What steps should a solutions architect take to assure the encryption of all items submitted to an Amazon S3 bucket? Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set. Update the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private. Update the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true. Update the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set.
A manufacturing business is interested in implementing predictive maintenance on its machines. The business will deploy hundreds of IoT sensors that will transmit real-time data to AWS. A solutions architect is entrusted with the responsibility of designing a solution that will receive events in an orderly fashion for each piece of equipment and will guarantee that data is preserved for subsequent processing.
Which option is the MOST EFFECTIVE? Use Amazon Kinesis Data Streams for real-time events with a partition for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon S3. Use Amazon Kinesis Data Streams for real-time events with a shard for each equipment asset. Use Amazon Kinesis Data Firehose to save data to Amazon Elastic Block Store (Amazon EBS). Use an Amazon SQS FIFO queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function for the SQS queue to save data to Amazon Elastic File System (Amazon EFS). Use an Amazon SQS standard queue for real-time events with one queue for each equipment asset. Trigger an AWS Lambda function from the SQS queue to save data to Amazon S3.
A solutions architect is tasked with the responsibility of developing a customer-facing application. The application is projected to have a varying number of reads and writes throughout the year, with well defined access patterns. Database auditing and scalability must be controlled in the AWS Cloud. The Recovery Point Objective (RPO) cannot exceed five hours.
Which solutions are capable of doing this? (Select two.) Use Amazon DynamoDB with auto scaling. Use on-demand backups and AWS CloudTrail. Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams. Use Amazon Redshift Configure concurrency scaling. Enable audit logging. Perform database snapshots every 4 hours. Use Amazon RDS with Provisioned IOPS. Enable the database auditing parameter. Perform database snapshots every 5 hours. Use Amazon RDS with auto scaling. Enable the database auditing parameter. Configure the backup retention period to at least 1 day.
A business is launching an application that batch processes massive amounts of data as required. The workload will be run on Amazon EC2 instances. The network design must be extremely scalable and avoid groupings of nodes having the same underlying hardware.
Which network solution combination will suit these requirements? (Select two.) Create Capacity Reservations for the EC2 instances to run in a placement group. Run the EC2 instances in a spread placement group. Run the EC2 instances in a cluster placement group. Place the EC2 instances in an EC2 Auto Scaling group. Run the EC2 instances in a partition placement group.
Recently, we transferred a monolithic application to AWS and it is currently operating on a single Amazon EC2 machine. Due to application limits, automated scaling cannot be used to scale out the application. The chief technology officer (CTO) desires an automated method for restoring the EC2 instance in the very improbable event that the underlying hardware breaks.
What would enable the quickest feasible automated recovery of the EC2 instance? Configure an Amazon CloudWatch alarm that triggers the recovery of the EC2 instance if it becomes impaired. Configure an Amazon CloudWatch alarm to trigger an SNS message that alerts the CTO when the EC2 instance is impaired. Configure AWS CloudTrail to monitor the health of the EC2 instance, and if it becomes impaired, trigger instance recovery. Configure an Amazon EventBridge event to trigger an AWS Lambda function once an hour that checks the health of the EC2 instance and triggers instance recovery if the EC2 instance is unhealthy.
Internally, a business must communicate media and application files. At the moment, users are authorized through Active Directory and have access to files via a Microsoft Windows platform. The chief executive officer wants to maintain the same user rights as before, but wishes for the corporation to enhance the procedure as it nears its storage capacity limit.
What recommendations should a solutions architect make? Set up a corporate Amazon S3 bucket and move all media and application files. Configure Amazon FSx for Windows File Server and move all the media and application files. Configure Amazon Elastic File System (Amazon EFS) and move all media and application files. Set up Amazon EC2 on Windows, attach multiple Amazon Elastic Block Store (Amazon EBS) volumes, and move all media and application files.
A business wants to share data from self-driving vehicles with the broader automotive community. The data will be accessed through an Amazon S3 bucket. The organization want to keep the expense of making this data accessible to other AWS customers to a minimum.
What actions should a solutions architect take to achieve this objective? Create an S3 VPC endpoint for the bucket. Configure the S3 bucket to be a Requester Pays bucket. Create an Amazon CloudFront distribution in front of the S3 bucket. Require that the files be accessible only with the use of the BitTorrent protocol.
A business utilizes an AWS Lambda function to retrieve and decrypt data from Amazon S3. These files are encrypted using Customer Master Keys for AWS Key Management Service (AWS KMS CMKs). A solutions architect must create a solution that properly sets the needed permissions.
