Mcsa Certification Dumps Free Download Pdf

A new version of the AWS Certified Solutions Architect – Associate exam (SAA-C02) will be available to take on and after March 23, 2020. The previous version of the AWS Certified Solutions Architect – Associate exam (SAA-C01) will also be available through July 1, 2020.

PassQuestion SAA-C02 Practice Test Questions can not only let you pass the exam easily, also can help you learn more knowledge about AWS Certified Solutions Architect – Associate exam. PassQuestion covers all aspects of skills in the exam, by it, you can apparently improve your abilities and use these skills better at work. When you are preparing for SAA-C02 exam and need to improve your skills, PassQuestion is absolute your best choice.

1. A solutions architect is designing a solution where users will be directed to a backup static error page if the primary website is unavailable. The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB).

Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins. Then, create custom error pages for the distribution.

Set up a Route 53 active-passive failover configuration. Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.

Update the Route 53 record to use a latency-based routing policy. Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints.

Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints. Route 53 will only send requests to the instance if the heal checks fail for the ALB.

2. A solutions architect is designing a high performance computing (HPC) workload on Amazon EC2. The EC2 instances need to communicate to each other frequently and require network performance with low latency and high throughput.

Which EC2 configuration meets these requirements?

Launch the EC2 instances in a cluster placement group in one Availability Zone.

Launch the EC2 instances in a spread placement group in one Availability Zone.

Launch the EC2 instances in an Auto Scaling group in two Regions and peer the VPCs.

Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones.

3. A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.

What should a solutions architect do to accomplish this?

Use Amazon S3 with Transfer Acceleration to host the application.

Use Amazon S3 with CacheControl headers to host the application.

Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application.

Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.

4. A company is migrating from an on-premises infrastructure to the AWS Cloud. One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.

Which service should the solutions architect use?

Amazon EFS

Amazon FSx

Amazon S3

AWS Storage Gateway

5. A company has a legacy application that process data in two parts. The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.

How should a solutions architect integrate the microservices?

Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2.

Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic.

Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose.

Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.

6. A company captures clickstream data from multiple websites and analyzes it using batch processing. The data is loaded nightly into Amazon Redshift and is consumed by business analysts. The company wants to move towards near-real-time data processing for timely insights. The solution should process the streaming data with minimal effort and operational overhead.

Which combination of AWS services are MOST cost-effective for this solution? (Choose two.)

Amazon EC2

AWS Lambda

Amazon Kinesis Data Streams

Amazon Kinesis Data Firehose

Amazon Kinesis Data Analytics

7. A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month-end financial calculation batch executes. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

Configure an Amazon CloudFront distribution in front of the ALB.

Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.

Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.

Configure Amazon ElastiGache to remove some of the workload from the EC2 instances.

8. A company runs a multi-tier web application that hosts news content. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates.

Which architecture should the solutions architect implement? (Choose two.)

Add AWS Shield.

Add Aurora Replica.

Add AWS Direct Connect.

Add AWS Global Accelerator.

Add an Amazon CloudFront distribution in front of the Application Load Balancer.

9. An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database. When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database.

What should the solutions architect do to separate the read requests from the write requests?

Enable read-through caching on the Amazon Aurora database.

Update the application to read from the Multi-AZ standby instance.

Create a read replica and modify the application to use the appropriate endpoint.

Create a second Amazon Aurora database and link it to the primary database as a read replica.

10. A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred. After the migration is complete, this company and its parent company will both require secure network connectivity with consistent throughput from their data centers to the applications. A solution architect must ensure one-time data migration and ongoing network connectivity.

Which solution will meet these requirements?

AWS Direct Connect for both the initial transfer and ongoing connectivity.

AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.

AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.

AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.

11. An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both are in separate. AWS accounts. The network administrator needs to design a solution to enable secure access to EC2 instance in VOC-B from VPC-A. The connectivity should not have a single point of failure or bandwidth concerns.

Which solution will meet these requirements?

Set up a VPC peering connection between VPC-A and VPC-

Set up VPC gateway endpoints for the EC2 instance running in VPC-

Attach a virtual private gateway to VPC-B and enable routing from VPC-

Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-

12. A company has a legacy application that processes data in two parts. The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently

How should a solutions architect integrate the microservices?

Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2

Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code In microservice 2 to subscribe to this topic.

Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in microservice 2 to read from Kinesis Data Firehose.

Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.

13. A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones As the company's user base grows in the us-west-1 Region, it needs 3 solution with low latency and high availability.

What should a solutions architect do to accomplish this?

Provision EC2 instances in us-west-1. Switch me Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.

Provision EC2 instances and an Application Load Balancer in us-west-1 Make the load balancer distribute the traffic based on the location of the request

Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.

Provision EC2 Instances and configure an Application Load Balancer in us-wesl-1 Configure Amazon Route 53 with a weighted routing policy. Create alias records in Route 53 that point to the Application Load Balancer

14. A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B

Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS) queue for Microservice B to consume When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.

What should the solutions architect do to meet these requirements?

Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it receives and fails to process the message four times.

Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times.

Create an SQS queue for failed messages Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times.

Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.

15. A solutions architect must analyze and update a company's existing 1AM policies prior to deploying a new workload.

The solutions architect created the following policy:

What is the net effect of this policy?

Users will be allowed all actions except s3 PutObject if multi-factor authentication (MFA) is enabled

Users win be allowed all actions except s3 PutObject if multi-factor authentication (MFA) is not enabled

Users will be denied all actions except s3;PutObject if multi-factor authentication (MFA) is enabled.

Users win be denied all actions except s3:PutObject if multi-factor authentication (MFA) is not enabled.

16. A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company's account. All the needed policies have been created to grant appropriate access.

Which additional component will provide the vendor with the MOST secure access to the account?

Create an IAM user.

Implement a service control policy (SCP)

Use a cross-account role with an external I

Configure a single sign-on (SSO) identity provider.

17. A company wants to improve the availability and performance of its stateless UDP-based workload. The workload is deployed on Amazon EC2 instances in multiple AWS Regions

What should a solutions architect recommend to accomplish this?

Place the EC2 instances behind Network Load Balancers (NLBs) in each Region Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator

Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator Use the ALBs as endpoints for the accelerator

Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs

Place the EC2 instances behind Application Load Balancers (ALBs) in each Region Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.

18. A company is hosting a website behind multiple Application Load Balancers. The company has different

distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.

Which configuration should the solutions architect choose to meet these requirements?

Configure Amazon CloudFront with AWS WA

Configure Application Load Balancers with AWS WA

Configure Amazon Route 53 with a geolocation policy.

Configure Amazon Route 53 with a geoproximity routing policy.

19. A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this"

Create an Amazon Simple Queue Service (Amazon SOS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process. Configure an AWS Lambda function as a subscriber

Create an Amazon Simple Queue Service (Amazon SOS) standard queue to hold messages Set up an AWS Lambda function 😮 process messages from the queue independently

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver
notifications containing payloads to process Configure an Amazon Simple Queue Service
(Amazon SQS) queue as a
subscriber.

20. A company wants to replicate its data to AWS to recover in the event of a disaster. Today, a system administrator has scripts that copy data to a NFS share Individual backup files need to be accessed with low latency by application administrators to deal with errors in

processing.

What should a solutions architect recommend to meet these requirements?

Modify the script to copy data to an Amazon S3 bucket instead of the on-premises NFS share

Modify the script to copy data to an Amazon S3 Glacier Archive instead of the on-premises NFS share

Modify the script to copy data to an Amazon Elastic File System (Amazon EFS) volume instead of the on-premises NFS share.

Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share.

21. A company is building its web application using containers on AWS. The company requires three instances of the web application to run at all times. The application must be able to scale to meet increases in demand. Management is extremely sensitive to cost but agrees that the application should be highly available.

What should a solutions architect recommend?

Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type. Create a task definition for the web application. Create an ECS service with a desired count of three tasks.

Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with three container instances in one Availability Zone. Create a task definition for the web application. Place one task for each container instance.

Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type with one container instance in three different Availability Zones. Create a task definition for the web application. Create an ECS service with a desired count of three tasks.

Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.

22. A company has multiple applications that use Amazon RDS lor MySQL as is database. The company recently discovered that a new custom reporting application has Increased the number of Queries on the database. This is slowing down performance.

How should a solutions architect resolve this issue with the LEAST amount of application changes?

Add a secondary DB instance using Multi-AZ

Set up a road replica ana Multi-AZ on Amazon RD

Set up a standby replica and Multi-AZ on Amazon RDS

Use caching on Amazon RDS to improve the overall performance

23. A company is moving Its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout tie migration.

What should a solutions architect recommend?

Use AWS DataSync tor the initial migration. Use AWS Database Migration Service (AWS DMS] to create a change data capture (CDC) replication task and a table mapping to select all cables.

UseAVVS DataSync for the initial migration. Use AWS Database Migration Service (AWS DMS) to create a full load plus change data capture (CDC) replication task and a table mapping to select ail tables.

Use the AWS Schema Conversion led with AWS DataBase Migration Service (AWS DMS) using a memory optimized replication instance Create a tui load plus change data capture (CDC) replication task and a table mapping lo select all tables.

Use the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimized implication instance Create a full load plus change data capture (CDC) replication task and a table mapping to select the largest tables.

24. A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.

What should the solutions architect do to accomplish this?

Set an overall password policy for the entire AWS account

Set a password policy for each IAM user in the AWS account.

Use third-party vendor software to set password requirements,

Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

25. A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory.

Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory.

Configure Amazon Elastic File System (Amazon EFS) for the users' home directories.
Configure AWS Single Sign-On with Active Directory.

Configure Amazon Elastic Block Store (Amazon EBS) to store the users' home directories Configure AWS Single Sign-On with Active Directory.

26. An online photo application lets users upload photos and perform image editing operations. The application offers two classes of service free and paid Photos submitted by paid users are processed before those submitted by free users Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

Which configuration should a solutions architect recommend?

Use one SQS FIFO queue Assign a higher priority to the paid photos so they are processed first

Use two SQS FIFO queues: one for paid and one for free Set the free queue to use short polling and the paid queue to use long polling

Use two SQS standard queues one for paid and one for free Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.

Use one SQS standard queue. Set the visibility timeout of the paid photos to zero Configure Amazon EC2 instances to prioritize visibility settings so paid photos are processed first

27. A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows.

What should a solutions architect recommend?

Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.

Set up an Amazon EFS file system that connects with the backup applications using the NFS interface

Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface

Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.

28. A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3.

What should a solutions architect do to reduce costs?

Configure a NAT gateway to replace the NAT instances.

Configure a gateway endpoint for traffic destined to Amazon S3.

Configure an interface endpoint for traffic destined to Amazon S3

Configure Amazon CloudFront for the S3 bucket storing the images

29. A three-tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS. and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

Replace the SQS queue with Amazon Kinesis Data Firehose.

Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.

Add an Amazon CloudFront distribution to cache the responses for the web tier.

Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.

30. A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of loT sensors that will send data to AWS in real time A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time

Which solution would be MOST efficient?

Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset Use Amazon Kinesis Data Firehose to save data to Amazon S3

Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment
asset Use Amazon Kinesis Data Firehose to save data to Amazon EBS

Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS

Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3

31. A solutions architect is creating a new Amazon CloudFront distribution for an application Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Configure a CloudFront signed URL

Configure a CloudFront signed cookie.

Configure a CloudFronl field-level encryption profile.

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Pokey

32. A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages

Which solution meets these requirements and is the MOST operationally efficient?

Set up an Amazon EC2 instance running a Redis database Configure both applications to use the instance Store, process, and delete the messages, respectively

Use an Amazon Kinesis data stream to receive the messages from the sender application Integrate the processing application with the Kinesis Client Library (KCL)

Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue. Configure a dead-letter queue to collect the messages that failed to process

Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process Integrate the sender application to write to the SNS topic.

33. A solutions architect is working on optimizing a legacy document management application running on Microsoft a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage by moving on-premises storage to AWS.

What should the solution architect do to meet these requirements?

Set up an AWS Storage Gateway file gateway.

Set up Amazon Elastic File System (Amazon EFS).

Set up AWS Storage Gateway as a volume gateway.

Set up an Amazon Elastic Block Store (Amazon EBS) volume.

34. A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of Its developer accounts. The company has created a central AWS account for streamlining management and audit reviews. An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized

How should a solutions architect meet these requirements?

Configure an AWS Lambda function m each developer account to copy the log files to the central account. Create an IAM role in the central account for the auditor Attach an IAM policy providing read-only permissions to the bucket.

Configure CloudTrail from each developer account to deliver the tog files to an S3 bucket in the central account. Create an IAM user in the central account for the auditor. Attach an IAM policy providing full permissions to the bucket.

Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account Create an IAM role in the central account for the auditor Attach an lA'.l policy providing read-only permissions to the bucket.

Configure an AWS Lambda function in the central account to copy the log files from the S3 bucket in each developer account Create an IAM user in the central account for the auditor Attach an IAM policy providing full permissions to the bucket.

35. A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission-critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement and support the NFS protocol

Which solution meets these requirements?

Create an Amazon EFS file system Configure a mount target in each Availability Zone.
Attach each instance to the appropriate mount target

Create an additional EC2 instance and configure It as a file server Create a security group that allows communication between the Instances and apply that to the additional instance.

Create an Amazon S3 bucket with the appropriate permissions. Create a role in AWS IAM that grants the correct permissions to the S3 bucket. Attach the role to the EC2 Instances that need access to the data

Create an Amazon EBS volume with the appropriate permissions Create a role In AWS IAM that grants the correct permissions to the EBS volume Attach the role to the EC2 instances that need access to the data

36. A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability. The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone are not accessible.

