams of the workloads manually.

C.  

Use Workload Discovery on AWS to generate architecture diagrams of the workloads.

D.  

Use AWS X-Ray to view the workload details. Build architecture diagrams with relationships.

Discussion 0
Questions 6

A company operates a food delivery service. Because of recent growth, the company ' s order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes Amazon EC2 instances in an Auto Scaling group that collect orders from an application. A second group of EC2 instances in an Auto Scaling group fulfills the orders.

The order collection process occurs quickly, but the order fulfillment process can take longer. Data must not be lost because of a scaling event.

A solutions architect must ensure that the order collection process and the order fulfillment process can both scale adequately during peak traffic hours.

Which solution will meet these requirements?

Options:

A.  

Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure each Auto Scaling group ' s minimum capacity to meet its peak workload value.

B.  

Use Amazon CloudWatch to monitor the CPUUtilization metric for each instance in both Auto Scaling groups. Configure a CloudWatch alarm to invoke an Amazon SNS topic to create additional Auto Scaling groups on demand.

C.  

Provision two Amazon SQS queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on notifications that the queues send.

D.  

Provision two Amazon SQS queues. Use one SQS queue for order collection. Use the second SQS queue for order fulfillment. Configure the EC2 instances to poll their respective queues. Scale the Auto Scaling groups based on the number of messages in each queue.

Discussion 0
Questions 7

A transaction-processing company has weekly batch jobs that run on Amazon EC2 instances in an Auto Scaling group. Transaction volume varies, but CPU utilization is always at least 60% during the batch runs. Capacity must be provisioned 30 minutes before the jobs begin.

Engineers currently scale the Auto Scaling group manually. The company needs an automated solution but cannot allocate time to analyze scaling trends.

Which solution will meet these requirements with the least operational overhead?

Options:

A.  

Create a dynamic scaling policy based on CPU utilization at 60%.

B.  

Create a scheduled scaling policy. Set desired, minimum, and maximum capacity. Set recurrence weekly. Set the start time to 30 minutes before the jobs run.

C.  

Create a predictive scaling policy that forecasts CPU usage and pre-launches instances 30 minutes before the jobs run.

D.  

Create an EventBridge rule that invokes a Lambda function when CPU reaches 60%. The Lambda function increases the Auto Scaling group size by 20%.

Discussion 0
Questions 8

A finance company has a web application that generates credit reports for customers. The company hosts the frontend of the web application on a fleet of Amazon EC2 instances that is associated with an Application Load Balancer ALB. The application generates reports by running queries on an Amazon RDS for SQL Server database.

The company recently discovered that malicious traffic from around the world is abusing the application by submitting unnecessary requests. The malicious traffic is consuming significant compute resources. The company needs to address the malicious traffic.

Which solution will meet this requirement?

Options:

A.  

Use AWS WAF to create a web ACL. Associate the web ACL with the ALB. Update the web ACL to block IP addresses that are associated with malicious traffic.

B.  

Use AWS WAF to create a web ACL. Associate the web ACL with the AL

B.  

Use the AWS WAF Bot Control managed rule feature.

C.  

Set up AWS Shield to protect the ALB and the database.

D.  

Use AWS WAF to create a web ACL. Associate the web ACL with the ALB. Configure the AWS WAF IP reputation rule.

Discussion 0
Questions 9

An application uses an Amazon SQS queue and two AWS Lambda functions. One of the Lambda functions pushes messages to the queue, and the other function polls the queue and receives queued messages.

A solutions architect needs to ensure that only the two Lambda functions can write to or read from the queue.

Which solution will meet these requirements?

Options:

A.  

Attach an IAM policy to the SQS queue that grants the Lambda function principals read and write access. Attach an IAM policy to the execution role of each Lambda function that denies all access to the SQS queue except for the principal of each function.

B.  

Attach a resource-based policy to the SQS queue to deny read and write access to the queue for any entity except the principal of each Lambda function. Attach an IAM policy to the execution role of each Lambda function that allows read and write access to the queue.

C.  

Attach a resource-based policy to the SQS queue that grants the Lambda function principals read and write access to the queue. Attach an IAM policy to the execution role of each Lambda function that allows read and write access to the queue.

D.  

Attach a resource-based policy to the SQS queue to deny all access to the queue. Attach an IAM policy to the execution role of each Lambda function that grants read and write access to the queue.

Discussion 0
Questions 10

A company is designing a web application on AWS. The application uses a VPN connection between the company ' s on-premises data center and the company ' s VPC.

The company uses Amazon Route 53 as its DNS service. The application must use private DNS records to communicate with the on-premises services from a VPC.

Which solution will meet these requirements MOST securely?

Options:

A.  

Create a Route 53 Resolver outbound endpoint. Create a Resolver rule. Associate the Resolver rule with the VPC.

B.  

Create a Route 53 Resolver inbound endpoint. Create a Resolver rule. Associate the Resolver rule with the VPC.

C.  

Create a Route 53 private hosted zone. Associate the private hosted zone with the on-premises network.

D.  

Create a Route 53 public hosted zone. Create a record for each on-premises service.

Discussion 0
Questions 11

A company uses an Amazon Aurora PostgreSQL DB cluster to store its critical data in the us-east-1 Region. The company wants to develop a disaster recovery plan to recover the database in the us-west-1 Region. The company has a recovery time objective (RTO) of 5 minutes and has a recovery point objective (RPO) of 1 minute.

What should a solutions architect do to meet these requirements?

Options:

A.  

Create a read replica in us-west-1. Set the DB cluster to automatically fail over to the read replica if the primary instance is not responding.

B.  

Create an Aurora global database. Set us-west-1 as the secondary Region. Update connections to use the writer and reader endpoints as appropriate.

C.  

Set up a second Aurora DB cluster in us-west-1. Use logical replication to keep the databases synchronized. Create an Amazon EventBridge rule to change the database endpoint if the primary DB cluster does not respond.

D.  

Use Aurora automated snapshots to store data in an Amazon S3 bucket. Enable S3 Versioning. Configure S3 Cross-Region Replication to us-west-1. Create a second Aurora DB cluster in us-west-1. Create an Amazon EventBridge rule to restore the snapshot if the primary DB cluster does not respond.

Discussion 0
Questions 12

A company is migrating a legacy application from an on-premises data center to AWS. The application relies on hundreds of cron Jobs that run between 1 and 20 minutes on different recurring schedules throughout the day.

The company wants a solution to schedule and run the cron jobs on AWS with minimal refactoring. The solution must support running the cron jobs in response to an event in the future.

Which solution will meet these requirements?

Options:

A.  

Create a container image for the cron jobs. Use Amazon EventBridge Scheduler to create a recurring schedule. Run the cron job tasks as AWS Lambda functions.

B.  

Create a container image for the cron jobs. Use AWS Batch on Amazon Elastic Container Service (Amazon ECS) with a scheduling policy to run the cron jobs.

C.  

Create a container image for the cron jobs. Use Amazon EventBridge Scheduler to create a recurring schedule Run the cron job tasks on AWS Fargate.

D.  

Create a container image for the cron jobs. Create a workflow in AWS Step Functions that uses a Wait state to run the cron jobs at a specified time. Use the RunTask action to run the cron job tasks on AWS Fargate.

Discussion 0
Questions 13

A company runs Amazon EC2 instances as web servers. Peak traffic occurs at two predictable times each day. The web servers remain mostly idle during the rest of the day.

A solutions architect must manage the web servers while maintaining fault tolerance in the most cost-effective way.

Which solution will meet these requirements?

Options:

A.  

Use an EC2 Auto Scaling group to scale the instances based on demand.

B.  

Purchase Reserved Instances to ensure peak capacity at all times.

C.  

Use a cron job to stop the EC2 instances when traffic demand is low.

D.  

Use a script to vertically scale the EC2 instances during peak demand.

Discussion 0
Questions 14

A company runs multiple workloads in separate AWS environments. The company wants to optimize its AWS costs but must maintain the same level of performance for the environments.

The company ' s production environment requires resources to be highly available. The other environments do not require highly available resources.

Each environment has the same set of networking components, including the following:

1 VPC

1 Application Load Balancer

4 subnets distributed across 2 Availability Zones 2 public subnets and 2 private subnets

2 NAT gateways 1 in each public subnet

1 internet gateway

Which solution will meet these requirements?

Options:

A.  

Do not change the production environment workload. For each non-production workload, remove one NAT gateway and update the route tables for private subnets to target the remaining NAT gateway for the destination 0.0.0.0/0.

B.  

Reduce the number of Availability Zones that all workloads in all environments use.

C.  

Replace every NAT gateway with a t4g.large NAT instance. Update the route tables for each private subnet to target the NAT instance that is in the same Availability Zone for the destination 0.0.0.0/0.

D.  

In each environment, create one transit gateway and remove one NAT gateway.

Discussion 0
Questions 15

A company stores data for multiple business units in a single Amazon S3 bucket that is in the company ' s payer AWS account. To maintain data isolation, the business units store data in separate prefixes in the S3 bucket by using an S3 bucket policy.

The company plans to add a large number of dynamic prefixes. The company does not want to rely on a single S3 bucket policy to manage data access at scale. The company wants to develop a secure access management solution in addition to the bucket policy to enforce prefix-level data isolation.

Options:

A.  

Configure the S3 bucket policy to deny s3:GetObject permissions for all users. Configure the bucket policy to allow s3:* access to individual business units.

B.  

Enable default encryption on the S3 bucket by using server-side encryption with Amazon S3 managed keys (SSE-S3).

C.  

Configure resource-based permissions on the S3 bucket by creating an S3 access point for each business unit.

D.  

Use pre-signed URLs to provide access to the S3 bucket.

Discussion 0
Questions 16

A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP-based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UDP-based workload hosted on premises.

Which combination of actions should a solutions architect take to improve availability and performance? (Select TWO.)

Options:

A.  

Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.

B.  

Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers.

C.  

Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints. and the second will route lo the on-premises endpoints.

D.  

Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure a Network Load Balancer in each Region that routes to the on-premises endpoints.

E.  

Configure a Network Load Balancer in each Region to address the EC2 endpoints. Configure an Application Load Balancer in each Region that routes to the on-premises endpoints.

Discussion 0
Questions 17

A company runs a MySQL database on a single Amazon EC2 instance.

The company needs to improve availability of the database to prepare for power outages.

Which solution will meet this requirement?

Options:

A.  

Add an Application Load Balancer (ALB) in front of the EC2 instance.

B.  

Configure EC2 automatic instance recovery to move the instance to another Availability Zone.

C.  

Migrate the MySQL database to Amazon RDS and enable Multi-AZ deployment.

D.  

Enable termination protection for the EC2 instance.

Discussion 0
Questions 18

A company runs its legacy web application on AWS. The web application server runs on an Amazon EC2 instance in the public subnet of a VPC. The web application server collects images from customers and stores the image files in a locally attached Amazon Elastic Block Store (Amazon EBS) volume. The image files are uploaded every night to an Amazon S3 bucket for backup.

A solutions architect discovers that the image files are being uploaded to Amazon S3 through the public endpoint. The solutions architect needs to ensure that traffic to Amazon S3 does not use the public endpoint.

Options:

A.  

Create a gateway VPC endpoint for the S3 bucket that has the necessary permissions for the VPC. Configure the subnet route table to use the gateway VPC endpoint.

B.  

Move the S3 bucket inside the VPC. Configure the subnet route table to access the S3 bucket through private IP addresses.

C.  

Create an Amazon S3 access point for the Amazon EC2 instance inside the VP

C.  

Configure the web application to upload by using the Amazon S3 access point.

D.  

Configure an AWS Direct Connect connection between the VPC that has the Amazon EC2 instance and Amazon S3 to provide a dedicated network path.

Discussion 0
Questions 19

A company hosts an application that processes highly sensitive customer transactions on AWS. The application uses Amazon RDS as its database. The company manages its own encryption keys to secure the data in Amazon RDS.

The company needs to update the customer-managed encryption keys at least once each year.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Set up automatic key rotation in AWS Key Management Service (AWS KMS) for the encryption keys.

B.  

Configure AWS Key Management Service (AWS KMS) to alert the company to rotate the encryption keys annually.

C.  

Schedule an AWS Lambda function to rotate the encryption keys annually.

D.  

Create an AWS CloudFormation stack to run an AWS Lambda function that deploys new encryption keys once each year.

Discussion 0
Questions 20

A company needs a solution to prevent photos with unwanted content from being uploaded to the company’s web application. The solution must not involve training a machine learning (ML) model.

Which solution will meet these requirements?

Options:

A.  

Create and deploy a model by using Amazon SageMaker Autopilot. Create a real-time endpoint that the web application invokes when new photos are uploaded.

B.  

Create an AWS Lambda function that uses Amazon Rekognition to detect unwanted content. Create a Lambda function URL that the web application invokes when new photos are uploaded.

C.  

Create an Amazon CloudFront function that uses Amazon Comprehend to detect unwanted content. Associate the function with the web application.

D.  

Create an AWS Lambda function that uses Amazon Rekognition Video to detect unwanted content. Create a Lambda function URL that the web application invokes when new photos are uploaded.

Discussion 0
Questions 21

A solutions architect is creating a data reporting application that will send traffic through third-party network firewalls in an AWS security account. The firewalls and application servers must be load balanced.

The application uses TCP connections to generate reports. The reports can run for several hours and can be idle for up to 1 hour. The reports must not time out during an idle period.

Which solution will meet these requirements?

Options:

A.  

Use a Gateway Load Balancer (GWLB) for the firewalls. Use an Application Load Balancer (ALB) for the application servers. Set the ALB idle timeout period to 1 hour.

B.  

Use a single firewall in the security account. Use an Application Load Balancer (ALB) for the application servers. Set the ALB idle timeout and firewall idle timeout periods to 1 hour.

C.  

Use a Gateway Load Balancer (GWLB) for the firewalls. Use an Application Load Balancer (ALB) for the application servers. Set the idle timeout periods for the ALB, the GWLB, and the firewalls to 1 hour.

D.  

Use a Gateway Load Balancer (GWLB) for the firewalls. Use an Application Load Balancer (ALB) for the application servers. Configure the ALB idle timeout period to 1 hour. Increase the application server capacity to finish the report generation faster.

Discussion 0
Questions 22

A company wants to release a new device that will collect data to track overnight sleep on an intelligent mattress. Sensors will send data that will be uploaded to an Amazon S3 bucket. Each mattress generates about 2 MB of data each night.

An application must process the data and summarize the data for each user. The application must make the results available as soon as possible. Every invocation of the application will require about 1 GB of memory and will finish running within 30 seconds.

Which solution will run the application MOST cost-effectively?

Options:

A.  

AWS Lambda with a Python script

B.  

AWS Glue with a Scala job

C.  

Amazon EMR with an Apache Spark script

D.  

AWS Glue with a PySpark job

Discussion 0
Questions 23

A company uses an Amazon CloudFront distribution to serve thousands of media files to users. The CloudFront distribution uses a private Amazon S3 bucket as an origin.

A solutions architect must prevent users in specific countries from accessing the company ' s files.

Which solution will meet these requirements in the MOST operationally-efficient way?

Options:

A.  

Require users to access the files by using CloudFront signed URLs.

B.  

Configure geographic restrictions in CloudFront.

C.  

Require users to access the files by using CloudFront signed cookies.

D.  

Configure an origin access control (OAC) between CloudFront and the S3 bucket.

Discussion 0
Questions 24

A company needs a solution to integrate transaction data from several Amazon DynamoDB tables into an existing Amazon Redshift data warehouse. The solution must maintain the provisioned throughput of DynamoDB.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an Amazon S3 bucket. Configure DynamoDB to export to the bucket on a regular schedule. Use an Amazon Redshift COPY command to read from the S3 bucket.

B.  

Use an Amazon Redshift COPY command to read directly from each DynamoDB table.

C.  

Create an Amazon S3 bucket. Configure an AWS Lambda function to read from the DynamoDB tables and write to the S3 bucket on a regular schedule. Use Amazon Redshift Spectrum to access the data in the S3 bucket.

D.  

Use Amazon Athena Federated Query with a DynamoDB connector and an Amazon Redshift connector to read directly from the DynamoDB tables.

Discussion 0
Questions 25

A company runs an application on Amazon EC2 instances. The instances are in an EC2 Auto Scaling group behind an Application Load Balancer (ALB) in a single AWS Region. In the application, multiple users share the same long-running session. These shared sessions result in uneven loads across the EC2 instances.

The company plans to launch the application in additional AWS Regions. The company will deploy an ALB and an Auto Scaling group in each additional Region.

The company requires a solution that keeps users who share a session connected to the same EC2 instance. The solution must minimize network latency and distribute loads more evenly across the EC2 instances.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Use an Amazon Route 53 geoproximity routing policy to route traffic to an EC2 instance behind the ALB in the Region closest to each user.

B.  

Use AWS Global Accelerator to create a custom routing accelerator. Configure the accelerator to route traffic to an EC2 instance behind the ALB in the Region closest to each user.

C.  

Configure the ALB to use the weighted random routing algorithm.

D.  

Use AWS Global Accelerator to create a standard accelerator. Configure the accelerator to route traffic to the ALB in the Region closest to each user.

E.  

Configure the ALB to use the least outstanding requests routing algorithm.

Discussion 0
Questions 26

A company runs an application on premises. The application needs to periodically upload large files to an Amazon S3 bucket. A solutions architect needs a solution to provide the application with short-lived authenticated access to the S3 bucket. The solution must not use long-term credentials. The solution needs to be secure and scalable.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an IAM user that has an access key and a secret key. Store the keys on the on-premises server in an environment variable. Attach a policy to the IAM user that restricts access to only the S3 bucket.

B.  

Configure an AWS Site-to-Site VPN connection from the on-premises environment to the company ' s VPC. Launch an Amazon EC2 instance with an instance profile. Route all file uploads from the on-premises application through the EC2 instance to the S3 bucket.

C.  

Configure an S3 bucket policy to allow access for the on-premises server ' s public IP address. Configure the policy to allow PUT operations only from the server ' s IP address.

D.  

Configure a trust relationship between the on-premises server and AWS Security Token Service (AWS STS). Generate credentials by assuming an IAM role for each upload operation.

Discussion 0
Questions 27

A company runs its applications on both Amazon EKS clusters and on-premises Kubernetes clusters. The company wants to view all clusters and workloads from a central location.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use Amazon CloudWatch Container Insights to collect and group the cluster information.

B.  

Use Amazon EKS Connector to register and connect all Kubernetes clusters.

C.  

Use AWS Systems Manager to collect and view the cluster information.

D.  

Use Amazon EKS Anywhere as the primary cluster to view the other clusters with native Kubernetes commands.

Discussion 0
Questions 28

A company wants to protect resources that the company hosts on AWS, including Application Load Balancers and Amazon CloudFront distributions.

The company wants an AWS service that can provide near real-time visibility into attacks on the company ' s resources. The service must also have a dedicated AWS team to assist with DDoS attacks.

Which AWS service will meet these requirements?

Options:

A.  

AWS WAF

B.  

AWS Shield Standard

C.  

Amazon Macie

D.  

AWS Shield Advanced

Discussion 0
Questions 29

A company has a non-production application that runs on an Amazon EC2 instance. The EC2 instance has an instance profile and an associated IAM role.

The company wants to automate patching for the EC2 instance.

Which solution will meet this requirement?

Options:

A.  

Create a new IAM role. Attach the AmazonSSMManagedInstanceCore policy to the new IAM role. Attach the new IAM role to the EC2 instance profile. Use AWS Systems Manager to patch the instance.

B.  

Create an IAM user. Attach the AmazonSSMManagedInstanceCore policy to the IAM user. Configure AWS Systems Manager to use the IAM user to patch the instance.

C.  

Attach the AmazonSSMManagedInstanceCore policy to the existing IAM role. Use AWS Systems Manager to patch the EC2 instance.

D.  

Attach the AmazonSSMManagedInstanceCore policy to an existing IAM user. Use EC2 Image Builder to patch the EC2 instance.

Discussion 0
Questions 30

A solutions architect is creating a website that will be hosted from an Amazon S3 bucket. The website must support secure browser connections (HTTPS).

Which combination of actions must the solutions architect take to meet this requirement? (Select TWO.)

Options:

A.  

Create an Elastic Load Balancing (ELB) load balancer. Configure the load balancer to direct traffic to the S3 bucket.

B.  

Create an Amazon CloudFront distribution. Set the S3 bucket as an origin.

C.  

Configure the Elastic Load Balancing (ELB) load balancer with an SSL/TLS certificate.

D.  

Configure the Amazon CloudFront distribution with an SSL/TLS certificate.

E.  

Configure the S3 bucket with an SSL/TLS certificate.

Discussion 0
Questions 31

A company uses AWS Organizations to manage multiple AWS accounts. The company needs a secure, event-driven architecture in which specific Amazon SNS topics in Account A can publish messages to specific Amazon SQS queues in Account B.

Which solution meets these requirements while maintaining least privilege?

Options:

A.  

Create a new IAM role in Account A that can publish to any SQS queue. Share the role ARN with Account B.

B.  

Add SNS topic ARNs to SQS queue policies in Account

B.  

Configure SNS topics to publish to any queue. Encrypt the queue with an AWS KMS key.

C.  

Modify the SQS queue policies in Account B to allow only specific SNS topic ARNs from Account A to publish messages. Ensure the SNS topics have publish permissions for the specific queue ARN.

D.  

Create a shared IAM role across both accounts with permission to publish to all SQS queues. Enable cross-account access.

Discussion 0
Questions 32

A company runs a Windows-based ecommerce application on Amazon EC2 instances. The application has a very high transaction rate. The company requires a durable storage solution that can deliver 200,000 IOPS for each EC2 instance.

Which solution will meet these requirements?

Options:

A.  

Host the application on EC2 instances that have Provisioned IOPS SSD (io2) Block Express Amazon Elastic Block Store (Amazon EBS) volumes attached.

B.  

Install the application on an Amazon EMR cluster. Use Hadoop Distributed File System (HDFS) with General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volumes.

C.  

Use Amazon FSx for Lustre as shared storage across the EC2 instances that run the application.

D.  

Host the application on EC2 instances that have SSD instance store volumes and General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volumes attached.

Discussion 0
Questions 33

A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.

Which solution will provide a consistent user experience that will allow the application and database tiers to scale?

Options:

A.  

Enable Aurora Auto Scaling for Aurora Replicas. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

B.  

Enable Aurora Auto Scaling for Aurora writers. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

C.  

Enable Aurora Auto Scaling for Aurora Replicas. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

D.  

Enable Aurora Auto Scaling for Aurora writers. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

Discussion 0
Questions 34

A company is deploying an application that processes streaming data in near-real time. The company plans to use Amazon EC2 instances for the workload. The network architecture must be configurable to provide the lowest possible latency between nodes.

Which networking solution meets these requirements?

Options:

A.  

Place the EC2 instances in multiple VPCs, and configure VPC peering.

B.  

Attach an Elastic Fabric Adapter (EFA) to each EC2 instance.

C.  

Run the EC2 instances in a spread placement group.

D.  

Use Amazon Elastic Block Store (Amazon EBS) optimized instance types.

Discussion 0
Questions 35

A company needs to run its external website on Amazon EC2 instances and on-premises virtualized servers. The AWS environment has a 1 GB AWS Direct Connect connection to the data center. The application has IP addresses that will not change. The on-premises and AWS servers are able to restart themselves while maintaining the same IP address if a failure occurs. Some website users have to add their vendors to an allow list, so the solution must have a fixed IP address. The company needs a solution with the lowest operational overhead to handle this split traffic.

What should a solutions architect do to meet these requirements?

Options:

A.  

Deploy an Amazon Route 53 Resolver with rules pointing to the on-premises and AWS IP addresses.

B.  

Deploy a Network Load Balancer on AWS. Create target groups for the on-premises and AWS IP addresses.

C.  

Deploy an Application Load Balancer on AWS. Register the on-premises and AWS IP addresses with the target group.

D.  

Deploy Amazon API Gateway to direct traffic to the on-premises and AWS IP addresses based on the header of the request.

Discussion 0
Questions 36

A company has an online gaming application that has TCP and UDP multiplayer gaming capabilities. The company uses Amazon Route 53 to point the application traffic to multiple Network Load Balancers (NLBs) in different AWS Regions. The company needs to improve application performance and decrease latency for the online game in preparation for user growth.

Which solution will meet these requirements?

Options:

A.  

Add an Amazon CloudFront distribution in front of the NLBs. Increase the Cache-Control: max-age parameter.

B.  

Replace the NLBs with Application Load Balancers (ALBs). Configure Route 53 to use latency-based routing.

C.  

Add AWS Global Accelerator in front of the NLBs. Configure a Global Accelerator endpoint to use the correct listener ports.

D.  

Add an Amazon API Gateway endpoint behind the NLBs. Enable API caching. Override method caching for the different stages.

Discussion 0
Questions 37

A company has an ordering application that stores customer information in Amazon RDS for MySQL. During regular business hours, employees run one-time queries for reporting purposes. Timeouts are occurring during order processing because the reporting queries are taking a long time to run. The company needs to eliminate the timeouts without preventing employees from performing queries.

Options:

A.  

Create a read replica. Move reporting queries to the read replica.

B.  

Create a read replica. Distribute the ordering application to the primary DB instance and the read replica.

C.  

Migrate the ordering application to Amazon DynamoDB with on-demand capacity.

D.  

Schedule the reporting queries for non-peak hours.

Discussion 0
Questions 38

A company runs an application that uses Docker containers in an on-premises data center. The application runs on a container host that stores persistent data files in a local volume. Container instances use the stored persistent data.

The company wants to migrate the application to fully managed AWS services.

Which solution will meet these requirements?

Options:

A.  

Use Amazon Elastic Kubernetes Service (Amazon EKS) with self-managed nodes. Attach an Amazon Elastic Block Store (Amazon EBS) volume to an Amazon EC2 instance. Mount the EBS volume on the containers to provide persistent storage.

B.  

Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create an Amazon Elastic File System (Amazon EFS) volume. Mount the EFS volume on the containers to provide persistent storage.

C.  

Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Create an Amazon DynamoDB table. Configure the application to use the DynamoDB table for persistent storage.

D.  

Use Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type. Create an Amazon Elastic File System (Amazon EFS) volume. Mount the EFS volume on the containers to provide persistent storage.

Discussion 0
Questions 39

A company is designing the network for an online multi-player game. The game uses the UDP networking protocol and will be deployed in eight AWS Regions. The network architecture needs to minimize latency and packet loss to give end users a high-quality gaming experience.

Which solution will meet these requirements?

Options:

A.  

Set up a transit gateway in each Region. Create inter-Region peering attachments between each transit gateway.

B.  

Set up AWS Global Accelerator with UDP listeners and endpoint groups in each Region.

C.  

Set up Amazon CloudFront with UDP turned on. Configure an origin in each Region.

D.  

Set up a VPC peering mesh between each Region. Turn on UDP for each VPC.

Discussion 0
Questions 40

An analytics application runs on multiple Amazon EC2 Linux instances that use Amazon Elastic File System (Amazon EFS) Standard storage. The files vary in size and access frequency. The company accesses the files infrequently after 30 days. However, users sometimes request older files to generate reports.

The company wants to reduce storage costs for files that are accessed infrequently. The company also wants throughput to adjust based on the size of the file system. The company wants to use the TransitionToIA Amazon EFS lifecycle policy to transition files to Infrequent Access (IA) storage after 30 days.

Which solution will meet these requirements?

Options:

A.  