Which action combination does this? (Select two.) Attach the kms:decrypt permission to the Lambda functionג€™s resource policy. Grant the decrypt permission for the Lambda IAM role in the KMS keyג€™s policy. Grant the decrypt permission for the Lambda resource policy in the KMS keyג€™s policy. Create a new IAM policy with the kms:decrypt permission and attach the policy to the Lambda function. Create a new IAM role with the kms:decrypt permission and attach the execution role to the Lambda function.
A business operates a Microsoft.NET application on an on-premises Windows Server. The program makes use of an Oracle Database Standard Edition server to store data. The firm is in the process of migrating to AWS and want to minimize development modifications throughout the process. The Amazon Web Services application environment should be very reliable.
Which steps should the organization take in combination to achieve these requirements? (Select two.) Refactor the application as serverless with AWS Lambda functions running .NET Core. Rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment. Replatform the application to run on Amazon EC2 with the Amazon Linux Amazon Machine Image (AMI). Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment.
A business experiences uneven service from its data center supplier as a result of its location in a natural disaster-prone region. Although the organization is not ready to completely move to the AWS Cloud, it does desire a failover scenario on AWS in the event that the on-premises data center fails.
The business operates web servers that link to third-party providers. The data stored on AWS and on-premises must be consistent.
Which solution, according to a solutions architect, should have the LEAST amount of downtime? Configure an Amazon Route 53 failover record. Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3. Configure an Amazon Route 53 failover record. Execute an AWS CloudFormation template from a script to create Amazon EC2 instances behind an Application Load Balancer. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3. Configure an Amazon Route 53 failover record. Set up an AWS Direct Connect connection between a VPC and the data center. Run application servers on Amazon EC2 in an Auto Scaling group. Run an AWS Lambda function to execute an AWS CloudFormation template to create an Application Load Balancer. Configure an Amazon Route 53 failover record. Run an AWS Lambda function to execute an AWS CloudFormation template to launch two Amazon EC2 instances. Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3. Set up an AWS Direct Connect connection between a VPC and the data center.
A solutions architect is developing an application that will handle large-scale batch processing of data. Amazon S3 will be used to store the input data, while another S3 bucket will be used to keep the output data. The program will handle the data by transferring it over the network across different Amazon EC2 instances.
What should the solutions architect do to minimize the total cost of data transfer? Place all the EC2 instances in an Auto Scaling group. Place all the EC2 instances in the same AWS Region. Place all the EC2 instances in the same Availability Zone. Place all the EC2 instances in private subnets in multiple Availability Zones.
A packaged application created and returned by a business dynamically produces and returns single-use text files in response to user requests. The firm is already distributing content using Amazon CloudFront, but wants to further minimize data transmission costs. The firm is not permitted to edit the source code of the program.
What actions should a solutions architect do to save money? Use Lambda@Edge to compress the files as they are sent to users. Enable Amazon S3 Transfer Acceleration to reduce the response times. Enable caching on the CloudFront distribution to store generated files at the edge. Use Amazon S3 multipart uploads to move the files to Amazon S3 before returning them to users.
A business that now maintains a website on-premises want to move it to the AWS Cloud. Although the website exposes a single hostname to the internet, it routes its functionalities to distinct on-premises server groups dependent on the URL path. The server groups are individually scaled in accordance with the requirements of the services they support. The company's on-premises network is connected through an AWS Direct Connect link.
What should a solutions architect do to ensure that traffic is sent to the proper set of servers using path-based routing? Route all traffic to an internet gateway. Configure pattern matching rules at the internet gateway to route traffic to the group of servers supporting that path. Route all traffic to a Network Load Balancer (NLB) with target groups for each group of servers. Use pattern matching rules at the NLB to route traffic to the correct target group. Route all traffic to an Application Load Balancer (ALB). Configure path-based routing at the ALB to route traffic to the correct target group for the servers supporting that path. Use Amazon Route 53 as the DNS server. Configure Route 53 path-based alias records to route traffic to the correct Elastic Load Balancer for the group of servers supporting that path.
A business collects organized clickstream data from numerous websites and analyzes it using batch processing. Each day, the firm gets 100 million event records, each of which is around 1 KB in size. Each night, the organization imports data onto Amazon Redshift, which business analysts ingest.
The organization wishes to transition to near-real-time data processing in order to provide timely insights. The solution should process the streaming data with the least amount of operational overhead as feasible.
Which AWS service combination best meets these objectives in terms of cost-effectiveness? (Select two.) Amazon EC2 AWS Batch Amazon Simple Queue Service (Amazon SQS) Amazon Kinesis Data Firehose Amazon Kinesis Data Analytics.