The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests pet second. The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set lo 100%.

Which configuration of tasks and Availability Zones meets these requirements?

Deploy the application across two Availability Zones, with one task in each Availability Zone

Deploy the application across two Availability Zones, with two tasks in each Availability Zone.

Deploy the application across three Availability Zones, with one task in each Availability Zone.

Deploy the application across three Availability Zones, with two tasks in each Availability Zone.

37. A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named Company Confidential. the cloud engineer must be able to read from and write to an S3 bucket called AdminTools.

Which IAM policy will meet these requirements?

Option A

Option B

Option C

Option D

38. A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks.

What should a solutions architect recommend?

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Configure the EC2 instance iptables rules to drop suspicious web traffic Create a security group for the DB instances Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Move DB instances to the same subnets that EC2 instances are located in. Create a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the individual EC2 instances

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Create a security group for the web application servers and a security group for the DB instances. Configure the RDS security group to only allow port 3306 inbound from the web application server security group.

Ensure the EC2 instances are part of an Auto Scaling group and are behind an Application Load Balancer. Use AWS WAF to monitor inbound web traffic for threats Configure the Auto Scaling group lo automatically create new DB instances under heavy traffic Create a security group for the RDS DB instances. Configure the RDS security group to only allow port 3306 inbound

39. A company is planning on deploying a newly built application on AWS in a default VPC. The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnets. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.

The following are the key requirements:

•. The web servers must be accessible only to users on an SSL connection.

•. The database should be accessible to the web layer, which is created in a public subnet only.

• All traffic to and from the IP range 182.20.0.0/16 subnet should be blocked.

Which combination of steps meets these requirements? (Select TWO.)

Create a database server security group with inbound and outbound rules for MySQL port 3306 traffic to and from anywhere (0 0.0.0/0)

Create a database server security group with an inbound rule for MySQL port 3306 and specify the source as a web server security group.

Create a web server security group with an inbound allow rule for HTTPS port 443 traffic from anywhere (0.0.0.0/0) and an inbound deny rule for IP range 182.20.0 0/16.

Create a web server security group with an inbound rule for HTTPS port 443 traffic from anywhere (0.0 0 0/0) Create network ACL inbound and outbound deny rules for IP range 182 20.00/16

Create a web server security group with inbound and outbound rules for HTTPS port 443 traffic to and from anywhere (0.0.0.0/0). Create a network ACL inbound deny rule for IP range 182.20.0.0/16.

40. A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred After the migration ts complete this company and its parent company will Doth require secure network connectivity with consistent throughput from their data centers to the applications. A solutions architect must ensure one-time data migration and ongoing network connectivity.

Which solution will meet these requirements?

AWS Direct Connect for both the initial transfer and ongoing connectivity.

AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.

AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.

AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.

41. A solutions architect is creating an application that will handle batch processing of large amounts of data. The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances.

What should the solutions architect do to reduce the overall data transfer costs?

Place all the EC2 instances in an Auto Scaling group.

Place all the EC2 instances in the same AWS Region.

Place all the EC2 instances in the same Availability Zone.

Place all the EC2 instances in private subnets in multiple Availability Zones.

42. A company has an on-premises application that collects data and stores it to an on-premises NFS server. The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of storage capacity on premises. The company needs to migrate the application data from on premises to the AWS Cloud while maintaining low-latency access to the data from the on-premises application.

What should a solutions architect do to meet these requirements?

Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NF

Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system. Then connect the on-premises application to Amazon EF

Configure AWS Storage Gateway as a volume gateway. Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots.

Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application
data transfer. Connect the on-premises application to the EFS file system.

43. A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.

Which solution will meet these requirements?

Amazon DynamoDB

Amazon RDS for MySQL

MySQL-compatible Amazon Aurora Serverless

MySQL deployed on Amazon EC2 in an Auto Scaling group

44. A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on this data at the end of each month to determine the number of items sold in each sales region for the previous month.

Which analytics strategy is MOST cost-effective for the company to use?

Create an Amazon Elasticsearch Service (Amazon ES) cluster. Query the data in Amazon E

Visualize the data by using Kibana.

Create a table in the AWS Glue Data Catalog. Query the data in Amazon S3 by using Amazon Athena. Visualize the data in Amazon QuickSight

Create an Amazon EMR cluster Query the data by using Amazon EMR, and store the results in Amazon S3 Visualize the data in Amazon QuickSight.

Create an Amazon Redshift cluster. Query the data in Amazon Redshift, and upload the results to Amazon S3. Visualize the data in Amazon QuickSight.

45. A Solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users. During startup, the models need to load up to 10 GB of data from Amazon S3 into memory, but they do not need disk access. Most of the models are used sporadically, but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost-effective?

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model.

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with path-based routing where one path corresponds to each model.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model.

46. A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled. For compliance reasons, older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.

What should the solutions architect recommend to meet these requirements at the LOWEST cost?

Use S3 batch operations to replace object tags. Expire the objects based on the modified tags

Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years

Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing.

Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects In the new bucket after 2 years

47. A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessedless frequently. The solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability.

Which scalable solutions should the solutions architect recommend? (Choose two.)

Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier.

Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard-Infrequent Access (S3 Standard-IA)

Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects
older than 2 years to EFS Infrequent Access (EFS IA).

Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.

Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes.
Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.

48. A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services. Transactions are dropped when one tier becomes overloaded A solutions architect must design a solution that resolves these issues and modernizes the application.

Which solution meets these requirements and is the MOST operationally efficient?

Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services.

Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures Increase the size of the application server's Amazon EC2 instances to meet the peak requirements.

Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required

Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected

49. A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solution architect use to meet these requirements?

Create a security group far the web servers and allow port 443 from 0.0.0.070. Create a security group tor the MySQL serve's aid allow port 3306 from the web servers security group.

Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group

Create a security group for the web servers and allow port 443 from the load balancer. Create a security group tor the MySQL servers and allow port 3306 from the web sewers security group

Create a network ACL for the web servers and allow port 443 from the web balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

50. A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.

Which database solution meets these requirements?

Amazon Aurora PostgreSQL

Amazon DynamoDB with on-demand enabled

Amazon DynamoDB with DynamoDB Streams enabled

Amazon SQS and Amazon Aurora PostgreSQL

51. A company has a custom application running on an Amazon EC2 instance that:

• Reads a large amount of data from Amazon S3

• Performs a multi-stage analysis.

• Writes the results to Amazon DynamoDB.

The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance.

What would be the fastest storage option for holding the temporary files?

Multiple Amazon S3 buckets with Transfer Acceleration for storage

Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.

Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol.

Multiple instance store volumes with software RAID 0.

52. A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.

What should a solutions architect use to accomplish this?

Server-Side Encryption with keys stored in an S3 bucket

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

53. A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application

What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?

Use DynamoDB transactions to write new event data to the table Configure the transactions to notify internal teams.

Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team subscribe to one topic.

Enable Amazon DynamoDB Streams on the table Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic to which the teams can subscribe

Add a custom attribute to each record to flag new items Write a cron job that scans the table every minute for items that are new and notifies an Amazon Simple Queue Service (Amazon SQS) queue to which the teams can subscribe

54. A solutions architect must design a solution for a persistent database that is being migrated from on-premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.

Which solution effectively meets the database administrator's criteria?

Use an instance from the 13 I/O optimized family and leverage local ephemeral storage
to achieve the IOPS requirement.

Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOP

Create and map an Amazon Elastic File System (Amazon EFS) volume to the database instance and use the volume to achieve the required IOPS for the database.

Provision two volumes and assign 32,000 IOPS to each. Create a logical volume at the operating system level that aggregates both volumes to achieve the IOPS requirements.

55. A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP-based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UOP-based workload hosted on premises.

Which combination of actions should a solutions architect take to improve availability and performance? (Select TWO.)

Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.

Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers

Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints. and the second will route to the on-premises endpoints.

Configure a Network Load Balancer in each Region to address the EC2 endpoints Configure a Network Load Balancer in each Region that routes to the on-premises endpoints

Configure a Network Load Balancer in each Region to address the EC2 endpoints Configure an Application Load Balancer in each Region that routes to the on-premises endpoints

56. A company has an ecommerce application that stores data in an on-premises SQL database. The company has decided to migrate this database to AWS. However as part of the migration, the company wants to find a way to attain sub-millisecond responses to common read requests.

A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable

What should the solutions architect recommend?

Build Amazon RDS read replicas.

Build the database as a larger instance type.

Build a database cache using Amazon ElastiCache

Build a database cache using Amazon Elasticsearch Service (Amazon ES)

57. A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) This architecture is currently running in the us-west-l Region but is exhibiting high request latency for users located in other parts of the world

The website needs to serve requests quickly and efficiently regardless of a user's location However, the company does not want to recreate the existing architecture across multiple Regions.

How should a solutions architect accomplish this?

Replace the existing architecture with a website served from an Amazon S3 bucket. Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header

Set up Amazon API Gateway with the ALB as an integration. Configure API Gateway to use an HTTP integration type Set up an API Gateway stage to enable the API cache

Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region Put all the instances plus the ALB behind an Amazon Route 53 record set with a geolocation routing policy

58. A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size. Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the

statements

What is the MOST cost-effective storage solution for this situation?

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.

Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.

Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days.

Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

59. A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

AWS Key Management Service (AWS KMS) )

VPC endpoint

Private subnet

Virtual private gateway

60. A company hosts an application on an Amazon EC2 instance that requires a maximum of 200 GB storage space. The application is used infrequently, with peaks during mornings and evenings. Disk I/O varies, but peaks at 3,000 IOPS. The chief financial officer of the company is concerned about costs and has asked a solutions architect to recommend the most cost-effective storage option that does not sacrifice performance.

Which solution should the solutions architect recommend?

Amazon EBS Cold HDD (sc1)

Amazon EBS General Purpose SSD (gp2)

Amazon EBS Provisioned IOPS SSD (io1)

Amazon EBS Throughput Optimized HDD (st1)

61. A company receives data from millions of users totaling about 1 TB each flay. The company provides its use's with usage reports gang back 12 months Al usage data must be stored tor at least 5 years to comply with regulatory and auditing requirements

Which storage solution is MOST cost-effective?

Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data lo S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.

Store. The data in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA). Set a lifecycle rule to transition the data to S3 Glacier after t year Set the lifecycle rule to delete the data after 5 years.

Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3 Standard-infrequent Access (S3 Standard-IA) after i year Sol a lifecycle rule to delete the data after 5 years.

Store the data in Amazon S3 Standard Set a lifecycle -rule to transition the data to S3
One Zone-infrequent Access (S3 One Zone-IA) after 1 year, Set a Lifecycle rule to delete
the data after 5
years.

62. A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company s HPC workloads run on Linux Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is short-lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long-term future use

The company seeks a cloud storage solution that permits the copying of on premises data to long-term persistent storage to make data available for processing by all EC2 instances. The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files.

Which combination of AWS services meets these requirements?

Amazon FSx for Lustre integrated with Amazon S3

Amazon FSx for Windows File Server integrated with Amazon S3

Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)

Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume

63. A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in me public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devise a strategy that maximizes security without increasing operational overhead.

What should the solutions architect do to meet these requirements?

Deploy a NAT instance in the VP

Route all the internet-based traffic through the NAT instance.

Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway.

Configure an internet gateway and attach it to the VP

Modify the private subnet route table to direct internet-bound traffic to the internet gateway.

Configure a virtual private gateway and attach it to the VP

Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

64. A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CioudFront. The company has users in the United States. Canada, and Europe and wants to reduce costs.

What should a solutions architect recommend?

Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe.

Implement CloudFront events with [email protected] to run the website's data processing.

Modify the CloudFront price class to include only the locations of the countries that are
served.

Implement a CloudFront Secure Sockets Layer (SSL) certificate to push security closer to the locations of the countries that are served.

65. A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store (Amazon EBS). The instance needs to be available for 12 hours daily. The company wants to save costs by making the instance unavailable outside the window required for the application However the contents of the instance's memory must be preserved whenever the instance is unavailable

What should a solutions architect do lo meet this requirement?

Stop the instance outside the application's availability window. Start up the Instance again when required.

Hibernate tie instance outside the application's availability window. Start up the instance again when required.

Use Auto Scaling to scale down the instance outside the application's availability window. Scale up the instance when required.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

66. A solutions architect is designing an architecture to run a third-party database server. The database software Is memory intensive and has a CPU-based licensing model where the cost Increases with the number of vCPU cores within the operating system. The solutions architect must select an Amazon EC2 instance with sufficient memory to run the database software, but the selected instance has a large number of vCPUs. The solutions architect must ensure that the vCPUs will not be underutilized and must minimize costs.

Which solution meets these requirements?

Select and launch a smaller EC2 instance with an appropriate number of vCPUs.

Configure the CPU cores and threads on the selected EC2 instance during instance
launch

Create a new EC2 instance and ensure multithreading is enabled when configuring the instance details.

Create a new Capacity Reservation and select the appropriate instance type Launch the instance into this new Capacity Reservation

67. A company is creating a three-tier web application consisting of a web server, an application server, and a database server. The application will track GPS coordinates of packages as they are being delivered. The application will update the database every 0-5 seconds.

The tracking will need to read a fast as possible for users to check the status of their packages. Only a few packages might be tracked on some days, whereas millions of package might be tracked on other days. Tracking will need to be searchable by tracking ID customer ID and order ID Order than 1 month no longer read to be tracked.