Configure files to transition back to Standard storage when a user accesses the files again. Specify the provisioned throughput mode.

B.  

Specify the provisioned throughput mode only.

C.  

Configure files to transition back to Standard storage when a user accesses the files again. Specify the bursting throughput mode.

D.  

Specify the bursting throughput mode only.

Discussion 0
Questions 41

A medical company wants to perform transformations on a large amount of clinical trial data that comes from several customers. The company must extract the data from a relational databasethatcontains the customer data. Then the company will transform the data by using a series of complex rules. The company will load the data to Amazon S3 when the transformations are complete.

All data must be encrypted where it is processed before the company stores the data in Amazon S3. All data must be encrypted by using customer-specific keys.

Which solution will meet these requirements with the LEAST amount of operational effort?

Options:

A.  

Create one AWS Glue job for each customer Attach a security configuration to each job that uses server-side encryption with Amazon S3 managed keys (SSE-S3) to encrypt the data.

B.  

Create one Amazon EMR cluster for each customer Attach a security configuration to each cluster that uses client-side encryption with a custom client-side root key (CSE-Custom) to encrypt the data.

C.  

Create one AWS Glue job for each customer Attach a security configuration to each job that uses client-side encryption with AWS KMS managed keys (CSE-KMS) to encrypt the data.

D.  

Create one Amazon EMR cluster for each customer Attach a security configuration to each cluster that uses server-side encryption with AWS KMS keys (SSE-KMS) to encrypt the data.

Discussion 0
Questions 42

A company runs a web application on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer ALB. The application is served at one hostname that has two dynamic paths. The first path is named /reports and performs CPU-intensive work that has unpredictable traffic. The second path is named /generateToken and must always respond in less than 1 second. All requests currently go to a single target group. The /generateToken path latency exceeds 1 second during periods when the /reports usage is high. The company must ensure that latency for /generateToken remains under 1 second.

Which solution will meet this requirement?

Options:

A.  

Expose /generateToken through an Amazon API Gateway HTTP API that forwards the request to the existing ALB target group.

B.  

Configure ALB path-based routing to send traffic for /reports and /generateToken to separate target groups. Link each target group to its own Auto Scaling group.

C.  

Replace the current instance type with larger EC2 instances in the existing Auto Scaling group.

D.  

Deploy an Amazon CloudFront distribution in front of the ALB. Create separate cache behaviors for each path.

Discussion 0
Questions 43

A company runs all its business applications in the AWS Cloud. The company uses AWS Organizations to manage multiple AWS accounts.

A solutions architect needs to review all permissions granted to IAM users to determine which users have more permissions than required.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Use Network Access Analyzer to review all access permissions in the company ' s AWS accounts.

B.  

Create an AWS CloudWatch alarm that activates when an IAM user creates or modifies resources in an AWS account.

C.  

Use AWS Identity and Access Management (IAM) Access Analyzer to review all the company ' s resources and accounts.

D.  

Use Amazon Inspector to find vulnerabilities in existing IAM policies.

Discussion 0
Questions 44

A solutions architect is investigating compute options for a critical analytics application. The application uses long-running processes to prepare and aggregate data. The processes cannot be interrupted. The application has a known baseline load. The application needs to handle occasional usage surges.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Create an Amazon EC2 Auto Scaling group. Set the Min capacity and Desired capacity parameters to the number of instances required to handle the baseline load. Purchase Reserved Instances for the Auto Scaling group.

B.  

Create an Amazon EC2 Auto Scaling group. Set the Min capacity, Max capacity, and Desired capacity parameters to the number of instances required to handle the baseline load. Use On-Demand Instances to address occasional usage surges.

C.  

Create an Amazon EC2 Auto Scaling group. Set the Min capacity and Desired capacity parameters to the number of instances required to handle the baseline load. Purchase Reserved Instances for the Auto Scaling group. Use the OnDemandPercentageAboveBaseCapacity parameter to configure the launch template to launch Spot Instances.

D.  

Re-architect the application to use AWS Lambda functions instead of Amazon EC2 instances. Purchase a one-year Compute Savings Plan to reduce the cost of Lambda usage.

Discussion 0
Questions 45

A company has an application that uses a MySQL database that runs on an Amazon EC2 instance. The instance currently runs in a single Availability Zone. The company requires a fault-tolerant database solution that provides a recovery time objective (RTO) and a recovery point objective (RPO) of 2 minutes or less. Which solution will meet these requirements?

Options:

A.  

Migrate the MySQL database to Amazon RDS. Create a read replica in a second Availability Zone. Create a script that detects availability interruptions and promotes the read replica when needed.

B.  

Migrate the MySQL database to Amazon RDS for MySQL. Configure the new RDS for MySQL database to use a Multi-AZ deployment.

C.  

Create a second MySQL database in a second Availability Zone. Use native MySQL commands to sync the two databases every 2 minutes. Create a script that detects availability interruptions and promotes the second MySQL database when needed.

D.  

Create a copy of the EC2 instance that runs the MySQL database. Deploy the copy in a second Availability Zone. Create a Network Load Balancer. Add both instances as targets.

Discussion 0
Questions 46

A company wants to create an API to authorize users by using JSON Web Tokens (JWTs). The company needs to support dynamic access to multiple AWS services by using path-based routing.

Which solution will meet these requirements?

Options:

A.  

Deploy an Application Load Balancer behind an Amazon API Gateway REST API. Configure IAM authorization.

B.  

Deploy an Application Load Balancer behind an Amazon API Gateway HTTP API. Use Amazon Cognito for authorization.

C.  

Deploy a Network Load Balancer behind an Amazon API Gateway REST API. Use an AWS Lambda function as a custom authorizer.

D.  

Deploy a Network Load Balancer behind an Amazon API Gateway HTTP API. Use Amazon Cognito for authorization.

Discussion 0
Questions 47

A website runs on Amazon EC2 behind an ALB with Amazon CloudFront in front. The site is receiving a high rate of unwanted requests from specific IP addresses.

How should the solutions architect address this problem?

Options:

A.  

Use AWS Shield to configure IP deny rules.

B.  

Increase Auto Scaling capacity.

C.  

Configure VPC network ACL deny rules.

D.  

Use AWS WAF with a rate-based rule on the CloudFront distribution.

Discussion 0
Questions 48

A company is developing software that uses a PostgreSQL database schema. The company needs to configure development environments and test environments for its developers.

Each developer at the company uses their own development environment, which includes a PostgreSQL database. On average, each development environment is used for an 8-hour workday. The test environments will be used for load testing that can take up to 2 hours each day.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Configure development environments and test environments with their own Amazon Aurora Serverless v2 PostgreSQL database.

B.  

For each development environment, configure an Amazon RDS for PostgreSQL Single-AZ DB instance. For the test environment, configure a single Amazon RDS for PostgreSQL Multi-AZ DB instance.

C.  

Configure development environments and test environments with their own Amazon Aurora PostgreSQL DB cluster.

D.  

Configure an Amazon Aurora global database. Allow developers to connect to the database with their own credentials.

Discussion 0
Questions 49

A company has an ecommerce application that users access through multiple mobile apps and web applications. The company needs a solution that will receive requests from the mobile apps and web applications through an API.

Request traffic volume varies significantly throughout each day. Traffic spikes during sales events. The solution must be loosely coupled and ensure that no requests are lost.

Which solution will meet these requirements?

Options:

A.  

Create an Application Load Balancer ALB. Create an AWS Elastic Beanstalk endpoint to process the requests. Add the Elastic Beanstalk endpoint to the target group of the ALB.

B.  

Set up an Amazon API Gateway REST API with an integration to an Amazon SQS queue. Configure a dead-letter queue. Create an AWS Lambda function to poll the queue to process the requests.

C.  

Create an Application Load Balancer ALB. Create an AWS Lambda function to process the requests. Add the Lambda function as a target of the ALB.

D.  

Set up an Amazon API Gateway HTTP API with an integration to an Amazon SNS topic. Create an AWS Lambda function to process the requests. Subscribe the function to the SNS topic to process the requests.

Discussion 0
Questions 50

A video production company stores raw 4K video footage on an Amazon EFS file system by using the EFS Standard storage class. Each video file is around 100 GB. The EFS file system is mounted to an Auto Scaling group of Amazon EC2 instances that transcode the video files.

Editors need to access each file frequently for up to 90 days. After 90 days, the files are rarely needed. However, the files must remain available with sub-second latency for on-demand edit requests.

The company wants to reduce monthly storage costs without any changes to the existing mount points that the editors use.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Apply the Transition into IA lifecycle policy to the file system. Configure the policy to move the files that have not been accessed for 90 days.

B.  

Migrate the video files to an Amazon S3 bucket. Mount the S3 bucket through an Amazon S3 File Gateway. Instruct the editors to download the files from and re-upload the files to the mounted gateway for each edit.

C.  

Export the video files to an Amazon S3 bucket. Configure an S3 Lifecycle configuration to transition the objects to the S3 Glacier Instant Retrieval storage class after 90 days. Re-mount the objects by using AWS DataSync.

D.  

Schedule an AWS Lambda function to compress files in place after 90 days. Store the compressed files on the same file system.

Discussion 0
Questions 51

A company ' s SAP application has a backend SQL Server database in an on-premises environment. The company wants to migrate its on-premises application and database server to AWS. The company needs an instance type that meets the high demands of its SAP database. On-premises performance data shows that both the SAP application and the database have high memory utilization.

Which solution will meet these requirements?

Options:

A.  

Use the compute optimized Instance family for the application Use the memory optimized instance family for the database.

B.  

Use the storage optimized instance family for both the application and the database

C.  

Use the memory optimized instance family for both the application and the database

D.  

Use the high performance computing (HPC) optimized instance family for the application. Use the memory optimized instance family for the database.

Discussion 0
Questions 52

A company runs an application on EC2 instances that need access to RDS credentials stored in AWS Secrets Manager.

Which solution meets this requirement?

Options:

A.  

Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the role access to the secret.

B.  

Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the user access to the secret.

C.  

Create a resource-based policy for the secret. Use EC2 Instance Connect to access the secret.

D.  

Create an identity-based policy for the secret. Grant direct access to the EC2 instances.

Discussion 0
Questions 53

A company is building a serverless application to process ecommerce orders. The application must handle bursts of traffic and process orders asynchronously in the order received.

Which solution will meet these requirements?

Options:

A.  

Use Amazon SNS with AWS Lambda.

B.  

Use Amazon SQS FIFO with AWS Lambda.

C.  

Use Amazon SQS standard with AWS Batch.

D.  

Use Amazon SNS with AWS Batch.

Discussion 0
Questions 54

A company needs to archive an on-premises relational database. The company wants to retain the data. The company needs to be able to run SQL queries on the archived data to create annual reports.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use AWS DMS to migrate the on-premises database to an Amazon RDS instance. Retire the on-premises database. Maintain the RDS instance in a stopped state until the data is needed for reports.

B.  

Set up database replication from the on-premises database to an Amazon EC2 instance. Retire the on-premises database. Make a snapshot of the EC2 instance. Maintain the EC2 instance in a stopped state until the data is needed for reports.

C.  

Create a database backup on premises. Use AWS DataSync to transfer the data to Amazon S3. Create an S3 Lifecycle configuration to move the data to S3 Glacier Deep Archive. Restore the backup to Amazon EC2 instances to run reports.

D.  

Use AWS DMS to migrate the on-premises databases to Amazon S3 in Apache Parquet format. Store the data in S3 Glacier Flexible Retrieval. Use Amazon Athena to run reports.

Discussion 0
Questions 55

A company stores data in an on-premises Oracle relational database. The company needs to make the data available in Amazon Aurora PostgreSQL for analysis The company uses an AWS Site-to-Site VPN connection to connect its on-premises network to AWS.

The company must capture the changes that occur to the source database during the migration to Aurora PostgreSQL.

Which solution will meet these requirements?

Options:

A.  

Use the AWS Schema Conversion Tool (AWS SCT) to convert the Oracle schema to Aurora PostgreSQL schema. Use the AWS Database Migration Service (AWS DMS) full-load migration task to migrate the data.

B.  

Use AWS DataSync to migrate the data to an Amazon S3 bucket. Import the S3 data to Aurora PostgreSQL by using the Aurora PostgreSQL aws_s3 extension.

C.  

Use the AWS Schema Conversion Tool (AWS SCT) to convert the Oracle schema to Aurora PostgreSQL schema. Use AWS Database Migration Service (AWS DMS) to migrate the existing data and replicate the ongoing changes.

D.  

Use an AWS Snowball device to migrate the data to an Amazon S3 bucket. Import the S3 data to Aurora PostgreSQL by using the Aurora PostgreSQL aws_s3 extension.

Discussion 0
Questions 56

A company is implementing a new policy to enhance the security of its AWS environment. The policy requires all administrative actions that users perform on the AWS Management Console to be secured by multi-factor authentication (MFA).

Which solution will allow the company to enforce this policy in the MOST operationally efficient way?

Options:

A.  

Enable MFA on the root account. Ensure that all administrators use the root account to perform administrative actions.

B.  

Create an IAM policy that requires MFA to be enabled for the IAM roles that administrators assume to perform administrative actions.

C.  

Configure an Amazon CloudWatch alarm that sends an email notification when an administrator performs an administrative action without MFA.

D.  

Use AWS Config to periodically audit IAM users and to automatically attach an IAM policy that requires MFA when AWS Config detects administrative actions.

Discussion 0
Questions 57

A company plans to deploy an application that uses an Amazon CloudFront distribution. The company will set an Application Load Balancer (ALB) as the origin for the distribution. The company wants to ensure that users access the ALB only through the CloudFront distribution. The company plans to deploy the solution in a new VPC.

Which solution will meet these requirements?

Options:

A.  

Configure the network ACLs in the subnet where the ALB is deployed to allow inbound traf-fic only from the public IP addresses of the CloudFront edge locations.

B.  

Create a VPC origin for the CloudFront distribution. Set the VPC origin Amazon Resource Name (ARN) to the ARN of the AL

B.  

C.  

Create a security group that allows only inbound traffic from the public IP addresses of the CloudFront edge locations. Associate the security group with the ALB.

D.  

Create a VPC origin for the CloudFront distribution. Configure an ALB rule. Set the source IP condition to allow traffic only from the public IP addresses of the CloudFront edge locations.

Discussion 0
Questions 58

A company hosts a public web application on AWS with a three-tier architecture: a frontend Auto Scaling group, an application Auto Scaling group, and an Amazon RDS database.

During unexpected traffic spikes, the company notices long delays in startup time when the frontend and application tiers scale out. The company needs to improve scaling performance without negatively affecting user experience.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Decrease the minimum number of EC2 instances for both Auto Scaling groups. Increase the desired number of instances to meet peak demand.

B.  

Configure the maximum number of instances for both Auto Scaling groups to the number required for peak demand. Create a warm pool.

C.  

Increase the maximum number of EC2 instances for both Auto Scaling groups to meet normal demand. Create a warm pool.

D.  

Use scheduled scaling. Increase EC2 and RDS instance sizes.

Discussion 0
Questions 59

A marketing team wants to build a campaign for an upcoming multi-sport event. The team has news reports from the past five years in PDF format. The team needs a solution to extract insights about the content and the sentiment of the news reports. The solution must use Amazon Textract to process the news reports.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Provide the extracted insights to Amazon Athena for analysis Store the extracted insights and analysis in an Amazon S3 bucket.

B.  

Store the extracted insights in an Amazon DynamoDB table. Use Amazon SageMaker to build a sentiment model.

C.  

Provide the extracted insights to Amazon Comprehend for analysis. Save the analysis to an Amazon S3 bucket.

D.  

Store the extracted insights in an Amazon S3 bucket. Use Amazon QuickSight to visualize and analyze the data.

Discussion 0
Questions 60

A company is designing a website that displays stock market prices to users. The company wants to use Amazon ElastiCache Redis OSS for the data caching layer. The company needs to ensure that the website’s data caching layer can automatically fail over to another node if necessary.

Which solution will meet this requirement?

Options:

A.  

Enable read replicas in ElastiCache Redis OSS. Promote the read replica when necessary.

B.  

Enable Multi-AZ in ElastiCache Redis OSS. Fail over to a second node when necessary.

C.  

Export a backup of the ElastiCache Redis OSS cache to an Amazon S3 bucket. Restore the cache to a second cluster when necessary.

D.  

Export a backup of the ElastiCache Redis OSS cache by using AWS Backup. Restore the cache to a second cluster when necessary.

Discussion 0
Questions 61

A company generates approximately 20 GB of data multiple times each day. The company uses AWS DataSync to copy all data from on-premises storage to Amazon S3 every 6 hours for further processing. The analytics team wants to modify the copy process to copy only data relevant to the analytics team and ignore the rest of the data. The team wants to copy data as soon as possible and receive a notification when the copy process is finished. Which combination of steps will meet these requirements MOST cost-effectively? (Select THREE.)

Options:

A.  

Modify the data generation process on-premises to create a manifest file at the end of the copy process with the names of the objects to be copied to Amazon S3. Create a custom script to upload the manifest file to an S3 bucket.

B.  

Modify the data generation process on-premises to create a manifest file at the end of the copy process with the names of the objects to be copied to Amazon S3. Create an AWS Lambda function to load the manifest file data into an Amazon DynamoDB table.

C.  

Create an AWS Lambda function that Amazon EventBridge invokes when the manifest file is loaded into Amazon DynamoDB. Configure the Lambda function to copy the data from on-premises storage to the S3 bucket that uses the manifest file.

D.  

Create an AWS Lambda function that an S3 Event Notification invokes when the manifest file is uploaded. Configure the Lambda function to invoke the DataSync task by calling the StartTaskExecution API action with a manifest.

E.  

Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an Amazon EventBridge rule to send an email notification to the SNS topic when the DataSync task execution status changes to SUCCESS or to ERROR.

F.  

Create an Amazon Simple Notification Service (Amazon SNS) topic. Create an AWS Lambda function to send an email notification to the SNS topic when the DataSync task execution status changes to SUCCESS or to ERROR.

Discussion 0
Questions 62

A company needs to design a solution to process videos that users upload to an Amazon S3 bucket. Each video file is approximately 1 GB in size and takes approximately 20 minutes to process. During peak hours, the company expects to process approximately 100 simultaneous uploads. The video file processing is stateless and can run in parallel as soon as the video files arrive in the S3 bucket.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.  

Use an AWS Lambda function to process each video. Split the video files into chunks, and use AWS Step Functions to orchestrate multiple processing steps.

B.  

Use an Amazon EKS cluster with AWS Fargate profiles to deploy one container for each uploaded video. Configure an Amazon EventBridge rule to invoke the cluster when a user uploads a video.

C.  

Use Amazon EC2 On-Demand Instances in an Auto Scaling group to process each file. Configure the Auto Scaling policy to increase the number of instances based on the number of files that the application needs to process.

D.  

Use an Amazon ECS cluster with the AWS Fargate launch type. Use Fargate Spot capacity to run one container task for each uploaded video. Configure an Amazon EventBridge rule to invoke the cluster when a user uploads a video.

Discussion 0
Questions 63

A company wants to share data that is collected from self-driving cars with the automobile community. The data will be made available from within an Amazon S3 bucket. The company wants to minimize its cost of making this data available to other AWS accounts.

What should a solutions architect do to accomplish this goal?

Options:

A.  

Create an S3 VPC endpoint for the bucket.

B.  

Configure the S3 bucket to be a Requester Pays bucket.

C.  

Create an Amazon CloudFront distribution in front of the S3 bucket.

D.  

Require that the files be accessible only with the use of the BitTorrent protocol.

Discussion 0
Questions 64

A company has a large data workload that runs for 6 hours each day. The company cannot lose any data while the process is running. A solutions architect is designing an Amazon EMR cluster configuration to support this critical data workload.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Configure a long-running cluster that runs the primary node and core nodes on On-Demand Instances and the task nodes on Spot Instances.

B.  

Configure a transient cluster that runs the primary node and core nodes on On-Demand Instances and the task nodes on Spot Instances.

C.  

Configure a transient cluster that runs the primary node on an On-Demand Instance and the core nodes and task nodes on Spot Instances.

D.  

Configure a long-running cluster that runs the primary node on an On-Demand Instance, the core nodes on Spot Instances, and the task nodes on Spot Instances.

Discussion 0
Questions 65

A finance company uses an on-premises search application to collect streaming data from various producers. The application provides real-time updates to search and visualization features. The company is planning to migrate to AWS and wants to use an AWS native solution.

Which solution will meet these requirements?

Options:

A.  

Use Amazon EC2 instances to ingest and process the data streams to Amazon S3 buckets for storage. Use Amazon Athena to search the data. Use Amazon Managed Grafana to create visualizations.

B.  

Use Amazon EMR to ingest and process the data streams to Amazon Redshift for storage. Use Amazon Redshift Spectrum to search the data. Use Amazon QuickSight to create visualizations.

C.  

Use Amazon EKS to ingest and process the data streams to Amazon DynamoDB for storage. Use Amazon CloudWatch to create graphical dashboards to search and visualize the data.

D.  

Use Amazon Kinesis Data Streams to ingest and process the data streams to Amazon OpenSearch Service. Use OpenSearch Service to search the data. Use Amazon QuickSight to create visualizations.

Discussion 0
Questions 66

A company has developed an API using Amazon API Gateway REST API and AWS Lambda. How can latency be reduced for users worldwide?

Options:

A.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable content encoding to compress data in transit.

B.  

Deploy the REST API as a Regional API endpoint. Enable caching. Enable content encoding to compress data in transit.

C.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.

D.  

Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.

Discussion 0
Questions 67

A company runs an enterprise resource planning (ERP) system on Amazon EC2 instances in a single AWS Region. Users connect to the ERP system by using a public API that is hosted on the EC2 instances. International users report slow API response times from their data centers.

A solutions architect needs to improve API response times for the international users.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Set up an AWS Direct Connect connection that has a public virtual interface (VIF) to connect each user ' s data center to the EC2 instances. Create a Direct Connect gateway for the ERP system API to route user API requests.

B.  

Deploy Amazon API Gateway endpoints in multiple Regions. Use Amazon Route 53 latency-based routing to route requests to the nearest endpoint. Configure a VPC peering connection between the Regions to connect to the ERP system.

C.  

Set up AWS Global Accelerator. Configure listeners for the necessary ports. Configure endpoint groups for the appropriate Regions to distribute traffic. Create an endpoint in each group for the API.

D.  

Use AWS Site-to-Site VPN to establish dedicated VPN tunnels between multiple Regions and user networks. Route traffic to the API through the VPN connections.

Discussion 0
Questions 68

A company runs an application that consists of multiple microservices. The company mandates that the microservices use messages to communicate with each other. The application must archive the microservices ' messages for 30 days.

Which solution will meet these requirements with the LEAST amount of development effort?

Options:

A.  

Use an Amazon EventBridge event bus to route messages between the microservices. Use message filtering to ensure that each microservice receives only messages that are relevant to each microservice. Create an archive in Amazon EventBridge to store the messages for 30 days.

B.  

Use a single Amazon SNS topic to distribute the messages. Subscribe each microservice to the topic. Use message filtering to ensure that each microservice receives only messages that are relevant to each microservice. Use an Amazon SQS queue to store the messages for 30 days.

C.  

Use a single Amazon SNS topic to distribute the messages. Subscribe each microservice to the topic. Use message filtering to ensure that each microservice receives only messages that are relevant to each microservice. Store messages in an Amazon S3 bucket for 30 days.

D.  

Create a private Amazon API Gateway HTTP API for the microservices to send messages. Use an AWS Lambda function to forward the messages to the appropriate microservices based on query parameters. Archive messages in Amazon S3 for 30 days.

Discussion 0
Questions 69

A company is building an application on AWS that connects to an Amazon RDS database. The company wants to manage the application configuration and to securely store and retrieve credentials for the database and other services.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Use AWS AppConfig to store and manage the application configuration. Use AWS Secrets Manager to store and retrieve the credentials.

B.  

Use AWS Lambda to store and manage the application configuration. Use AWS Systems Manager Parameter Store to store and retrieve the credentials.

C.  

Use an encrypted application configuration file Store the file in Amazon S3 for the application configuration. Create another S3 file to store and retrieve the credentials.

D.  

Use AWS AppConfig to store and manage the application configuration. Use Amazon RDS to store and retrieve the credentials.

Discussion 0
Questions 70

A company runs all its business applications in the AWS Cloud. The company uses AWS Organizations to manage multiple AWS accounts.

A solutions architect needs to review all permissions that are granted to IAM users to determine which IAM users have more permissions than required.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Use Network Access Analyzer to review all access permissions in the company ' s AWS accounts.

B.  

Create an AWS CloudWatch alarm that activates when an IAM user creates or modifies resources in an AWS account.

C.  

Use AWS Identity and Access Management IAM Access Analyzer to review all the company ' s resources and accounts.

D.  

Use Amazon Inspector to find vulnerabilities in existing IAM policies.

Discussion 0
Questions 71

A company receives data transfers from a small number of external clients that use SFTP software on an Amazon EC2 instance. The clients use an SFTP client to upload data. The clients use SSH keys for authentication. Every hour, an automated script transfers new uploads to an Amazon S3 bucket for processing.

The company wants to move the transfer process to an AWS managed service and to reduce the time required to start data processing. The company wants to retain the existing user management and SSH key generation process. The solution must not require clients to make significant changes to their existing processes.

Which solution will meet these requirements?

Options:

A.  

Reconfigure the script that runs on the EC2 instance to run every 15 minutes. Create an S3 Event Notifications rule for all new object creation events. Set an Amazon Simple Notification Service (Amazon SNS) topic as the destination.

B.  

Create an AWS Transfer Family SFTP server that uses the existing S3 bucket as a target. Use service-managed users to enable authentication.

C.  

Require clients to add the AWS DataSync agent into their local environments. Create an IAM user for each client that has permission to upload data to the target S3 bucket.

D.  

Create an AWS Transfer Family SFTP connector that has permission to access the target S3 bucket for each client. Store credentials in AWS Systems Manager. Create an IAM role to allow the SFTP connector to securely use the credentials.

Discussion 0
Questions 72

A company wants to use automatic machine learning (ML) to create and visualize forecasts of complex scenarios and trends.

Which solution will meet these requirements with the LEAST management overhead?

Options:

A.  

Use an AWS Glue ML job to transform the data and create forecasts. Use Amazon QuickSight to visualize the data.

B.  

Use Amazon QuickSight to visualize the data. Use ML-powered forecasting in QuickSight to create forecasts.

C.  

Use a prebuilt ML AMI from the AWS Marketplace to create forecasts. Use Amazon QuickSight to visualize the data.

D.  

Use Amazon SageMaker AI inference pipelines to create and update forecasts. Use Amazon QuickSight to visualize the combined data.

Discussion 0
Questions 73

A healthcare company is developing an AWS Lambda function that publishes notifications to an encrypted Amazon Simple Notification Service (Amazon SNS) topic. The notifications contain protected health information (PHI).

The SNS topic uses AWS Key Management Service (AWS KMS) customer-managed keys for encryption. The company must ensure that the application has the necessary permissions to publish messages securely to the SNS topic.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.  

Create a resource policy for the SNS topic that allows the Lambda function to publish messages to the topic.

B.  

Use server-side encryption with AWS KMS keys (SSE-KMS) for the SNS topic instead of customer-managed keys.

C.  

Create a resource policy for the encryption key that the SNS topic uses that has the necessary AWS KMS permissions.

D.  

Specify the Lambda function ' s Amazon Resource Name (ARN) in the SNS topic ' s resourcepolicy.