A business has an AWS account for software engineering purposes. Through a pair of AWS Direct Connect connections, the AWS account gets access to the company's on-premises data center. All traffic that does not originate in a virtual private cloud is routed via the virtual private gateway.
A development team recently used the console to construct an AWS Lambda function. The development team must provide access to the function to a database that is located on a private subnet inside the company's data center.
Which solution will satisfy these criteria? Configure the Lambda function to run in the VPC with the appropriate security group. Set up a VPN connection from AWS to the data center. Route the traffic from the Lambda function through the VPN. Update the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect. Create an Elastic IP address. Configure the Lambda function to send traffic through the Elastic IP address without an elastic network interface.
A solutions architect is developing a new virtual private cloud (VPC) architecture. Two public subnets are reserved for the load balancer, two private subnets are reserved for web servers, and two private subnets are reserved for MySQL. HTTPS is the sole protocol used by the web servers. The solutions architect has previously configured the load balancer's security group to enable access to port 443 from 0.0.0.0/0. According to company policy, each resource must have the least amount of access necessary to accomplish its functions.
Which extra configuration technique should the solutions architect do in order to satisfy these requirements? Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group for the MySQL servers and allow port 3306 from the web servers security group. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group. Create a security group for the web servers and allow port 443 from the load balancer. Create a security group for the MySQL servers and allow port 3306 from the web servers security group. Create a network ACL for the web servers and allow port 443 from the load balancer. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
A business may have several projects running in various AWS Regions. Typically, the projects have a three-tier architecture comprised of Amazon EC2 instances that are routed via an Application Load Balancer. The instances are managed as part of an Auto Scaling group and share Amazon Elastic File System (Amazon EFS) storage and Amazon Relational Database Service (Amazon RDS) databases. Certain initiatives need resources from many regions.
A solutions architect must determine the specific expenses associated with each project.
Which method requires the LEAST amount of operational effort to convey this information? Use Cost Explorer to perform one-time queries for each Region and create a report that filters by project. Use the AWS Billing and Cost Management details page to see the actual usage costs of the resources by project. Use AWS Systems Manager to group resources by project and monitor each projectג€™s resources and cost. Use AWS Billing and Cost Management to activate cost allocation tags and create reports that are based on the project tags.
A business is evaluating various options for collecting, processing, and storing data about how people utilize their services. The business aim is to provide an analytics capability that enables the organization to easily acquire operational insights using regular SQL queries. The solution should be highly accessible and adhere to the data tier's Atomicity, Consistency, Isolation, and Durability (ACID) requirements.
Which solution, if any, should a solutions architect suggest? Use an Amazon Timestream database. Use an Amazon Neptune database in a Multi-AZ design. Use a fully managed Amazon RDS for MySQL database in a Multi-AZ design. Deploy PostgreSQL on an Amazon EC2 instance that uses Amazon Elastic Block Store (Amazon EBS) Throughput Optimized HDD (st1) storage.
A business stores its static website content in the us-east-1 Region through an Amazon S3 bucket. The bucket's content is made accessible through an Amazon CloudFront origin pointing to it. Cross-Region replication is enabled, which will replicate the bucket to the ap-southeast-1 Region. The management team is looking for a solution that would increase the website's availability.
Which activities should a solutions architect perform in conjunction to enhance availability? (Select two.) Add both buckets to the CloudFront origin. Configure failover routing in Amazon Route 53. Create a record in Amazon Route 53 pointing to the replica bucket. Create an additional CloudFront origin pointing to the ap-southeast-1 bucket. Set up a CloudFront origin group with the us-east-1 bucket as the primary and the ap-southeast-1 bucket as the secondary.
A business transferred a two-tier application from its on-premises data center to the Amazon Web Services Cloud. The data layer is a multi-AZ Amazon RDS for Oracle configuration with 12' of Amazon Elastic Block Store (Amazon EBS) general purpose SSD storage. The program is intended to process and store documents as binary big objects (blobs) with an average document size of 6 MB in the database.
The database has increased in size over time, lowering performance and increasing storage costs. The organization wants to boost database performance and need a highly available and robust solution.
Which approach will be the most cost-effective in meeting these requirements? Reduce the RDS DB instance size. Increase the storage capacity to 24 TiB. Change the storage type to Magnetic. Increase the RDS DB instance size. Increase the storage capacity to 24 TiB. Change the storage type to Provisioned IOPS. Create an Amazon S3 bucket. Update the application to store documents in the S3 bucket. Store the object metadata in the existing database. Create an Amazon DynamoDB table. Update the application to use DynamoDB. Use AWS Database Migration Service (AWS DMS) to migrate data from the Oracle database to DynamoDB.