What should a solution architect recommend to accomplish this with minimal cost of ownership?

Use Amazon DynamoDB Enable Auto Scaling on the DynamoDB table. Schedule an automatic deletion script for items older than 1 month.

Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.

Use an Amazon RDS On-Demand instance with Provisioned IOPS (PIOPS). Enable Amazon CloudWatch alarms to send notifications when PIOPS are exceeded. Increase and decrease PIOPS as needed.

Use a Amazon RDS Reserved Instance with Provisioned IOPS (PIOPS). Enable Amazon CloudWatch alarms to send notification when PIOPS are exceeded. Increase and decrease PIOPS as needed.

68. A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions

should be configured using the principle of least privilege.

Which solution will meet these requirements?

Add an execution role to the function with lambda;lnvokeFunction as the action and * as the principal.

Add an execution rote to the function with lambda;lnvokeFunction as the action and Service: eventsamazonaws.com as the principal.

Add a resource-based policy to the function with lambda;' as the action and Service:
events.amazonaws.com as the principal.

Add a resource-based policy to the function with lambda;InvokeFunction as the action and Service: events.amazonaws.com as the principal.

69. A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content A solutions architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

Store the configuration file in Amazon S3. Grant the application access to read the configuration file.

Create an IAM role with permission to access the database Attach this IAM role to the EC2 instance.

Enable SSL connections on the database instance. Alter the database user to require SSL when logging in.

Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AM

70. A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area

network (SAN) in an on-premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-lime analytics. A secure transfer is important because the data is considered sensitive.

Which solution offers the MOST reliable data transfer?

AWS DataSync over public internet

AWS DataSync over AWS Direct Connect

AWS Database Migration Service (AWS DMS) over public internet

AWS Database Migration Service (AWS DMS) over AWS Direct Connect

71. A company has an application that uses Amazon Elastic File System (Amazon EFS) to store data. The files are 1 GB in size or larger and are accessed often only tor the first few days after creation. The application data is shared across a cluster of Linux servers. The company wants to reduce storage costs tor the application

What should a solutions architect do to meet these requirements?

Implement Amazon FSx and mount the network drive on each server.

Move the fees from Amazon EFS and store them locally on each Amazon EC2 instance.

Configure a Lifecycle policy to move the files to the EFS Infrequent Access (IA) swage class after 7 days,

Move the files to Amazon S3 with S3 lifecycle policies enabled. Rewrite the application to support mounting the S3 bucket.

72. A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed

What should the solutions architect recommend?

Launch an Amazon EC2 instance in us-east-1 and migrate the site to it

Move the website to Amazon S3 Use cross-Region replication between Regions.

Use Amazon CloudFront with a custom origin pointing to the on-premises servers

Use an Amazon Route 53 geoproximity routing policy pointing to on-premises servers

73. A company is hosting an election reporting website on AWS for users around the world. The website uses Amazon EC2 Instances for the web and application tiers in an Auto Scaling group with Application Load Balancers. The database tier uses an Amazon RDS for MySQL database. The website is updated with election results once an hour and has historically observed hundreds of users accessing the reports

The company Is expecting a significant increase In demand because of upcoming elections in different countries. A solutions architect must Improve. The website's ability to handle additional demand while minimizing the need for additional EC2 instances

Which solution will meet these requirements?

Launch an Amazon ElastiCache cluster to cache common database queries.

Launch an Amazon CloudFront web distribution to cache commonly requested website content

Enable disk-based caching on the EC2 instances to cache commonly requested website content

Deploy a reverse proxy into the design using an EC2 instance with caching enabled for commonly requested website content

74. A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.

What should a solutions architect do to protect against data loss? (Select TWO.)

Enable versioning on the S3 bucket

Enable access logging on the S3 bucket

Enable server-side encryption on the S3 bucket.

Configure an S3 Lifecycle rule to transition objects to Amazon S3 Glacier.

Use MFA Delete to require multi-factor authentication to delete an object

75. A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.

Which pricing model should the company choose?

Reserved Instances

Spot Block Instances

On-Demand Instances

Scheduled Reserved Instances

76. A solution architect needs to design a highly available application consisting of web, application, and database tiers, HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances m public subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

Amazon EC2 instances in private subnets Configure Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin.

Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

77. A company requires a durable backup storage solution for its on-premises database servers while ensuring on-premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups A solutions architect is designing a solution with minimal operational overhead

Which solution should the solutions architect implement?

Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket

Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 AP

Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance.

Back up the database directly to an AWS Snowball device and use lifecycle rules to move the data to Amazon S3 Glacier Deep Archive.

78. A solutions architect is designing a customer-facing application. The application is expected to have a variable amount of reads and writes depending on the time of year and clearly defined access patterns throughout the year. Management requires that database auditing and scaling be managed in the AWS Cloud. The Recovery Point Objective (RPO) must be less than 5 hours.

Which solutions can accomplish this? (Select TWO.)

Use Amazon DynamoDB with auto scaling. Use on-demand backups and AWS CloudTrail.

Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon
DynamoDB Streams.

Use Amazon Redshift Configure concurrency scaling. Enable audit logging. Perform database snapshots every 4 hours.

Use Amazon RDS with Provisioned IOP

Enable the database auditing parameter.
Perform database snapshots every 5 hours.

Use Amazon RDS with auto scaling. Enable the database auditing parameter. Configure the backup retention period to at least 1 day.

79. A company is Re-architecting a strongly coupled application to be loosely coupled Previously the application used a request/response pattern to communicate between tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to achieve decoupling requirements. The initial design contains one queue for requests and one for responses However, this approach is not processing all the messages as the application scales.

What should a solutions architect do to resolve this issue?

Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.

Configure a FIFO queue, and use the message deduplication ID and message group I

Create a temporary queue, with the Temporary Queue Client to receive each response message.

Create a queue for each request and response on startup for each producer, and use a correlation ID message attribute.

80. A company has media and application files that need to be shared internally. Users currently are authenticated using Active Directory and access files from a Microsoft Windows platform. The chief execute officer wants to keep the same user permissions, but wants the company to improve the process as the company is reaching its storage capacity limit.

What should a solutions architect recommend?

Set up a corporate Amazon S3 bucket and move and media and application files.

Configure Amazon FSx for Windows File Server and move all the media and application
files.

Configure Amazon Elastic File System (Amazon EFS) and move all media and application files.

Set up Amazon EC2 on Windows, attach multiple Amazon Elastic Block Store (Amazon EBS) volumes and, and move all media and application files.

81. A company has an application with a REST-based Interface that allows data to be received in near-real time from a third-party vendor Once received, the application processes and stores the data for further analysis. The application Is running on Amazon EC2 instances.

The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application. When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.

Which design should a solutions architect recommend to provide a more scalable solution?

Use Amazon Kinesis Data Streams to ingest the data Process the data using AWS Lambda functions.

Use Amazon API Gateway on top of the existing application. Create a usage plan with a quota Iimit for the third-party vendor.

Use Amazon Simple Notification Service (Amazon SNS) to ingest the data Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.

Repackage the application as a container. Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.

82. A solutions architect is creating a data processing job that runs once daily and can take up to 2 hours to complete If the job is interrupted, it has to restart from the beginning

How should the solutions architect address this issue in the MOST cost-effective manner?

Create a script that runs locally on an Amazon EC2 Reserved Instance that is triggered by a cron job.

Create an AWS Lambda function triggered by an Amazon EventBridge (Amazon CloudWatch Events} scheduled event

Use an Amazon Elastic Container Service (Amazon ECS) Fargate task triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.

Use an Amazon Elastic Container Service (Amazon ECS) task running on Amazon EC2 triggered by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event.

83. A company recently released a new type of internet-connected sensor. The company is expecting lo sell thousands of sensors, which are designed to stream high volumes of data each second to a central location. A solutions architect must design a solution that ingests and stores data so that engineering teams can analyze it in near-real time with millisecond responsiveness.

Which solution should the solutions architect recommend?

Use an Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift.

Use an Amazon SOS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoD

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift.

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoD

84. A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content. This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

Change the EBS volume to Provisioned IOPS (PIOPS).

Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.

Split the video into multiple, smaller segments so users are routed to the requested video segments only.

Clear an Amazon S3 bucket in each Region and upload the videos so users are routed to the nearest S3 bucket.

85. A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet

What should a solutions architect do to accomplish this goal?

Create a peering VPC connection from each user's VPC to the software vendor s VP

Deploy a transit VPC in the software vendor's AWS account. Create a VPN connection with each user account

Connect the service in the VPC with an AWS PrivateLink endpoint. Have users subscribe to the endpoint.

Deploy a transit VPC in the software vendor's AWS account. Create an AWS Direct Connect connection with each user account.

86. A company wants to move its on-premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.

Which solution meets these requirements and is MOST cost-effective?

Create an Amazon Elastic Block Store (Amazon EBS) snapshot containing the data.
Share it with users within the VP

Create an Amazon S3 bucket that has a lifecycle policy set to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after the appropriate number of days.

Create an Amazon Elastic File System (Amazon EFS) file system within the VP

Set the throughput mode to Provisioned and to the required amount of IOPS to support concurrent usage.

Create an Amazon Elastic File System (Amazon EFS) file system within the VP

Set the lifecycle policy to transition the data to £FS Infrequent Access (EFS IA) after the appropriate number of days.

87. A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.

What should the solutions architect do to ensure that the architecture supports distributed session data management?

Use Amazon ElastiCache to manage and store session data

Use session affinity (sticky sessions) of the ALB to manage session data.

Use Session Manager from AWS Systems Manager to manage the session

Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session

88. A company is planning to migrate a commercial off-the-shelf application from its on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.

Which Amazon EC2 pricing option is the MOST cost-effective?

Dedicated Reserved Hosts

Dedicated On-Demand Hosts

Dedicated Reserved Instances

Dedicated On-Demand Instances

89. A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region it runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs) A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.

Which solution meets these requirements?

Configure an accelerator in AWS Global Accelerator Add a listener for the port that the application listens on. and attach it to a Regional endpoint in each Region Add the ALB as the endpoint

Create an Amazon CloudFront distribution and specify the ALB as the origin server. Configure the cache behavior to use origin cache headers Use AWS Lambda functions to optimize the traffic

Create an Amazon CloudFront distribution and specify Amazon S3 as the origin server. Configure the cache behavior to use origin cache headers. Use AWS Lambda functions to optimize the traffic

Configure an Amazon DynamoDB database to serve as the data store for the application Create a DynamoDB Accelerator (DAX) cluster to act as the in-memory cache for DynamoDB hosting the application data.

90. An ecommerce company has noticed performance degradation of its Amazon RDS based web application. The performance degradation is attribute to an increase in the number of read-only SQL queries triggered by business analysts. A solution architect needs to solve the problem with minimal changes to the existing web application.

What should the solution architect recommend?

Export the data to Amazon DynamoDB and have the business analysts run their queries.

Load the data into Amazon ElasticCache and have the business analysts run their queries.

Create a read replica of the primary database and have the business analysts run their queries.

Copy the data into an Amazon Redshift cluster and have the business analysts run their queries.

91. A company hosts its multi-tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes

What should the solutions architect do to meet this requirement?

Send Amazon CloudWatch logs to Amazon Redshift Use Amazon QuickSight to perform further analysis

Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to perform further analysis

Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs Use Amazon CloudWatch metrics to perform further analysis

Send EC2 logs to Amazon S3 Use Amazon Redshift to fetch logs from the S3 bucket to process raw data for further analysis with Amazon QuickSight.

92. A solution architect is designing a hybrid application using the AWS cloud. The network between the on-premises data center and AWS will use an AWS Direct Connect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.

Which DX configuration should be implemented to meet these requirements?

Configure a DX connection with a VPN on top of it.

Configure DX connections at multiple DX locations.

Configure a DX connection using the most reliable DX partner.

Configure multiple virtual interfaces on top of a DX connection.

93. A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3.

What should a solution architect recommend to satisfy these requirements?

Server-side encryption with customer-provided encryption keys

Client-side encryption with Amazon S3 managed encryption keys

Server-side encryption with keys stored in AWS key Management Service (AWS KMS)

Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)

94. A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

Add a second ActiveMQ server to another Availability Zone Add an additional consumer EC2 instance in another Availability Zone Replicate the MySQL database to another Availability Zone.

Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone

Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon RDS for MySQL with Multi-AZ enabled

Use Amazon MQ with active/standby brokers configured across two Availability Zones Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones Use
Amazon RDS for MySQL with Multi-AZ enabled.

95. A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at rest

Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure"

Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume

Deploy AWS CloudHS

generate encryption keys, and use the customer master key (CMK) to encrypt database volumes.

Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes

Configure Amazon Elastic Block Store {Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.

96. A company Is seeing access requests by some suspicious IP addresses. The security team discovers the requests are horn different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.

Add a rule In the outbound table of the security group to deny the traffic from that CIDR range

Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.

Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.

97. A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized.

Which database solution should the solutions architect recommend?

Amazon Aurora

Amazon DynamoDB

Amazon RDS

Amazon Redshift

98. A company hosts its core network services, including directory services and DNS. in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network services

What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

Create a DX connection in each new account Route the network traffic to the on-premises servers

Configure VPC endpoints in the DX VPC for all required services Route the network traffic to the on-premises servers.

Create a VPN connection between each new account and the DX VPC, Route the network traffic to the on-premises servers

Configure AWS Transit Gateway between the accounts Assign DX to the transit gateway and route network traffic to the on-premises servers

99. A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

Mount Amazon S3 as a file system to the on-premises servers.