E.  

Associate an Amazon API Gateway HTTP API with the SNS topic to control access to the topic by using API Gateway resource policies.

F.  

Configure a Lambda execution role that has the necessary IAM permissions to use a customer-managed key in AWS KMS.

Discussion 0
Questions 74

A company runs an application that stores and shares photos. Users upload the photos to an Amazon S3 bucket. Every day, users upload approximately 150 photos. The company wants to design a solution that creates a thumbnail of each new photo and stores the thumbnail in a second S3 bucket.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a long-running Amazon EMR cluster. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket.

B.  

Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a memory-optimized Amazon EC2 instance that is always on. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket.

C.  

Configure an S3 event notification to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to the second S3 bucket.

D.  

Configure S3 Storage Lens to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to a second S3 bucket.

Discussion 0
Questions 75

A company is designing an IPv6 application that is hosted on Amazon EC2 instances in a private subnet within a VPC. The application will store user-uploaded content in Amazon S3 buckets. The application will save each S3 object ' s URL link and metadata in Amazon DynamoDB.

The company must not use public internet connections to transmit user-uploaded content or metadata.

Which solution will meet these requirements?

Options:

A.  

Implement a gateway VPC endpoint for Amazon S3 and an interface VPC endpoint for Amazon DynamoDB.

B.  

Implement interface VPC endpoints for both Amazon S3 and Amazon DynamoD

B.  

C.  

Implement gateway VPC endpoints for both Amazon S3 and Amazon DynamoDB.

D.  

Implement a gateway VPC endpoint for Amazon DynamoDB and an interface VPC endpoint for Amazon S3.

Discussion 0
Questions 76

A company has an on-premises application that uses SFTP to collect financial data from multiple vendors. The company is migrating to the AWS Cloud. The company has created an application that uses Amazon S3 APIs to upload files from vendors.

Some vendors run their systems on legacy applications that do not support S3 APIs. The vendors want to continue to use SFTP-based applications to upload data. The company wants to use managed services for the needs of the vendors that use legacy applications.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an AWS Database Migration Service (AWS DMS) instance to replicate data from the storage of the vendors that use legacy applications to Amazon S3. Provide the vendors with the credentials to access the AWS DMS instance.

B.  

Create an AWS Transfer Family endpoint for vendors that use legacy applications.

C.  

Configure an Amazon EC2 instance to run an SFTP server. Instruct the vendors that use legacy applications to use the SFTP server to upload data.

D.  

Configure an Amazon S3 File Gateway for vendors that use legacy applications to upload files to an SMB file share.

Discussion 0
Questions 77

A company is building an ecommerce platform that will allow customers to place orders online. Customer traffic varies significantly. An order-processing microservice is running on a group of Amazon EC2 instances. A solutions architect must ensure that the application remains responsive and decoupled from the frontend. The application must also be able to reprocess orders that the application fails to process on the first attempt. Which solution will meet these requirements?

Options:

A.  

Deploy an Application Load Balancer in front of the order-processing microservice. Configure the Amazon EC2 instances to scale out automatically based on CPU utilization metrics as traffic increases.

B.  

Deploy an Amazon SQS queue to integrate the frontend and the order-processing microservice. Configure the frontend to send messages to the queue. Configure the EC2 instances to process messages from the queue.

C.  

Establish direct HTTPS connections from the frontend to the microservice. Use a dynamically expanding thread pool to handle concurrency at the microservice layer.

D.  

Use Amazon Kinesis Data Streams to ingest all order requests from the frontend. Configure the Amazon EC2 instances to continuously poll the stream and process orders in near real time.

Discussion 0
Questions 78

A company operates multiple VPCs in a single AWS account. Account users need temporary access to Amazon S3 buckets. The S3 buckets are private and have no public endpoints.

The solution must follow the principle of least privilege for access to each environment and must avoid distributing permanent access keys.

Which solution will meet these requirements?

Options:

A.  

Create a gateway VPC endpoint for Amazon S3 in each VPC. Attach an endpoint policy that allows only environment-scoped IAM roles to access the S3 buckets.

B.  

Configure the S3 buckets to use SSE-S3. Create bucket policies that allow access only from the VPC CIDR blocks.

C.  

Define separate S3 access points for each environment. Allow users to assume a role associated with the access points. Use the default Amazon S3 endpoints.

D.  

Route S3 traffic through a NAT gateway. Configure bucket policies that allow traffic only from the NAT gateway’s public IP addresses.

Discussion 0
Questions 79

A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run Amazon Linux in an Auto Scaling group. Each instance stores product manuals on Amazon EBS volumes.

New instances often start with outdated data and may take up to 30 minutes to download updates. The company needs a solution ensuring all instances always have up-to-date product manuals, can scale rapidly, and does not require application code changes.

Which solution will meet these requirements?

Options:

A.  

Store the product manuals on instance store volumes attached to each EC2 instance.

B.  

Store the product manuals in an Amazon S3 bucket. Configure EC2 instances to download updates from the bucket.

C.  

Store the product manuals in an Amazon EFS file system. Mount the EFS volume on the EC2 instances.

D.  

Store the product manuals in an S3 bucket using S3 Standard-IA. Configure EC2 instances to download updates from S3.

Discussion 0
Questions 80

A company is storing data in Amazon S3 buckets. The company needs to retain any objects that contain personally identifiable information (PII) that might need to be reviewed.

A solutions architect must develop an automated solution to identify objects that contain PII and apply the necessary controls to prevent deletion before review.

Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

Options:

A.  

Create a job in Amazon Macie to scan the S3 buckets for the relevant sensitive data identifiers.

B.  

Move the identified objects to the S3 Glacier Deep Archive storage class.

C.  

Create an AWS Lambda function that performs an S3 Object Lock legal hold operation on the identified objects.

D.  

Create an AWS Lambda function that applies an S3 Object Lock retention period to the identified objects in governance mode.

E.  

Create an Amazon EventBridge rule that invokes the AWS Lambda function when Amazon Macie detects sensitive data.

F.  

Configure multi-factor authentication (MFA) delete on the S3 buckets.

Discussion 0
Questions 81

A company is building a cloud-based application on AWS that will handle sensitive customer data. The application uses Amazon RDS for the database. Amazon S3 for object storage, and S3 Event Notifications that invoke AWS Lambda for serverless processing.

The company uses AWS IAM Identity Center to manage user credentials. The development, testing, and operations teams need secure access to Amazon RDS and Amazon S3 while ensuring the confidentiality of sensitive customer data. The solution must comply with the principle of least privilege.

Which solution meets these requirements with the LEAST operational overhead?

Options:

A.  

Use IAM roles with least privilege to grant all the teams access. Assign IAM roles to each team with customized IAM policies defining specific permission for Amazon RDS and S3 object access based on team responsibilities.

B.  

Enable IAM Identity Center with an Identity Center directory. Create and configure permission sets with granular access to Amazon RDS and Amazon S3. Assign all the teams to groups that have specific access with the permission sets.

C.  

Create individual IAM users for each member in all the teams with role-based permissions. Assign the IAM roles with predefined policies for RDS and S3 access to each user based on user needs. Implement IAM Access Analyzer for periodic credential evaluation.

D.  

Use AWS Organizations to create separate accounts for each team. Implement cross-account IAM roles with least privilege Grant specific permission for RDS and S3 access based on team roles and responsibilities.

Discussion 0
Questions 82

A company runs an application that stores and shares photos. Users upload photos to an Amazon S3 bucket. Approximately 150 photos are uploaded daily. The company wants to create a thumbnail for each new photo and store it in a second S3 bucket.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Use an Amazon EMR cluster and scheduled scripts.

B.  

Use an always-on EC2 instance with scheduled scripts.

C.  

Configure an S3 event notification to invoke an AWS Lambda function on each upload.

D.  

Use S3 Storage Lens to invoke a Lambda function.

Discussion 0
Questions 83

A company currently runs a Linux-based application in a self-managed Docker container that runs on Amazon EC2 instances. The application runs a lightweight data processing tool that always completes its job within 3 minutes. The company wants an alternative deployment solution for the application to reduce infrastructure management overhead. The company is willing to make any required changes to the image.

Which solution will meet this requirement with the LEAST operational overhead?

Options:

A.  

Deploy the application as an AWS Lambda function that uses the container image.

B.  

Deploy the application on Amazon EKS with the AWS Fargate launch type.

C.  

Deploy the application on Amazon ECS with the AWS Fargate launch type.

D.  

Deploy the application as a custom Amazon Machine Image (AMI) by using AWS Batch.

Discussion 0
Questions 84

A company deployed an application in two AWS Regions. If the application becomes unavailable in one Region, the application must fail over to the second Region. The failover process must avoid stale DNS client caches. The company wants to use one endpoint to access both copies of the application.

Which solution will meet these requirements?

Options:

A.  

Use an Amazon CloudFront distribution that has multiple origins. Correlate each origin with the application in each Region.

B.  

Use an Amazon Route 53 weighted routing policy that uses equal weights to route client requests to the second Region if the application becomes unavailable in the original Region.

C.  

Use AWS Global Accelerator, and assign a static anycast IP address to the application endpoint.

D.  

Use an Amazon Route 53 IP-based routing policy to route requests to the second Region if the application becomes unavailable in the original Region.

Discussion 0
Questions 85

A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database.

A solutions architect needs to make the application more resilient to periodic increases in request rates.

Which architecture should the solutions architect implement? (Select TWO.)

Options:

A.  

Add AWS Shield

B.  

Add Aurora Replicas

C.  

Add AWS Direct Connect

D.  

Add AWS Global Accelerator

E.  

Add an Amazon CloudFront distribution in front of the Application Load Balancer

Discussion 0
Questions 86

A company has an application that serves clients that are deployed in more than 20.000 retail storefront locations around the world. The application consists of backend web services that are exposed over HTTPS on port 443 The application is hosted on Amazon EC2 Instances behind an Application Load Balancer (ALB). The retail locations communicate with the web application over the public internet. The company allows each retail location to register the IP address that the retail location has been allocated by its local ISP.

The company ' s security team recommends to increase the security of the application endpoint by restricting access to only the IP addresses registered by the retail locations.

What should a solutions architect do to meet these requirements?

Options:

A.  

Associate an AWS WAF web ACL with the ALB Use IP rule sets on the ALB to filter traffic Update the IP addresses in the rule to Include the registered IP addresses

B.  

Deploy AWS Firewall Manager to manage the AL

B.  

Configure firewall rules to restrict traffic to the ALB Modify the firewall rules to include the registered IP addresses.

C.  

Store the IP addresses in an Amazon DynamoDB table. Configure an AWS Lambda authorization function on the ALB to validate that incoming requests are from the registered IP addresses.

D.  

Configure the network ACL on the subnet that contains the public interface of the ALB Update the ingress rules on the network ACL with entries for each of the registered IP addresses.

Discussion 0
Questions 87

A company hosts an application on AWS that uses an Amazon S3 bucket and an Amazon Aurora database. The company wants to implement a multi-Region disaster recovery DR strategy that minimizes potential data loss.

Which solution will meet these requirements?

Options:

A.  

Create an Aurora read replica in a second Availability Zone within the same AWS Region. Enable S3 Versioning for the bucket.

B.  

Create an Aurora read replica in a second AWS Region. Configure AWS Backup to create continuous backups of the S3 bucket to a second bucket in a second Availability Zone.

C.  

Enable Aurora native database backups across multiple AWS Regions. Use S3 cross-account backups within the company ' s local Region.

D.  

Migrate the database to an Aurora global database. Create a second S3 bucket in a second Region. Configure Cross-Region Replication.

Discussion 0
Questions 88

A company ' s reporting system delivers hundreds of .csv files to an Amazon S3 bucket each day. The company must convert these files to Apache Parquet format and must store the files in a transformed data bucket.

Which solution will meet these requirements with the LEAST development effort?

Options:

A.  

Create an Amazon EMR cluster with Apache Spark installed. Write a Spark application to transform the data. Use EMR File System (EMRFS) to write files to the transformed data bucket.

B.  

Create an AWS Glue crawler to discover the data. Create an AWS Glue extract, transform, and load (ETL) job to transform the data. Specify the transformed data bucket in the output step.

C.  

Use AWS Batch to create a job definition with Bash syntax to transform the data and output the data to the transformed data bucket. Use the job definition to submit a job. Specify an array job as the job type.

D.  

Create an AWS Lambda function to transform the data and output the data to the transformed data bucket. Configure an event notification for the S3 bucket. Specify the Lambda function as the destination for the event notification.

Discussion 0
Questions 89

A company has a website that handles dynamic traffic loads. The website architecture is based on Amazon EC2 instances in an Auto Scaling group that is configured to use scheduled scaling. Each EC2 instance runs code from an Amazon Elastic File System (Amazon EFS) volume and stores shared data back to the same volume.

The company wants to optimize costs for the website.

Which solution will meet this requirement?

Options:

A.  

Reconfigure the Auto Scaling group to set a desired number of instances. Turn off scheduled scaling.

B.  

Create a new launch template version for the Auto Scaling group that uses larger EC2 instances.

C.  

Reconfigure the Auto Scaling group to use a target tracking scaling policy.

D.  

Replace the EFS volume with instance store volumes.

Discussion 0
Questions 90

A company has an on-premises SFTP file transfer solution. The company is migrating to the AWS Cloud to scale the file transfer solution and to optimize costs by using Amazon S3. The company ' s employees will use their credentials for the on-premises Microsoft Active Directory (AD) to access the new solution The company wants to keep the current authentication and file access mechanisms.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Configure an S3 File Gateway. Create SMB file shares on the file gateway that use the existing Active Directory to authenticate

B.  

Configure an Auto Scaling group with Amazon EC2 instances to run an SFTP solution Configure the group to scale up at 60% CPU utilization.

C.  

Create an AWS Transfer Family server with SFTP endpoints Choose the AWS Directory Service option as the identity provider Use AD Connector to connect the on-premises Active Directory.

D.  

Create an AWS Transfer Family SFTP endpoint. Configure the endpoint to use the AWS Directory Service option as the identity provider to connect to the existing Active Directory.

Discussion 0
Questions 91

A company wants to use a data lake that is hosted on Amazon S3 to provide analytics services for historical data. The data lake consists of 800 tables but is expected to grow to thousands of tables. More than 50 departments use the tables, and each department has hundreds of users. Different departments need access to specific tables and columns.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an IAM role for each department. Use AWS Lake Formation based access control to grant each IAM role access to specific tables and columns. Use Amazon Athena to analyze the data.

B.  

Create an Amazon Redshift cluster for each department. Use AWS Glue to ingest into the Redshift cluster only the tables and columns that are relevant to that department. Create Redshift database users. Grant the users access to the relevant department ' s Redshift cluster. Use Amazon Redshift to analyze the data.

C.  

Create an IAM role for each department. Use AWS Lake Formation tag-based access control to grant each IAM role access to only the relevant resources. Create LF-tags that are attached to tables and columns. Use Amazon Athena to analyze the data.

D.  

Create an Amazon EMR cluster for each department. Configure an IAM service role for each EMR cluster to access relevant S3 files. For each department ' s users, create an IAM role that provides access to the relevant EMR cluster. Use Amazon EMR to analyze the data.

Discussion 0
Questions 92

An ecommerce company stores terabytes of customer data in the AWS Cloud. The data contains personally identifiable information (PII). The company wants to use the data in three applications. Only one of the applications needs to process the PII. The PII must be removed before the other two applications process the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Store the data in an Amazon DynamoDB table. Create a proxy application layer to intercept and process the data that each application requests.

B.  

Store the data in an Amazon S3 bucket. Process and transform the data by using S3 Object Lambda before returning the data to the requesting application.

C.  

Process the data and store the transformed data in three separate Amazon S3 buckets so that each application has its own custom dataset. Point each application to its respective S3 bucket.

D.  

Process the data and store the transformed data in three separate Amazon DynamoDB tables so that each application has its own custom dataset. Point each application to its respective DynamoDB table.

Discussion 0
Questions 93

A company has applications that run in an organization in AWS Organizations. The company outsources operational support of the applications. The company needs to provide access for the external support engineers without compromising security.

The external support engineers need access to the AWS Management Console. The external support engineers also need operating system access to the company ' s fleet of Amazon EC2 instances that run Amazon Linux in private subnets.

Which solution will meet these requirements MOST securely?

Options:

A.  

Confirm that AWS Systems Manager Agent (SSM Agent) is installed on all instances. Assign an instance profile with the necessary policy to connect to Systems Manager. Use AWS IAM IdentityCenter to provide the external support engineers console access. Use Systems Manager Session Manager to assign the required permissions.

B.  

Confirm that AWS Systems Manager Agent {SSM Agent) is installed on all instances. Assign an instance profile with the necessary policy to connect to Systems Manager. Use Systems Manager Session Manager to provide local IAM user credentials in each AWS account to the external support engineers for console access.

C.  

Confirm that all instances have a security group that allows SSH access only from the external support engineers source IP address ranges. Provide local IAM user credentials in each AWS account to the external support engineers for console access. Provide each external support engineer an SSH key pair to log in to the application instances.

D.  

Create a bastion host in a public subnet. Set up the bastion host security group to allow access from only the external engineers ' IP address ranges Ensure that all instances have a security group that allows SSH access from the bastion host. Provide each external support engineer an SSH key pair to log in to the application instances. Provide local account IAM user credentials to the engineers for console access.

Discussion 0
Questions 94

A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.

Which solution meets these requirements and is the MOST operationally efficient?

Options:

A.  

Server-side encryption with customer-provided keys (SSE-C)

B.  

Server-side encryption with Amazon S3 managed keys (SSE-S3)

C.  

Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation

D.  

Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation

Discussion 0
Questions 95

A financial company is migrating its banking applications to a set of AWS accounts managed by AWS Organizations. The applications will store sensitive customer data on Amazon Elastic Block Store (Amazon EBS) volumes. The company will take regular snapshots for backup purposes.

The company wants to implement controls across all AWS accounts to prevent sharing EBS snapshots publicly.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Enable AWS Config rules for each organizational unit (OU) in Organizations to monitor EBS snapshot permissions.

B.  

Enable block public access for EBS snapshots at the organization level.

C.  

Create an IAM policy in the root account of the organization that prevents users from modifying snapshot permissions.

D.  

Use AWS CloudTrail to track snapshot permission changes.

Discussion 0
Questions 96

A company runs its application by using Amazon EC2 instances and AWS Lambda functions. The EC2 instances run in private subnets of a VPC. The Lambda functions need direct network access to the EC2 instances for the application to work.

The application will run for 1 year. The number of Lambda functions that the application uses will increase during the 1-year period. The company must minimize costs on all application resources.

Which solution will meet these requirements?

Options:

A.  

Purchase an EC2 Instance Savings Plan. Connect the Lambda functions to the private sub-nets that contain the EC2 instances.

B.  

Purchase an EC2 Instance Savings Plan. Connect the Lambda functions to new public sub-nets in the same VPC where the EC2 instances run.

C.  

Purchase a Compute Savings Plan. Connect the Lambda functions to the private subnets that contain the EC2 instances.

D.  

Purchase a Compute Savings Plan. Keep the Lambda functions in the Lambda service VPC.

Discussion 0
Questions 97

A company ' s HTTP application is behind a Network Load Balancer (NLB). The NLB ' s target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.

The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application ' s availability without writing custom scripts or code.

What should a solutions architect do to meet these requirements?

Options:

A.  

Enable HTTP health checks on the NLB, supplying the URL of the company ' s application.

B.  

Add a cron job to the EC2 instances to check the local application ' s logs once each minute. If HTTP errors are detected, the application will restart.

C.  

Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the company ' s application. Configure an Auto Scaling action to replace unhealthy instances.

D.  

Create an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

Discussion 0
Questions 98

A company is using microservices to build an ecommerce application on AWS. The company wants to preserve customer transaction information after customers submit orders. The company wants to store transaction data in an Amazon Aurora database. The company expects sales volumes to vary throughout each year.

Options:

A.  

Use an Amazon API Gateway REST API to invoke an AWS Lambda function to send transaction data to the Aurora database. Send transaction data to an Amazon Simple Queue Service (Amazon SQS) queue that has a dead-letter queue. Use a second Lambda function to read from the SQS queue and to update the Aurora database.

B.  

Use an Amazon API Gateway HTTP API to send transaction data to an Application Load Balancer (ALB). Use the ALB to send the transaction data to Amazon Elastic Container Service (Amazon ECS) on Amazon EC2. Use ECS tasks to store the data in Aurora database.

C.  

Use an Application Load Balancer (ALB) to route transaction data to Amazon Elastic Kubernetes Service (Amazon EKS). Use Amazon EKS to send the data to the Aurora database.

D.  

Use Amazon Data Firehose to send transaction data to Amazon S3. Use AWS Database Migration Service (AWS DMS) to migrate the data from Amazon S3 to the Aurora database.

Discussion 0
Questions 99

A company ' s ecommerce website has unpredictable traffic and uses AWS Lambda functions to directly access a private Amazon RDS for PostgreSQL DB instance. The company wants to maintain predictable database performance and ensure that the Lambda invocations do not overload the database with too many connections.

What should a solutions architect do to meet these requirements?

Options:

A.  

Point the client driver at an RDS custom endpoint. Deploy the Lambda functions inside a VPC.

B.  

Point the client driver at an RDS Proxy endpoint. Deploy the Lambda functions inside a VPC.

C.  

Point the client driver at an RDS custom endpoint. Deploy the Lambda functions outside a VP

C.  

D.  

Point the client driver at an RDS Proxy endpoint. Deploy the Lambda functions outside a VPC.

Discussion 0
Questions 100

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer ALB. The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.

What should a solutions architect do to meet these requirements?

Options:

A.  

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.

B.  

Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Configure Route 53 to route traffic to the CloudFront distribution.

C.  

Create an Amazon CloudFront distribution that has the S3 bucket as an origin. Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints. Create a custom domain name that points to the accelerator DNS name. Use the custom domain name as an endpoint for the web application.

D.  

Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content. Point the other domain name to the accelerator DNS name for static content. Use the domain names as endpoints for the web application.

Discussion 0
Questions 101

A company runs multiple web applications on Amazon EC2 instances behind a single Application Load Balancer (ALB). The application experiences unpredictable traffic spikes throughout each day. The traffic spikes cause high latency. The unpredictable spikes last less than 3 hours. The company needs a solution to resolve the latency issue caused by traffic spikes.

Options:

A.  

Use EC2 instances in an Auto Scaling group. Configure the ALB and Auto Scaling group to use a target tracking scaling policy.

B.  

Use EC2 Reserved Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.

C.  

Use EC2 Spot Instances in an Auto Scaling group. Configure the Auto Scaling group to use a scheduled scaling policy based on peak traffic hours.

D.  

Use EC2 Reserved Instances in an Auto Scaling group. Replace the ALB with a Network Load Balancer (NLB).

Discussion 0
Questions 102

A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

Which solution meets this requirement with the LEAST operational overhead?

Options:

A.  

Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.

B.  

Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.

C.  

Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.

D.  

Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.

Discussion 0
Questions 103

A company uses a set of Amazon EC2 instances to host a website. The website uses an Amazon S3 bucket to store images and media files.

The company wants to automate website infrastructure creation to deploy the website to multiple AWS Regions. The company also wants to provide the EC2 instances access to the S3 bucket so the instances can store and access data by using AWS Identity and Access Management (IAM).

Which solution will meet these requirements MOST securely?

Options:

A.  

Create an AWS Cloud Format ion template for the web server EC2 instances. Save an IAM access key in the UserData section of the AWS;:EC2::lnstance entity in the CloudFormation template.

B.  

Create a file that contains an IAM secret access key and access key ID. Store the file in a new S3 bucket. Create an AWS CloudFormation template. In the template, create a parameter to specify the location of the S3 object that contains the access key and access key ID.

C.  

Create an IAM role and an IAM access policy that allows the web server EC2 instances to access the S3 bucket. Create an AWS CloudFormation template for the web server EC2 instances that contains an IAM instance profile entity that references the IAM role and the IAM access policy.

D.  

Create a script that retrieves an IAM secret access key and access key ID from IAM and stores them on the web server EC2 instances. Include the script in the UserData section of the AWS::EC2::lnstance entity in an AWS CloudFormation template.

Discussion 0
Questions 104

A company recently migrated its application to a VPC on AWS. An AWS Site-to-Site VPN connection connects the company ' s on-premises network to the VPC. The application retrieves customer data from another system that resides on premises. The application uses an on-premises DNS server to resolve domain records. After the migration, the application is not able to connect to the customer data because of name resolution errors.

Which solution will give the application the ability to resolve the internal domain names?

Options:

A.  

Launch EC2 instances in the VPC. On the EC2 instances, deploy a custom DNS forwarder that forwards all DNS requests to the on-premises DNS server. Create an Amazon Route 53 private hosted zone that uses the EC2 instances for name servers.

B.  

Create an Amazon Route 53 Resolver outbound endpoint. Configure the outbound endpoint to forward DNS queries against the on-premises domain to the on-premises DNS server.

C.  

Set up two AWS Direct Connect connections between the AWS environment and the on-premises network. Set up a link aggregation group (LAG) that includes the two connections. Change the VPC resolver address to point to the on-premises DNS server.

D.  

Create an Amazon Route 53 public hosted zone for the on-premises domain. Configure the network ACLs to forward DNS requests against the on-premises domain to the Route 53 public hosted zone.

Discussion 0
Questions 105

A company has a batch processing application that runs every day. The process typically takes an average 3 hours to complete. The application can handle interruptions and can resume the process after a restart. Currently, the company runs the application on Amazon EC2 On-Demand Instances.

The company wants to optimize costs while maintaining the same performance level.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Purchase a 1-year EC2 Instance Savings Plan for the appropriate instance family and size to meet the requirements of the application.

B.  

Use EC2 On-Demand Capacity Reservations based on the appropriate instance family and size to meet the requirements of the application. Run the EC2 instances in an Auto Scaling group.

C.  

Determine the appropriate instance family and size to meet the requirements of the application. Convert the application to run on AWS Batch with EC2 On-Demand Instances. Purchase a 1-year Compute Savings Plan.

D.  

Determine the appropriate instance family and size to meet the requirements of the application. Convert the application to run on AWS Batch with EC2 Spot Instances.

Discussion 0
Questions 106

A company is designing a new multi-tier web application that consists of the following components:

• Web and application servers that run on Amazon EC2 instances as part of Auto Scaling groups

• An Amazon RDS DB instance for data storage

A solutions architect needs to limit access to the application servers so that only the web servers can access them. Which solution will meet these requirements?

Options:

A.  

Deploy AWS PrivateLink in front of the application servers. Configure the network ACL to allow only the web servers to access the application servers.

B.  

Deploy a VPC endpoint in front of the application servers Configure the security group to allow only the web servers to access the application servers

C.  

Deploy a Network Load Balancer with a target group that contains the application servers ' Auto Scaling group Configure the network ACL to allow only the web servers to access the application servers.

D.  

Deploy an Application Load Balancer with a target group that contains the application servers ' Auto Scaling group. Configure the security group to allow only the web servers to access the application servers.

Discussion 0
Questions 107

A company operates a data lake in Amazon S3. The company wants to query and filter data directly in S3 without downloading objects.

Which solution will meet these requirements?

Options:

A.  

Use Amazon Athena to query and filter the objects in Amazon S3.

B.  

Use Amazon EMR to process and filter the objects.

C.  

Use Amazon API Gateway to retrieve filtered results.

D.  

Use Amazon ElastiCache to cache the objects.