The website of a business that is hosted on Amazon EC2 instances handles classified data that is stored in Amazon S3. The organization wants a private and secure connection between its EC2 resources and Amazon S3 due to security concerns.
Which solution satisfies these criteria? Set up S3 bucket policies to allow access from a VPC endpoint. Set up an IAM policy to grant read-write access to the S3 bucket. Set up a NAT gateway to access resources outside the private subnet. Set up an access key ID and a secret access key to access the S3 bucket.
A business has just expanded worldwide and want to make its application available to consumers in those new markets. The application is deployed on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The firm need the capacity to redirect traffic from one region's resources to another.
What recommendations should a solutions architect make? Configure an Amazon Route 53 latency routing policy. Configure an Amazon Route 53 geolocation routing policy. Configure an Amazon Route 53 geoproximity routing policy. Configure an Amazon Route 53 multivalue answer routing policy.
A business must consume and manage massive volumes of streaming data generated by its application. The application is deployed on Amazon EC2 instances and communicates with Amazon Kinesis Data Streams, which is setup with default parameters. The application consumes and publishes data to an Amazon S3 bucket every other day for business intelligence (BI) analysis. The business notes that Amazon S3 is not getting all of the data sent to Kinesis Data Streams by the application.
What is the best course of action for a solutions architect to take in order to tackle this issue? Update the Kinesis Data Streams default settings by modifying the data retention period. Update the application to use the Kinesis Producer Library (KPL) to send the data to Kinesis Data Streams. Update the number of Kinesis shards to handle the throughput of the data that is sent to Kinesis Data Streams. Turn on S3 Versioning within the S3 bucket to preserve every version of every object that is ingested in the S3 bucket.
A business is developing a web application on AWS for the purpose of processing insurance quotations. The program will allow users to seek quotations. Quotes must be classified according to quotation type and must be answered to within 24 hours or risk being lost. The solution should be straightforward to implement and maintain.
Which solution satisfies these criteria? Create multiple Amazon Kinesis data streams based on the quote type. Configure the web application to send messages to the proper data stream. Configure each backend group of application servers to pool messages from its own data stream using the Kinesis Client Library (KCL). Create multiple Amazon Simple Notification Service (Amazon SNS) topics and register Amazon SQS queues to their own SNS topic based on the quote type. Configure the web application to publish messages to the SNS topic queue. Configure each backend application server to work its own SQS queue. Create a single Amazon Simple Notification Service (Amazon SNS) topic and subscribe the Amazon SQS queues to the SNS topic. Configure SNS message filtering to publish messages to the proper SQS queue based on the quote type. Configure each backend application server to work its own SQS queue. Create multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon Elasticsearch Service (Amazon ES) cluster. Configure the web application to send messages to the proper delivery stream. Configure each backend group of application servers to search for the messages from Amazon ES and process them accordingly.
A business is developing a new application that will operate in a virtual private cloud on Amazon EC2 instances. The program stores data in Amazon S3 and accesses it using Amazon DynamoDB. The corporation forbids any communication between EC2 instances and other AWS services from traveling over the public internet for compliance concerns.
What can a solution architect do to satisfy this criterion? Configure gateway VPC endpoints to Amazon S3 and DynamoDB. Configure interface VPC endpoints to Amazon S3 and DynamoDB. Configure a gateway VPC endpoint to Amazon S3. Configure an interface VPC endpoint to DynamoDB. Configure a gateway VPC endpoint to DynamoDB. Configure an interface VPC endpoint to Amazon S3.
A business has created a new AWS account. The account is freshly established, and no changes to the default settings have been made. The organization is worried about the AWS account root user's security.
What measures should be taken to safeguard the root user? Create IAM users for daily administrative tasks. Disable the root user. Create IAM users for daily administrative tasks. Enable multi-factor authentication on the root user. Generate an access key for the root user. Use the access key for daily administration tasks instead of the AWS Management Console. Provide the root user credentials to the most senior solutions architect. Have the solutions architect use the root user for daily administration tasks.
An organization hosts an application on Amazon EC2 instances on two private subnets. A solutions architect's goal is to make the application as easily accessible as possible over the public internet.
What recommendations should the solutions architect make? Create a load balancer and associate two public subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer. Create a load balancer and associate two private subnets from the same Availability Zones as the private instances. Add the private instances to the load balancer. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two public subnets from the same Availability Zones as the public instances. Create an Amazon Machine Image (AMI) of the instances in the private subnet and restore in the public subnet. Create a load balancer and associate two private subnets from the same Availability Zones as the public instances.