Deploy an AWS Storage Gateway file gateway to replace NFS storage

Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.

Deploy an AWS Storage Gateway volume gateway to replace the block storage.

Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.

100. A company has developed a microservices application It uses a client-facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests. The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.

Which solution meets these requirements?

Use AWS Auto Scaling to scale up internal services when there is a surge m traffic.

Use different Availability Zones to host internal services Send a notification to a system administrator when an internal service becomes unresponsive

Use an Elastic Load Balancer to distribute the traffic between internal services Configure Amazon CloudWatch metrics to monitor traffic to internal services

Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive Change the internal services to retrieve the requests from the queue for processing

101. A company wants a storage option that enables its data science team to analyze its data on premises and in the AWS Cloud. The team needs to be able to run statistical analyses by using the data on premises and by using a fleet of Amazon EC2 instances across multiple Availability Zones.

What should a solutions architect do to meet these requirements?

Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3.

Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3.

Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS).

Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers. Copy the files to Amazon EF

102. A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development process

What should a solutions architect do to meet these requirements?

Use Amazon Macie to automatically discover, classify and protect the EC2 instances

Use Amazon GuardDuty to publish Amazon Simple Notification Service (Amazon SNS) notifications.

Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications

Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in the status of AWS Trusted Advisor checks

103. A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily, but have been complaining of timeouts. The

architecture uses Amazon EC2 Auto Seating groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests

How should a solutions architect redesign the architecture to better respond to changing traffic?

Configure a Network Load Balancer with a slow start configuration.

Configure AWS ElastiCache for Redis to offload direct requests to the servers

Configure an Auto Scaling step scaling policy with an instance warmup condition.

Configure Amazon CloudFront to use an Application Load Balancer as the origin.

104. A company runs a web service on Amazon CC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across two Availability zones I he company needs a minimum of tour instances at all limes to meet the required service level agreement (SLA) while keeping costs low

If an Availability Zone tails, how can the company remain compliant with the SLA?

Add a target tracking scaling policy with a short cooldown period

Change the Auto Scaling group launch configuration to use a larger instance type

Change the Auto Scaling group to use six servers across three Availability Zones

Change the Auto Scaling group to use eight servers across two Availability Zones

105. A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.

Which combination of steps will meet these requirements? (Select TWO.)

Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.

Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.

Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.

Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.

Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.

106. The following IAM policy is attached to an IAM group. This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after. The Allow permission are not applied

Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multi-factor authentication (MFA).

Group members are allowed the ec2:StopInstances and ec2:Terminatelnstances permissions for all Regions when logged in with multi-factor authentication (MFA). Group members authorized any other Amazon EC2 action.

Group members are allowed the ec2:Stoplnstances and ec2:Terminatelnstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA). Groups are permitted any other Amazon EC2 action within the us-east-1 Region

107. A company hosts historical weather records in Amazon S3. The records are downloaded from the company's website by way of a URL that resolves to a domain name. Users all over the world access this content through subscriptions A third-party provider hosts the company's root domain name, but the company recently migrated some of its services to Amazon Route 53. The company wants to consolidate contracts, reduce latency for users, and reduce costs related to serving the application to

subscribers.

Which solution meets these requirements?

Create a web distribution on Amazon CloudFront to serve the S3 content for the application Create a CNAME record in a Route 53 hosted zone that points to the CloudFront distribution resolving to the application's URL domain name.

Create a web distribution on Amazon CloudFront to serve the S3 content for the
application Create an ALIAS record in the Amazon Route 53 hosted zone that
points to the CloudFront distribution, resolving to the application's URL domain name

Create an A record in a Route 53 hosted zone for the application Create a Route 53
traffic policy for the web application, and configure a geolocation rule. Configure health
checks to check (he health of the endpoint and route DNS queries to other endpoints if an
endpoint is unhealthy

Create an A record in a Route 53 hosted zone tor the application. Create a Route 53 traffic policy for the web application, and configure a geoproximity rule. Configure health checks to check the health of the endpoint and route DNS queries to other endpoints if an endpoint is unhealthy.

108. A company's web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

Configure the security group for the EC2 instances.

Configure the security group on the Application Load Balancer.

Configure AWS WAF on the Application Load Balancer in a VP

Configure the network ACL for the subnet that contains the EC2 instances.

109. A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit. The company has low network bandwidth in place between AWS and its on-premises data center

What should the solutions architect do to meet these requirements?

Deploy AWS Migration Hub with 90-day replication windows for data transfer.

Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data

Deploy Amazon Elastic File System (Amazon EFS), with lifecycle policies enabled, on AW

Use it to transfer the data

Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS Snowball console

110. A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.

What should the company do to guarantee the EC2 capacity?

Purchase Reserved Instances that specify the Region needed.

Create an On-Demand Capacity Reservation that specifies the Region needed.

Purchase Reserved Instances that specify the Region and three Availability Zones needed.

Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.

111. A company is. moving its on-premises applications to Amazon EC2 instances. However as a result of fluctuating compute requirements, the EC2 instances must always be ready to use between 8 AM and 5 PM in specific Availability Zones.

Which EC2 instances should the company choose to run the applications?

Scheduled Reserved I Instances

On-Demand Instances

Spot Instances as part of a Spot Fleet

EC2 instances in an Auto Scaling group

112. Topic 1, Main Pool A

A solutions architect is creating an application that will handle batch processing of large amounts of data. The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances.

What should the solutions architect do to reduce the overall data transfer costs?

Place all the EC2 instances in an Auto Scaling group.

Place all the EC2 instances in the same AWS Region.

Place all the EC2 instances in the same Availability Zone.

Place all the EC2 instances in private subnets in multiple Availability Zones.

113. A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company's account. All the needed policies have been created to grant appropriate access.

Which additional component will provide the vendor with the MOST secure access to the account?

Create an IAM user.

Implement a service control policy (SCP)

Use a cross-account role with an external I

Configure a single sign-on (SSO) identity provider.

114. A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on-premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-lime analytics. A secure transfer is important because the data is considered sensitive.

Which solution offers the MOST reliable data transfer?

AWS DataSync over public internet

AWS DataSync over AWS Direct Connect

AWS Database Migration Service (AWS DMS) over public internet

AWS Database Migration Service (AWS DMS) over AWS Direct Connect

115. A company has an application that ingests incoming messages. These messages are then quickly consumed by dozens of other applications and microservices. The number of messages varies drastically and sometimes spikes as high as 100.000 each second. The company wants to decouple the solution and increase scalability

Which solution meets these requirements?

Persist the messages to Amazon Kinesis Data Analytics All the applications will read and process the messages

Deploy the application on Amazon EC2 instances in an Auto Scaling group, which scales the number of EC2 instances based on CPU metrics

Write the messages to Amazon Kinesis Data Streams with a single shard. All applications will read from the stream and process the messages.

Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with one or more Amazon Simple Queue Service (Amazon SQS) subscriptions. All applications then process the messages from the queues

116. A solution architect is designing a hybrid application using the AWS cloud. The network between the on-premises data center and AWS will use an AWS Direct Connect (DX) connection. The application connectivity between AWS and the on-premises data center must be highly resilient.

Which DX configuration should be implemented to meet these requirements?

Configure a DX connection with a VPN on top of it.

Configure DX connections at multiple DX locations.

Configure a DX connection using the most reliable DX partner.

Configure multiple virtual interfaces on top of a DX connection.

117. A company requires a durable backup storage solution for its on-premises database servers while ensuring on-premises applications maintain access to these backups for quick recovery. The company will use AWS storage services as the destination for these backups A solutions architect is designing a solution with minimal operational overhead

Which solution should the solutions architect implement?

Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket

Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 AP

Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance.

Back up the database directly to an AWS Snowball device and use lifecycle rules to move the data to Amazon S3 Glacier Deep Archive.

118. A company is hosting a website behind multiple Application Load Balancers. The company has different

distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.

Which configuration should the solutions architect choose to meet these requirements?

Configure Amazon CloudFront with AWS WA

Configure Application Load Balancers with AWS WA

Configure Amazon Route 53 with a geolocation policy.

Configure Amazon Route 53 with a geoproximity routing policy.

119. A company is. moving its on-premises applications to Amazon EC2 instances. However as a result of fluctuating compute requirements, the EC2 instances must always be ready to use between 8 AM and 5 PM in specific Availability Zones.

Which EC2 instances should the company choose to run the applications?

Scheduled Reserved I Instances

On-Demand Instances

Spot Instances as part of a Spot Fleet

EC2 instances in an Auto Scaling group

120. A solutions architect is designing an architecture to run a third-party database server. The database software Is memory intensive and has a CPU-based licensing model where the cost Increases with the number of vCPU cores within the operating system. The solutions architect must select an Amazon EC2 instance with sufficient memory to run the database software, but the selected instance has a large number of vCPUs. The solutions architect must ensure that the vCPUs will not be underutilized and must minimize costs.

Which solution meets these requirements?

Select and launch a smaller EC2 instance with an appropriate number of vCPUs.

Configure the CPU cores and threads on the selected EC2 instance during instance launch

Create a new EC2 instance and ensure multithreading is enabled when configuring the instance details.

Create a new Capacity Reservation and select the appropriate instance type Launch the instance into this new Capacity Reservation

121. A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet. The web application instances and the database are running in a single Availability Zone (AZ).

Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

Create new public and private subnets in the same AZ for high availability

Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs

Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer

Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ

Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment.

122. A company hosts an application on an Amazon EC2 instance that requires a maximum of 200 GB storage space. The application is used infrequently, with peaks during mornings and evenings. Disk I/O varies, but peaks at 3,000 IOPS. The chief financial officer of the company is concerned about costs and has asked a solutions architect to recommend the most cost-effective storage option that does not sacrifice performance.

Which solution should the solutions architect recommend?

Amazon EBS Cold HDD (sc1)

Amazon EBS General Purpose SSD (gp2)

Amazon EBS Provisioned IOPS SSD (io1)

Amazon EBS Throughput Optimized HDD (st1)

123. A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long-running requests use many of the available incoming connections, making the system unresponsive to other users

How can a solutions architect make the system more responsive?

Use Amazon SOS with AWS Lambda to generate reports

Increase the Idle timeout on the Application Load Balancer to 5 minutes.

Update the client-side application code to increase its request timeout to 5 minutes.

Publish the reports to Amazon S3 and use Amazon CloudFront for downloading lo the user.

124. A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store (Amazon EBS). The instance needs to be available for 12 hours daily. The company wants to save costs by making the instance unavailable outside the window required for the application However the contents of the instance's memory must be preserved whenever the instance is unavailable

What should a solutions architect do lo meet this requirement?

Stop the instance outside the application's availability window. Start up the Instance again when required.

Hibernate tie instance outside the application's availability window. Start up the instance again when required.

Use Auto Scaling to scale down the instance outside the application's availability window. Scale up the instance when required.

Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required

125. The financial application at a company stores monthly reports in an Amazon S3 bucket. The vice president of finance has mandated that all access to these reports be logged and that any modifications to the log files be detected

Which actions can a solutions architect take to meet these requirements?

Use S3 server access logging on the bucket that houses the reports with the read and write data events and log file validation options enabled.

Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled

Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports Log these events to a new bucket, and enable log file validation

Use AWS CloudTrail to create a new trail. Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.

126. A company is running a three-tier web application to process credit card payments. The front-end user interface consists of static webpages. The application tier can have long-running processes. The database tier uses MySQL.

The application is currently running on a single, general purpose large Amazon EC2 instance A solutions architect needs to decouple the services to make the web application highly available.

Which solution would provide the HIGHEST availability?

Move static assets to Amazon CloudFront Leave the application in EC2 in an Auto Scaling group. Move the database to Amazon RDS to deploy Multi-A

Move static assets and the application into a medium EC2 instance. Leave the database on the large instance. Place both instances in an Auto Scaling group.

Move static assets to Amazon S3. Move the application to AWS Lambda with the concurrency limit set. Move the database to Amazon DynamoDB with on-demand enabled.

Move static assets to Amazon S3. Move the application to Amazon Elastic Container Service (Amazon ECS) containers with Auto Scaling enabled. Move the database to Amazon RDS to deploy Multi-AZ

127. A company is building its web application using containers on AWS. The company requires three instances of the web application to run at all times. The application must be able to scale to meet increases in demand. Management is extremely sensitive to cost but agrees that the application should be highly available.

What should a solutions architect recommend?

Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with three container instances in one Availability Zone. Create a task
definition for the web application. Place one task for each container instance.

128. A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day.

What should a solutions architect do to transmit and process the clickstream data?

Design an AWS Data Pipeline to archive the data to an Amazon S3 bucket and run an Amazon EMR cluster with the data to generate analytics.

Create an Auto Scaling group of Amazon EC2 instances to process the data and send it to an Amazon S3 data lake for Amazon Redshift to use for analysis.

Cache the data to Amazon CloudFront. Store the data in an Amazon S3 bucket. When an object is added to the S3 bucket, run an AWS Lambda function to process the data for analysis.

Collect the data from Amazon Kinesis Data Streams. Use Amazon Kinesis Data firehose to transmit the data to an Amazon S3 data lake. Load the data in Amazon Redshift for analysis.

129. A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.

Which pricing model should the company choose?

Reserved Instances

Spot Block Instances

On-Demand Instances

Scheduled Reserved Instances

130. An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.

What is the MOST secure way to do this?