Discussion 0
Questions 108

A company has applications that run on Amazon EC2 instances in a VPC One of the applications needs to call the Amazon S3 API to store and read objects. According to the company ' s security regulations, no traffic from the applications is allowed to travel across the internet.

Which solution will meet these requirements?

Options:

A.  

Configure an S3 gateway endpoint.

B.  

Create an S3 bucket in a private subnet.

C.  

Create an S3 bucket in the same AWS Region as the EC2 instances.

D.  

Configure a NAT gateway in the same subnet as the EC2 instances

Discussion 0
Questions 109

A company is building an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for its workloads. All secrets that are stored in Amazon EKS must be encrypted in the Kubernetes etcd key-value store.

Which solution will meet these requirements?

Options:

A.  

Create a new AWS Key Management Service (AWS KMS) key. Use AWS Secrets Manager to manage, rotate, and store all secrets in Amazon EKS.

B.  

Create a new AWS Key Management Service (AWS KMS) key. Enable Amazon EKS KMS secrets encryption on the Amazon EKS cluster.

C.  

Create the Amazon EKS cluster with default options. Use the Amazon Elastic Block Store (Amazon EBS) Container Storage Interface (CSI) driver as an add-on.

D.  

Create a new AWS Key Management Service (AWS KMS) key with the alias/aws/ebs alias. Enable default Amazon Elastic Block Store (Amazon EBS) volume encryption for the account.

Discussion 0
Questions 110

A solutions architect manages a web application for a company. The application runs on Amazon EC2 instances in an Auto Scaling group. The Auto Scaling group configuration includes a minimum of 3 instances and a maximum of 300 instances. The maximum helps handle unpredictable, short-lived traffic surges.

The application must scale to meet demand. However, to help manage costs, the number of running instances should not exceed 180 for longer than 1 continuous hour.

Which solution will meet these requirements?

Options:

A.  

Use a scheduled scaling policy. Set the maximum capacity of the Auto Scaling group to 180 during peak hours. Set the maximum capacity to 300 during non-peak hours.

B.  

Configure a target tracking scaling policy that scales based on average CPU utilization. Add an Amazon CloudWatch alarm to terminate instances after 1 hour when capacity exceeds 180.

C.  

Set the maximum instance lifetime of the Auto Scaling group to 1 hour to force replacement of instances when capacity exceeds 180.

D.  

Add a step scaling policy that uses an Amazon CloudWatch alarm. Trigger the alarm when the Auto Scaling group includes more than 180 instances for longer than 1 hour. Configure the alarm to reduce the group capacity to 180 when triggered.

Discussion 0
Questions 111

A company hosts an application on AWS and has generated approximately 2.5 TB of data over 12 years. The data is stored on Amazon EBS volumes.

The company wants a cost-effective backup solution for long-term storage and must be able to retrieve the data within minutes for audits.

Which solution will meet these requirements?

Options:

A.  

Create EBS snapshots.

B.  

Use Amazon S3 Glacier Deep Archive.

C.  

Use Amazon S3 Glacier Flexible Retrieval.

D.  

Use Amazon Elastic File System (Amazon EFS).

Discussion 0
Questions 112

A company runs applications and stores data in multiple AWS accounts. The company uses AWS Organizations to manage all its accounts.

The company needs a solution to efficiently and centrally manage data backups for the AWS services that the company uses. The solution must improve the company ' s disaster recovery posture. The solution must also protect data backups against accidental deletion or a malicious attack on an AWS account.

Which solution will meet these requirements?

Options:

A.  

Use AWS Backup in each AWS account to store copies of the data backups in additional Availability Zones.

B.  

Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS accounts.

C.  

Use AWS Backup in each AWS account to store copies of the data backups in additional AWS Regions.

D.  

Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS Regions.

Discussion 0
Questions 113

A company is designing a new web application that will run on Amazon EC2 instances. The application will use Amazon DynamoDB for backend data storage. The application traffic will be unpredictable. The company expects that the application read and write throughput to the database will be moderate to high. The company needs to scale in response to application traffic.

Which DynamoDB table configuration will meet these requirements MOST cost-effectively?

Options:

A.  

Configure DynamoDB with provisioned read and write by using the DynamoDB Standard table class. Set DynamoDB auto scaling to a maximum defined capacity.

B.  

Configure DynamoDB in on-demand mode by using the DynamoDB Standard table class.

C.  

Configure DynamoDB with provisioned read and write by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class. Set DynamoDB auto scaling to a maximum defined capacity.

D.  

Configure DynamoDB in on-demand mode by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class.

Discussion 0
Questions 114

A company is deploying a critical application by using Amazon RDS for MySQL. The application must be highly available and must recover automatically. The company needs to support interactive users (transactional queries) and batch reporting (analytical queries) with no more than a 4-hour lag. The analytical queries must not affect the performance of the transactional queries.

Which solution will meet these requirements?

Options:

A.  

Configure Amazon RDS for MySQL in a Multi-AZ DB instance deployment with one standby instance. Point the transactional queries to the primary DB instance. Point the analytical queries to a secondary DB instance that runs in a different Availability Zone.

B.  

Configure Amazon RDS for MySQL in a Multi-AZ DB cluster deployment with two standby instances. Point the transactional queries to the primary DB instance. Point the analytical queries to the reader endpoint.

C.  

Configure Amazon RDS for MySQL to use multiple read replicas across multiple Availability Zones. Point the transactional queries to the primary DB instance. Point the analytical queries to one of the replicas in a different Availability Zone.

D.  

Configure Amazon RDS for MySQL as the primary database for the transactional queries with automated backups enabled. Each night, create a read-only database from the most recent snapshot to support the analytical queries. Terminate the previously created database.

Discussion 0
Questions 115

A company wants to isolate its workloads by creating an AWS account for each workload. The company needs a solution that centrally manages networking components for the workloads. The solution also must create accounts with automatic security controls (guardrails).

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use AWS Control Tower to deploy accounts. Create a networking account that has a VPC with private subnets and public subnets. Use AWS Resource Access Manager (AWS RAM) to share the subnets with the workload accounts.

B.  

Use AWS Organizations to deploy accounts. Create a networking account that has a VPC with private subnets and public subnets. Use AWS Resource Access Manager (AWS RAM) to share the subnets with the workload accounts.

C.  

Use AWS Control Tower to deploy accounts. Deploy a VPC in each workload account. Configure each VPC to route through an inspection VPC by using a transit gateway attachment.

D.  

Use AWS Organizations to deploy accounts. Deploy a VPC in each workload account. Configure each VPC to route through an inspection VPC by using a transit gateway attachment.

Discussion 0
Questions 116

A company is designing a solution to capture customer activity on the company ' s web applications. The company wants to analyze the activity data to make predictions.

Customer activity on the web applications is unpredictable and can increase suddenly. The company requires a solution that integrates with other web applications. The solution must include an authorization step.

Which solution will meet these requirements?

Options:

A.  

Deploy a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Configure the applications to pass an authorization header to the GWLB.

B.  

Deploy an Amazon API Gateway endpoint in front of an Amazon Kinesis data stream. Store the data in an Amazon S3 bucket. Use an AWS Lambda function to handle authorization.

C.  

Deploy an Amazon API Gateway endpoint in front of an Amazon Data Firehose delivery stream. Store the data in an Amazon S3 bucket. Use an API Gateway Lambda authorizer to handle authorization.

D.  

Deploy a Gateway Load Balancer (GWLB) in front of an Amazon Elastic Container Service (Amazon ECS) container instance. Store the data in an Amazon Elastic File System (Amazon EFS) file system. Use an AWS Lambda function to handle authorization.

Discussion 0
Questions 117

A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 months.

Which storage solution should a solutions architect recommend to meet these requirements?

Options:

A.  

Store the data in Amazon S3 Glacier. Update the S3 Glacier vault policy to allow access to the application instances.

B.  

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. Mount the EBS volume on the application instances.

C.  

Store the data in an Amazon Elastic File System (Amazon EFS) file system. Mount the file system on the application instances.

D.  

Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS volume shared between the application instances.

Discussion 0
Questions 118

A company is building a serverless web application that will serve customers globally by using REST API endpoints. The application must minimize latency regardless of the application us-er ' s geographic location. The initial amount of traffic that the application will handle is un-known.

Options:

A.  

Deploy an Amazon API Gateway REST API with edge-optimized API endpoints for all cus-tomers. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory settings and configuring provisioned concurrency.

B.  

Deploy an Amazon API Gateway REST API with Regional API endpoints for all customers. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory set-tings and configuring reserved concurrency.

C.  

Deploy an Amazon API Gateway REST API with Regional API endpoints for all customers. Create AWS Lambda functions. Use an HTTP integration to optimize Lambda performance.

D.  

Deploy a Network Load Balancer in each AWS Region where customers are located. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory settings and configuring provisioned concurrency.

Discussion 0
Questions 119

A company stores a large number of image files in an Amazon S3 bucket. The images need to be readily available for 180 days. The company rarely accesses images that are older than 180 days. However, the company must be able to access images immediately when necessary.

The company wants to archive images that are older than 360 days, but the company must be able to access the images instantly when required. The images cannot be deleted. The company requires high availability and redundancy throughout the entire lifecycle of the files.

The company will use S3 Standard storage for the first 180 days. The company needs to configure S3 Lifecycle rules to handle the remaining lifecycle stages of the files.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Transition the objects to S3 One Zone-Infrequent Access S3 One Zone-IA after 180 days. Transition the objects to S3 Glacier Instant Retrieval after 360 days.

B.  

Transition the objects to S3 One Zone-Infrequent Access S3 One Zone-IA after 180 days. Transition the objects to S3 Glacier Flexible Retrieval after 360 days.

C.  

Transition the objects to S3 Standard-Infrequent Access S3 Standard-IA after 180 days. Transition the objects to S3 Glacier Instant Retrieval after 360 days.

D.  

Transition the objects to S3 Standard-Infrequent Access S3 Standard-IA after 180 days. Transition the objects to S3 Glacier Flexible Retrieval after 360 days.

Discussion 0
Questions 120

A company runs a web application in a single AWS Region. A solutions architect wants to ensure that the web application can continue to operate if the application becomes unavailable in the Region.

Which solution will meet this requirement?

Options:

A.  

Deploy the application in multiple Regions. Use Amazon Route 53 DNS health checks to route traffic to a healthy Region.

B.  

Deploy the application in multiple Availability Zones within a single Region. Use Amazon Route 53 DNS health checks to route traffic to healthy application resources.

C.  

Deploy the application in multiple Regions. Use an Amazon Route 53 simple routing record to route traffic to a healthy Region.

D.  

Deploy the application in multiple Availability Zones within a single Region. Use an Amazon Route 53 latency record in each Availability Zone to route traffic to a healthy Availability Zone.

Discussion 0
Questions 121

A global ecommerce company runs its critical workloads on AWS. The workloads use an Amazon RDS for PostgreSQL DB instance that is configured for a Multi-AZ deployment.

Customers have reported application timeouts when the company undergoes database failovers. The company needs a resilient solution to reduce failover time

Which solution will meet these requirements?

Options:

A.  

Create an Amazon RDS Proxy. Assign the proxy to the DB instance.

B.  

Create a read replica for the DB instance Move the read traffic to the read replica.

C.  

Enable Performance Insights. Monitor the CPU load to identify the timeouts.

D.  

Take regular automatic snapshots Copy the automatic snapshots to multiple AWS Regions

Discussion 0
Questions 122

A company uses Amazon Route 53 as its DNS provider. The company hosts a website both on premises and in the AWS Cloud. The company ' s on-premises data center is near the us-west-1 Region. The company hosts the website on AWS in the eu-central-1 Region.

The company wants to optimize load times for the website as much as possible.

Which solution will meet these requirements?

Options:

A.  

Create a DNS record with a failover routing policy that routes all primary traffic to eu-central-1. Configure the routing policy to use the on-premises data center as the secondary location.

B.  

Create a DNS record with an IP-based routing policy. Configure specific IP ranges to return the value for the eu-central-1 website. Configure all other IP ranges to return the value for the on-premises website.

C.  

Create a DNS record with a latency-based routing policy. Configure one latency record for the eu-central-1 website and one latency record for the on-premises data center. Associate the record for the on-premises data center with the us-west-1 Region.

D.  

Create a DNS record with a weighted routing policy. Split the traffic evenly between eu-central-1 and the on-premises data center.

Discussion 0
Questions 123

An application team uses an organization in AWS Organizations to manage multiple AWS accounts in a dedicated organizational unit OU. The accounts do not host production workloads.

The application team is implementing an ecommerce solution by using Amazon EC2 instances. A solutions architect needs to implement controls to prevent the application team from exceeding the project budget for the application.

Which solution will meet this requirement?

Options:

A.  

Create a usage report in AWS Cost Explorer. Set up automated alerts to notify the application team when usage exceeds the budget so the application team can take immediate actions to reduce costs.

B.  

Create a fixed monthly budget in AWS Budgets. Create a budget action to apply a service control policy SCP to the OU to deny additional usage when the application team reaches the monthly budget. Configure a budget action to send a notification to an Amazon SNS topic that invokes an AWS Lambda function to stop all running EC2 instances.

C.  

Create an Amazon CloudWatch metric and a CloudWatch alarm for when the application team reaches the monthly budget. Configure the CloudWatch alarm to send a notification to an Amazon SNS topic that invokes an AWS Lambda function to stop all running EC2 instances.

D.  

Use AWS Cost Anomaly Detection to monitor the application team ' s usage and to alert the application team about unexpected spending patterns.

Discussion 0
Questions 124

A company uses a Microsoft SQL Server database. The applications currently connect using SQL Server protocols. The company wants to migrate to Amazon Aurora PostgreSQL with minimal changes to application code.

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.  

Use AWS SCT to rewrite SQL queries in the applications.

B.  

Enable Babelfish on Aurora PostgreSQL to run SQL Server queries.

C.  

Migrate the database schema and data using AWS SCT and AWS DMS.

D.  

Use Amazon RDS Proxy to connect the applications to Aurora PostgreSQL.

E.  

Use AWS DMS to rewrite SQL queries in the applications.

Discussion 0
Questions 125

A company is migrating a new application from an on-premises data center to a new VPC in the AWS Cloud. The company has multiple AWS accounts and VPCs that share many subnets and applications. The company wants to have fine-grained access control for the new application.The company wants to ensure that all network resources across accounts and VPCs that are granted permission to access the new application can access the application.

Which solution will meet these requirements?

Options:

A.  

Set up a VPC peering connection for each VPC that needs access to the new application VPC. Update route tables in each VPC to enable connectivity.

B.  

Deploy a transit gateway in the account that hosts the new application. Share the transit gateway with each account that needs to connect to the application. Update route tables in the VPC that hosts the new application and in the transit gateway to enable connectivity.

C.  

Use an AWS PrivateLink endpoint service to make the new application accessible to other VPCs. Control access to the application by using an endpoint policy.

D.  

Use an Application Load Balancer (ALB) to expose the new application to the internet. Configure authentication and authorization processes to ensure that only specified VPCs can access the application.

Discussion 0
Questions 126

A solutions architect is designing an application that helps users fill out and submit registration forms. The solutions architect plans to use a two-tier architecture that includes a web application server tier and a worker tier.

The application needs to process submitted forms quickly. The application needs to process each form exactly once. The solution must ensure that no data is lost.

Which solution will meet these requirements?

Options:

A.  

Use an Amazon Simple Queue Service {Amazon SQS) FIFO queue between the web application server tier and the worker tier to store and forward form data.

B.  

Use an Amazon API Gateway HTTP API between the web application server tier and the worker tier to store and forward form data.

C.  

Use an Amazon Simple Queue Service (Amazon SQS) standard queue between the web application server tier and the worker tier to store and forward form data.

D.  

Use an AWS Step Functions workflow. Create a synchronous workflow between the web application server tier and the worker tier that stores and forwards form data.

Discussion 0
Questions 127

A company wants to implement new security compliance requirements for its development team to limit the use of approved Amazon Machine Images (AMIs).

The company wants to provide access to only the approved operating system and software for all its Amazon EC2 instances. The company wants the solution to have the least amount of lead time for launching EC2 instances.

Which solution will meet these requirements?

Options:

A.  

Create a portfolio by using AWS Service Catalog that includes only EC2 instances launched with approved AMIs. Ensure that all required software is preinstalled on the AMIs. Create the necessary permissions for developers to use the portfolio.

B.  

Create an AMI that contains the approved operating system and software by using EC2 Image Builder. Give developers access to that AMI to launch the EC2 instances.

C.  

Create an AMI that contains the approved operating system Tell the developers to use the approved AMI Create an Amazon EventBridge rule to run an AWS Systems Manager script when a new EC2 instance is launched. Configure the script to install the required software from a repository.

D.  

Create an AWS Config rule to detect the launch of EC2 instances with an AMI that is not approved. Associate a remediation rule to terminate those instances and launch the instances again with the approved AMI. Use AWS Systems Manager to automatically install the approved software on the launch of an EC2 instance.

Discussion 0
Questions 128

An internal product team is deploying a new application to a private VPC in a company ' s AWS account. The application runs on Amazon EC2 instances that are in a security group named App1. The EC2 instances store application data in an Amazon S3 bucket and use AWS Secrets Manager to store application service credentials. The company ' s security policy prohibits applications in a private VPC from using public IP addresses to communicate.

Which combination of solutions will meet these requirements? (Select TWO.)

Options:

A.  

Configure gateway endpoints for Amazon S3 and AWS Secrets Manager.

B.  

Configure interface VPC endpoints for Amazon S3 and AWS Secrets Manager.

C.  

Add routes to the endpoints in the VPC route table.

D.  

Associate the App1 security group with the interface VPC endpoints. Configure a self-referencing security group rule to allow inbound traffic.

E.  

Associate the App1 security group with the gateway endpoints. Configure a self-referencing security group rule to allow inbound traffic.

Discussion 0
Questions 129

A company has an e-commerce site. The site is designed as a distributed web application hosted in multiple AWS accounts under one AWS Organizations organization. The web application is comprised of multiple microservices. All microservices expose their AWS services either through Amazon CloudFront distributions or public Application Load Balancers (ALBs). The company wants to protect public endpoints from malicious attacks and monitor security configurations. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use AWS WAF to protect the public endpoints. Use AWS Firewall Manager from a dedicated security account to manage rules in AWS WAF. Use AWS Config rules to monitor the Regional and global WAF configurations.

B.  

Use AWS WAF to protect the public endpoints. Apply AWS WAF rules in each account. Use AWS Config rules and AWS Security Hub to monitor the WAF configurations of the ALBs and the CloudFront distributions.

C.  

Use AWS WAF to protect the public endpoints. Use AWS Firewall Manager from a dedicated security account to manage the rules in AWS WAF. Use Amazon Inspector and AWS Security Hub to monitor the WAF configurations of the ALBs and the CloudFront distributions.

D.  

Use AWS Shield Advanced to protect the public endpoints. Use AWS Config rules to monitor the Shield Advanced configuration for each account.

Discussion 0
Questions 130

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.

The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.

Which solution meets these requirements MOST cost-effectively?

Options:

A.  

Deploy an AWS Global Accelerator accelerator in front of the web servers.

B.  

Deploy an Amazon CloudFront web distribution in front of the S3 bucket.

C.  

Deploy an Amazon ElastiCache (Redis OSS) instance in front of the web servers.

D.  

Deploy an Amazon ElastiCache (Memcached) instance in front of the web servers.

Discussion 0
Questions 131

A company stores 5 PB of archived data on physical tapes in an on-premises data center. The company needs to retain the data for 10 years. The company does not want to change an existing backup workflow. The data center that stores the tapes has a 10 Gbps AWS Direct Connect connection to an AWS Region. The company wants to migrate the data to AWS as soon as possible.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.  

Use an on-premises backup application to read the data from the tapes. Use local storage to stage the data temporarily. Use AWS DataSync to migrate the data to Amazon S3 Glacier Flexible Retrieval storage.

B.  

Use an on-premises backup application to read the data from the tapes. Use the backup application to write directly to Amazon S3 Glacier Deep Archive storage.

C.  

Order multiple AWS Snowball Edge devices. Copy the physical tapes to virtual tapes on the Snowball Edge devices. Ship the Snowball Edge devices to AWS. Create an S3 Lifecycle policy to move the tapes to Amazon S3 Glacier Instant Retrieval storage.

D.  

Configure an on-premises AWS Storage Gateway Tape Gateway. Create virtual tapes on AWS. Use backup software to copy the physical tapes to the virtual tapes. Move the virtual tapes to Amazon S3 Glacier Deep Archive storage.

Discussion 0
Questions 132

A company needs to give a globally distributed development team secure access to the company ' s AWS resources in a way that complies with security policies.

The company currently uses an on-premises Active Directory for internal authentication. The company uses AWS Organizations to manage multiple AWS accounts that support multiple projects.

The company needs a solution to integrate with the existing infrastructure to provide centralized identity management and access control.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Set up AWS Directory Service to create an AWS managed Microsoft Active Directory on AWS. Establish a trust relationship with the on-premises Active Directory. Use IAM roles that are assigned to Active Directory groups to access AWS resources within the company ' s AWS accounts.

B.  

Create an IAM user for each developer. Manually manage permissions for each IAM user based on each user ' s involvement with each project. Enforce multi-factor authentication MFA as an additional layer of security.

C.  

Use AD Connector in AWS Directory Service to connect to the on-premises Active Directory. Integrate AD Connector with AWS IAM Identity Center. Configure permission sets to give each AD group access to specific AWS accounts and resources.

D.  

Create separate IAM roles in each AWS account, and manually assign the roles to each developer. Synchronize the assignments with the on-premises directory by using custom scripts.

Discussion 0
Questions 133

A company runs business applications on AWS. The company uses 50 AWS accounts, thousands of VPCs, and three AWS Regions across the United States and Europe. The company has an existing AWS Direct Connect connection that connects an on-premises data center to a single Region.

A solutions architect needs to establish network connectivity between the on-premises data center and the remaining two Regions. The solutions architect must also establish connectivity between the VPCs. On-premises users and applications must be able to connect to applications that run in the VPCs. The solutions architect creates a transit gateway in each Region and configures the transit gateways as inter-Region peers.

What should the solutions architect do next to meet these requirements?

Options:

A.  

Create a private virtual interface (VIF) with a gateway type of virtual private gateway. Configure the private VIF to use a virtual private gateway that is associated with one of the VPCs.

B.  

Create a private virtual interface (VIF) to a new Direct Connect gateway. Associate the new Direct Connect gateway with a virtual private gateway in each VPC.

C.  

Create a transit virtual interface (VIF) with a gateway association to a new Direct Connect gateway. Associate each transit gateway with the new Direct Connect gateway.

D.  

Create an AWS Site-to-Site VPN connection that uses a public virtual interface (VIF) for the Direct Connect connection. Attach the Site-to-Site VPN connection to the transit gateways.

Discussion 0
Questions 134

A company uses Amazon S3 to host its static website. The company wants to add a contact form to the webpage. The contact form will have dynamic server-side components for users to input their name, email address, phone number, and user message.

The company expects fewer than 100 site visits each month. The contact form must notify the company by email when a customer fills out the form.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Host the dynamic contact form in Amazon Elastic Container Service (Amazon ECS). Set up Amazon Simple Email Service (Amazon SES) to connect to a third-party email provider.

B.  

Create an Amazon API Gateway endpoint that returns the contact form from an AWS Lambda function. Configure another Lambda function on the API Gateway to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic.

C.  

Host the website by using AWS Amplify Hosting for static content and dynamic content. Use server-side scripting to build the contact form. Configure Amazon Simple Queue Service (Amazon SQS) to deliver the message to the company.

D.  

Migrate the website from Amazon S3 to Amazon EC2 instances that run Windows Server. Use Internet Information Services (IIS) for Windows Server to host the webpage. Use client-side scripting to build the contact form. Integrate the form with Amazon WorkMail.

Discussion 0
Questions 135

A company needs to create a compliance management solution. The company wants to use a combination of AWS services to achieve the fine-grained visibility that the solution requires. The compliance management solution must provide a centralized method for company employees to review security findings and out-of-compliance findings.

Which solution will meet these requirements with the LEAST ongoing maintenance?

Options:

A.  

Configure AWS Security Hub to centralize findings. Use conformance packs in Amazon Inspector to check for compliance framework misalignment.

B.  

Use AWS Marketplace to purchase a security tool. Install the tool on an Amazon EC2 instance. Assign an EC2 Instance Profile for the tool to gather data from AWS resources.

C.  

Configure AWS Security Hub to centralize findings. Use conformance packs in AWS Config to check for compliance framework misalignment.

D.  

Configure AWS Systems Manager to provide a centralized dashboard. Use conformance packs in AWS Config to check for compliance framework misalignment.

Discussion 0
Questions 136

A company is creating a web application that will store a large number of images in Amazon S3. The images will be accessed by users over variable periods of time. The company wants to:

Retain all the images.

Incur no cost for retrieval.

Have minimal management overhead.

Have the images available with no impact on retrieval time.

Which solution meets these requirements?

Options:

A.  

Implement S3 Intelligent-Tiering.

B.  

Implement S3 storage class analysis.

C.  

Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).

D.  

Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).

Discussion 0
Questions 137

A company needs to use its on-premises LDAP directory service to authenticate its users to the AWS Management Console. The directory service is not compatible with Security Assertion Markup Language (SAML).

Which solution meets these requirements?

Options:

A.  

Enable AWS IAM Identity Center between AWS and the on-premises LDAP.

B.  

Create an IAM policy that uses AWS credentials, and integrate the policy into LDAP.

C.  

Set up a process that rotates the IAM credentials whenever LDAP credentials are updated.

D.  

Develop an on-premises custom identity broker application or process that uses AWS STS to get short-lived credentials.

Discussion 0
Questions 138

A company wants to share data between applications that run in separate AWS accounts. The company wants to use Amazon API Gateway REST APIs to expose private APIs. The company wants to ensure that only authorized accounts can invoke the private APIs.

Which solution will meet this requirement?

Options:

A.  

Use an API Gateway interface endpoint policy to grant access to specific accounts.

B.  

Use an API Gateway resource policy to grant access to specific accounts.

C.  

Use cross-account IAM policies to grant access to the private APIs.

D.  

Use AWS Lambda authorizers to grant access to specific accounts.

Discussion 0
Questions 139

A company runs a website on Amazon EC2 instances. Clients use the HTTP protocol to connect to the application. The company does not want the EC2 instances to have internet access. However, the application should remain available through the internet. The application must scale in response to traffic demands.

Which solution will meet these requirements?

Options:

A.  

Host the application on EC2 instances in an Auto Scaling group behind an internet-facing Network Load Balancer (NLB). Launch the EC2 instances in public subnets that use an internet gateway.

B.  

Host the application on EC2 instances in an Auto Scaling group behind an internet-facing Network Load Balancer (NLB). Launch the EC2 instances in private subnets that do not have internet access.

C.  

Host the application on EC2 instances in an Auto Scaling group behind an internet-facing Application Load Balancer (ALB). Launch the EC2 instances in private subnets that do not have internet access.

D.  

Host the application on EC2 instances in an Auto Scaling group behind an internet-facing Application Load Balancer (ALB). Launch the EC2 instances in public subnets that use an internet gateway.

Discussion 0
Questions 140

A company is building a data processing application that uses AWS Lambda functions. The Lambda functions need to communicate with an Amazon RDS DB instance deployed inside a VPC in the same AWS account.

Which solution meets these requirements in the most secure way?

Options:

A.  