The HTTP application of a business is protected by a Network Load Balancer (NLB). The target group of the NLB is set to use an Amazon EC2 Auto Scaling group with numerous EC2 instances running the web service.
The firm sees that the application's HTTP faults are not being detected by the NLB. These problems need a manual restart of the web service's EC2 instances. The organization need a way to increase the application's availability without having to write bespoke scripts or code.
What actions should a solutions architect take to ensure that these criteria are met? Enable HTTP health checks on the NLB, supplying the URL of the companyג€™s application. Add a cron job to the EC2 instances to check the local applicationג€™s logs once each minute. If HTTP errors are detected, the application will restart. Replace the NLB with an Application Load Balancer. Enable HTTP health checks by supplying the URL of the companyג€™s application. Configure an Auto Scaling action to replace unhealthy instances. Create an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB. Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.
On AWS, a business is operating a multi-tier web application. The application's database layer is powered by Amazon Aurora MySQL. The application and database layers are located in the region us-east-1. A database administrator who checks the Aurora DB cluster on a regular basis notices that an occasional surge in read traffic results in high CPU use on the read replica, increasing the application's read latency.
What should a solutions architect do to increase the read scalability of their application? Reboot the Aurora DB cluster. Create a cross-Region read replica Increase the instance class of the read replica. Configure Aurora Auto Scaling for the read replica.
A business wishes to relocate its on-premises image repository of 1 PB to AWS. The photos will be utilized by a serverless web application. Although they will be used infrequently, they must be promptly accessible. Additionally, the photos must be encrypted while storage and prevented from being deleted accidentally.
Which solution satisfies these criteria? Implement client-side encryption and store the images in an Amazon S3 Glacier vault. Set a vault lock to prevent accidental deletion. Store the images in an Amazon S3 bucket in the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Enable versioning, default encryption, and MFA Delete on the S3 bucket. Store the images in an Amazon FSx for Windows File Server file share. Configure the Amazon FSx file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NTFS permission sets on the images to prevent accidental deletion. Store the Images in an Amazon Elastic File System (Amazon EFS) file share in the Infrequent Access storage class. Configure the EFS file share to use an AWS Key Management Service (AWS KMS) customer master key (CMK) to encrypt the images in the file share. Use NFS permission sets on the images to prevent accidental deletion.
A business has a number of apps that make use of Amazon RDS for MySQL as the database. Recently, the organization realized that a new custom reporting application had increased the database's query count. This results in a decrease in performance.
How could a solutions architect address this problem with the fewest number of application modifications possible? Add a secondary DB instance using Multi-AZ. Set up a road replica and Multi-AZ on Amazon RDS. Set up a standby replica and Multi-AZ on Amazon RDS. Use caching on Amazon RDS to improve the overall performance.
A firm is developing a web application on AWS utilizing containers. At any one moment, the organization needs three instances of the web application to be running. The application must be scalable in order to keep up with demand increases. While management is cost-conscious, they agree that the application should be highly accessible.
What recommendations should a solutions architect make? Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type. Create a task definition for the web application. Create an ECS service with a desired count of three tasks. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with three container instances in one Availability Zone. Create a task definition for the web application. Place one task for each container instance. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Fargate launch type with one container instance in three different Availability Zones. Create a task definition for the web application. Create an ECS service with a desired count of three tasks. Create an Amazon Elastic Container Service (Amazon ECS) cluster using the Amazon EC2 launch type with one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance and one task on the remaining container instance.
A business needs a resilient backup storage solution for its on-premises database servers, while also guaranteeing that on-premises apps have access to these backups for rapid recovery. The corporation will store these backups on AWS storage services. A solutions architect is responsible for developing a solution with the least amount of operational overhead possible.
Which solution should be implemented by the solutions architect? Deploy an AWS Storage Gateway file gateway on-premises and associate it with an Amazon S3 bucket. Back up the databases to an AWS Storage Gateway volume gateway and access it using the Amazon S3 API. Transfer the database backup files to an Amazon Elastic Block Store (Amazon EBS) volume attached to an Amazon EC2 instance. Back up the database directly to an AWS Snowball device and use lifecycle rules to move the data to Amazon S3 Glacier Deep Archive.
AWS Organizations enables a business to manage many AWS accounts for various departments. The management account has an Amazon S3 bucket where project reports are stored. The corporation wishes to restrict access to this S3 bucket to people with AWS Organizations accounts.
Which method satisfies these criteria with the FEASTEST operational overhead? Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy. Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly. Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.
A business intends to utilize Amazon S3 to store sensitive user data. Internal security compliance requirements demand that data be encrypted prior to being sent to Amazon S3.