Enable public read on the S3 object and provide the link to the vendor.

Upload the file to Amazon WorkDocs and share the public link with the vendor.

Generate a presigned URL and have the vendor download the log file before it expires.

Create an IAM user for the vendor to provide access to the S3 bucket and the
application. Enforce multifactor
authentication.

131. A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on-

premises network-attached storage (NAS). The solutions architect has proposed migrating the IIS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances.

Which replacement to the on-premises file share is MOST resilient and durable?

Migrate the file share to Amazon RD

Migrate the file share to AWS Storage Gateway.

Migrate the file share to Amazon FSx for Windows File Server.

Migrate the file share to Amazon Elastic File System (Amazon EFS)

132. A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size. Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3-year lease, the customers are emailed a ZIP file that contains all the statements

What is the MOST cost-effective storage solution for this situation?

Store the statements using the Amazon S3 Standard storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.

Store the statements using the Amazon S3 Glacier storage class Create a lifecycle policy to move the statements to Amazon S3 Glacier Deep Archive storage after 30 days.

Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) storage after 30 days.

Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

133. A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys.

What should a solutions architect use to accomplish this?

Server-Side Encryption with keys stored in an S3 bucket

Server-Side Encryption with Customer-Provided Keys (SSE-C)

Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

134. A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones As the company's user base grows in the us-west-1 Region, it needs 3 solution with low latency and high availability.

What should a solutions architect do to accomplish this?

Provision EC2 instances in us-west-1. Switch me Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.

Provision EC2 instances and an Application Load Balancer in us-west-1 Make the load balancer distribute the traffic based on the location of the request

135. A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application

What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?

Use DynamoDB transactions to write new event data to the table Configure the transactions to notify internal teams.

Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team subscribe to one topic.

Enable Amazon DynamoDB Streams on the table Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic to which the teams can subscribe

136. A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.

Which database solution meets these requirements?

Amazon Aurora PostgreSQL

Amazon DynamoDB with on-demand enabled

Amazon DynamoDB with DynamoDB Streams enabled

Amazon SQS and Amazon Aurora PostgreSQL

137. A company has multiple applications that use Amazon RDS lor MySQL as is database. The company recently discovered that a new custom reporting application has Increased the number of Queries on the database. This is slowing down performance.

How should a solutions architect resolve this issue with the LEAST amount of application changes?

Add a secondary DB instance using Multi-AZ

Set up a road replica ana Multi-AZ on Amazon RD

Set up a standby replica and Multi-AZ on Amazon RDS

Use caching on Amazon RDS to improve the overall performance

138. A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.

Which solution will meet these requirements?

Amazon DynamoDB

Amazon RDS for MySQL

MySQL-compatible Amazon Aurora Serverless

MySQL deployed on Amazon EC2 in an Auto Scaling group

139. A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region it runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs) A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.

Which solution meets these requirements?

Configure an accelerator in AWS Global Accelerator Add a listener for the port that the application listens on. and attach it to a Regional endpoint in each Region Add the ALB as the endpoint

Create an Amazon CloudFront distribution and specify the ALB as the origin server. Configure the cache behavior to use origin cache headers Use AWS Lambda functions to optimize the traffic

Create an Amazon CloudFront distribution and specify Amazon S3 as the origin server. Configure the cache behavior to use origin cache headers. Use AWS Lambda functions to optimize the traffic

140. A company recently released a new type of internet-connected sensor. The company is expecting lo sell thousands of sensors, which are designed to stream high volumes of data each second to a central location. A solutions architect must design a solution that ingests and stores data so that engineering teams can analyze it in near-real time with millisecond responsiveness.

Which solution should the solutions architect recommend?

Use an Amazon SQS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift.

Use an Amazon SOS queue to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoD

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon Redshift.

Use Amazon Kinesis Data Streams to ingest the data. Consume the data with an AWS Lambda function, which then stores the data in Amazon DynamoD

141. A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users

What should a solutions architect recommend?

Deploy Amazon Inspector and associate it with the AL

Deploy AWS WAF, associate it with cthe ALB, and configure a rate-limiting rule.

Deploy rules to the network ACLs associated with the ALB to block the incoming traffic.

Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty

142. A company is building a website that relies on reading and writing to an Amazon DynamoDB database. The traffic associated with the website predictably peaks during business hours on weekdays and declines overnight and during weekends. A solutions architect needs to design a cost-effective solution that can handle the load.

What should the solutions architect do to meet these requirements?

Enable DynamoDB Accelerator (DAX) to cache the data.

Enable Multi-AZ replication for the DynamoDB database.

Enable DynamoDB auto scaling when creating the tables.

Enable DynamoDB On-Demand capacity allocation when creating the tables.

143. A company wants to move its on-premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.

Which solution meets these requirements and is MOST cost-effective?

Create an Amazon Elastic Block Store (Amazon EBS) snapshot containing the data. Share it with users within the VP

Create an Amazon S3 bucket that has a lifecycle policy set to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after the appropriate number of days.

Create an Amazon Elastic File System (Amazon EFS) file system within the VP

Set the throughput mode to Provisioned and to the required amount of IOPS to support concurrent usage.

Create an Amazon Elastic File System (Amazon EFS) file system within the VP

Set the lifecycle policy to transition the data to £FS Infrequent Access (EFS IA) after the appropriate number of days.

144. A company is developing an ecommerce application that will consist of a load-balanced front end. a container-based application and a relational database A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible

Which solutions meet these requirements? (Select TWO.)

Create an Amazon RDS DB instance in Multi-AZ mode

Create an Amazon RDS DB instance and one or more replicas in another Availability Zone

Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load

Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load

Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load

145. A solutions architect is redesigning a monolithic application to be a loosely coupled application composed of two microservices: Microservice A and Microservice B Microservice A places messages in a mam Amazon Simple Queue Service (Amazon SOS) queue for Microservice B to consume When Microservice B fails to process a message after four retries, the message needs to be removed from the queue and stored for further investigation.

What should the solutions architect do to meet these requirements?

Create an SQS dead-letter queue Microservice B adds failed messages to that queue after it receives and fails to process the message four times.

Create an SQS dead-letter queue Configure the main SQS queue to deliver messages to the dead-letter queue after the message has been received four times.

Create an SQS queue for failed messages Microservice A adds failed messages to that queue after Microservice B receives and fails to process the message four times.

Create an SQS queue for failed messages. Configure the SQS queue for failed messages to pull messages from the main SQS queue after the original message has been received four times.

146. A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.

What should the solutions architect do to accomplish this?

Set an overall password policy for the entire AWS account

Set a password policy for each IAM user in the AWS account.

Use third-party vendor software to set password requirements,

Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.

147. A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.

What should the company do to guarantee the EC2 capacity?

Purchase Reserved Instances that specify the Region needed.

Create an On-Demand Capacity Reservation that specifies the Region needed.

Purchase Reserved Instances that specify the Region and three Availability Zones needed.

Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.

148. A company plans to host a survey website on AWS. The company anticipates an unpredictable amount of traffic. This traffic results in asynchronous updates to the database. The company wants to ensure that writes to the database hosted on AWS do not get dropped.

Haw should the company write Its application to handle these database requests?

Configure the application to publish to an Amazon Simple Notification Service (Amazon SNS) tope Subscribe the database to the SNS topic.

Configure lie application 😮 subscribe to an Amazon Simple Notification Service (Amazon SNS) topic. Publish the database updates to the SNS topic.

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues to queue the database connection until the database has resources to write the data.

Use Amazon Simple Queue Service (Amazon SOS) FIFO queues for capturing the writes and dramaing the queue as each write is made to the database

149. A recently acquired company is required to build its own infrastructure on AWS and migrate multiple applications to the cloud within a month. Each application has approximately 50 TB of data to be transferred After the migration ts complete this company and its parent company will Doth require secure network connectivity with consistent throughput from their data centers to the applications. A solutions architect must ensure one-time data migration and ongoing network connectivity.

Which solution will meet these requirements?

AWS Direct Connect for both the initial transfer and ongoing connectivity.

AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.

AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.

AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.

150. A company has a legacy application that processes data in two parts. The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently

How should a solutions architect integrate the microservices?

Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2

Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code In microservice 2 to subscribe to this topic.

Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose.
Implement code in microservice 2 to read from Kinesis Data Firehose.

Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue.

151. A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability. The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone are not accessible.

Which configuration of tasks and Availability Zones meets these requirements?

Deploy the application across two Availability Zones, with one task in each Availability Zone

Deploy the application across two Availability Zones, with two tasks in each Availability Zone.

Deploy the application across three Availability Zones, with one task in each Availability Zone.

Deploy the application across three Availability Zones, with two tasks in each Availability Zone.

152. A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily, but have been complaining of timeouts. The architecture uses Amazon EC2 Auto Seating groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests

How should a solutions architect redesign the architecture to better respond to changing traffic?

Configure a Network Load Balancer with a slow start configuration.

Configure AWS ElastiCache for Redis to offload direct requests to the servers

Configure an Auto Scaling step scaling policy with an instance warmup condition.

Configure Amazon CloudFront to use an Application Load Balancer as the origin.

153. A company has enabled AWS CloudTrail logs to deliver log files to an Amazon S3 bucket for each of Its developer accounts. The company has created a central AWS account for streamlining management and audit reviews An internal auditor needs to access the CloudTrail logs, yet access needs to be restricted for all developer account users. The solution must be secure and optimized

How should a solutions architect meet these requirements?

Configure CloudTrail from each developer account to deliver the log files to an S3 bucket in the central account Create an IAM role in the central account for the auditor
Attach an lA'.l policy providing read-only permissions to the bucket.

154. A company wants to improve the availability and performance of its stateless UDP-based workload. The workload is deployed on Amazon EC2 instances in multiple AWS Regions.

What should a solutions architect recommend to accomplish this?

Place the EC2 instances behind Network Load Balancers (NLBs) in each Region Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator

Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator Use the ALBs as endpoints for the accelerator

155. A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3.

What should a solution architect recommend to satisfy these requirements?

Server-side encryption with customer-provided encryption keys

Client-side encryption with Amazon S3 managed encryption keys

Server-side encryption with keys stored in AWS key Management Service (AWS KMS)

Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)

156. A solutions architect must analyze and update a company's existing 1AM policies prior to deploying a new workload.

The solutions architect created the following policy:

What is the net effect of this policy?

Users will be allowed all actions except s3 PutObject if multi-factor authentication (MFA) is enabled

Users win be allowed all actions except s3 PutObject if multi-factor authentication (MFA) is not enabled

Users will be denied all actions except s3;PutObject if multi-factor authentication (MFA) is enabled.

Users win be denied all actions except s3:PutObject if multi-factor authentication (MFA) is not enabled.

157. A company needs to store data in Amazon S3 A compliance requirement states that when any changes are made to objects the previous state of the object with any changes must be preserved Additionally files older than 5 years should not be accessed but need to be archived for auditing

What should a solutions architect recommend that is MOST cost-effective?

Enable object-level versioning and S3 Object Lock in governance mode

Enable object-level versioning and S3 Object Lock in compliance mode

Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Glacier Deep Archive

Enable object-level versioning Enable a lifecycle policy to move data older than 5 years to S3 Standard-Infrequent Access (S3 Standard-IA)

158. A company is creating a three-tier web application consisting of a web server, an application server, and a database server. The application will track GPS coordinates of packages as they are being delivered. The application will update the database every 0-5 seconds.

What should a solution architect recommend to accomplish this with minimal cost of ownership?

Use Amazon DynamoDB Enable Auto Scaling on the DynamoDB table. Schedule an automatic deletion script for items older than 1 month.

Use Amazon DynamoDB with global secondary indexes. Enable Auto Scaling on the DynamoDB table and the global secondary indexes. Enable TTL on the DynamoDB table.

Use an Amazon RDS On-Demand instance with Provisioned IOPS (PIOPS). Enable Amazon CloudWatch alarms to send notifications when PIOPS are exceeded. Increase and decrease PIOPS as needed.

Use a Amazon RDS Reserved Instance with Provisioned IOPS (PIOPS). Enable Amazon CloudWatch alarms to send notification when PIOPS are exceeded. Increase and decrease PIOPS as needed.

159. A company has an application that uses Amazon Elastic File System (Amazon EFS) to store data. The files are 1 GB in size or larger and are accessed often only tor the first few days after creation. The application data is shared across a cluster of Linux servers. The company wants to reduce storage costs tor the application

What should a solutions architect do to meet these requirements?

Implement Amazon FSx and mount the network drive on each server.

Move the fees from Amazon EFS and store them locally on each Amazon EC2 instance.

Configure a Lifecycle policy to move the files to the EFS Infrequent Access (IA) swage class after 7 days,

Move the files to Amazon S3 with S3 lifecycle policies enabled. Rewrite the application to support mounting the S3 bucket.

160. A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit. The company has low network bandwidth in place between AWS and its on-premises data center

What should the solutions architect do to meet these requirements?

Deploy AWS Migration Hub with 90-day replication windows for data transfer.

Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data

Deploy Amazon Elastic File System (Amazon EFS), with lifecycle policies enabled, on AW

Use it to transfer the data

Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS Snowball console

161. A company owns an asynchronous API that is used to ingest use requests and, based on the request type, dispatch requests to the appropriate microservice for processing.

The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processing microservices.

The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is losing user requests.

What should a solutions architect do to address this Issue without impacting existing users?

Add throttling on the API Gateway with server-side throttling limits

Use DynamoDB Accelerator (DAX) and LamDda to buffer writes to DynamoDB

Create a secondary index in DynamoDB for the label with the user requests.