Configure the DB instance for public access. Allow Lambda public address space.

B.  

Deploy Lambda inside the VPC. Attach a network ACL allowing outbound access to the VPC CIDR. Update the DB security group to allow traffic from 0.0.0.0/0.

C.  

Deploy Lambda inside the VP

C.  

Attach a security group to the Lambda functions. Allow outbound access only to the VPC CIDR. Update the DB instance security group to allow traffic from the Lambda security group.

D.  

Peer the Lambda default VPC with the DB VPC and avoid security groups.

Discussion 0
Questions 141

A company is designing an application to maintain a record of customer orders. The application will generate events. The company wants to use an Amazon EventBridge event bus to send the application ' s events to an Amazon DynamoDB table. Which solution will meet these requirements?

Options:

A.  

Use the EventBridge default event bus. Configure DynamoDB Streams for the DynamoDB table that hosts the customer order data.

B.  

Create an EventBridge custom event bus. Create an AWS Lambda function as a target. Configure the Lambda function to forward the customer order data to the DynamoDB table.

C.  

Create an EventBridge partner event bus. Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe an AWS Lambda function to the SNS topic. Configure the Lambda function to read the customer order data and to forward the data to the DynamoDB table.

D.  

Create an EventBridge partner event bus. Create an AWS Lambda function as a target. Configure the Lambda function to forward the customer order data to the DynamoDB table.

Discussion 0
Questions 142

A weather forecasting company needs to process hundreds of gigabytes of data with sub-millisecond latency. The company has a high performance computing (HPC) environment in its data center and wants to expand its forecasting capabilities.

A solutions architect must identify a highly available cloud storage solution that can handle large amounts of sustained throughput Files that are stored in the solution should be accessible to thousands of compute instances that will simultaneously access and process the entire dataset.

What should the solutions architect do to meet these requirements?

Options:

A.  

Use Amazon FSx for Lustre scratch file systems

B.  

Use Amazon FSx for Lustre persistent file systems.

C.  

Use Amazon Elastic File System (Amazon EFS) with Bursting Throughput mode.

D.  

Use Amazon Elastic File System (Amazon EFS) with Provisioned Throughput mode.

Discussion 0
Questions 143

A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near-real-time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB cluster.

Which solution meets these requirements?

Options:

A.  

Create and use a custom endpoint for the workload.

B.  

Create a three-node cluster clone and use the reader endpoint.

C.  

Use any of the instance endpoints for the selected three nodes.

D.  

Use the reader endpoint to automatically distribute the read-only workload.

Discussion 0
Questions 144

A company uses Amazon EC2 instances spread across two Availability Zones to provide large and small maps to customers. The large maps do not change. The company updates the small maps by adding small metadata files each day. Customers download the large maps once but download the smaller maps frequently. Several Amazon EBS volumes containing replicated data are spread between the Availability Zones.

Which solutions will store the map data MOST cost-effectively? (Select TWO.)

Options:

A.  

Deploy an Amazon EFS file system. Mount the file system on the EC2 instances. Move the map and metadata files to the file system. Apply a lifecycle policy to move files older than 30 days to the EFS Infrequent Access storage class.

B.  

Create an Amazon S3 bucket. Update the application to read data files from the S3 bucket. Apply an S3 Lifecycle rule to move files older than 30 days to the S3 Standard-Infrequent Access storage class.

C.  

Create an Amazon FSx for OpenZFS file system. Move the map and metadata files to the file system. Configure the file system to use the Intelligent-Tiering storage class.

D.  

Create a shared EBS volume. Connect the EC2 instances to the shared volume. Move the map and metadata files to the new volume. Detach and delete the original EBS volumes.

E.  

Create an Amazon FSx for Lustre file system that uses the SCRATCH_2 deployment type. Move the map and metadata files to the file system.

Discussion 0
Questions 145

A company is migrating a document management application to AWS. The application runs on Linux servers. The company will migrate the application to Amazon EC2 instances in an Auto Scaling group. The company stores 7 TiB of documents in a shared storage file system. An external relational database tracks the documents.

Documents are stored once and can be retrieved multiple times for reference at any time. The company cannot modify the application during the migration. The storage solution must be highly available and must support scaling over time.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Deploy an EC2 instance with enhanced networking as a shared NFS storage system. Export the NFS share. Mount the NFS share on the EC2 instances in the Auto Scaling group.

B.  

Create an Amazon S3 bucket that uses the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Mount the S3 bucket on the EC2 instances in the Auto Scaling group.

C.  

Deploy an SFTP server endpoint by using AWS Transfer for SFTP and an Amazon S3 bucket. Configure the EC2 instances in the Auto Scaling group to connect to the SFTP server.

D.  

Create an Amazon EFS file system with mount points in multiple Availability Zones. Use the EFS Standard-Infrequent Access (Standard-IA) storage class. Mount the NFS share on the EC2 instances in the Auto Scaling group.

Discussion 0
Questions 146

A company deploys a stateful application on Amazon EC2 On-Demand Instances in multiple Availability Zones behind an Application Load Balancer (ALB). The application workload is predictable, and the company has not received any CPU usage alerts. The company expects to run the application for at least 1 year.

The company expects CPU usage to increase by 50% during an upcoming 2-week holiday period. The company wants to optimize costs for the application for both the holiday period and normal operations.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.  

Continue to use On-Demand Instances to handle the existing workload. Purchase additional On-Demand Instances to handle the capacity requirement for the upcoming holiday period.

B.  

Purchase a 12-month EC2 Instance Savings Plan to handle the existing workload. Use On-Demand Instances to handle the additional capacity requirement for the upcoming holiday period.

C.  

Purchase a 12-month Compute Savings Plan to handle the existing workload. Use Spot Instances to handle the additional capacity requirement for the upcoming holiday period.

D.  

Purchase a 12-month Compute Savings Plan to handle both the existing workload and the additional capacity requirement for the upcoming holiday period.

Discussion 0
Questions 147

A solutions architect needs to design a solution for a high performance computing (HPC) workload. The solution must include multiple Amazon EC2 instances. Each EC2 instance requires 10 Gbps of bandwidth individually for single-flow traffic. The EC2 instances require an aggregate throughput of 100 Gbps of bandwidth across all EC2 instances. Communication between the EC2 instances must have low latency.

Which solution will meet these requirements?

Options:

A.  

Place the EC2 instances in a single subnet of a VPC. Configure a cluster placement group. Ensure that the latest Elastic Fabric Adapter (EFA) drivers are installed on the EC2 instances with a supported operating system.

B.  

Place the EC2 instances in multiple subnets in a single VPC. Configure a spread placement group. Ensure that the EC2 instances support Elastic Network Adapters (ENAs) and that the drivers are updated on each instance operating system.

C.  

Place the EC2 instances in multiple VPCs. Use AWS Transit Gateway to route traffic between the VPCs. Ensure that the latest Elastic Fabric Adapter (EFA) drivers are installed on the EC2 instances with a supported operating system.

D.  

Place the EC2 instances in multiple subnets across multiple Availability Zones. Configure a cluster placement group. Ensure that the EC2 instances support Elastic Network Adapters (ENAs) and that the drivers are updated on each instance operating system.

Discussion 0
Questions 148

A company runs an application on premises. The application stores files that the application servers process in a shared storage system. The company uses Linux file system permissions to control access to the files.

The company plans to migrate the application servers to Amazon EC2 instances across multiple Availability Zones. The company does not want to change the application code.

Which solution will meet these requirements?

Options:

A.  

Migrate the files to an Amazon S3 bucket. Use the S3 Intelligent-Tiering storage class. Mount the S3 bucket to the EC2 instances.

B.  

Migrate the files to a set of Amazon EC2 instance store volumes. Mount the instance store volumes to the EC2 instances.

C.  

Migrate the files to a set of Amazon EBS volumes. Mount the EBS volumes to the EC2 instances.

D.  

Migrate the files to an Amazon EFS file system. Mount the EFS file system to the EC2 instances.

Discussion 0
Questions 149

A solutions architect needs to implement a solution that can handle up to 5,000 messages per second. The solution must publish messages as events to multiple consumers. The messages are upto 500 KB in size. The message consumers need to have the ability to use multiple programming languages to consume the messages with minimal latency. The solution must retain published messages for more than 3 months. The solution must enforce strict ordering of the messages.

Which solution will meet these requirements?

Options:

A.  

Publish messages to an Amazon Kinesis Data Streams data stream. Enable enhanced fan-out. Ensure that consumers ingest the data stream by using dedicated throughput.

B.  

Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to subscribe to the topic.

C.  

Publish messages to Amazon EventBridge. Allow each consumer to create rules to deliver messages to the consumer ' s own target.

D.  

Publish messages to an Amazon Simple Notification Service (Amazon SNS) topic. Ensure that consumers use Amazon Data Firehose to subscribe to the topic.

Discussion 0
Questions 150

A company is designing a microservice-based architecture tor a new application on AWS. Each microservice will run on its own set of Amazon EC2 instances. Each microservice will need to interact with multiple AWS services such as Amazon S3 and Amazon Simple Queue Service (Amazon SQS).

The company wants to manage permissions for each EC2 instance based on the principle of least privilege.

Which solution will meet this requirement?

Options:

A.  

Assign an IAM user to each micro-service. Use access keys stored within the application code to authenticate AWS service requests.

B.  

Create a single IAM role that has permission to access all AWS services. Associate the IAM role with all EC2 instances that run the microservices

C.  

Use AWS Organizations to create a separate account for each microservice. Manage permissions at the account level.

D.  

Create individual IAM roles based on the specific needs of each microservice. Associate the IAM roles with the appropriate EC2 instances.

Discussion 0
Questions 151

A company that uses AWS Organizations runs 150 applications across 30 different AWS accounts. The company used AWS Cost and Usage Report to create a new report in the management account. The report is delivered to an Amazon S3 bucket that is replicated to a bucket in the data collection account.

The company ' s senior leadership wants to view a custom dashboard that provides NAT gateway costs each day starting at the beginning of the current month.

Which solution will meet these requirements?

Options:

A.  

Share an Amazon QuickSight dashboard that includes the requested table visual. Configure QuickSight to use AWS DataSync to query the new report.

B.  

Share an Amazon QuickSight dashboard that includes the requested table visual. Configure QuickSight to use Amazon Athena to query the new report.

C.  

Share an Amazon CloudWatch dashboard that includes the requested table visual. Configure CloudWatch to use AWS DataSync to query the new report.

D.  

Share an Amazon CloudWatch dashboard that includes the requested table visual. Configure CloudWatch to use Amazon Athena to query the new report.

Discussion 0
Questions 152

A company runs an ecommerce application on premises on Microsoft SQL Server. The company is planning to migrate the application to the AWS Cloud. The application code contains complex T-SQL queries and stored procedures. The company wants to minimize database server maintenance and operating costs after the migration is completed. The company also wants to minimize the need to rewrite code as part of the migration effort.

Which solution will meet these requirements?

Options:

A.  

Migrate the database to Amazon Aurora PostgreSQL. Turn on Babelfish.

B.  

Migrate the database to Amazon S3. Use Amazon Redshift Spectrum for query processing.

C.  

Migrate the database to Amazon RDS for SQL Server. Turn on Kerberos authentication.

D.  

Migrate the database to an Amazon EMR cluster that includes multiple primary nodes.

Discussion 0
Questions 153

A company uses AWS CloudFormation to deploy IAM resources within accounts that AWS Control Tower governs. The security team wants to prevent the deployment of IAM roles that include inline policies with the following statements:

" Effect " : " Allow " , " Action " : " * " , " Resource " : " * "

Which solution will meet this requirement?

Options:

A.  

Use AWS Control Tower proactive controls to block CloudFormation stacks that match these inline policy statements.

B.  

Use AWS Control Tower detective controls to detect and delete IAM inline policies that contain these statements upon deployment.

C.  

Use AWS Config to create a rule that detects these statements in any inline IAM policies. Configure the rule to automatically remove these statements by using the AWS-DeleteIAMInlinePolicy remediation.

D.  

Use AWS Config to create a rule that detects these statements in inline IAM policies and sends a notification to the security team.

Discussion 0
Questions 154

A company uses an Amazon CloudFront distribution to serve content pages for its website. The company needs to ensure that clients use a TLS certificate when accessing the company ' s website. The company wants to automate the creation and renewal of the TLS certificates.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

A.  

Use a CloudFront security policy to create a certificate.

B.  

Use a CloudFront origin access control (OAC) to create a certificate.

C.  

Use AWS Certificate Manager (ACM) to create a certificate. Use DNS validation for the domain.

D.  

Use AWS Certificate Manager (ACM) to create a certificate. Use email validation for the domain.

Discussion 0
Questions 155

A company must follow strict regulations for the management of data encryption keys. The company manages its own key externally and imports the key into AWS Key Management Service (AWS KMS). The company must control the imported key material and must rotate the key material on a regular schedule.

A solutions architect needs to import the key material into AWS KMS and rotate the key without interrupting applications that use the key.

Which solution will meet these requirements?

Options:

A.  

Create a new AWS KMS key that has the same key ID as the existing key. Import new key material into the key.

B.  

Schedule the existing AWS KMS key for deletion. Create a new KMS key that has new key material.

C.  

Import new key material into the existing AWS KMS key. Set an expiration time for the old key material.

D.  

Enable automatic key rotation for the existing AWS KMS key.

Discussion 0
Questions 156

A company is implementing a shared storage solution for a media application that the company hosts on AWS. The company needs the ability to use SMB clients to access stored data.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Create an AWS Storage Gateway Volume Gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.

B.  

Create an AWS Storage Gateway Tape Gateway. Configure tapes to use Amazon S3. Connect the application server to the Tape Gateway.

C.  

Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the application server to the file share.

D.  

Create an Amazon FSx for Windows File Server file system. Connect the application server to the file system.

Discussion 0
Questions 157

A company provides a trading platform to customers. The platform uses an Amazon API Gateway REST API, AWS Lambda functions, and an Amazon DynamoDB table. Each trade that the platform processes invokes a Lambda function that stores the trade data in Amazon DynamoDB. The company wants to ingest trade data into a data lake in Amazon S3 for near real-time analysis. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use Amazon DynamoDB Streams to capture the trade data changes. Configure DynamoDB Streams to invoke a Lambda function that writes the data to Amazon S3.

B.  

Use Amazon DynamoDB Streams to capture the trade data changes. Configure DynamoDB Streams to invoke a Lambda function that writes the data to Amazon Data Firehose. Write the data from Data Firehose to Amazon S3.

C.  

Enable Amazon Kinesis Data Streams on the DynamoDB table to capture the trade data changes. Configure Kinesis Data Streams to invoke a Lambda function that writes the data to Amazon S3.

D.  

Enable Amazon Kinesis Data Streams on the DynamoDB table to capture the trade data changes. Configure a data stream to be the input for Amazon Data Firehose. Write the data from Data Firehose to Amazon S3.

Discussion 0
Questions 158

A companyQUESTION NO: 24

A company has launched an Amazon RDS for MySQL DB instance. Most of the connections to the database come from serverless applications. Application traffic to the database changes significantly at random intervals. At times of high demand, users report that their applications experience database connection rejection errors.

Which solution will resolve this issue with the LEAST operational overhead?

Options:

A.  

Create a proxy in RDS Proxy. Configure the users ' applications to use the DB instance through RDS Proxy.

B.  

Deploy Amazon ElastiCache (Memcached) between the users ' applications and the DB instance.

C.  

Migrate the DB instance to a different instance class that has higher I/O capacity. Configure the users ' applications to use the new DB instance.

D.  

Configure Multi-AZ for the DB instance. Configure the users ' applications to switch between the DB instances.

Discussion 0
Questions 159

A company hosts a training website on a fleet of Amazon EC2 instances that run web server software. The company anticipates that a new training product will be extremely popular and will receive high user traffic. The training product consists of dozens of training videos that are hosted on the website.

A solutions architect must minimize the load on the company ' s web servers.

Which solution will meet this requirement?

Options:

A.  

Store the videos in Amazon ElastiCache Redis OSS. Update the web servers to serve the videos by using the ElastiCache API.

B.  

Store the videos in an Amazon EFS volume. Create a user data script to mount the EFS volume to the web servers.

C.  

Store the videos in an Amazon S3 bucket. Configure an Amazon CloudFront distribution, and set the S3 bucket as the origin. Create an origin access control OAC to secure access to the S3 bucket.

D.  

Store the videos in an Amazon S3 bucket. Create an AWS Storage Gateway Amazon S3 File Gateway to access the S3 bucket. Create a user data script to mount the S3 File Gateway to the web servers.

Discussion 0
Questions 160

A solutions architect needs to build a log storage solution for a client. The client has an application that produces user activity logs that track user API calls to the application. The application typically produces 50 GB of logs each day. The client needs a storage solution that makes the logs available for occasional querying and analytics.

Options:

A.  

Store user activity logs in an Amazon S3 bucket. Use Amazon Athena to perform queries and analytics.

B.  

Store user activity logs in an Amazon OpenSearch Service cluster. Use OpenSearch Dashboards to perform queries and analytics.

C.  

Store user activity logs in an Amazon RDS instance. Use an Open Database Connectivity (ODBC) connector to perform queries and analytics.

D.  

Store user activity logs in an Amazon CloudWatch Logs log group. Use CloudWatch Logs Insights to perform queries and analytics.

Discussion 0
Questions 161

A company hosts a website on Amazon EC2 instances. The website processes classified data. The company stores the processed data in an Amazon S3 bucket. Because of security concerns, the company must ensure that traffic between the EC2 instances and the S3 bucket does not use public IP addresses.

Which solution will meet these requirements?

Options:

A.  

Create a gateway endpoint for Amazon S3. Configure an S3 bucket policy to allow access from the endpoint.

B.  

Create an EC2 instance profile. Create an IAM policy to grant access from the EC2 instance IP addresses to the S3 bucket. Attach the IAM policy to the instance profile.

C.  

Create a NAT gateway. Update the VPC route table to route the prefixes defined by the AWS-managed S3 prefix list to the NAT gateway.

D.  

Create an IAM user that has an access key ID and a secret access key. Configure the EC2 instances to use the IAM user credentials to access the S3 bucket.

Discussion 0
Questions 162

A marketing company receives a large amount of new clickstream data in Amazon S3 from a marketing campaign The company needs to analyze the clickstream data in Amazon S3 quickly. Then the company needs to determine whether to process the data further in the data pipeline.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create external tables in a Spark catalog Configure jobs in AWS Glue to query the data

B.  

Configure an AWS Glue crawler to crawl the data. Configure Amazon Athena to query the data.

C.  

Create external tables in a Hive metastore. Configure Spark jobs in Amazon EMR to query the data.

D.  

Configure an AWS Glue crawler to crawl the data. Configure Amazon Kinesis Data Analytics to use SQL to query the data

Discussion 0
Questions 163

A company ' s packaged application dynamically creates and returns single-use text files in response to user requests. The company is using Amazon CloudFront for distribution, but wants to further reduce data transfer costs. The company cannot modify the application ' s source code.

What should a solutions architect do to reduce costs?

Options:

A.  

Use Lambda@Edge to compress the files as they are sent to users.

B.  

Enable Amazon S3 Transfer Acceleration to reduce the response times.

C.  

Enable caching on the CloudFront distribution to store generated files at the edge.

D.  

Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.

Discussion 0
Questions 164

A company runs an HPC workload that uses a 200-TB file system on premises. The company needs to migrate this data to Amazon FSx for Lustre. Internet capacity is 10 Mbps, and all data must be migrated within 30 days.

Which solution will meet this requirement?

Options:

A.  

Use AWS DMS to transfer data into S3 and link FSx for Lustre to the bucket.

B.  

Deploy AWS DataSync on premises and transfer directly into FSx for Lustre.

C.  

Use AWS Storage Gateway Volume Gateway to move data into FSx for Lustre.

D.  

Use an AWS Snowball Edge storage-optimized device to transfer data into S3 and link FSx for Lustre to the bucket.

Discussion 0
Questions 165

An online gaming company is transitioning user data storage to Amazon DynamoDB to support the company ' s growing user base. The current architecture includes DynamoDB tables that contain user profiles, achievements, and in-game transactions.

The company needs to design a robust, continuously available, and resilient DynamoDB architecture to maintain a seamless gaming experience for users.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Create DynamoDB tables in a single AWS Region. Use on-demand capacity mode. Use global tables to replicate data across multiple Regions.

B.  

Use DynamoDB Accelerator (DAX) to cache frequently accessed data. Deploy tables in a single AWS Region and enable auto scaling. Configure Cross-Region Replication manually to additional Regions.

C.  

Create DynamoDB tables in multiple AWS Regions. Use on-demand capacity mode. Use DynamoDB Streams for Cross-Region Replication between Regions.

D.  

Use DynamoDB global tables for automatic multi-Region replication. Deploy tables in multiple AWS Regions. Use provisioned capacity mode. Enable auto scaling.

Discussion 0
Questions 166

A company is using AWS DataSync to migrate millions of files from an on-premises system to AWS. The files are 10 KB in size on average.

The company wants to use Amazon S3 for file storage. For the first year after the migration the files will be accessed once or twice and must be immediately available. After 1 year the files must be archived for at least 7 years.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Use an archive tool lo group the files into large objects. Use DataSync to migrate the objects. Store the objects in S3 Glacier Instant Retrieval for the first year. Use a lifecycle configuration to transition the files to S3 Glacier Deep Archive after 1 year with a retention period of 7 years.

B.  

Use an archive tool to group the files into large objects. Use DataSync to copy the objects to S3 Standard-Infrequent Access (S3 Standard-IA). Use a lifecycle configuration to transition the files to S3 Glacier Instant Retrieval after 1 year with a retention period of 7 years.

C.  

Configure the destination storage class for the files as S3 Glacier Instant. Retrieval Use a lifecycle policy to transition the files to S3 Glacier Flexible Retrieval after 1 year with a retention period of 7 years.

D.  

Configure a DataSync task to transfer the files to S3 Standard-Infrequent Access (S3 Standard-IA) Use a lifecycle configuration to transition the files to S3. Deep Archive after 1 year with a retention period of 7 years.

Discussion 0
Questions 167

A company has developed an API using an Amazon API Gateway REST API and AWS Lambda functions. The API serves static and dynamic content to users worldwide. The company wants to decrease the latency of transferring content for API requests.

Options:

Options:

A.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable content encoding in the API definition to compress the application data in transit.

B.  

Deploy the REST API as a Regional API endpoint. Enable caching. Enable content encoding in the API definition to compress the application data in transit.

C.  

Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure reserved concurrency for the Lambda functions.

D.  

Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved concurrency for the Lambda functions.

Discussion 0
Questions 168

The lead member of a DevOps team creates an AWS account. A DevOps engineer shares the account credentials with a solutions architect through a password manager application.

The solutions architect needs to secure the root user for the new account.

Which actions will meet this requirement? (Select TWO.)

Options:

A.  

Update the root user password to a new, strong password.

B.  

Secure the root user account by using a virtual multi-factor authentication (MFA) device.

C.  

Create an IAM user for each member of the DevOps team. Assign the AdministratorAccess AWS managed policy to each IAM user.

D.  

Create root user access keys. Save the keys as a new parameter in AWS Systems Manager Parameter Store.

E.  

Update the IAM role for the root user to ensure the root user can use only approved services.

Discussion 0
Questions 169

A company is deploying a business-critical application that requires durable storage with consistent, low-latency performance.

Which storage option should a solutions architect recommend?

Options:

A.  

Instance store

B.  

Amazon ElastiCache (Memcached)

C.  

Provisioned IOPS SSD Amazon EBS volume

D.  

Throughput Optimized HDD Amazon EBS volume

Discussion 0
Questions 170

A media company needs to migrate its Windows-based video editing environment to AWS. The company ' s current environment processes 4K video files that require sustained throughput of 2 GB per second across multiple concurrent users.

The company ' s storage needs increase by 1 TB each week. The company needs a shared file system that supports SMB protocol and can scale automatically based on storage demands.

Which solution will meet these requirements?

Options:

A.  

Deploy an Amazon FSx for Windows File Server Multi-AZ file system with SSD storage.

B.  

Deploy an Amazon Elastic File System (Amazon EFS) file system in Max I/O mode. Provision mount targets in multiple Availability Zones.

C.  

Deploy an Amazon FSx for Lustre file system with a Persistent 2 deployment type. Provision the file system with 2 TB of storage.

D.  

Deploy Amazon S3 File Gateway by using multiple cached gateway instances. Configure S3 Transfer Acceleration.

Discussion 0
Questions 171

A company hosts an industrial control application that receives sensor input through Amazon Kinesis Data Streams. The application needs to support new sensors for real-time anomaly detection in monitored equipment.

The company wants to integrate new sensors in a loosely-coupled, fully managed, and serverless way. The company cannot modify the application code.

Which solution will meet these requirements?

Options:

A.  

Forward the existing stream in Kinesis Data Streams to Amazon Managed Service for Apache Flink for anomaly detection. Use a second stream in Kinesis Data Streams to send the Flink output to the application.

B.  

Use Amazon Data Firehose to stream data to Amazon S3. Use Amazon Redshift Spectrum to perform anomaly detection on the S3 data. Use S3 Event Notifications to invoke an AWS Lambda function that sends analyzed data to the application through a second stream in Kinesis Data Streams.

C.  

Configure Amazon EC2 instances in an Auto Scaling group to consume data from the data stream and to perform anomaly detection. Create a second stream in Kinesis Data Streams to send data from the EC2 instances to the application.

D.  

Configure an Amazon Elastic Container Service (Amazon ECS) task that uses Amazon EC2 instances to consume data from the data stream and to perform anomaly detection. Create a second stream in Kinesis Data Streams to send data from the containers to the application.

Discussion 0
Questions 172

A company deployed an application in two AWS Regions. If the application fails in one Region, traffic must fail over to the second Region. The failover must avoid stale DNS client caches, and the company requires one endpoint for both Regions.

Which solution meets these requirements?

Options:

A.  

Use a CloudFront distribution with multiple origins.

B.  

Use Route 53 weighted routing with equal weights.

C.  

Use AWS Global Accelerator and assign static anycast IPs to the application.

D.  

Use Route 53 IP-based routing to switch Regions.

Discussion 0
Questions 173

A company is developing a highly available natural language processing NLP application. The application handles large volumes of concurrent requests. The application performs NLP tasks such as entity recognition, sentiment analysis, and key phrase extraction on text data.

The company needs to store data that the application processes in a highly available and scalable database.

Which solution will meet these requirements?

Options:

A.  

Create an Amazon API Gateway REST API endpoint to handle incoming requests. Configure the REST API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Comprehend to perform NLP tasks on the text data. Store the processed data in Amazon DynamoDB.

B.  

Create an Amazon API Gateway HTTP API endpoint to handle incoming requests. Configure the HTTP API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Translate to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

C.  

Create an Amazon SQS queue to buffer incoming requests. Deploy the NLP application on Amazon EC2 instances in an Auto Scaling group. Use Amazon Comprehend to perform NLP tasks. Store the processed data in an Amazon RDS database.

D.  

Create an Amazon API Gateway WebSocket API endpoint to handle incoming requests. Configure the WebSocket API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Textract to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

Discussion 0
Questions 174

A solutions architect needs to design a system to process incoming work items immediately. Processing can take up to 30 minutes and involves calling external APIs, executing multiple states, and storing intermediate states.

The solution must scale with variable workloads and minimize operational overhead.

Which combination of steps meets these requirements? (Select TWO.)

Options:

A.  