What recommendations should a solutions architect make to meet these requirements? Server-side encryption with customer-provided encryption keys Client-side encryption with Amazon S3 managed encryption keys Server-side encryption with keys stored in AWS key Management Service (AWS KMS) Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS).
A business offers datasets to clients doing artificial intelligence and machine learning (AI/ML) research. The datasets are huge, formatted files that are hosted in a bucket on Amazon S3 in the us-east-1 Region. The business runs a web application via which consumers may buy access to a certain dataset. Multiple Amazon EC2 instances are used to host the web application, which is then routed via an Application Load Balancer. Following a purchase, buyers get an S3-signed URL granting access to the files.
Customers are located across North America and Europe. The organization wishes to lower the cost of data transfers while maintaining or improving performance.
What actions should a solutions architect take to ensure that these criteria are met? Configure S3 Transfer Acceleration on the existing S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint. Continue to use S3 signed URLs for access control. Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control. Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets. Direct customer requests to the closest Region. Continue to use S3 signed URLs for access control. Modify the web application to enable streaming of the datasets to end users. Configure the web application to read the data from the existing S3 bucket. Implement access control directly in the application.
A solutions architect is tasked with the responsibility of designing a database solution for a high-volume ecommerce online application. Customer profiles and shopping cart information are stored in the database. The database must be able to handle several million queries per second at its peak and respond in milliseconds. The operational overhead associated with database aging and scalability must be kept to a minimum.
Which database solution should be recommended by the solutions architect? Amazon Aurora Amazon DynamoDB Amazon RDS Amazon Redshift.
For security concerns, a business has many Amazon EC2 instances configured in a private subnet. These instances are used to run applications that frequently read and write huge volumes of data to and from Amazon S3. At the moment, subnet routing routes all traffic to the internet via a NAT gateway. The organization wishes to reduce overall costs while maintaining the application's capacity to interface with Amazon S3 or the public internet.
What actions should a solutions architect do to save costs? Create an additional NAT gateway. Update the route table to route to the NAT gateway. Update the network ACL to allow S3 traffic. Create an internet gateway. Update the route table to route traffic to the internet gateway. Update the network ACL to allow S3 traffic. Create a VPC endpoint for Amazon S3. Attach an endpoint policy to the endpoint. Update the route table to direct traffic to the VPC endpoint. Create an AWS Lambda function outside of the VPC to handle S3 requests. Attach an IAM policy to the EC2 instances, allowing them to invoke the Lambda function.
A business is developing a new web application that will be deployed in a single AWS Region. A two-tier design is required for the application, which will use Amazon EC2 instances and an Amazon RDS database instance. A solutions architect must plan the application's architecture in such a way that all components are highly accessible.
Which approach will be the most cost-effective in meeting these requirements? Deploy EC2 instances in an additional Region. Create a DB instance with the Multi-AZ option activated. Deploy all EC2 instances in the same Region and the same Availability Zone. Create a DB instance with the Multi-AZ option activated. Deploy EC2 instances across at least two Availability Zones within the same Region. Create a DB instance in a single Availability Zone. Deploy EC2 instances across at least two Availability Zones within the same Region. Create a DB instance with the Multi-AZ option activated.
A business has developed a bespoke application that runs on an Amazon EC instance and performs the following functions:
¢ Reads a large amount of data from Amazon S3
¢ Performs a multi-stage analysis
¢ Writes the results to Amazon DynamoDB
During the multi-stage analysis, the program creates a huge number of big temporary files. The performance of the procedure is dependent on the performance of the temporary storage.
What would be the quickest method of storing temporary files? Multiple Amazon S3 buckets with Transfer Acceleration for storage. Multiple Amazon Elastic Block Store (Amazon EBS) drives with Provisioned IOPS and EBS optimization. Multiple Amazon Elastic File System (Amazon EFS) volumes using the Network File System version 4.1 (NFSv4.1) protocol. Multiple instance store volumes with software RAID 0.
On-premises, a business has a sizable Microsoft SharePoint implementation that needs Microsoft Windows shared file storage. The organization is contemplating migrating this workload to AWS Cloud and evaluating other storage solutions. The storage solution must be highly available and have access control coupled with Active Directory.
Which solution will meet these criteria? Configure Amazon EFS Amazon Elastic File System (Amazon EFS) storage and set the Active Directory domain for authentication. Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones. Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume. Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
A firm uses the AWS Cloud to host its multi-tiered public web application. Amazon EC2 instances host the web application, while Amazon RDS hosts the database. The firm anticipates a significant boost in revenues during the forthcoming holiday weekend. A solutions architect must provide a solution for analyzing the web application's performance with a granularity of no more than two minutes.