Use the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoD

162. A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed

What should the solutions architect recommend?

Launch an Amazon EC2 instance in us-east-1 and migrate the site to it

Move the website to Amazon S3 Use cross-Region replication between Regions.

Use Amazon CloudFront with a custom origin pointing to the on-premises servers

Use an Amazon Route 53 geoproximity routing policy pointing to on-premises servers

163. A company has created an isolated backup of its environment in another Region. The application is running in warm standby mode and is fronted by an Application Load Balancer (ALB). The current failover process is manual and requires updating a DNS alias record to point to the secondary ALB in another Region.

What should a solutions architect do to automate the failover process?

Enable an ALB health check.

Enable an Amazon Route 53 health check.

Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint.

Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server.

164. A development team stores its Amazon RDS MySQL DB instance user name and password credentials in a configuration file. The configuration file is stored as plaintext on the root device volume of the team's Amazon EC2 instance. When the team's application needs to reach the database, it reads the file and loads the credentials into the code. The team has modified the permissions of the configuration file so that only the application can read its content A solutions architect must design a more secure solution.

What should the solutions architect do to meet this requirement?

Store the configuration file in Amazon S3. Grant the application access to read the configuration file.

Create an IAM role with permission to access the database Attach this IAM role to the EC2 instance.

Enable SSL connections on the database instance. Alter the database user to require SSL when logging in.

Move the configuration file to an EC2 instance store, and create an Amazon Machine Image (AMI) of the instance. Launch new instances from this AM

165. A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at rest

Which solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure"

Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume

Deploy AWS CloudHS

generate encryption keys, and use the customer master key (CMK) to encrypt database volumes.

Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes

Configure Amazon Elastic Block Store {Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.

166. A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3.

Which solution meets these requirements and is MOST cost-effective?

Set up AWS Glue to copy the data from the on-premises servers to Amazon S3.

Set up an AWS DataSync agent on the on premises servers, and sync the data to Amazon S3.

Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3.

Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3

167. A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4. The chief technology officer (CTO) wants to make the architecture highly available and cost-effective

What should a solutions architect do to meet these requirements? (Select TWO.)

Increase the number of EC2 instances

Decrease the number of EC2 Instances

Configure a Network Load Balancer in front of the EC2 instances.

Configure an Application Load Balancer In front of the EC2 instances

Configure an Auto Scaling group to add or remove Instances in multiple Availability Zones automatically

168. A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.

Which solution will meet these requirements?

Use an AWS Storage Gateway fife gateway to provide file storage to AW

then perform analytics on the data in the AWS Cloud.

Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AW

then perform analytics on this data in the AWS Cloud.

Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AW

Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.

169. A company has an application with a REST-based Interface that allows data to be received in near-real time from a third-party vendor Once received, the application processes and stores the data for further analysis. The application Is running on Amazon EC2 instances.

Which design should a solutions architect recommend to provide a more scalable solution?

Use Amazon Kinesis Data Streams to ingest the data Process the data using AWS Lambda functions.

Use Amazon API Gateway on top of the existing application. Create a usage plan with a quota Iimit for the third-party vendor.

Use Amazon Simple Notification Service (Amazon SNS) to ingest the data Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.

Repackage the application as a container. Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.

170. A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones On the first day of every month at midnight the application becomes much slower when the month-end financial calculation batch executes This causes the CPU utilization of the EC2 instances to immediately peak to 100%. which disrupts the application

What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

Configure an Amazon CloudFront distribution in front of the ALB

Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization

Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.

Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

171. A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB) A solutions architect needs to modify the infrastructure to be highly available without modifying the application

Which architecture should the solutions architect choose that provides high availability?

Create an Auto Scaling group that uses three instances across each of two Regions

Modify the Auto Scaling group to use three instances across each of two Availability Zones

Create an Auto Scaling template that can be used to quickly create more instances in another Region

Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier

172. A company is designing an internet-facing web application. The application runs on Amazon EC2 for Linux-based instances that store sensitive user data in Amazon RDS MySQL Multi-AZ DB instances. The EC2 instances are in public subnets, and the RDS DB instances are in private subnets. The security team has mandated that the DB instances be secured against web-based attacks

What should a solutions architect recommend?

173. A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services. Transactions are dropped when one tier becomes overloaded A solutions architect must design a solution that resolves these issues and modernizes the application.

Which solution meets these requirements and is the MOST operationally efficient?

174. A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet

What should a solutions architect do to accomplish this goal?

Create a peering VPC connection from each user's VPC to the software vendor s VP

Deploy a transit VPC in the software vendor's AWS account. Create a VPN connection with each user account

Connect the service in the VPC with an AWS PrivateLink endpoint. Have users subscribe to the endpoint.

Deploy a transit VPC in the software vendor's AWS account. Create an AWS Direct Connect connection with each user account.

175. A solutions architect is creating a new Amazon CloudFront distribution for an application Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.

Which action should the solutions architect take?

Configure a CloudFront signed URL

Configure a CloudFront signed cookie.

Configure a CloudFronl field-level encryption profile.

Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Pokey

176. A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run, developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadlOPS and CPU Utilization metrics are spiking when monthly reports run.

What is the MOST cost-effective solution?

Migrate the monthly reporting to Amazon Redshift.

Migrate the monthly reporting to an Aurora Replica.

Migrate the Aurora database to a larger instance class.

Increase the Provisioned IOPS on the Aurora instance.

177. A manufacturing company wants to implement predictive maintenance on its machinery equipment. The company will install thousands of loT sensors that will send data to AWS in real time A solutions architect is tasked with implementing a solution that will receive events in an ordered manner for each machinery asset and ensure that data is saved for further processing at a later time

Which solution would be MOST efficient?

Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset Use Amazon Kinesis Data Firehose to save data to Amazon S3

Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset Use Amazon Kinesis Data Firehose to save data to Amazon EBS

Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function for the SQS queue to save data to Amazon EFS

Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3

178. A company is Re-architecting a strongly coupled application to be loosely coupled Previously the application used a request/response pattern to communicate between tiers. The company plans to use Amazon Simple Queue Service (Amazon SQS) to achieve decoupling requirements. The initial design contains one queue for requests and one for responses However, this approach is not processing all the messages as the application scales.

What should a solutions architect do to resolve this issue?

Configure a dead-letter queue on the ReceiveMessage API action of the SQS queue.

Configure a FIFO queue, and use the message deduplication ID and message group I

Create a temporary queue, with the Temporary Queue Client to receive each response message.

Create a queue for each request and response on startup for each producer, and use a correlation ID message attribute.

179. A company has hired a new cloud engineer who should not have access to an Amazon S3 bucket named Company Confidential. the cloud engineer must be able to read from and write to an S3 bucket called AdminTools.

Which IAM policy will meet these requirements?

Option A

Option B

Option C

Option D

180. A company has an ecommerce application that stores data in an on-premises SQL database. The company has decided to migrate this database to AWS. However as part of the migration, the company wants to find a way to attain sub-millisecond responses to common read requests.

A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable

What should the solutions architect recommend?

Build Amazon RDS read replicas.

Build the database as a larger instance type.

Build a database cache using Amazon ElastiCache

Build a database cache using Amazon Elasticsearch Service (Amazon ES)

181. A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CioudFront. The company has users in the United States. Canada, and Europe and wants to reduce costs.

What should a solutions architect recommend?

Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe.

Implement CloudFront events with [email protected] to run the website's data processing.

Modify the CloudFront price class to include only the locations of the countries that are served.

Implement a CloudFront Secure Sockets Layer (SSL) certificate to push security closer to the locations of the countries that are served.

182. A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in another AWS Region with minimal downtime

What should a solutions architect do to meet these requirements with the LEAST amount of downtime?

Create an Auto Scaling group and a load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer.

Create an AWS Cloud Formation template to create EC2 instances, load balancers, and DynamoDB tables to be executed when needed. Configure DNS failover to point to the new disaster recovery Region's toad balancer.

Create an AWS CloudFormation template to create EC2 instances and a load balancer to be executed when needed. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Region's load balancer.

Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table Create an Amazon CloudWatch alarm to trigger an AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer.

183. A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises data center and AWS. The company's security mandate states that traffic originating from on premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.

Which solution meets this requirement?

Configure a gateway endpoint for Amazon EC

Modify the route table to include an entry pointing to the ECS cluster.

Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster.

Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VP

Connect the two VPCs by using VPC peering.

Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.

184. A media company stores video content in an Amazon Elastic Block Store (Amazon EBS) volume. A certain video file has become popular and a large number of users across the world are accessing this content. This has resulted in a cost increase.

Which action will DECREASE cost without compromising user accessibility?

Change the EBS volume to Provisioned IOPS (PIOPS).

Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution.

Split the video into multiple, smaller segments so users are routed to the requested video segments only.

Clear an Amazon S3 bucket in each Region and upload the videos so users are routed to the nearest S3 bucket.

185. An ecommerce company has noticed performance degradation of its Amazon RDS based web application. The performance degradation is attribute to an increase in the number of read-only SQL queries triggered by business analysts. A solution architect needs to solve the problem with minimal changes to the existing web application.

What should the solution architect recommend?

Export the data to Amazon DynamoDB and have the business analysts run their queries.

Load the data into Amazon ElasticCache and have the business analysts run their queries.

Create a read replica of the primary database and have the business analysts run their queries.

Copy the data into an Amazon Redshift cluster and have the business analysts run their queries.

186. A solutions architect needs to design a network that will allow multiple Amazon EC2 instances to access a common data source used for mission-critical data that can be accessed by all the EC2 instances simultaneously. The solution must be highly scalable, easy to implement and support the NFS protocol

Which solution meets these requirements?

Create an Amazon EFS file system Configure a mount target in each Availability Zone. Attach each instance to the appropriate mount target

Create an additional EC2 instance and configure It as a file server Create a security group that allows communication between the Instances and apply that to the additional instance.

187. A company is working with an external vendor that requires write access to the company's Amazon Simple Queue Service (Amazon SQS) queue. The vendor has its own AWS account.

What should a solutions architect do to implement least privilege access7

Update the permission policy on the SQS queue to give write access to the vendor's AWS account.

Create an IAM user with write access to the SQS queue and share the credentials for the IAM user.

Update AWS Resource Access Manager to provide write access to the SQS queue from the vendor's AWS account.

Create a cross-account role with access to all SQS queues and use the vendor's AWS account in the trust document for the role

188. A company Is seeing access requests by some suspicious IP addresses. The security team discovers the requests are horn different IP addresses under the same CIDR range.

What should a solutions architect recommend to the team?

Add a rule in the inbound table of the security group to deny the traffic from that CIDR range.

Add a rule In the outbound table of the security group to deny the traffic from that CIDR range

Add a deny rule in the Inbound table of the network ACL with a lower rule number than other rules.

Add a deny rule in the outbound table of the network ACL with a tower rule number than other rules.

189. A solutions architect is designing the cloud architecture for a new application being deployed to AWS. The application allows users to interactively download and upload files. Files older than 2 years will be accessedless frequently. The solutions architect needs to ensure that the application can scale to any number of files

while maintaining high availability and durability.

Which scalable solutions should the solutions architect recommend? (Choose two.)

Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Glacier.

Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard-Infrequent Access (S3 Standard-IA)

Store the files on Amazon Elastic File System (Amazon EFS) with a lifecycle policy that moves objects
older than 2 years to EFS Infrequent Access (EFS IA).

Store the files in Amazon Elastic Block Store (Amazon EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.

Store the files in RAID-striped Amazon Elastic Block Store (Amazon EBS) volumes.
Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years.

190. A financial services company has a web application that serves users in the United States and Europe. The application consists of a database tier and a web server tier. The database tier consists of a MySQL database hosted in us-east-1 Amazon Route 53 geoproximity routing is used to direct traffic to instances in the closest Region A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United States

Which changes should be made to the database tier to improve performance?

Migrate the database to Amazon RDS for MySQL Configure Multi-AZ in one of the European Regions

Migrate the database to Amazon DynamoDB Use DynamoDB global tables to enable replication to additional Regions

Deploy MySQL instances in each Region Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance

Migrate the database to an Amazon Aurora global database in MySQL compatibility mode Configure read replicas in one of the European Regions

191. A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company's Active Directory.

Which storage solution meets these requirements?

Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory.

Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory.

Configure Amazon Elastic File System (Amazon EFS) for the users' home directories.
Configure AWS Single Sign-On with Active Directory.

Configure Amazon Elastic Block Store (Amazon EBS) to store the users' home directories Configure AWS Single Sign-On with Active Directory.

192. A company plans to store sensitive user data on Amazon S3. Internal security compliance requirement mandata encryption of data before sending it to Amazon S3.

What should a solution architect recommend to satisfy these requirements?

Server-side encryption with customer-provided encryption keys

Client-side encryption with Amazon S3 managed encryption keys

Server-side encryption with keys stored in AWS key Management Service (AWS KMS)

Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)

193. A company wants to improve the availability and performance of its hybrid application. The application consists of a stateful TCP-based workload hosted on Amazon EC2 instances in different AWS Regions and a stateless UOP-based workload hosted on premises.

Which combination of actions should a solutions architect take to improve availability and performance? (Select TWO.)

Create an accelerator using AWS Global Accelerator. Add the load balancers as endpoints.

Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the load balancers

Configure two Application Load Balancers in each Region. The first will route to the EC2 endpoints. and the second will route to the on-premises endpoints.