Invoke an AWS Lambda function for each incoming work item. Configure each function to handle the work item completely. Store states in DynamoDB.

B.  

Invoke an AWS Step Functions workflow to process incoming work items. Use Lambda functions for business logic. Store work item states in DynamoD

B.  

C.  

Set up an API Gateway REST API to receive work items. Configure the API to invoke a Lambda function for each work item.

D.  

Deploy two EC2 Reserved Instances behind an ALB and send requests to an SQS queue.

E.  

Set up an API Gateway REST API to receive work items. Send the work items to an SQS queue.

Discussion 0
Questions 175

Question:

A company wants to deploy an internal web application on AWS. The web application must be accessible only from the company ' s office. The company needs to download security patches for the web application from the internet. The company has created a VPC and has configured an AWS Site-to-Site VPN connection to the company ' s office. A solutions architect must design a secure architecture for the web application. Which solution will meet these requirements?

Options:

Options:

A.  

Deploy the web application on Amazon EC2 instances in public subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the inbound source of the ALB ' s security group to 0.0.0.0/0.

B.  

Deploy the web application on Amazon EC2 instances in private subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in public subnets. Attach an internet gateway to the VPC. Set the inbound source of the ALB ' s security group to the company ' s office network CIDR block.

C.  

Deploy the web application on Amazon EC2 instances in public subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in private subnets. Attach an internet gateway to the VP

C.  

Set the outbound destination of the ALB ' s security group to the company ' s office network CIDR block.

D.  

Deploy the web application on Amazon EC2 instances in private subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the outbound destination of the ALB ' s security group to 0.0.0.0/0.

Discussion 0
Questions 176

A company uses Amazon EC2 instances behind an Application Load Balancer ALB to serve content to users. The company uses Amazon EBS volumes to store data.

The company needs to encrypt data in transit and at rest.

Which combination of services will meet these requirements? Select TWO.

Options:

A.  

Amazon GuardDuty

B.  

AWS Shield

C.  

AWS Certificate Manager ACM

D.  

AWS Secrets Manager

E.  

AWS KMS

Discussion 0
Questions 177

Question:

A company recently migrated a large amount of research data to an Amazon S3 bucket. The company needs an automated solution to identify sensitive data in the bucket. A security team also needs to monitor access patterns for the data 24 hours a day, 7 days a week to identify suspicious activities or evidence of tampering with security controls.

Options:

Options:

A.  

Set up AWS CloudTrail reporting, and grant the security team read-only access to the CloudTrail reports. Set up an Amazon S3 Inventory report to identify sensitive data. Review the findings with the security team.

B.  

Enable Amazon Macie and Amazon GuardDuty on the account. Grant the security team access to Macie and GuardDuty. Review the findings with the security team.

C.  

Set up an Amazon S3 Inventory report. Use Amazon Athena and Amazon QuickSight to identify sensitive data. Create a dashboard for the security team to review findings.

D.  

Use AWS Identity and Access Management (IAM) Access Advisor to monitor for suspicious activity and tampering. Create a dashboard for the security team. Set up an Amazon S3 Inventory report to identify sensitive data. Review the findings with the security team.

Discussion 0
Questions 178

A company has a VPC with multiple private subnets that host multiple applications. The applications must not be accessible to the internet. However, the applications need to access multiple AWS services. The applications must not use public IP addresses to access the AWS services.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Configure interface VPC endpoints for the required AWS services. Route traffic from the private subnets through the interface VPC endpoints.

B.  

Deploy a NAT gateway in each private subnet. Route traffic from the private subnets through the NAT gateways.

C.  

Deploy internet gateways in each private subnet. Route traffic from the private subnets through the internet gateways.

D.  

Set up an AWS Direct Connect connection between the private subnets. Route traffic from the private subnets through the Direct Connect connection.

Discussion 0
Questions 179

An ecommerce company has an application that uses Amazon DynamoDB tables that are configured with provisioned capacity. Order data is stored in a table named Orders. The Orders table has a primary key of order-ID and a sort key of product-ID. The company configured an AWS Lambda function to receive DynamoDB streams from the Orders table and to update a table named Inventory.

The company has noticed that during peak sales periods, updates to the Inventory table take longer than the company can tolerate.

Which solutions will resolve the slow table updates? Select TWO.

Options:

A.  

Add a global secondary index to the Orders table. Include the product-ID attribute.

B.  

Set the batch size attribute of the DynamoDB streams to be based on the size of items in the Orders table.

C.  

Increase the DynamoDB table provisioned capacity by 1,000 write capacity units WCUs.

D.  

Increase the DynamoDB table provisioned capacity by 1,000 read capacity units RCUs.

E.  

Increase the timeout of the Lambda function to 15 minutes.

Discussion 0
Questions 180

A company recently launched a new application for its customers. The application runs on multiple Amazon EC2 instances across two Availability Zones. End users use TCP to communicate with the application.

The application must be highly available and must automatically scale as the number of users increases.

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

Options:

A.  

Add a Network Load Balancer in front of the EC2 instances.

B.  

Configure an Auto Scaling group for the EC2 instances.

C.  

Add an Application Load Balancer in front of the EC2 instances.

D.  

Manually add more EC2 instances for the application.

E.  

Add a Gateway Load Balancer in front of the EC2 instances.

Discussion 0
Questions 181

A solutions architect is designing a three-tier web application. The architecture consists of an internet-facing Application Load Balancer (ALB) and a web tier that is hosted on Amazon EC2 instances in private subnets. The application tier with the business logic runs on EC2 instances in private subnets. The database tier consists of Microsoft SQL Server that runs on EC2 instances in private subnets. Security is a high priority for the company. Which combination of security group configurations should the solutions architect use? (Select THREE.)

Options:

A.  

Configure the security group for the web tier to allow inbound HTTPS traffic from the security group for the ALB.

B.  

Configure the security group for the web tier to allow outbound HTTPS traffic to 0.0.0.0/0.

C.  

Configure the security group for the database tier to allow inbound Microsoft SQL Server traffic from the security group for the application tier.

D.  

Configure the security group for the database tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.

E.  

Configure the security group for the application tier to allow inbound HTTPS traffic from the security group for the web tier.

F.  

Configure the security group for the application tier to allow outbound HTTPS traffic and Microsoft SQL Server traffic to the security group for the web tier.

Discussion 0
Questions 182

A company wants to provide a third-party system that runs in a private data center with access to its AWS account. The company wants to call AWS APIs directly from the third-party system. The company has an existing process for managing digital certificates. The company does not want to use SAML or OpenID Connect (OIDC) capabilities and does not want to store long-term AWS credentials.

Which solution will meet these requirements?

Options:

A.  

Configure mutual TLS to allow authentication of the client and server sides of the communication channel.

B.  

Configure AWS Signature Version 4 to authenticate incoming HTTPS requests to AWS APIs.

C.  

Configure Kerberos to exchange tickets for assertions that can be validated by AWS APIs.

D.  

Configure AWS Identity and Access Management (IAM) Roles Anywhere to exchange X.509 certificates for AWS credentials to interact with AWS APIs.

Discussion 0
Questions 183

An ecommerce company is migrating its on-premises workload to the AWS Cloud. The workload consists of a web application and a backend Microsoft SQL Server database. The company expects a high volume of customers during a promotional event. The new AWS infrastructure must be highly available and scalable.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.  

Migrate the web application to two EC2 instances across two Availability Zones behind an Application Load Balancer. Migrate the database to Amazon RDS for Microsoft SQL Server with read replicas in both Availability Zones.

B.  

Migrate the web application to an EC2 instance in an Auto Scaling group across two Availability Zones behind an Application Load Balancer. Migrate the database to two EC2 instances across separate Regions with database replication.

C.  

Migrate the web application to EC2 instances in an Auto Scaling group across two Availability Zones behind an Application Load Balancer. Migrate the database to Amazon RDS with a Multi-AZ deployment.

D.  

Migrate the web application to three EC2 instances across three Availability Zones behind an Application Load Balancer. Migrate the database to three EC2 instances across three Availability Zones.

Discussion 0
Questions 184

A company hosts a web application in a VPC on AWS. A public Application Load Balancer (ALB) forwards connections from the internet to an Auto Scaling group of Amazon EC2 instances. The Auto Scaling group runs in private subnets across four Availability Zones.

The company stores data in an Amazon S3 bucket in the same Region. The EC2 instances use NAT gateways in each Availability Zone for outbound internet connectivity.

The company wants to optimize costs for its AWS architecture.

Which solution will meet this requirement?

Options:

A.  

Reconfigure the Auto Scaling group and the ALB to use two Availability Zones instead of four. Do not change the desired count or scaling metrics for the Auto Scaling group to maintain application availability.

B.  

Create a new, smaller VPC that still has sufficient IP address availability to run the application. Redeploy the application stack in the new VPC. Delete the existing VPC and its resources.

C.  

Deploy an S3 gateway endpoint to the VP

C.  

Configure the EC2 instances to access the S3 bucket through the S3 gateway endpoint.

D.  

Deploy an S3 interface endpoint to the VPC. Configure the EC2 instances to access the S3 bucket through the S3 interface endpoint.

Discussion 0
Questions 185

An ecommerce company hosts a three-tier web application in a VPC. The web tier runs on Amazon EC2 instances in two Availability Zones. The company stores a product catalog and customer sales information in Amazon DynamoDB.

The company ' s finance team uses a reporting application to generate reports of daily product sales. When the finance team runs the daily reports, a sudden performance decrease affects website customers.

The company wants to improve the performance of the system.

Which solution will meet these requirements with MINIMAL changes to the current architecture?

Options:

A.  

Migrate the application to larger EC2 instances. Migrate the database to Amazon RDS for MySQL. Configure a read replica of the database in a second Availability Zone.

B.  

Increase the compute capacity of the EC2 instances. Migrate the database to Amazon ElastiCache (Memcached).

C.  

Implement DynamoDB Accelerator (DAX).

D.  

Configure DynamoDB streams.

Discussion 0
Questions 186

A company is designing a new internal web application in the AWS Cloud. The new application must securely retrieve and store multiple employee usernames and passwords from an AWS managed service.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve usernames and passwords from Parameter Store.

B.  

Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

C.  

Store the employee credentials in AWS Systems Manager Parameter Store. Use AWS CloudFormation and AWS Batch with the BatchGetSecretValue API to retrieve the usernames and passwords from Parameter Store.

D.  

Store the employee credentials in AWS Secrets Manager. Use AWS CloudFormation and the BatchGetSecretValue API to retrieve the usernames and passwords from Secrets Manager.

Discussion 0
Questions 187

A company has 5 TB of datasets. The datasets consist of 1 million user profiles and 10 million connections. The user profiles have connections as many-to-many relationships. The company needs a performance-efficient way to find mutual connections up to five levels.

Which solution will meet these requirements?

Options:

A.  

Use an Amazon S3 bucket to store the datasets. Use Amazon Athena to perform SQL JOIN queries to find connections.

B.  

Use Amazon Neptune to store the datasets with edges and vertices. Query the data to find connections.

C.  

Use an Amazon S3 bucket to store the datasets. Use Amazon QuickSight to visualize connections.

D.  

Use Amazon RDS to store the datasets with multiple tables. Perform SQL JOIN queries to find connections.

Discussion 0
Questions 188

A digital image processing company wants to migrate its on-premises monolithic application to the AWS Cloud. The company processes thousands of images and generates large files as part of the processing workflow.

The company needs a solution to manage the growing number of image processing jobs. The solution must also reduce the manual tasks in the image processing workflow. The company does not want to manage the underlying infrastructure of the solution.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 Spot Instances to process the images. Configure Amazon Simple Queue Service (Amazon SQS) to orchestrate the workflow. Store the processed files in Amazon Elastic File System (Amazon EFS)

B.  

Use AWS Batch jobs to process the images. Use AWS Step Functions to orchestrate the workflow. Store the processed files in an Amazon S3 bucket.

C.  

Use AWS Lambda functions and Amazon EC2 Spot Instances lo process the images. Store the processed files in Amazon FSx.

D.  

Deploy a group of Amazon EC2 instances to process the images. Use AWS Step Functions to orchestrate the workflow. Store the processed files in an Amazon Elastic Block Store (Amazon EBS) volume.

Discussion 0
Questions 189

A company needs to integrate with a third-party data feed. The data feed sends a webhook to notify an external service when new data is ready for consumption. A developer wrote an AWS Lambda function to retrieve data when the company receives a webhook callback. The developer must make the Lambda function available for the third party to call.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

A.  

Create a function URL for the Lambda function. Provide the Lambda function URL to the third party for the webhook.

B.  

Deploy an Application Load Balancer ALB in front of the Lambda function. Provide the ALB URL to the third party for the webhook.

C.  

Create an Amazon SNS topic. Attach the topic to the Lambda function. Provide the public hostname of the SNS topic to the third party for the webhook.

D.  

Create an Amazon SQS queue. Attach the queue to the Lambda function. Provide the public hostname of the SQS queue to the third party for the webhook.

Discussion 0
Questions 190

A company stores sensitive financial reports in an Amazon S3 bucket. To comply with auditing requirements, the company must encrypt the data at rest. Users must not have the ability to change the encryption method or remove encryption when the users upload data. The company must be able to audit all encryption and storage actions. Which solution will meet these requirements and provide the MOST granular control?

Options:

A.  

Enable default server-side encryption with Amazon S3 managed keys (SSE-S3) for the S3 bucket. Apply a bucket policy that denies any upload requests that do not include the x-amz-server-side-encryption header.

B.  

Configure server-side encryption with AWS KMS (SSE-KMS) keys. Use an S3 bucket policy to reject any data that is not encrypted by the designated key.

C.  

Use client-side encryption before uploading the reports. Store the encryption keys in AWS Secrets Manager.

D.  

Enable default server-side encryption with Amazon S3 managed keys (SSE-S3). Use AWS Identity and Access Management (IAM) to prevent users from changing S3 bucket settings.

Discussion 0
Questions 191

A company has a static website that is hosted on Amazon CloudFront in front of Amazon S3. The static website uses a database backend. The company notices that the website does not reflect updates that have been made in the website ' s Git repository. The company checks the continuous integration and continuous delivery (CI/CD) pipeline between the Git repository and Amazon S3. The company verifies that the webhooks are configured properly and that the CI/CD pipeline Is sending messages that indicate successful deployments.

A solutions architect needs to implement a solution that displays the updates on the website.

Which solution will meet these requirements?

Options:

A.  

Add an Application Load Balancer.

B.  

Add Amazon ElastiCache for Redis or Memcached to the database layer of the web application.

C.  

Invalidate the CloudFront cache.

D.  

Use AWS Certificate Manager (ACM) to validate the website ' s SSL certificate.

Discussion 0
Questions 192

A company has deployed resources in the us-east-1 Region. The company also uses thousands of AWS Outposts servers deployed at remote locations around the world. These Outposts servers regularly download new software versions from us-east-1 that consist of hundreds of files. The company wants to improve the latency of the software download process.

Which solution will meet these requirements?

Options:

A.  

Create an Amazon S3 bucket in us-east-1. Configure the bucket for static website hosting. Use bucket policies and ACLs to provide read access to the Outposts servers.

B.  

Create an Amazon S3 bucket in us-east-1 and a second bucket in us-west-2. Configure replication. Set up a CloudFront distribution with origin failover between the buckets. Download by using signed URLs.

C.  

Create an Amazon S3 bucket in us-east-1. Configure S3 Transfer Acceleration. Configure the Outposts servers to download by using the acceleration endpoint.

D.  

Create an Amazon S3 bucket in us-east-1. Set up a CloudFront distribution using all edge locations with caching enabled. Configure the bucket as the origin. Download the software by using signed URLs.

Discussion 0
Questions 193

An ecommerce company runs applications in AWS accounts that are part of an organization in AWS Organizations. The applications run on Amazon Aurora PostgreSQL databases across all the accounts. The company needs to prevent malicious activity and must identify abnormal failed and incomplete login attempts to the databases.

Options:

A.  

Attach service control policies (SCPs) to the root of the organization to identify the failed login attempts.

B.  

Enable the Amazon RDS Protection feature in Amazon GuardDuty for the member accounts of the organization.

C.  

Publish the Aurora general logs to a log group in Amazon CloudWatch Logs. Export the log data to a central Amazon S3 bucket.

D.  

Publish all the Aurora PostgreSQL database events in AWS CloudTrail to a central Amazon S3 bucket.

Discussion 0
Questions 194

A company runs a fleet of Amazon EC2 On-Demand Instances to support a document processing application that has variable usage patterns. The company wants to optimize compute costs for the application. The company needs a solution that can tolerate occasional disruptions to document processing jobs.

Which solution will meet these requirements?

Options:

A.  

Replace the EC2 instances with an Amazon EKS cluster that uses AWS Fargate Spot capacity.

B.  

Use the EC2 Spot Instance placement score feature to identify which instance type to use. Deploy the application on Spot Instances.

C.  

Create a single EC2 Auto Scaling group. Set a mixed configuration of EC2 On-Demand Instances and EC2 Spot Instances.

D.  

Continue to use EC2 On-Demand Instances. Purchase Convertible Reserved Instances.

Discussion 0
Questions 195

A company operates a data lake in Amazon S3 that stores large datasets in multiple formats. The company has an application that retrieves and processes subsets of data from multiple objects in the data lake based on filtering criteria. For each data query, the application currently downloads the entire S3 object and performs transformations. The current process requires a large amount of transformation time.

The company wants a solution that will give the application the ability to query and filter directly on S3 objects without downloading the objects.

Which solution will meet these requirements?

Options:

A.  

Use Amazon Athena to query and filter the objects in Amazon S3.

B.  

Use Amazon EMR to process and filter the objects.

C.  

Use Amazon API Gateway to create an API to retrieve filtered results from Amazon S3.

D.  

Use Amazon ElastiCache (Valkey) to cache the objects.

Discussion 0
Questions 196

A company is developing a serverless, bidirectional chat application that can broadcast messages to connected clients. The application is based on AWS Lambda functions. The Lambda functions receive incoming messages in JSON format.

The company needs to provide a frontend component for the application.

Which solution will meet this requirement?

Options:

A.  

Use an Amazon API Gateway HTTP API to direct incoming JSON messages to backend destinations.

B.  

Use an Amazon API Gateway REST API that is configured with a Lambda proxy integration.

C.  

Use an Amazon API Gateway WebSocket API to direct incoming JSON messages to backend destinations.

D.  

Use an Amazon CloudFront distribution that is configured with a Lambda function URL as a custom origin.

Discussion 0
Questions 197

A company needs to create an AWS Lambda function that will run in a VPC in the company ' s primary AWS account. The Lambda function needs to access files that the company stores in an Amazon Elastic File System (Amazon EFS) file system. The EFS file system is located in a secondary AWS account. As the company adds files to the file system, the solution must scale to meet the demand.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Create a new EFS file system in the primary account. Use AWS DataSync to copy the contents of the original EFS file system to the new EFS file system.

B.  

Create a VPC peering connection between the VPCs that are in the primary account and the secondary account.

C.  

Create a second Lambda function in the secondary account that has a mount that is configured for the file system. Use the primary account ' s Lambda function to invoke the secondary account ' s Lambda function.

D.  

Move the contents of the file system to a Lambda layer. Configure the Lambda layer ' s permissions to allow the company ' s secondary account to use the Lambda layer.

Discussion 0
Questions 198

A solutions architect is designing a customer-facing application for a company. The application ' s database will have a clearly defined access pattern throughout the year and will have a variable number of reads and writes that depend on the time of year. The company must retain audit records for the database for 7 days. The recovery point objective (RPO) must be less than 5 hours.

Which solution meets these requirements?

Options:

A.  

Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams.

B.  

Use Amazon Redshift. Configure concurrency scaling. Activate audit logging. Perform database snapshots every 4 hours.

C.  

Use Amazon RDS with Provisioned IOPS. Activate the database auditing parameter. Perform database snapshots every 5 hours.

D.  

Use Amazon Aurora MySQL with auto scaling. Activate the database auditing parameter.

Discussion 0
Questions 199

A solutions architect is storing sensitive data generated by an application in Amazon S3. The solutions architect wants to encrypt the data at rest. A company policy requires an audit trail of when the AWS KMS key was used and by whom.

Which encryption option will meet these requirements?

Options:

A.  

Server-side encryption with Amazon S3 managed keys (SSE-S3)

B.  

Server-side encryption with AWS KMS managed keys (SSE-KMS)

C.  

Server-side encryption with customer-provided keys (SSE-C)

D.  

Server-side encryption with self-managed keys

Discussion 0
Questions 200

A company is developing a social media application. The company anticipates rapid and unpredictable growth in users and data volume. The application needs to handle a continuous high volume of user requests. User requests include long-running processes that store large amounts of user-generated content and user profiles in a relational format. The processes must run in a specific order. The company requires an architecture that can scale resources to meet demand spikes without downtime or performance degradation. The company must ensure that the components of the application can evolve independently without affecting other parts of the system. Which combination of AWS services will meet these requirements?

Options:

A.  

Deploy the application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Use Amazon RDS as the database. Use Amazon Simple Queue Service (Amazon SQS) to decouple message processing between components.

B.  

Deploy the application on Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type. Use Amazon RDS as the database. Use Amazon Simple Notification Service (Amazon SNS) to decouple message processing between components.

C.  

Use Amazon DynamoDB as the database. Use AWS Lambda functions to implement the application. Configure Amazon DynamoDB Streams to invoke the Lambda functions. Use AWS Step Functions to manage workflows between services.

D.  

Use an AWS Elastic Beanstalk environment with auto scaling to deploy the application. Use Amazon RDS as the database. Use Amazon Simple Notification Service (Amazon SNS) to decouple message processing between components.

Discussion 0
Questions 201

A company is migrating an online marketplace application from a mainframe system to an Auto Scaling group of Amazon EC2 instances. The EC2 instances access an Amazon Aurora cluster. The application requires a scalable, persistent caching solution to store the results of in-progress transactions and SQL queries.

Options:

A.  

Use an Amazon ElastiCache (Redis OSS) cluster to serve transaction and query results.

B.  

Use an Amazon CloudFront distribution with an Amazon S3 bucket as the origin to cache the transactions. Add an Amazon EC2 instance store volume to the EC2 instances for query result caching.

C.  

Use an Amazon ElastiCache (Memcached) cluster to serve transaction and query results.

D.  

Use an Amazon ElastiCache (Redis OSS) cluster to cache the transactions. Add an Amazon EC2 instance store volume to the EC2 instances for query result caching.

Discussion 0
Questions 202

A company hosts an Amazon EC2 instance in a private subnet in a new VPC. The VPC also has a public subnet that has the default route set to an internet gateway. The private subnet does not have outbound internet access.

The EC2 instance needs to have the ability to download monthly security updates from an outside vendor. However, the company must block any connections that are initiated from the internet.

Which solution will meet these requirements?

Options:

A.  

Configure the private subnet route table to use the internet gateway as the default route.

B.  

Create a NAT gateway in the public subnet. Configure the private subnet route table to use the NAT gateway as the default route.

C.  

Create a NAT instance in the private subnet. Configure the private subnet route table to use the NAT instance as the default route.

D.  

Create a NAT instance in the private subnet. Configure the private subnet route table to use the internet gateway as the default route.

Discussion 0
Questions 203

A company runs its application on Oracle Database Enterprise Edition The company needs to migrate the application and the database to AWS. The company can use the Bring Your Own License (BYOL) model while migrating to AWS The application uses third-party database features that require privileged access.

A solutions architect must design a solution for the database migration.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Migrate the database to Amazon RDS for Oracle by using native tools. Replace the third-party features with AWS Lambda.

B.  

Migrate the database to Amazon RDS Custom for Oracle by using native tools Customize the new database settings to support the third-party features.

C.  

Migrate the database to Amazon DynamoDB by using AWS Database Migration Service {AWS DMS). Customize the new database settings to support the third-party features.

D.  

Migrate the database to Amazon RDS for PostgreSQL by using AWS Database Migration Service (AWS DMS). Rewrite the application code to remove the dependency on third-party features.

Discussion 0
Questions 204

A company stores sensitive financial information for an application in Amazon RDS for MySQL. The company requires a stateful solution to ensure that only a specific on-premises IP address can access the RDS database instances. The company wants to rotate database credentials automatically. The company does not want to hardcode the credentials into the application.

Which solution will meet these requirements?

Options:

A.  

Use security groups to allow access only from the specified IP addresses. Store the database credentials in AWS Secrets Manager. Configure automatic rotation for the credentials.

B.  

Use IAM policies to restrict access based on IP address. Manage database credentials in the application code. Configure an AWS Lambda function to rotate the database credentials.

C.  

Use a network ACL to allow access only from the specified IP addresses. Store the database credentials in an encrypted Amazon S3 bucket. Configure an AWS Lambda function to rotate the database credentials.

D.  

Use security groups to allow access only from the specified IP addresses. Store the database credentials in AWS KMS. Configure automatic rotation for the credentials.

Discussion 0
Questions 205

A company hosts its order processing system on AWS. The architecture consists of a frontend and a backend. The frontend includes an Application Load Balancer (ALB) and Amazon EC2 instances in an Auto-Scaling group. The backend includes an EC2 instance and an Amazon RDS MySQL database.

To prevent incomplete or lost orders, the company wants to ensure that order states are always preserved. The company wants to ensure that every order will eventually be processed, even after an outage or pause. Every order must be processed exactly once.

Options:

A.  

Create an Auto Scaling group and an ALB for the backend. Create a read replica for the RDS database in a second Availability Zone. Update the backend RDS endpoint.

B.  

Create an Auto Scaling group and an ALB for the backend. Create an Amazon RDS proxy in front of the RDS database. Update the backend EC2 instance to use the Amazon RDS proxy endpoint.

C.  

Create an Auto Scaling group for the backend. Configure the backend EC2 instances to con-sume messages from an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Configure a dead-letter queue (DLQ) for the SQS queue.

D.  

Create an AWS Lambda function to replace the backend EC2 instance. Subscribe the func-tion to an Amazon Simple Notification Service (Amazon SNS) topic. Configure the frontend to send orders to the SNS topic.

Discussion 0
Questions 206

A company decides to use AWS Key Management Service (AWS KMS) for data encryption operations. The company must create a KMS key and automate the rotation of the key. The company also needs the ability to deactivate the key and schedule the key for deletion.

Which solution will meet these requirements?

Options:

A.  

Create an asymmetric customer managed KMS key. Enable automatic key rotation.

B.  

Create a symmetric customer managed KMS key. Disable the envelope encryption option.

C.  

Create a symmetric customer managed KMS key. Enable automatic key rotation.

D.  

Create an asymmetric customer managed KMS key. Disable the envelope encryption option.

Discussion 0
Questions 207

A company ' s solutions architect is building a static website to be deployed in Amazon S3 for a production environment. The website integrates with an Amazon Aurora PostgreSQL database by using an AWS Lambda function. The website that is deployed to production will use a Lambda alias that points to a specific version of the Lambda function.

The company must rotate the database credentials every 2 weeks. Lambda functions that the company deployed previously must be able to use the most recent credentials.

Which solution will meet these requirements?

Options:

A.  

Store the database credentials in AWS Secrets Manager. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Secrets Manager.

B.  

Include the database credentials as part of the Lambda function code. Update the credentials periodically and deploy the new Lambda function.

C.  

Use Lambda environment variables. Update the environment variables when new credentials are available.

D.  

Store the database credentials in AWS Systems Manager Parameter Store. Turn on rotation. Write code in the Lambda function to retrieve the credentials from Systems Manager Parameter Store.