What actions should the solutions architect do in order to satisfy this requirement? Send Amazon CloudWatch logs to Amazon Redshift. Use Amazon QuickSight to perform further analysis. Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to perform further analysis. Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs. Use Amazon CloudWatch metrics to perform further analysis. Send EC2 logs to Amazon S3. Use Amazon Redshift to fetch logs from the S3 bucket to process raw data for further analysis with Amazon QuickSight.
A corporation uses AWS to host its product information websites. The present approach deploys numerous Amazon C2 instances in an Auto Scaling group behind an Application Load Balancer. Additionally, the website utilizes a special DNS name and interacts over HTTPS only using a dedicated SSL certificate. The firm is in the process of launching a new product and wants to ensure that people from all over the globe enjoy the greatest experience possible on the new website.
What actions should a solutions architect take to ensure that these criteria are met? Redesign the application to use Amazon CloudFront. Redesign the application to use AWS Elastic Beanstalk. Redesign the application to use a Network Load Balancer. Redesign the application to use Amazon S3 static website hosting.
A business has an application that stores data in Amazon Elastic File System (Amazon EFS). The files are 1 GB or bigger in size and are often visited during the first several days after production. The data for the application is distributed over a cluster of Linux servers. The corporation wishes to lower the application's storage expenses.
What actions should a solutions architect take to ensure that these criteria are met? Implement Amazon FSx and mount the network drive on each server. Move the files from Amazon Elastic File System (Amazon EFS) and store them locally on each Amazon EC2 instance. Configure a Lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days. Move the files to Amazon S3 with S3 lifecycle policies enabled. Rewrite the application to support mounting the S3 bucket.
Recently, a business moved a message processing system to AWS. The system accepts messages into an Amazon EC2 instance's ActiveMQ queue. A consumer application running on Amazon EC2 processes the messages. The consumer application processes the messages and writes the results to an Amazon EC2 MySQL database. The organization wants a highly accessible application with little operational complexity.
Which architecture is the MOST RELIABLE? Add a second ActiveMQ server to another Availability Zone. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Replicate the MySQL database to another Availability Zone. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an additional consumer EC2 instance in another Availability Zone. Use Amazon RDS for MySQL with Multi-AZ enabled. Use Amazon MQ with active/standby brokers configured across two Availability Zones. Add an Auto Scaling group for the consumer EC2 instances across two Availability Zones. Use Amazon RDS for MySQL with Multi-AZ enabled.
Recently, a corporation created its website in order to deliver information to its worldwide user base. The firm wishes to store and speed the delivery of static material to its consumers via the usage of Amazon CloudFront and an Amazon EC2 instance as the origin.
How should a solutions architect maximize an application's high availability? Use Lambda@Edge for CloudFront. Use Amazon S3 Transfer Acceleration for CloudFront. Configure another EC2 instance in a different Availability Zone as part of the origin group. Configure another EC2 instance as part of the origin server cluster in the same Availability Zone.
A solutions architect is tasked with the responsibility of building a two-tier online application. The application is composed of a front-end web layer that is hosted on Amazon EC2 on public subnets. The database layer is comprised of Microsoft SQL Server instances operating in a private subnet on Amazon EC2. The organization places a high premium on security.
In this case, how should security groups be configured? (Select two.) Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.
AWS-hosted application is having performance issues, and the application vendor want to analyze the log file in order to troubleshoot further. The log file is 10 GB in size and is hosted on Amazon S3. For a short period, the application owner will make the log file accessible to the vendor.
What is the MOST SECURE method of doing this? Enable public read on the S3 object and provide the link to the vendor. Upload the file to Amazon WorkDocs and share the public link with the vendor. Generate a presigned URL and have the vendor download the log file before it expires. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.
A ride-hailing company's historical data on service consumption is organized. Amazon S3 csv data files A data analyst must run SQL queries on this data.
A solutions architect must offer a solution that maximizes the query's cost-effectiveness.
Which solution satisfies these criteria? Create an Amazon EMR cluster. Load the data. Perform the queries. Create an Amazon Redshift cluster. Import the data. Perform the queries. Create an Amazon Aurora PostgreSQL DB cluster. Import the data. Perform the queries. Create an Amazon Athena database. Associate the data in Amazon S3. Perform the queries.
A solutions architect is tasked with the responsibility of developing a new Amazon CloudFront distribution for an application. Certain information given by users is considered sensitive. Although the program employs HTTPS, it requires an additional layer of protection. Sensitive data should be safeguarded throughout the whole application stack, and access to it should be limited to specific apps.