Configure a Network Load Balancer in each Region to address the EC2 endpoints Configure a Network Load Balancer in each Region that routes to the on-premises endpoints

Configure a Network Load Balancer in each Region to address the EC2 endpoints Configure an Application Load Balancer in each Region that routes to the on-premises endpoints

194. A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on-premises with hoi high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running.

Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Select TWO)

Amazon S3 for cold data storage

Amazon EFS for cold data storage

Amazon S3 for high-performance parallel storage

Amazon FSx for Llustre tor high-performance parallel storage

Amazon FSx for Windows for high-performance parallel storage

195. A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) This architecture is currently running in the us-west-l Region but is exhibiting high request latency for users located in other parts of the world

The website needs to serve requests quickly and efficiently regardless of a user's location However, the company does not want to recreate the existing architecture across multiple Regions.

How should a solutions architect accomplish this?

Replace the existing architecture with a website served from an Amazon S3 bucket. Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header

Set up Amazon API Gateway with the ALB as an integration. Configure API Gateway to use an HTTP integration type Set up an API Gateway stage to enable the API cache

196. A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.

What should a solutions architect do to secure the audit documents?

Enable the versioning and MFA Delete features on the S3 bucket

Enable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account.

Add an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates.

Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key.

197. A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only.

What should a solutions architect do to protect against data loss? (Select TWO.)

Enable versioning on the S3 bucket

Enable access logging on the S3 bucket

Enable server-side encryption on the S3 bucket.

Configure an S3 Lifecycle rule to transition objects to Amazon S3 Glacier.

Use MFA Delete to require multi-factor authentication to delete an object

198. A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near-real-lime reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB cluster

Which solution meets these requirements?

Create and use a custom endpoint for the workload

Create a three-node cluster clone and use the reader endpoint

Use any of the instance endpoints for the selected three nodes.

Use the reader endpoint to automatically distribute the read-only workload.

199. A solutions architect must design a solution for a persistent database that is being migrated from on-premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance.

Which solution effectively meets the database administrator's criteria?

Use an instance from the 13 I/O optimized family and leverage local ephemeral storage to achieve the IOPS requirement.

Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOP

Create and map an Amazon Elastic File System (Amazon EFS) volume to the database instance and use the volume to achieve the required IOPS for the database.

Provision two volumes and assign 32,000 IOPS to each. Create a logical volume at the operating system level that aggregates both volumes to achieve the IOPS requirements.

200. A three-tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS. and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times.

Which action will be MOST effective in accomplishing this?

Replace the SQS queue with Amazon Kinesis Data Firehose.

Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.

Add an Amazon CloudFront distribution to cache the responses for the web tier.

Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SOS queue depth.

201. An online photo application lets users upload photos and perform image editing operations. The application offers two classes of service free and paid Photos submitted by paid users are processed before those submitted by free users Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.

Which configuration should a solutions architect recommend?

Use one SQS FIFO queue Assign a higher priority to the paid photos so they are processed first

Use two SQS FIFO queues: one for paid and one for free Set the free queue to use short polling and the paid queue to use long polling

Use two SQS standard queues one for paid and one for free Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.

Use one SQS standard queue. Set the visibility timeout of the paid photos to zero Configure Amazon EC2 instances to prioritize visibility settings so paid photos are processed first

202. A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet.

Which capability should the solutions architect use to meet the compliance requirements?

AWS Key Management Service (AWS KMS) )

VPC endpoint

Private subnet

Virtual private gateway

203. A solutions architect is working on optimizing a legacy document management application running on Microsoft a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage by moving on-premises storage to AWS.

What should the solution architect do to meet these requirements?

Set up an AWS Storage Gateway file gateway.

Set up Amazon Elastic File System (Amazon EFS).

Set up AWS Storage Gateway as a volume gateway.

Set up an Amazon Elastic Block Store (Amazon EBS) volume.

204. A solutions architect is creating a new VPC design. There are two public subnet for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web serves use only HTTPS. The solutions architect has already created a security group for the load Balancer allowing port 443 from 0.0 0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.

Which additional configuration strategy should the solution architect use to meet these requirements?

Create a security group far the web servers and allow port 443 from 0.0.0.070. Create a security group tor the MySQL serve's aid allow port 3306 from the web servers security group.

Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group

Create a security group for the web servers and allow port 443 from the load balancer. Create a security group tor the MySQL servers and allow port 3306 from the web sewers security group

Create a network ACL for the web servers and allow port 443 from the web balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

205. A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.

How should the scaling be changed to address the staff complaints and keep costs to a minimum?

Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens

Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.

Implement a target tracking action triggered at a lower CPU threshold and decrease the cooldown period

Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens

206. A company is running a multi-tier ecommerce web application In the AWS Cloud. The application runs on Amazon EC2 Instances with an Amazon RDS MySQL Mutt>AZ DB instance. Amazon RDS is configured with the latest generation instance with 2,000 GB of storage in an Amazon EBS General Purpose SSD (gp2) volume. The database performance impacts the application during periods of high demand.

After analyzing the logs in Amazon CloudWatch Logs, a database administrator finds that the application performance always degrades when the number of read and write IOPS is higher than 6.000

What should a solutions architect do to improve the application performance?

Replace the volume with a Magnetic volume

Increase the number of IOPS on the gp2 volume

Replace the volume with a Provisioned IOPS (PIOPS) volume.

Replace the 2,000 GB gp2 volume with two 1,000 GBgp2 volumes.

207. A solutions architect is designing a solution that requires frequent updates to a website that is hosted on Amazon S3 with versioning enabled. For compliance reasons, older versions of the objects will not be accessed frequently and will need to be deleted after 2 years.

What should the solutions architect recommend to meet these requirements at the LOWEST cost?

Use S3 batch operations to replace object tags. Expire the objects based on the modified tags

Configure an S3 Lifecycle policy to transition older versions of objects to S3 Glacier. Expire the objects after 2 years

Enable S3 Event Notifications on the bucket that sends older objects to the Amazon Simple Queue Service (Amazon SQS) queue for further processing.

Replicate older object versions to a new bucket. Use an S3 Lifecycle policy to expire the objects In the new bucket after 2 years

208. A company has a custom application running on an Amazon EC2 instance that:

• Reads a large amount of data from Amazon S3

• Performs a multi-stage analysis.

• Writes the results to Amazon DynamoDB.

The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance.

What would be the fastest storage option for holding the temporary files?

Multiple Amazon S3 buckets with Transfer Acceleration for storage

Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization.

Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol.

Multiple instance store volumes with software RAID 0.

209. A company is creating a web application that will store a large number of images in Amazon S3. The images will be accessed by users over variable periods of time.

The company wants to:

• Retain all the images

• Incur no cost for retrieval.

• Have minimal management overhead.

• Have the images available with no impact on retrieval time.

Which solution meets these requirements?

Implement S3 Intelligent-Tiering

Implement S3 storage class analysis

Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).

Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).

210. A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized.

Which database solution should the solutions architect recommend?

Amazon Aurora

Amazon DynamoDB

Amazon RDS

Amazon Redshift

211. A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.

What should the solutions architect do to ensure that the architecture supports distributed session data management?

Use Amazon ElastiCache to manage and store session data

Use session affinity (sticky sessions) of the ALB to manage session data.

Use Session Manager from AWS Systems Manager to manage the session

Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session

212. A company built a food ordering application that captures user data and stores it for future analysis. The application's static front end is deployed on an Amazon EC? instance. The front-end application sends the requests to the backend application running on separate EC2 instance. The backend application then stores the data in Amazon RDS.

What should a solutions architect do to decouple the architecture and make it scalable?

Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to execute the backend application. The backend application will process and store the data in Amazon RDS

Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint o( the topic, and process and store the data in Amazon RDS

Use an EC2 instance lo serve the front end and write requests to an Amazon SOS queue Place the backend Instance in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RD

Use Amazon S3 to serve the static front-end application and send requests lo Amazon API Gateway which writes the requests to an Amazon SQS queue Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS

213. A company has developed a microservices application It uses a client-facing API with Amazon API Gateway and multiple internal services hosted on Amazon EC2 instances to process user requests. The API is designed to support unpredictable surges in traffic, but internal services may become overwhelmed and unresponsive for a period of time during surges A solutions architect needs to design a more reliable solution that reduces errors when internal services become unresponsive or unavailable.

Which solution meets these requirements?

Use AWS Auto Scaling to scale up internal services when there is a surge m traffic.

Use different Availability Zones to host internal services Send a notification to a system administrator when an internal service becomes unresponsive

Use an Elastic Load Balancer to distribute the traffic between internal services Configure Amazon CloudWatch metrics to monitor traffic to internal services

Use Amazon Simple Queue Service (Amazon SQS) to store user requests as they arrive Change the internal services to retrieve the requests from the queue for processing

214. A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.

How should a solution architect accomplish this?

Create an Amazon Simple Queue Service (Amazon SOS) FIFO queue to hold messages. Set up an AWS Lambda function to process messages from the queue.

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process. Configure an AWS Lambda function as a subscriber

Create an Amazon Simple Queue Service (Amazon SOS) standard queue to hold messages Set up an AWS Lambda function 😮 process messages from the queue independently

Create an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process Configure an Amazon Simple Queue Service (Amazon SQS) queue as a subscriber.

215. A company has media and application files that need to be shared internally. Users currently are authenticated using Active Directory and access files from a Microsoft Windows platform. The chief execute officer wants to keep the same user permissions, but wants the company to improve the process as the company is reaching its storage capacity limit.

What should a solutions architect recommend?

Set up a corporate Amazon S3 bucket and move and media and application files.

Configure Amazon FSx for Windows File Server and move all the media and application files.

Configure Amazon Elastic File System (Amazon EFS) and move all media and application files.

Set up Amazon EC2 on Windows, attach multiple Amazon Elastic Block Store (Amazon EBS) volumes and, and move all media and application files.

216. A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages

Which solution meets these requirements and is the MOST operationally efficient?

Set up an Amazon EC2 instance running a Redis database Configure both applications to use the instance Store, process, and delete the messages, respectively

Use an Amazon Kinesis data stream to receive the messages from the sender application Integrate the processing application with the Kinesis Client Library (KCL)

Integrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue. Configure a dead-letter queue to collect the messages that failed to process

Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process Integrate the sender application to write to the SNS topic.

217. A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing. 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.

Which set of services should a solutions architect recommend to meet these requirements?

Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

Amazon EBS for maximum performance. Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage

Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage

Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

218. A company's web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.

Which configuration will meet this requirement?

Configure the security group for the EC2 instances.

Configure the security group on the Application Load Balancer.

Configure AWS WAF on the Application Load Balancer in a VP

Configure the network ACL for the subnet that contains the EC2 instances.

219. A company stores 200 GB of data each month in Amazon S3. The company needs to perform analytics on this data at the end of each month to determine the number of items sold in each sales region for the previous month.

Which analytics strategy is MOST cost-effective for the company to use?

Create an Amazon Elasticsearch Service (Amazon ES) cluster. Query the data in Amazon E

Visualize the data by using Kibana.

Create a table in the AWS Glue Data Catalog. Query the data in Amazon S3 by using Amazon Athena. Visualize the data in Amazon QuickSight

Create an Amazon EMR cluster Query the data by using Amazon EMR, and store the results in Amazon S3 Visualize the data in Amazon QuickSight.

Create an Amazon Redshift cluster. Query the data in Amazon Redshift, and upload the results to Amazon S3. Visualize the data in Amazon QuickSight.

220. A company has an on-premises volume backup solution that has reached its end of file. The company wants to use AWS as part of a new backup solution and wants to maintain local access to at' the data while is backed up on AWS. The company wants to ensure that the data backed up on AWS. The company automatically and securely transferred.

Which solution meets these requirement?

Use AWS Snowball to migrate data out of the on-premises solution to Amazon S3. Configure on-premises systems to mount the Snowball S3 endpoint to provide Weal access to the data

Use AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3. Use the Snowball Edge file interface to provide on-premises system with local access to the data.

Use AWS Storage Gateway and configure a cached volume gateway Run the Storage Gateway software appliance on premises and configure a percentage of data to cache locally. Mount the gateway storage volumes to provide local access to the data.

Use AWS Storage Gateway and configure a stored volume gateway. Run the Storage Gateway software appliance on premises and map the gateway storage volumes lo on-premises storage.
Mount the gateway storage volumes lo provide local access to the data.

221. The following IAM policy is attached to an IAM group.

This is the only policy applied to the group.

What are the effective IAM permissions of this policy for group members?

Group members are permitted any Amazon EC2 action within the uss-east-1 Region. Statements after. The Allow permission are not applied

Group member are denied any Amazon EC2 permissions in the us-east-1 Region unless they are tagged in with multi-factor authentication (MFA).

222. A company Is migrating lo the AWS Cloud. A file server is the first workload to migrate. Users must be able to access the file share using the Server Message Block (SMB) protocol.

Which AWS managed service meets these requirements?

Amazon EBS

Amazon EC2

Amazon FSx

Amazon S3

223. A company hosts its multi-tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS. The company is anticipating a large increase in sales during an upcoming holiday weekend A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutes

What should the solutions architect do to meet this requirement?

Send Amazon CloudWatch logs to Amazon Redshift Use Amazon QuickSight to perform further analysis

Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to perform further analysis

Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs Use Amazon CloudWatch metrics to perform further analysis

Send EC2 logs to Amazon S3 Use Amazon Redshift to fetch logs from the S3 bucket to process raw data for further analysis with Amazon QuickSight.