Discussion 0
Questions 208

A company is developing a monolithic Microsoft Windows based application that will run on Amazon EC2 instances. The application will run long data-processing jobs that must not be in-terrupted. The company has modeled expected usage growth for the next 3 years. The company wants to optimize costs for the EC2 instances during the 3-year growth period.

Options:

A.  

Purchase a Compute Savings Plan with a 3-year commitment. Adjust the hourly commit-ment based on the plan recommendations.

B.  

Purchase an EC2 Instance Savings Plan with a 3-year commitment. Adjust the hourly com-mitment based on the plan recommendations.

C.  

Purchase a Compute Savings Plan with a 1-year commitment. Renew the purchase and adjust the capacity each year as necessary.

D.  

Deploy the application on EC2 Spot Instances. Use an Auto Scaling group with a minimum size of 1 to ensure that the application is always running.

Discussion 0
Questions 209

A company sets up an organization in AWS Organizations that contains 10AWS accounts. A solutions architect must design a solution to provide access to the accounts for several thousand employees. The company has an existing identity provider (IdP). The company wants to use the existing IdP for authentication to AWS.

Which solution will meet these requirements?

Options:

A.  

Create IAM users for the employees in the required AWS accounts. Connect IAM users to the existing IdP. Configure federated authentication for the IAM users.

B.  

Set up AWS account root users with user email addresses and passwords that are synchronized from the existing IdP.

C.  

Configure AWS IAM Identity Center Connect IAM Identity Center to the existing IdP Provision users and groups from the existing IdP

D.  

Use AWS Resource Access Manager (AWS RAM) to share access to the AWS accounts with the users in the existing IdP.

Discussion 0
Questions 210

A media company stores customer-uploaded videos in an Amazon S3 bucket with the Standard storage class. The company wants to create an S3 Lifecycle configuration. The company will set the maximum retention time to 7 days. However, the configuration must delete any video that is more than 1 TB in size after 48 hours.

Options:

A.  

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours with a filter of ObjectSizeGreaterThan and a value of 1 TB. Configure the second rule to expire objects after 7 days.

B.  

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours by using a Prefix filter of LargeFiles. Include a rule in the second configuration to expire objects after 7 days.

C.  

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours. Configure the second rule to expire objects after 7 days.

D.  

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours. Include a rule in the second configuration to expire objects after 7 days by using a filter of ObjectSizeLessThan and a value of 1 TB.

Discussion 0
Questions 211

A company wants to deploy its containerized application workloads to a VPC across three Availability Zones. The company needs a solution that is highly available across Availability Zones. The solution must require minimal changes to the application.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Use Amazon ECS. Configure Amazon ECS Service Auto Scaling to use target tracking scaling. Set the minimum capacity to 3. Set the task placement strategy type to spread with an Availability Zone attribute.

B.  

Use Amazon EKS self-managed nodes. Configure Application Auto Scaling to use target tracking scaling. Set the minimum capacity to 3.

C.  

Use Amazon EC2 Reserved Instances. Launch three EC2 instances in a spread placement group. Configure an Auto Scaling group to use target tracking scaling. Set the minimum capacity to 3.

D.  

Use an AWS Lambda function. Configure the Lambda function to connect to a VPC. Configure Application Auto Scaling to use Lambda as a scalable target. Set the minimum capacity to 3.

Discussion 0
Questions 212

A company stores sensitive customer data in an Amazon DynamoDB table. The company frequently updates the data. The company wants to use the data to personalize offers for customers.

The company ' s analytics team has its own AWS account. The analytics team runs an application on Amazon EC2 instances that needs to process data from the DynamoDB tables. The company needs to follow security best practices to create a process to regularly share data from DynamoDB to the analytics team.

Which solution will meet these requirements?

Options:

A.  

Export the required data from the DynamoDB table to an Amazon S3 bucket as multiple JSON files. Provide the analytics team with the necessary IAM permissions to access the S3 bucket.

B.  

Allow public access to the DynamoDB table. Create an IAM user that has permission to access DynamoD

B.  

Share the IAM user with the analytics team.

C.  

Allow public access to the DynamoDB table. Create an IAM user that has read-only permission for DynamoDB. Share the IAM user with the analytics team.

D.  

Create a cross-account IAM role. Create an IAM policy that allows the AWS account ID of the analytics team to access the DynamoDB table. Attach the IAM policy to the IAM role. Establish a trust relationship between accounts.

Discussion 0
Questions 213

A financial company is migrating banking applications to AWS accounts managed through AWS Organizations. The applications store sensitive customer data on Amazon EBS volumes, and the company takes regular snapshots for backups.

The company must implement controls across all accounts to prevent sharing EBS snapshots publicly, with the least operational overhead.

Which solution will meet these requirements?

Options:

A.  

Enable AWS Config rules for each OU to monitor EBS snapshot permissions.

B.  

Enable block public access for EBS snapshots at the organization level.

C.  

Create an IAM policy in the root account that prevents users from modifying snapshot permissions.

D.  

Use AWS CloudTrail to track snapshot permission changes.

Discussion 0
Questions 214

The company must encrypt finance reports that are stored in an Amazon S3 bucket. An AWS Lambda function must be able to decrypt the reports dynamically. An IAM group that the company ' s security administrators use must manage the encryption keys. The IAM group must manage key rotation, deletion, and creation. The company must grant access to the keys according to the principle of least privilege.

Which solution will meet these requirements?

Options:

A.  

Use server-side encryption with Amazon S3 managed keys SSE-S3 to encrypt the reports in the S3 bucket. Use IAM policies to allow the Lambda function execution role to decrypt the reports.

B.  

Use customer managed AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the files. Use IAM policies to grant the security administrator IAM group permissions to perform only kms:CreateKey, kms:DeleteKey, and kms:RotateKey actions on KMS keys.

C.  

Use server-side encryption with AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the reports. Grant the security administrator IAM group permissions to generate KMS keys.

D.  

Use customer-managed AWS KMS keys to encrypt the reports in the S3 bucket. Grant the Lambda function execution role and the security administrator IAM group full access to perform all transactions on KMS keys.

Discussion 0
Questions 215

A company has a serverless web application that is comprised of AWS Lambda functions. The application experiences spikes in traffic that cause increased latency because of cold starts. The company wants to improve the application’s ability to handle traffic spikes and to minimize latency. The solution must optimize costs during periods when traffic is low.

Options:

A.  

Configure provisioned concurrency for the Lambda functions. Use AWS Application Auto Scaling to adjust the provisioned concurrency.

B.  

Launch Amazon EC2 instances in an Auto Scaling group. Add a scheduled scaling policy to launch additional EC2 instances during peak traffic periods.

C.  

Configure provisioned concurrency for the Lambda functions. Set a fixed concurrency level to handle the maximum expected traffic.

D.  

Create a recurring schedule in Amazon EventBridge Scheduler. Use the schedule to invoke the Lambda functions periodically to warm the functions.

Discussion 0
Questions 216

Question:

An ecommerce company hosts an API that handles sales requests. The company hosts the API frontend on Amazon EC2 instances that run behind an Application Load Balancer (ALB). The company hosts the API backend on EC2 instances that perform the transactions. The backend tiers are loosely coupled by an Amazon Simple Queue Service (Amazon SQS) queue.

The company anticipates a significant increase in request volume during a new product launch event. The company wants to ensure that the API can handle increased loads successfully.

Options:

Options:

A.  

Double the number of frontend and backend EC2 instances to handle the increased traffic during the product launch event. Create a dead-letter queue to retain unprocessed sales requests when the demand exceeds the system capacity.

B.  

Place the frontend EC2 instances into an Auto Scaling group. Create an Auto Scaling policy to launch new instances to handle the incoming network traffic.

C.  

Place the frontend EC2 instances into an Auto Scaling group. Add an Amazon ElastiCache cluster in front of the ALB to reduce the amount of traffic the API needs to handle.

D.  

Place the frontend and backend EC2 instances into separate Auto Scaling groups. Create a policy for the frontend Auto Scaling group to launch instances based on incoming network traffic. Create a policy for the backend Auto Scaling group to launch instances based on the SQS queue backlog.

Discussion 0
Questions 217

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer ALB. The application uses Amazon DynamoDB as its database. The company wants to ensure high performance for reads and writes.

Which solution will meet this requirement MOST cost-effectively?

Options:

A.  

Configure automatic scaling for the DynamoDB table. Set a target utilization of 70%. Set the minimum and maximum capacity units based on the expected workload.

B.  

Analyze the DynamoDB table usage. Create a global secondary index GSI on the existing table for frequently used keys. Assign read and write capacity units appropriately.

C.  

Use DynamoDB provisioned throughput mode for the table. Create an Amazon CloudWatch alarm for the ThrottledRequests metric. Invoke an AWS Lambda function to increase provisioned capacity.

D.  

Create an Amazon DynamoDB Accelerator DAX cluster. Configure the application to use the DAX endpoint.

Discussion 0
Questions 218

A company wants to publish a private website for its on-premises employees. The website consists of several HTML pages and image files. The website must be available only through HTTPS and must be available only to on-premises employees. A solutions architect plans to store the website files in an Amazon S3 bucket.

Which solution will meet these requirements?

Options:

A.  

Create an S3 bucket policy to deny access when the source IP address is not the public IP address of the on-premises environment Set up an Amazon Route 53 alias record to point to the S3 bucket. Provide the alias record to the on-premises employees to grant the employees access to the website.

B.  

Create an S3 access point to provide website access. Attach an access point policy to deny access when the source IP address is not the public IP address of the on-premises environment. Provide the S3 access point alias to the on-premises employees to grant the employees access to the website.

C.  

Create an Amazon CloudFront distribution that includes an origin access control (OAC) that is configured for the S3 bucket. Use AWS Certificate Manager for SSL. Use AWS WAF with an IP set rule that allows access for the on-premises IP address. Set up an Amazon Route 53 alias record to point to the CloudFront distribution.

D.  

Create an Amazon CloudFront distribution that includes an origin access control (OAC) that is configured for the S3 bucket. Create a CloudFront signed URL for the objects in the bucket. Set up an Amazon Route 53 alias record to point to the CloudFront distribution. Provide the signed URL to the on-premises employees to grant the employees access to the website.

Discussion 0
Questions 219

A company is developing a new online gaming application. The application will run on Amazon EC2 instances in multiple AWS Regions and will have a high number of globally distributed users. A solutions architect must design the application to optimize network latency for the users.

Which actions should the solutions architect take to meet these requirements? (Select TWO.)

Options:

A.  

Configure AWS Global Accelerator. Create Regional endpoint groups in each Region where an EC2 fleet is hosted.

B.  

Create a content delivery network (CDN) by using Amazon CloudFront. Enable caching for static and dynamic content, and specify a high expiration period.

C.  

Integrate AWS Client VPN into the application. Instruct users to select which Region is closest to them after they launch the application. Establish a VPN connection to that Region.

D.  

Create an Amazon Route 53 weighted routing policy. Configure the routing policy to give the highest weight to the EC2 instances in the Region that has the largest number of users.

E.  

Configure an Amazon API Gateway endpoint in each Region where an EC2 fleet is hosted. Instruct users to select which Region is closest to them after they launch the application. Use the API Gateway endpoint that is closest to them.

Discussion 0
Questions 220

A company is developing a latency-sensitive application. Part of the application includes several AWS Lambda functions that need to initialize as quickly as possible. The Lambda functions are written in Java and contain initialization code outside the handlers to load libraries, initialize classes, and generate unique IDs.

Which solution will meet the startup performance requirement MOST cost-effectively?

Options:

A.  

Move all the initialization code to the handlers for each Lambda function. Activate Lambda SnapStart for each Lambda function. Configure SnapStart to reference the $LATEST version of each Lambda function.

B.  

Publish a version of each Lambda function. Create an alias for each Lambda function. Configure each alias to point to its corresponding version. Set up provisioned concurrency configuration for each Lambda function to point to the corresponding alias.

C.  

Publish a version of each Lambda function. Set up a provisioned concurrency configuration for each Lambda function to point to the corresponding version. Activate Lambda SnapStart for the published versions of the Lambda functions.

D.  

Update the Lambda functions to add a pre-snapshot hook. Move the code that generates unique IDs into the handlers. Publish a version of each Lambda function. Activate Lambda SnapStart for the published versions of the Lambda functions.

Discussion 0
Questions 221

A company has migrated several applications to AWS in the past 3 months. The company wants to know the breakdown of costs for each of these applications. The company wants to receive a regular report that Includes this Information.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Use AWS Budgets to download data for the past 3 months into a csv file. Look up the desired information.

B.  

Load AWS Cost and Usage Reports into an Amazon RDS DB instance. Run SQL queries to gel the desired information.

C.  

Tag all the AWS resources with a key for cost and a value of the application ' s name. Activate cost allocation tags Use Cost Explorer to get the desired information.

D.  

Tag all the AWS resources with a key for cost and a value of the application ' s name. Use the AWS Billing and Cost Management console to download bills for the past 3 months. Look up the desired information.

Discussion 0
Questions 222

An ecommerce company hosts an application on AWS across multiple Availability Zones. The application experiences uniform load throughout most days.

The company hosts some components of the application in private subnets. The components need to access the internet to install and update patches.

A solutions architect needs to design a cost-effective solution that provides secure outbound internet connectivity for private subnets across multiple Availability Zones. The solution must maintain high availability.

Options:

A.  

Deploy one NAT gateway in each Availability Zone. Configure the route table for each pri-vate subnet within an Availability Zone to route outbound traffic through the NAT gateway in the same Availability Zone.

B.  

Place one NAT gateway in a designated Availability Zone within the VPC. Configure the route tables of the private subnets in each Availability Zone to direct outbound traffic specifi-cally through the NAT gateway for internet access.

C.  

Deploy an Amazon EC2 instance in a public subnet. Configure the EC2 instance as a NAT instance. Set up the instance with security groups that allow inbound traffic from private sub-nets and outbound internet access. Configure route tables to direct traffic from the private sub-nets through the NAT instance.

D.  

Use one NAT Gateway in a Network Load Balancer (NLB) target group. Configure private subnets in each Availability Zone to route traffic to the NLB for outbound internet access.

Discussion 0
Questions 223

A company uses Amazon Redshift to store structured data and Amazon S3 to store unstructured data. The company wants to analyze the stored data and create business intelligence reports. The company needs a data visualization solution that is compatible with Amazon Redshift and Amazon S3.

Which solution will meet these requirements?

Options:

A.  

Use Amazon Redshift query editor v2 to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

B.  

Use Amazon Redshift Serverless to analyze data stored in Amazon Redshift. Use Amazon S3 Object Lambda to analyze data stored in Amazon S3. Use Amazon Managed Grafana to access Amazon Redshift and Object Lambda, visualize the data analyses, and create business intelligence reports.

C.  

Use Amazon Redshift Spectrum to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

D.  

Use Amazon OpenSearch Service to analyze data stored in Amazon Redshift and Amazon S3. Use Amazon Managed Grafana to access OpenSearch Service, visualize the data analyses, and create business intelligence reports.

Discussion 0
Questions 224

A financial services company needs to migrate an on-premises MySQL database workload to AWS. The database requires consistent low-latency performance with a baseline of 32,000 IOPS to process transactions.

Which solution will meet these requirements?

Options:

A.  

Migrate the database to an Amazon S3 bucket. Enable S3 Transfer Acceleration.

B.  

Migrate the data to a Provisioned IOPS SSD io2 Amazon EBS Express volume.

C.  

Migrate the data to an Amazon EFS Standard file system.

D.  

Migrate the data to a General Purpose SSD gp3 Amazon EBS volume.

Discussion 0
Questions 225

A company hosts its applications in multiple private and public subnets in a VPC. The applications in the private subnets need to access an API. The API is available on the internet and is hosted in the company ' s on-premises data center. A solutions architect needs to establish connectivity for applications in the private subnets.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Create a transit gateway to connect the VPC to the on-premises network. Use the transit gateway to route API calls from the private subnets to the on-premises data center.

B.  

Create a NAT gateway in the public subnet of the VPC. Use the NAT gateway to allow the private subnets to access the API over the internet.

C.  

Establish an AWS PrivateLink connection to connect the VPC to the on-premises network. Use PrivateLink to make API calls from the private subnets to the on-premises data center.

D.  

Implement an AWS Site-to-Site VPN connection between the VPC and the on-premises data center. Use the VPN connection to make API calls from the private subnets to the on-premises data center.

Discussion 0
Questions 226

A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Options:

A.  

Configure a CloudFront signed URL.

B.  

Configure a CloudFront signed cookie.

C.  

Configure a CloudFront field-level encryption profile.

D.  

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Discussion 0
Questions 227

A solutions architect is designing the architecture for a company website that is composed of static content. The company ' s target customers are located in the United States and Europe.

Which architecture should the solutions architect recommend to MINIMIZE cost?

Options:

A.  

Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to limit the edge locations in use.

B.  

Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to maximize the use of edge locations.

C.  

Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront geolocation routing policy to route requests to the closest Region to the user.

D.  

Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route requests to the closest Region to the user.

Discussion 0
Questions 228

A company is building a containerized application on AWS. The application uses the Linux operating system. The company needs to provide a persistent storage solution for the application.

The company expects the storage solution to have varying data access patterns. The solution must have native storage tiering capabilities and must be scalable. The solution must not require the company to provision storage upfront.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.  

Use Amazon FSx for NetApp ONTAP to set up persistent file storage that uses SSD storage for performance. Use the capacity pool storage tier.

B.  

Use an Amazon EFS file system in Elastic throughput mode. Use the Intelligent Tiering lifecycle management feature.

C.  

Configure two Amazon FSx for Windows File Server file systems. Use an SSD-based file system for performance and an HDD-based file system for low-cost storage.

D.  

Launch an Amazon EC2 instance that is backed by an Amazon EBS volume. Use the EBS volume to create a file share.

Discussion 0
Questions 229

A company wants to restrict access to the content of its web application. The company needs to protect the content by using authorization techniques that are available on AWS. The company also wants to implement a serverless architecture for authorization and authentication that has low login latency. The solution must integrate with the web application and serve web content globally. The application currently has a small user base, but the company expects the application ' s user base to increase.

Which solution will meet these requirements?

Options:

A.  

Configure Amazon Cognito for authentication. Implement Lambda@Edge for authorization. Configure Amazon CloudFront to serve the web application globally.

B.  

Configure AWS Managed Microsoft AD for authentication. Implement AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.

C.  

Configure Amazon Cognito for authentication. Implement AWS Lambda for authorization. Use Amazon S3 Transfer Acceleration to serve the web application globally.

D.  

Configure AWS Managed Microsoft AD for authentication. Implement Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Discussion 0
Questions 230

An analytics application runs on multiple Amazon EC2 Linux instances that use Amazon Elastic File System (Amazon EFS) Standard storage. Files are accessed infrequently after 30 days, but some older files are occasionally retrieved for reporting.

The company wants to reduce storage costs and allow throughput to scale based on file system size. The company will use the EFS lifecycle policy to transition files to Infrequent Access (IA) after 30 days.

Which solution will meet these requirements?

Options:

A.  

Configure files to transition back to Standard storage on access. Specify provisioned throughput mode.

B.  

Specify the provisioned throughput mode only.

C.  

Configure files to transition back to Standard storage on access. Specify bursting throughput mode.

D.  

Specify the bursting throughput mode only.

Discussion 0
Questions 231

A company runs its production workload on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS) volumes. A solutions architect needs to analyze the current EBS volume cost and to recommend optimizations. The recommendations need to include estimated monthly saving opportunities.

Which solution will meet these requirements?

Options:

A.  

Use Amazon Inspector reporting to generate EBS volume recommendations for optimization.

B.  

Use AWS Systems Manager reporting to determine EBS volume recommendations for optimization.

C.  

Use Amazon CloudWatch metrics reporting to determine EBS volume recommendations for optimization.

D.  

Use AWS Compute Optimizer to generate EBS volume recommendations for optimization.

Discussion 0
Questions 232

A company uses an Amazon RDS MySQL database to store data for several applications. The company wants to understand use patterns for the database so the company can identify oppor-tunities to optimize costs.

A solutions architect needs to analyze the RDS DB instance to identify right-sizing opportuni-ties.

Which solution will meet these requirements with the LEAST effort?

Options:

A.  

Enable AWS CloudTrail data events. Use Amazon Athena to query CloudTrail events. Right-size the RDS DB instance based on the number of transactions.

B.  

Enable Performance Insights for the RDS DB instance. Right-size the RDS DB instance based on the maximum CPU utilization.

C.  

Enable AWS X-Ray to understand the transactions that run on the RDS DB instance. Right-size the RDS DB instance based on the number of transactions.

D.  

Enable Amazon CloudWatch Logs for the applications. Aggregate the data from Cloud-Watch Logs for all the applications. Right-size the RDS DB instance based on the aggregated logs.

Discussion 0
Questions 233

A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files are uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.example.com through the use of Amazon Route 53.

What should a solutions architect do to improve the reliability and scalability of the SFTP solution?

Options:

A.  

Move the EC2 instance into an Auto Scaling group. Place the EC2 instance behind an Application Load Balancer (ALB). Update the DNS record sftp.example.com in Route 53 to point to the ALB.

B.  

Migrate the SFTP server to AWS Transfer for SFTP. Update the DNS record sftp.example.com in Route 53 to point to the server endpoint hostname.

C.  

Migrate the SFTP server to a file gateway in AWS Storage Gateway. Update the DNS record sftp.example.com in Route 53 to point to the file gateway endpoint.

D.  

Place the EC2 instance behind a Network Load Balancer (NLB). Update the DNS record sftp.example.com in Route 53 to point to the NLB.

Discussion 0
Questions 234

A company ' s data platform uses an Amazon Aurora MySQL database. The database has multiple read replicas and multiple DB instances across different Availability Zones. Users have recently reported errors from the database that indicate that there are too many connections. The company wants to reduce the failover time by 20% when a read replica is promoted to primary writer.

Which solution will meet this requirement?

Options:

A.  

Switch from Aurora to Amazon RDS with Multi-AZ cluster deployment.

B.  

Use Amazon RDS Proxy in front of the Aurora database.

C.  

Switch to Amazon DynamoDB with DynamoDB Accelerator DAX for read connections.

D.  

Switch to Amazon Redshift with relocation capability.

Discussion 0
Questions 235

A company is designing a microservice-based architecture for a new application on AWS. Each microservice will run on its own set of Amazon EC2 instances. Each microservice will need to interact with multiple AWS services.

The company wants to manage permissions for each EC2 instance according to the principle of least privilege.

Which solution will meet this requirement with the LEAST administrative overhead?

Options:

A.  

Assign an IAM user to each microservice. Use access keys that are stored within the application code to authenticate AWS service requests.

B.  

Create a single IAM role that has permission to access all AWS services. Add the IAM role to an instance profile that is associated with the EC2 instances.

C.  

Use AWS Organizations to create a separate account for each microservice. Manage permissions at the account level.

D.  

Create individual IAM roles based on the specific needs of each microservice. Add each IAM role to an instance profile that is associated with the appropriate EC2 instance.

Discussion 0
Questions 236

A company runs multiple workloads on virtual machines (VMs) in an on-premises data center. The company is expanding rapidly. The on-premises data center is not able to scale fast enough to meet business needs. The company wants to migrate the workloads to AWS.

The migration is time sensitive. The company wants to use a lift-and-shift strategy for non-critical workloads.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.  

Use the AWS Schema Conversion Tool (AWS SCT) to collect data about the VMs.

B.  

Use AWS Application Migration Service. Install the AWS Replication Agent on the VMs.

C.  

Complete the initial replication of the VMs. Launch test instances to perform acceptance tests on the VMs.

D.  

Stop all operations on the VMs Launch a cutover instance.

E.  

Use AWS App2Container (A2C) to collect data about the VMs.

F.  

Use AWS Database Migration Service (AWS DMS) to migrate the VMs.

Discussion 0
Questions 237

A company hosts an end-user application on Amazon EC2 instances behind an Application Load Balancer (ALB). The company needs to configure end-to-end encryption between the ALB and the EC2 instances.

Which solution will meet this requirement with the LEAST operational effort?

Options:

A.  

Deploy AWS CloudHSM. Import a third-party certificate into CloudHSM. Configure the EC2 instances and the ALB to use the CloudHSM imported certificate.

B.  

Import a third-party certificate bundle into AWS Certificate Manager (ACM). Generate a self-signed certificate on the EC2 instances. Associate the ACM imported third-party certificate with the AL

B.  

C.  

Import a third-party SSL certificate into AWS Certificate Manager (ACM). Install the third-party certificate on the EC2 instances. Associate the ACM imported third-party certificate with the ALB.

D.  

Use Amazon-issued AWS Certificate Manager (ACM) certificates on the EC2 instances and the ALB.

Discussion 0
Questions 238

A company is moving data from an on-premises data center to the AWS Cloud. The company must store all its data in an Amazon S3 bucket. To comply with regulations, the company must also ensure that the data will be protected against overwriting indefinitely.

Which solution will ensure that the data in the S3 bucket cannot be overwritten?

Options:

A.  

Enable versioning for the S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to protect the data.

B.  

Disable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a retention period of 1 year.

C.  

Enable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a legal hold.

D.  

Configure S3 Storage Lens for the S3 bucket. Use server-side encryption with customer-provided keys (SSE-C) to protect the data.

Discussion 0
Questions 239

A company runs several custom applications on Amazon EC2 instances. Each team within the company manages its own set of applications and backups. To comply with regulations, the company must be able to report on the status of backups and ensure that backups are encrypted.

Which solution will meet these requirements with the LEAST effort?

Options:

A.  

Create an AWS Lambda function that processes AWS Config events. Configure the Lambda function to query AWS Config for backup-related data and to generate daily reports.

B.  

Check the backup status of the EC2 instances daily by reviewing the backup configurations in AWS Backup and Amazon Elastic Block Store (Amazon EBS) snapshots.

C.  

Use an AWS Lambda function to query Amazon EBS snapshots, Amazon RDS snapshots, and AWS Backup jobs. Configure the Lambda function to process and report on the data. Schedule the function to run daily.

D.  

Use AWS Config and AWS Backup Audit Manager to ensure compliance. Review generated reports daily.

Discussion 0
Questions 240

A company tracks customer satisfaction by using surveys that the company hosts on its website. The surveys sometimes reach thousands of customers every hour. Survey results are currently sent in email messages to the company so company employees can manually review results and assess customer sentiment.

The company wants to automate the customer survey process. Survey results must be available for the previous 12 months.

Which solution will meet these requirements in the MOST scalable way?

Options:

A.  

Send the survey results data to an Amazon API Gateway endpoint that is connected to an Amazon Simple Queue Service (Amazon SQS) queue. Create an AWS Lambda function to poll the SQS queue, call Amazon Comprehend for sentiment analysis, and save the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the future.

B.  

Send the survey results data to an API that is running on an Amazon EC2 instance. Configure the API to store the survey results as a new record in an Amazon DynamoDB table, call Amazon Comprehend for sentiment analysis, and save the results in a second DynamoDB table. Set the TTL for all records to 365 days in the future.

C.  

Write the survey results data to an Amazon S3 bucket. Use S3 Event Notifications to invoke an AWS Lambda function to read the data and call Amazon Rekognition for sentiment analysis. Store the sentiment analysis results in a second S3 bucket. Use S3 Lifecycle policies on each bucket to expire objects after 365 days.

D.  

Send the survey results data to an Amazon API Gateway endpoint that is connected to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the SQS queue to invoke an AWS Lambda function that calls Amazon Lex for sentiment analysis and saves the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the future.

Discussion 0
Questions 241

An ecommerce company runs several internal applications in multiple AWS accounts. The company uses AWS Organizations to manage its AWS accounts.

A security appliance in the company ' s networking account must inspect interactions between applications across AWS accounts.

Which solution will meet these requirements?

Options:

A.  

Deploy a Network Load Balancer (NLB) in the networking account to send traffic to the security appliance. Configure the application accounts to send traffic to the NLB by using an interface VPC endpoint in the application accounts

B.  

Deploy an Application Load Balancer (ALB) in the application accounts to send traffic directly to the security appliance.

C.  

Deploy a Gateway Load Balancer (GWLB) in the networking account to send traffic to the security appliance. Configure the application accounts to send traffic to the GWLB by using an interface GWLB endpoint in the application accounts

D.  

Deploy an interface VPC endpoint in the application accounts to send traffic directly to the security appliance.

Discussion 0
Questions 242

A company uses an Amazon EC2 instance to run a script to poll for and process messages in an Amazon Simple Queue Service (Amazon SQS) queue. The company wants to reduce operational overhead while maintaining its ability to process an increasing number of messages that are added to the queue. Which solution will meet these requirements?

Options:

A.  

Increase the size of the EC2 instance to process messages in the SQS queue faster.

B.  

Configure an Amazon EventBridge rule to turn off the EC2 instance when the SQS queue is empty.

C.  

Migrate the script on the EC2 instance to an AWS Lambda function with an event source of the SQS queue.

D.  

Configure an AWS Systems Manager Run Command to run the script on demand.

Discussion 0
Questions 243

Question:

A finance company collects streaming data for a real-time search and visualization system. They want to migrate to AWS using a native solution for ingest, search, and visualization.

Options:

Options:

A.  

Use EC2 to ingest/process data to S3 → Athena + Managed Grafana

B.  

Use EMR to ingest/process to Redshift → Redshift Spectrum + QuickSight

C.  

Use EKS to ingest/process to DynamoDB → CloudWatch Dashboards

D.  

Use Kinesis Data Streams → Amazon OpenSearch Service → Amazon QuickSight

Discussion 0
Questions 244

A company runs a content management system on an Amazon Elastic Container Service (Amazon ECS) cluster. The system allows visitors to provide feedback about the company ' s products by uploading documents and photos of the products to an Amazon S3 bucket.

The company has a workflow on AWS that processes uploaded documents to perform sentiment analysis of photos and text. The processing workflow calls multiple AWS services.

The company needs a solution to automate the processing workflow. The solution must handle any failed uploads.

Which solution will meet these requirements with the LEAST effort?

Options:

A.  

Use S3 Event Notifications to publish events to an Amazon Simple Notification Service (Amazon SNS) topic. Deploy a web application on the Amazon ECS cluster to subscribe to the SNS topic and listen for events to orchestrate the processing workflow.

B.  

Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Configure long polling. Deploy an Amazon EC2 instance that runs a script to orchestrate the processing workflow.

C.  

Use S3 Event Notifications to publish events to an Amazon Simple Queue Service (Amazon SQS) queue. Create an ECS cluster that scales based on the number of messages in the queue. Configure the cluster to orchestrate the processing workflow.

D.  

Use S3 Event Notifications to invoke an Amazon EventBridge rule. Configure the rule to initiate an AWS Step Functions workflow that orchestrates the processing workflow.

Discussion 0
Questions 245

A company runs a high-traffic web application that has a three-tier architecture consisting of a web layer, an application layer, and a database layer. The web layer and application layer run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application layer is stateless and supports automatic scaling. The database layer uses Amazon RDS for MySQL in a Multi-AZ configuration and relies on a relational architecture.

The company is preparing for a large marketing event that is expected to drive a sharp increase in read traffic. The company must ensure that the application remains highly available and responsive under load. The company wants to scale the application ' s architecture components but does not want to modify the application.

Which combination of solutions will meet these requirements? (Select THREE.)

Options:

A.  

Deploy an Amazon CloudFront distribution. Specify the web layer as the origin.

B.  

Enable automatic scaling for EC2 instances in the application layer.

C.  

Migrate the database to Amazon Aurora. Configure Aurora Auto Scaling and Aurora Replicas.

D.  

Set up an Amazon ElastiCache (Redis OSS) cluster in front of the database.

E.  

Replace the ALB with a Network Load Balancer (NLB).

F.  

Migrate the database to an Amazon DynamoDB table.

Discussion 0
Questions 246

A company collects data from sensors. The company needs a cloud-based solution to store and transform the sensor data to make critical decisions. The solution must store the data for up to 2 days. After 2 days, the solution must delete the data. The company needs to use the transformeddata in an automated workflow that has manual approval steps.

Which solution will meet these requirements?

Options:

A.  

Load the data into an Amazon Simple Queue Service (Amazon SQS) queue that has a retention period of 2 days. Use an Amazon EventBridge pipe to retrieve data from the queue, transform the data, and pass the data to an AWS Step Functions workflow.

B.  

Load the data into AWS DataSync. Delete the DataSync task after 2 days. Invoke an AWS Lambda function to retrieve the data, transform the data, and invoke a second Lambda function that performs the remaining workflow steps.

C.  

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic, transform the data, and send the data to Amazon EC2 instances to perform the remaining workflow steps.

D.  

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic and transform the data into an appropriate format for an Amazon SQS queue. Use an AWS Lambda function to poll the queue to perform the remaining workflow steps.

Discussion 0
Questions 247

A company uses Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to run an application. The company creates one snapshot of each EBS volume every day.

The company needs to prevent users from accidentally deleting the EBS volume snapshots. The solution must not change the administrative rights of a storage administrator user.

Which solution will meet these requirements with the LEAST administrative effort?

Options:

A.  

Create an IAM role that has permission to delete snapshots. Attach the role to a new EC2 instance. Use the AWS CLI from the new EC2 instance to delete snapshots.

B.  

Create an IAM policy that denies snapshot deletion. Attach the policy to the storage administrator user.

C.  

Add tags to the snapshots. Create tag-level retention rules in the Recycle Bin for EBS snapshots. Configure rule lock settings for the retention rules.

D.  

Take EBS snapshots by using the EBS direct APIs. Copy the snapshots to an Amazon S3 bucket. Configure S3 Versioning and Object Lock on the bucket.

Discussion 0
Questions 248

A company has 15 employees. The company stores employee start dates in an Amazon DynamoDB table. The company wants to send an email message to each employee on the day of the employee ' s work anniversary.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

A.  

Create a script that scans the DynamoDB table and uses Amazon Simple Notification Service (Amazon SNS) to send email messages to employees when necessary. Use a cron job to run this script every day on an Amazon EC2 instance.

B.  

Create a script that scans the DynamoDB table and uses Amazon Simple Queue Service {Amazon SQS) to send email messages to employees when necessary. Use a cron job to run this script every day on an Amazon EC2 instance.

C.  

Create an AWS Lambda function that scans the DynamoDB table and uses Amazon Simple Notification Service (Amazon SNS) to send email messages to employees when necessary. Schedule this Lambda function to run every day.

D.  

Create an AWS Lambda function that scans the DynamoDB table and uses Amazon Simple Queue Service (Amazon SQS) to send email messages to employees when necessary Schedule this Lambda function to run every day.

Discussion 0
Questions 249

A company is developing a new application that will run on Amazon EC2 instances. The application needs to access multiple AWS services.

The company needs to ensure that the application will not use long-term access keys to access AWS services.

Options:

A.  

Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code.

B.  

Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs.

C.  

Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs.

D.  

Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.

Discussion 0
Questions 250

A company is building an application in the AWS Cloud. The application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses Amazon Route 53 for the DNS.

The company needs a managed solution with proactive engagement to detect against DDoS attacks.

Which solution will meet these requirements?

Options:

A.  

Enable AWS Config. Configure an AWS Config managed rule that detects DDoS attacks.

B.  

Enable AWS WAF on the ALB Create an AWS WAF web ACL with rules to detect and prevent DDoS attacks. Associate the web ACL with the AL

B.  

C.  

Store the ALB access logs in an Amazon S3 bucket. Configure Amazon GuardDuty to detect and take automated preventative actions for DDoS attacks.

D.  

Subscribe to AWS Shield Advanced. Configure hosted zones in Route 53 Add ALB resources as protected resources.

Discussion 0
Questions 251

The DNS provider that hosts a company ' s domain name records is experiencing outages that cause service disruption for a website running on AWS. The company needs to migrate to a more resilient managed DNS service and wants the service to run on AWS.

What should a solutions architect do to rapidly migrate the DNS hosting service?

Options:

A.  

Create an Amazon Route 53 public hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.

B.  

Create an Amazon Route 53 private hosted zone for the domain name. Import the zone file containing the domain records hosted by the previous provider.

C.  

Create a Simple AD directory in AWS. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.

D.  

Create an Amazon Route 53 Resolver inbound endpoint in the VPC. Specify the IP addresses that the provider ' s DNS will forward DNS queries to. Configure the provider ' s DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.

Discussion 0
Questions 252

A company runs a mobile game app on AWS. The app stores data for every user session. The data updates frequently during a gaming session. The app stores up to 256 KB for each session. Sessions can last up to 48 hours.

The company wants to automate the deletion of expired session data. The company must be able to restore all session data automatically if necessary.

Which solution will meet these requirements?

Options:

A.  

Use an Amazon DynamoDB table to store the session data. Enable point-in-time recovery (PITR) and TTL for the table. Select the corresponding attribute for TTL in the session data.

B.  

Use an Amazon MemoryDB table to store the session data. Enable point-in-time recovery (PITR) and TTL for the table. Select the corresponding attribute for TTL in the session data.

C.  

Store session data in an Amazon S3 bucket. Use the S3 Standard storage class. Enable S3 Versioning for the bucket. Create an S3 Lifecycle configuration to expire objects after 48 hours.

D.  

Store session data in an Amazon S3 bucket. Use the S3 Intelligent-Tiering storage class. Enable S3 Versioning for the bucket. Create an S3 Lifecycle configuration to expire objects after 48 hours.

Discussion 0
Questions 253

A company has an application that receives and processes purchase orders. The application supports only XML data. The company needs to configure the application to accept orders in JSON format. The company does not want to modify the application.

A solutions architect is using an Amazon API Gateway HTTP API to create a new purchase order API. The solutions architect needs to modify the application DNS record to point to the new HTTP API.

Options:

A.  

Use an HTTP proxy integration to pass XML requests to the application. For JSON requests, use API Gateway mappings to convert the purchase orders to XML. Use an AWS Lambda function that is integrated with API Gateway to call the application.

B.  

Use an HTTP proxy integration to pass XML requests to the application. For JSON requests, use an AWS Lambda function that is integrated with API Gateway to convert the purchase orders from JSON to XML and to call the application.

C.  

Use an HTTP custom integration to pass XML requests to the application. For JSON requests, use API Gateway mappings to convert the purchase orders to XML. Use an AWS Lambda function that is integrated with API Gateway to call the application.

D.  

Use an HTTP custom integration to pass XML requests to the application. For JSON requests, use an AWS Lambda function that is integrated with API Gateway to convert the purchase orders to JSON and to call the application.

Discussion 0
Questions 254

A company runs an application on Amazon EC2 instances. The application is deployed in private subnets in three Availability Zones of the us-east-1 Region. The instances must be able to connect to the internet to download files. The company wants a design that is highly available across the Region.

Which solution should be implemented to ensure that there are no disruptions to internet connectivity?

Options:

A.  

Deploy a NAT instance in a private subnet of each Availability Zone.

B.  

Deploy a NAT gateway in a public subnet of each Availability Zone.

C.  

Deploy a transit gateway in a private subnet of each Availability Zone.

D.  

Deploy an internet gateway in a public subnet of each Availability Zone.

Discussion 0
Questions 255

A media company is migrating a Microsoft Windows-based application to the AWS Cloud. The company uses the application to analyze media files.

The company requires a resilient shared storage solution that the company can access by using the SMB protocol.

Which storage solution will meet these requirements?

Options:

A.  

Use an Amazon S3 bucket to store the media files. Connect the application servers to the bucket.

B.  

Use Amazon FSx for Windows File Server in a Multi-AZ deployment as shared storage for the application servers.

C.  

Use an Amazon EBS volume as shared storage for the application servers.

D.  

Use an Amazon FSx File Gateway as shared storage for the application servers.

Discussion 0
Questions 256

A solutions architect is designing the storage architecture for a new web application used for storing and viewing engineering drawings. All application components will be deployed on the AWS infrastructure. The application design must support caching to minimize the amount of time that users wait for the engineering drawings to load. The application must be able to store petabytes of data.

Which combination of storage and caching should the solutions architect use?

Options:

A.  

Amazon S3 with Amazon CloudFront

B.  

Amazon S3 Glacier Deep Archive with Amazon ElastiCache

C.  

Amazon Elastic Block Store (Amazon EBS) volumes with Amazon CloudFront

D.  

AWS Storage Gateway with Amazon ElastiCache

Discussion 0
Questions 257

A company uses AWS to run its ecommerce platform. The platform is critical to the company ' s operations and has a high volume of traffic and transactions. The company configures a multi-factor authentication (MFA) device to secure its AWS account root user credentials. The company wants to ensure that it will not lose access to the root user account if the MFA device is lost.

Which solution will meet these requirements?

Options:

A.  

Set up a backup administrator account that the company can use to log in if the company loses the MFA device.

B.  

Add multiple MFA devices for the root user account to handle the disaster scenario.

C.  

Create a new administrator account when the company cannot access the root account.

D.  

Attach the administrator policy to another IAM user when the company cannot access the root account.

Discussion 0
Questions 258

A city ' s weather forecast team is using Amazon DynamoDB in the data tier for an application. The application has several components. The analysis component of the application requires repeated reads against a large dataset. The application has started to temporarily consume all the read capacity in the DynamoDB table and is negatively affecting other applications that need to access the same data.

Which solution will resolve this issue with the LEAST development effort?

Options:

A.  

Use DynamoDB Accelerator (DAX).

B.  

Use Amazon CloudFront in front of DynamoD

B.  

C.  

Create a DynamoDB table with a local secondary index (LSI).

D.  

Use Amazon ElastiCache in front of DynamoDB.

Discussion 0
Questions 259

A company is building a new web application on AWS. The application needs to consume files from a legacy on-premises application that runs a batch process and outputs approximately 1 GB of data every night to an NFS file mount.

A solutions architect needs to design a storage solution that requires minimal changes to the legacy application and keeps costs low.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Deploy an Outpost in AWS Outposts to the on-premises location where the legacy application is stored. Configure the legacy application and the web application to store and retrieve the files in Amazon S3 on the Outpost.

B.  

Deploy an AWS Storage Gateway Volume Gateway on premises. Point the legacy application to the Volume Gateway. Configure the web application to use the Amazon S3 bucket that the Volume Gateway uses.

C.  

Deploy an Amazon S3 interface endpoint on AWS. Reconfigure the legacy application to store the files directly on an Amazon S3 endpoint. Configure the web application to retrieve the files from Amazon S3.

D.  

Deploy an Amazon S3 File Gateway on premises. Point the legacy application to the File Gateway. Configure the web application to retrieve the files from the S3 bucket that the File Gateway uses.

Discussion 0
Questions 260

A finance company is migrating its trading platform to AWS. The trading platform processes a high volume of market data and processes stock trades. The company needs to establish a consistent, low-latency network connection from its on-premises data center to AWS.

The company will host resources in a VPC. The solution must not use the public internet.

Which solution will meet these requirements?

Options:

A.  

Use AWS Client VPN to connect the on-premises data center to AWS.

B.  

Use AWS Direct Connect to set up a connection from the on-premises data center to AWS

C.  

Use AWS PrivateLink to set up a connection from the on-premises data center to AWS.

D.  

Use AWS Site-to-Site VPN to connect the on-premises data center to AWS.

Discussion 0
Questions 261

A company has multiple AWS accounts with applications deployed in the us-west-2 Region. Application logs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysis solution that uses a single S3 bucket. Logs must not leave us-west-2, and the company wants to incur minimal operational overhead.

Options:

A.  

Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket.

B.  

Use S3 Same-Region Replication to replicate logs from the S3 buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

C.  

Write a script that uses the PutObject API operation every day to copy the entire contents of the buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

D.  

Write AWS Lambda functions in these accounts that are triggered every time logs are delivered to the S3 buckets (s3:ObjectCreated:*) event. Copy the logs to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

Discussion 0
Questions 262

A company ' s application uses Network Load Balancers, Auto Scaling groups, Amazon EC2 instances, and databases that are deployed in an Amazon VPC. The company wants to capture information about traffic to and from the network interfaces in near real time in its Amazon VPC. The company wants to send the information to Amazon OpenSearch Service for analysis.

Which solution will meet these requirements?

Options:

A.  

Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Streams to stream the logs from the log group to OpenSearch Service.

B.  

Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Data Firehose to stream the logs from the log group to OpenSearch Service.

C.  

Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Streams to stream the logs from the trail to OpenSearch Service.

D.  

Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Data Firehose to stream the logs from the trail to OpenSearch Service.

Discussion 0
Questions 263

A solutions architect needs to save a particular automated database snapshot from an Amazon RDS for Microsoft SQL Server DB instance for longer than the maximum number of days. Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.  

Create a manual copy of the snapshot.

B.  

Export the contents of the snapshot to an Amazon S3 bucket.

C.  

Change the retention period of the snapshot to 45 days.

D.  

Create a native SQL Server backup. Save the backup to an Amazon S3 bucket.

Discussion 0
Questions 264

A company stores a large dataset for an online advertising business in an Amazon RDS for MySQL DB instance. The company wants to run business reporting queries on the data without affecting write operations to the DB instance.

Which solution will meet these requirements?

Options:

A.  

Deploy RDS read replicas to process the business reporting queries.

B.  

Scale out the DB instance horizontally by placing the instance behind an Elastic Load Balancing (ELB) load balancer.

C.  

Scale up the DB instance to a larger instance type to handle write operations and reporting queries.

D.  

Configure Amazon CloudWatch to monitor the DB instance. Deploy standby DB instances when a latency metric threshold is exceeded.

Discussion 0
Questions 265

A company uses an organization in AWS Organizations to manage multiple AWS accounts. Multiple teams access each AWS account by assuming IAM roles. Each team has a unique IAM role. Each IAM role has a unique set of permissions.

A security team wants to automate some security tasks by deploying AWS Lambda functions within each AWS account. The security team wants to ensure that only members of the security team can modify the Lambda functions directly.

Which solution will meet these requirements?

Options:

A.  

Create a service control policy SCP that prevents any entity from making changes to Lambda functions except for the IAM role of the security team that is specified in the Principal key. Attach the SCP to the root of the organization.

B.  

Create an IAM policy that denies all changes to the Amazon Resource Names ARNs of the Lambda functions. Attach the IAM policy to the root user of each AWS account.

C.  

Create a service control policy SCP that denies all changes to Lambda functions. Attach the SCP to the root of the organization.

D.  

Create a service control policy SCP that prevents any entity from making changes to Lambda functions except for the IAM role of the security team that is specified in the Condition clause. Attach the SCP to the root of the organization.

Discussion 0
Questions 266

A company is migrating a large amount of data from on-premises storage to AWS. Windows, Mac, and Linux based Amazon EC2 instances in the same AWS Region will access the data by using SMB and NFS storage protocols. The company will access a portion of the data routinely. The company will access the remaining data infrequently.

The company needs to design a solution to host the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an Amazon Elastic File System (Amazon EFS) volume that uses EFS Intelligent-Tiering. Use AWS DataSync to migrate the data to the EFS volume.

B.  

Create an Amazon FSx for ONTAP instance. Create an FSx for ONTAP file system with a root volume that uses the auto tiering policy. Migrate the data to the FSx for ONTAP volume.

C.  

Create an Amazon S3 bucket that uses S3 Intelligent-Tiering. Migrate the data to the S3 bucket by using an AWS Storage Gateway Amazon S3 File Gateway.

D.  

Create an Amazon FSx for OpenZFS file system. Migrate the data to the new volume.

Discussion 0
Questions 267

A financial services company needs to store and manage trading documentation. The documentation includes real-time trade confirmation data, financial statements, and settlement documents that frequently exceed 1 MB in size. The company ' s current provisioned database solution stores and manages this documentation. This current solution experiences high-volume trading activity during market hours but very low activity during off-hours.

The company currently uses a provisioned database solution that is sized to handle the load for peak trading hours. This solution results in significant unused capacity during off-hours. The company needs a solution that will maintain performance during peak hours.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Deploy Amazon RDS for MySQL on Reserved Instances with read replicas for scaling.

B.  

Deploy Amazon DocumentDB serverless with automatic capacity scaling.

C.  

Deploy Amazon DynamoDB with auto scaling.

D.  

Deploy a MongoDB cluster on Amazon EC2 instances in an Auto Scaling group.

Discussion 0
Questions 268

A company maintains its accounting records in a custom application that runs on Amazon EC2 instances. The company needs to migrate the data to an AWS managed service for development and maintenance of the application data. The solution must require minimal operational support and provide immutable, cryptographically verifiable logs of data changes.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Copy the records from the application into an Amazon Redshift cluster.

B.  

Copy the records from the application into an Amazon Neptune cluster.

C.  

Copy the records from the application into an Amazon Timestream database.

D.  

Copy the records from the application into an Amazon Quantum Ledger Database (Amazon QLDB) ledger.

Discussion 0
Questions 269

A gaming company is building an application with Voice over IP capabilities. The application will serve traffic to users across the world. The application needs to be highly available with an automated failover across AWS Regions. The company wants to minimize the latency of users without relying on IP address caching on user devices.

What should a solutions architect do to meet these requirements?

Options:

A.  

Use AWS Global Accelerator with health checks.

B.  

Use Amazon Route 53 with a geolocation routing policy.

C.  

Create an Amazon CloudFront distribution that includes multiple origins.

D.  

Create an Application Load Balancer that uses path-based routing.

Discussion 0
Questions 270

A developer is creating an ecommerce workflow in an AWS Step Functions state machine that includes an HTTP Task state. The task passes shipping information and order details to an endpoint.

The developer needs to test the workflow to confirm that the HTTP headers and body are correct and that the responses meet expectations.

Which solution will meet these requirements?

Options:

A.  

Use the TestState API to invoke only the HTTP Task. Set the inspection level to TRACE.

B.  

Use the TestState API to invoke the state machine. Set the inspection level to DEBUG.

C.  

Use the data flow simulator to invoke only the HTTP Task. View the request and response data.

D.  

Change the log level of the state machine to ALL. Run the state machine.

Discussion 0
Questions 271

A company is developing a SaaS solution for customers. The solution runs on Amazon EC2 instances that have Amazon Elastic Block Store (Amazon EBS) volumes attached.

Within the SaaS application, customers can request how much storage they need. The application needs to allocate the amount of block storage each customer requests.

A solutions architect must design an operationally efficient solution that meets the storage scaling requirement.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.  

Migrate the data from the EBS volumes to an Amazon S3 bucket. Use the Amazon S3 Standard storage class.

B.  

Migrate the data from the EBS volumes to an Amazon Elastic File System (Amazon EFS) file system. Use the EFS Standard storage class. Invoke an AWS Lambda function to increase the EFS volume capacity based on user input.

C.  

Migrate the data from the EBS volumes to an Amazon FSx for Windows File Server file system. Invoke an AWS Lambda function to increase the capacity of the file system based on user input.

D.  

Invoke an AWS Lambda function to increase the size of EBS volumes based on user input by using EBS Elastic Volumes.

Discussion 0
Questions 272

A company is developing a rating system for its ecommerce web application. The company needs a solution to save ratings that users submit in an Amazon DynamoDB table. The company wants to ensure that developers do not need to interact directly with the DynamoDB table. The solution must be scalable and reusable.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.  

Create an Application Load Balancer ALB. Create an AWS Lambda function, and set the function as a target group in the ALB. Invoke the Lambda function by using the PutItem method through the ALB.

B.  

Create an AWS Lambda function. Configure the Lambda function to interact with the DynamoDB table by using the PutItem method from Boto3. Invoke the Lambda function from the web application.

C.  

Create an Amazon SQS queue and an AWS Lambda function that has an SQS trigger type. Instruct the developers to add customer ratings to the SQS queue as JSON messages. Configure the Lambda function to fetch the ratings from the queue and store the ratings in DynamoDB.

D.  

Create an Amazon API Gateway REST API. Define a resource and create a new POST method. Choose AWS as the integration type, and select DynamoDB as the service. Set the action to PutItem.

Discussion 0
Questions 273

An online food delivery company wants to optimize its storage costs. The company has been collecting operational data for the last 10 years in a data lake that was built on Amazon S3 by using a Standard storage class. The company does not keep data that is older than 7 years. A solutions architect frequently uses data from the past 6 months for reporting and runs queries on data from the last 2 years about once a month. Data that is more than 2 years old is rarely accessed and is only used for audit purposes.

Which combination of solutions will optimize the company ' s storage costs? (Select TWO.)

Options:

A.  

Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Deep Archive storage class.

B.  

Create an S3 Lifecycle configuration rule to transition data that is older than 6 months to the S3 One Zone-Infrequent Access (S3 One Zone-IA) storage class. Create another S3 Lifecycle configuration rule to transition data that is older than 2 years to the S3 Glacier Flexible Retrieval storage class.

C.  

Use the S3 Intelligent-Tiering storage class to store data instead of the S3 Standard storage class.

D.  

Create an S3 Lifecycle expiration rule to delete data that is older than 7 years.

E.  

Create an S3 Lifecycle configuration rule to transition data that is older than 7 years to the S3 Glacier Deep Archive storage class.

Discussion 0
Questions 274

A media company uses an Amazon CloudFront distribution to deliver content over the internet The company wants only premium customers to have access to the media streams and file content. The company stores all content in an Amazon S3 bucket. The company also delivers content on demand to customers for a specific purpose, such as movie rentals or music downloads.

Which solution will meet these requirements?

Options:

A.  

Generate and provide S3 signed cookies to premium customers

B.  

Generate and provide CloudFront signed URLs to premium customers.

C.  

Use origin access control (OAC) to limit the access of non-premium customers

D.  

Generate and activate field-level encryption to block non-premium customers.

Discussion 0
Questions 275

A company runs a Microsoft Windows SMB file share on-premises to support an application. The company wants to migrate the application to AWS. The company wants to share storage across multiple Amazon EC2 instances.

Which solutions will meet these requirements with the LEAST operational overhead? (Select TWO.)

Options:

A.  

Create an Amazon Elastic File System (Amazon EFS) file system with elastic throughput.

B.  

Create an Amazon FSx for NetApp ONTAP file system.

C.  

Use Amazon Elastic Block Store (Amazon EBS) to create a self-managed Windows file share on the instances.

D.  

Create an Amazon FSx for Windows File Server file system.

E.  

Create an Amazon FSx for OpenZFS file system.

Discussion 0
Questions 276

A company has a production Amazon RDS for MySQL database. The company needs to create a new application that will read frequently changing data from the database with minimal impact on the database ' s overall performance. The application will rarely perform the same query more than once.

What should a solutions architect do to meet these requirements?

Options:

A.  

Set up an Amazon ElastiCache cluster. Query the results in the cluster.

B.  

Set up an Application Load Balancer AL

B.  

Query the results in the AL

B.  

C.  

Set up a read replica for the database. Query the read replica.

D.  

Set up querying of database snapshots. Query the database snapshots.

Discussion 0