224. A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL In the database layer Several players will compete concurrently online. The game's developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.

What should a solutions architect do to meet these requirements?

Set up an Amazon ElastiCache for Memcached cluster to cache the scores for the web
application to display

Set up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display.

Place an Amazon CloudFront distribution in front of the web application to cache the scoreboard m a section of the application.

Create a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application.

225. A company has an ecommerce application running In a single VPC. The application stack has a single web server and an Amazon RDS Multi-AZ DB instance.

The company launches new products twice a month. This Increases website traffic by approximately 400% for a minimum of 72 hours During product launches, users experience slow response times and frequent timeout errors in their browsers.

What should a solutions architect do to mitigate the slow response times and timeout errors while minimizing operational overhead?

Increase the instance size of the web server.

Add an Application Load Balancer and an additional web server.

Add Amazon EC2 Auto Scaling and an Application Load Balancer

Deploy an Amazon ElastiCache cluster to store frequently accessed data.

226. A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume.

Which solution meet these requirements?

Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3.

Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.

Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3.

Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3.

227. A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the same every night and the batch jobs always start at IAM. The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.

What should the solutions architect do to meet these requirements?

Increase the minimum capacity for the Auto Scaling group.

Increase the maximum capacity for the Auto Scaling group.

Configure scheduled scaling to scale up to the desired compute level.

Change the scaling policy to add more EC2 instances during each scaling operation.

228. A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption Due to new compliance requirements, all existing and new data in this database must be encrypted

How should this be accomplished?

Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance

Enable RDS Multi-AZ mode with encryption at rest enabled Perform a failover to the standby instance to delete the original instance

Take a snapshot of the RDS instance Create an encrypted copy of the snapshot Restore the RDS instance from the encrypted snapshot

Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance.

229. A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity

Which architecture offers the HIGHEST availability?

Add a second ActiveMQ server to another Availability Zone Add an additional consumer EC2 instance in another Availability Zone Replicate the MySQL database to another Availability Zone.

230. A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket analyzed daily for one week and then must remain immediately accessible for occasional analysis

What is the MOST cost-effective storage solution alternative to the current configuration?

Configure a lifecycle policy to delete the objects after 30 days.

Configure a lifecycle policy to transition the objects to Amazon S3 Glacier after 30 days

Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days

Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days

231. A company uses on-premises servers to host its applications. The company is running out of storage capacity. The applications use both block storage and NFS storage. The company needs a high-performing solution that supports local caching without re-architecting its existing applications.

Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

Mount Amazon S3 as a file system to the on-premises servers.

Deploy an AWS Storage Gateway file gateway to replace NFS storage

Deploy AWS Snowball Edge to provision NFS mounts to on-premises servers.

Deploy an AWS Storage Gateway volume gateway to replace the block storage.

Deploy Amazon Elastic Fife System (Amazon EFS) volumes and mount them to on-premises servers.

232. A solution architect is performing a security review of a recently migrated workload. The workload is a web application that consists of amazon EC2 instances in an Auto Scaling group behind an Application Load balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.

Which solution is MOST effective?

Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the EAF ACL on the CloudFront distribution

Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. use the identified information to modify a network ACL to block access.

Enable VPC Flow Logs and store then in Amazon S3. Create a custom AWS Lambda functions that parses the logs looking for a DDoS attack. Modify a network ACL to block identified source IP addresses.

Enable Amazon GuardDuty and , configure findings written 10 Amazon GloudWatch Create an event with Cloud Watch Events for DDoS alerts that triggers Amazon Simple Notification Service (Amazon SNS) Have Amazon SNS invoke a custom AWS lambda function that parses the logs looking for a DDoS attack Modify a network ACL to block identified source IP addresses

233. A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings in the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur they will happen very quickly.

What should a solutions architect recommend?

Create a DynamoDB table in on-demand capacity mode.

Create a DynamoDB table with a global secondary Index

Create a DynamoDB table with provisioned capacity and auto scaling.

Create a DynamoDB table in provisioned capacity mode, and configure it as a global table

234. A company is planning to migrate a commercial off-the-shelf application from its on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.

Which Amazon EC2 pricing option is the MOST cost-effective?

Dedicated Reserved Hosts

Dedicated On-Demand Hosts

Dedicated Reserved Instances

Dedicated On-Demand Instances

235. A company hosts its core network services, including directory services and DNS. in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network services

What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?

Create a DX connection in each new account Route the network traffic to the on-premises servers

Configure VPC endpoints in the DX VPC for all required services Route the network traffic to the on-premises servers.

Create a VPN connection between each new account and the DX VPC, Route the network traffic to the on-premises servers

Configure AWS Transit Gateway between the accounts Assign DX to the transit gateway and route network traffic to the on-premises servers

236. A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities. while following the principle of least privilege.

Which combination of actions should the solutions architect take to accomplish this goal? (Select TWO.)

Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.

Create a new IAM user for the deployment engineer and add the IAM user to a group that has the PowerUsers IAM policy attached

Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached

Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only

Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.

237. A solution architect needs to design a highly available application consisting of web, application, and database tiers, HTTPS content delivery should be as close to the edge as possible, with the least delivery time.

Which solution meets these requirements and is MOST secure?

Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin

238. A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development process

What should a solutions architect do to meet these requirements?

Use Amazon Macie to automatically discover, classify and protect the EC2 instances

Use Amazon GuardDuty to publish Amazon Simple Notification Service (Amazon SNS) notifications.

Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications

Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in the status of AWS Trusted Advisor checks

239. A company wants a storage option that enables its data science team to analyze its data on premises and in the AWS Cloud. The team needs to be able to run statistical analyses by using the data on premises and by using a fleet of Amazon EC2 instances across multiple Availability Zones.

What should a solutions architect do to meet these requirements?

Use an AWS Storage Gateway tape gateway to copy the on-premises files into Amazon S3.

Use an AWS Storage Gateway volume gateway to copy the on-premises files into Amazon S3.

Use an AWS Storage Gateway file gateway to copy the on-premises files to Amazon Elastic Block Store (Amazon EBS).

Attach an Amazon Elastic File System (Amazon EFS) file system to the on-premises servers. Copy the files to Amazon EF

240. A Solutions architect is designing the cloud architecture for a company that needs to host hundreds of machine learning models for its users. During startup, the models need to load up to 10 GB of data from Amazon S3 into memory, but they do not need disk access. Most of the models are used sporadically, but the users expect all of them to be highly available and accessible with low latency.

Which solution meets the requirements and is MOST cost-effective?

Deploy models as AWS Lambda functions behind an Amazon API Gateway for each model.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind an Application Load Balancer for each model.

Deploy models as AWS Lambda functions behind a single Amazon API Gateway with
path-based routing where one path corresponds to each model.

Deploy models as Amazon Elastic Container Service (Amazon ECS) services behind a single Application Load Balancer with path-based routing where one path corresponds to each model.

241. A company has an on-premises application that collects data and stores it to an on-premises NFS server. The company recently set up a 10 Gbps AWS Direct Connect connection. The company is running out of storage capacity on premises. The company needs to migrate the application data from on premises to the AWS Cloud while maintaining low-latency access to the data from the on-premises application.

What should a solutions architect do to meet these requirements?

Deploy AWS Storage Gateway for the application data, and use the file gateway to store the data in Amazon S3. Connect the on-premises application servers to the file gateway using NF

Attach an Amazon Elastic File System (Amazon EFS) file system to the NFS server, and copy the application data to the EFS file system. Then connect the on-premises application to Amazon EF

Configure AWS Storage Gateway as a volume gateway. Make the application data available to the on-premises application from the NFS server and with Amazon Elastic Block Store (Amazon EBS) snapshots.

Create an AWS DataSync agent with the NFS server as the source location and an Amazon Elastic File System (Amazon EFS) file system as the destination for application data transfer. Connect the on-premises application to the EFS file system.

242. A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancer Based on the application's history, the company anticipates a spike in traffic during a holiday each year. A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity lo minimize any performance impact on application users.

Which solution will meet these requirements?

Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%.

Create a recurring scheduled action to scale up the Auto Scaling group before the expected period of peak demand.

Increase the minimum and maximum number of EC2 instances in the Auto Scaling group during the peak demand period.

Configure an Amazon Simple Notification Service (Amazon SNS) notification to send alerts when there ate autoscaling:EC2_INSTANCE_LAUNCH events.

243. A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.

Which action meets these requirements for storing and retrieving location data?

Use Amazon Athena with Amazon S3.

Use Amazon API Gateway with AWS Lambda.

Use Amazon QuickSight with Amazon Redshift.

Use Amazon API Gateway with Amazon Kinesis Data Analytics.

244. A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows.

What should a solutions architect recommend?

Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.

Set up an Amazon EFS file system that connects with the backup applications using the
NFS interface

Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface

Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.

245. A company has an application that is hosted on Amazon EC2 instances in two private subnets. A solutions architect must make the application available on the public internet with the least amount of N-y administrative effort.

What should the solutions architect recommend?

Create a load balancer and associate two public subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer.

Create a load balancer and associate two private subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer.

Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore In the public subnet Create a load balancer and associate two public subnets from the same Availability Zones as the public instances.

Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two private subnets from the same Availability Zones as the public instances.

246. A company is hosting an election reporting website on AWS for users around the world. The website uses Amazon EC2 Instances for the web and application tiers in an Auto Scaling group with Application Load Balancers. The database tier uses an Amazon RDS for MySQL database. The website is updated with election results once an hour and has historically observed hundreds of users accessing the reports

Which solution will meet these requirements?

Launch an Amazon ElastiCache cluster to cache common database queries.

Launch an Amazon CloudFront web distribution to cache commonly requested website content

Enable disk-based caching on the EC2 instances to cache commonly requested website content

Deploy a reverse proxy into the design using an EC2 instance with caching enabled for commonly requested website content

247. A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.

What should a solutions architect recommend?

Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns.

Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm.

Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.

Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm.

248. A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company s HPC workloads run on Linux Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is short-lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long-term future use.

The company seeks a cloud storage solution that permits the copying of on premises data to long-term persistent storage to make data available for processing by all EC2 instances.

The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files.

Which combination of AWS services meets these requirements?

Amazon FSx for Lustre integrated with Amazon S3

Amazon FSx for Windows File Server integrated with Amazon S3

Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)

Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume

249. A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync A solutions architect needs to replace the file server farm

Which service should the solutions architect use?

Amazon EFS

Amazon FSx

Amazon S3

AWS Storage Gateway

250. A company wants to build an online marketplace application on AWS as a set of loosely coupled microservices. For this application, when a customer submits a new order, two microservices should handle the event simultaneously. The Email microservice will send a confirmation email, and the OrderProcessing microservice will start the order delivery process. It a customer cancels an order, the OrderCancelation and Email microservices should handle the event simultaneously.

A solutions architect wants to use Amazon Simple Queue Service (Amazon SOS) and Amazon Simple Notification Service (Amazon SNS) to design the messaging between the microservices.

How should the solutions architect design the solution?

Create a single SQS queue and publish order events to it. The Email. OrderProcessing. and Order Cancellation microservices can then consume messages of the queue.

Create three SNS topics for each microservice. Publish order events to the three topics. Subscribe each of the Email. OrderProcessing. and Order Cancellation microservices to its own topic.

Create an SNS topic and publish order events to it. Create three SQS queues for the Email. OrderProcessing. and Order Cancellation microservices. Subscribe all SQS queues to the SNS topic with message filtering

Create two SQS queues and publish order events to both queues simultaneously. One queue is for the Email and OrderProcessing microservices. The second queue is for the Email and Order Cancellation microservices.

251. A company receives data from millions of users totaling about 1 TB each flay. The company provides its use's with usage reports gang back 12 months Al usage data must be stored tor at least 5 years to comply with regulatory and auditing requirements

Which storage solution is MOST cost-effective?

Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data lo S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years.

Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3 Standard-infrequent Access (S3 Standard-IA) after i year Sol a lifecycle rule to delete the data after 5 years.

Store the data in Amazon S3 Standard Set a lifecycle -rule to transition the data to S3 One Zone-infrequent Access (S3 One Zone-IA) after 1 year, Set a Lifecycle rule to delete the data after 5
years.

252. An ecommerce company is experiencing an increase in user traffic. The company's store is deployed on Amazon EC2 instances as a two-tier two application consisting of a web tier and a separate database tier As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users. The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead

What should a solutions architect do to meet these requirements?

Create a separate application tier using EC2 instances dedicated to email processing.

Configure the web instance to send email through Amazon Simple Email Service (Amazon SES)

Configure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)

Create a separate application tier using EC2 instances dedicated to email processing.
Place the instances in an Auto Scaling group.

253. A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3.

What should a solutions architect do to reduce costs?

Configure a NAT gateway to replace the NAT instances.

Configure a gateway endpoint for traffic destined to Amazon S3.

Configure an interface endpoint for traffic destined to Amazon S3

Configure Amazon CloudFront for the S3 bucket storing the images

254. A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down.

How should the company deploy this solution?

Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy.

Use Amazon S3 website hosting for the backup website and Route 53 latency routing policy.

Deploy the application in another AWS Region and use ELB health checks for failover routing.

Deploy the application in another AWS Region and use server-side redirection on the primary website.

255. A company is planning on deploying a newly built application on AWS in a default VPC. The application will consist of a web layer and database layer. The web server was created in public subnets, and the MySQL database was created in private subnets. All subnets are created with the default network ACL settings, and the default security group in the VPC will be replaced with new custom security groups.