Which course of action should be taken by the solutions architect? Configure a CloudFront signed URL Configure a CloudFront signed cookie. Configure a CloudFront field-level encryption profile. Configure a CloudFront and set the Origin Protocol Policy setting to HTTPS. Only for the Viewer Protocol Pokey.
A web application is hosted on Amazon EC2 instances, which are routed through an Application Load Balancer. Users may construct bespoke reports using historical weather data. A report may take up to five minutes to generate. These lengthy queries use a significant portion of the system's available incoming connections, rendering the system unusable to other users.
How can a solutions architect increase the responsiveness of a system? Use Amazon SQS with AWS Lambda to generate reports. Increase the idle timeout on the Application Load Balancer to 5 minutes. Update the client-side application code to increase its request timeout to 5 minutes. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading to the user.
A business currently maintains a static website on-premises and want to transfer it to AWS. For visitors worldwide, the website should load as rapidly as possible. Additionally, the business seeks the most cost-effective option.
What actions should a solutions architect take to achieve this? Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin. Copy the website content to an Amazon EBS-backed Amazon EC2 instance running Apache HTTP Server. Configure Amazon Route 53 geolocation routing policies to select the closest origin. Copy the website content to multiple Amazon EBS-backed Amazon EC2 instances running Apache HTTP Server in multiple AWS Regions. Configure Amazon CloudFront geolocation routing policies to select the closest origin.
A business has developed an application that analyzes millions of connected devices for security concerns and records the results to an Amazon S3 bucket. Each week, the organization generates around 70 GB of data, and the corporation must retain three years of data for historical reporting. The organization must analyze, aggregate, and enhance data from Amazon S3 in the shortest period of time possible by conducting complicated analytical queries and joins. On an Amazon QuickSight dashboard, the aggregated dataset is shown.
What recommendations should a solutions architect make to satisfy these requirements? Create and run an ETL job in AWS Glue to process the data from Amazon S3 and load it into Amazon Redshift. Perform the aggregation queries on Amazon Redshift. Use AWS Lambda functions based on S3 PutObject event triggers to copy the incremental changes to Amazon DynamoDB. Perform the aggregation queries on DynamoDB. Use AWS Lambda functions based on S3 PutObject event triggers to copy the incremental changes to Amazon Aurora MySQL. Perform the aggregation queries on Aurora MySQL. Use AWS Glue to catalog the data in Amazon S3. Perform the aggregation queries on the cataloged tables by using Amazon Athena. Query the data directly from Amazon S3.
A firm runs many business apps in three distinct virtual private clouds (VPCs) inside the eu-east-1 Region. Applications must be able to interact with one another across VPCs. Additionally, the apps must be capable of sending hundreds of terabytes of data daily to a latency-sensitive application running in a single on-premises data center.
A solutions architect's primary responsibility is to build a network connection solution that is as cost-effective as possible.
Which solution satisfies these criteria? Configure three AWS Site-to-Site VPN connections from the data center to AWS. Establish connectivity by configuring one VPN connection for each VPC. Launch a third-party virtual network appliance in each VPC. Establish an IPsec VPN tunnel between the data center and each virtual appliance. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1. Establish connectivity by configuring each VPC to use one of the Direct Connect connections. Set up one AWS Direct Connect connection from the data center to AWS. Create a transit gateway, and attach each VPC to the transit gateway. Establish connectivity between the Direct Connect connection and the transit gateway.
Each day at 12:00, a website hosts a web application that gets a spike of traffic. Daily, people submit fresh images and material, but have complained about timeouts. The design makes advantage of Amazon EC2 Auto Scaling groups, and the custom application takes an average of one minute to start up before responding to user queries.
How should a solutions architect reimagine the architecture in order to adapt to shifting traffic patterns? Configure a Network Load Balancer with a slow start configuration. Configure AWS ElastiCache for Redis to offload direct requests to the servers. Configure an Auto Scaling step scaling policy with an instance warmup condition. Configure Amazon CloudFront to use an Application Load Balancer as the origin.
A corporation has implemented a new auditing system to consolidate information about Amazon EC2 instance operating system versions, patching, and installed applications. A solutions architect must guarantee that all instances provisioned through EC2 Auto Scaling groups correctly deliver audit reports to the auditing system at startup and shutdown.
Which method accomplishes these objectives the MOST EFFECTIVELY? Use a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system. Use EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated. Use an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated. Run a custom script on the instance operating system to send data to the audit system. Configure the script to be executed by the EC2 Auto Scaling group when the instance starts and is terminated.
A solutions architect is developing a new hybrid architecture to migrate an organization's on-premises infrastructure to Amazon Web Services. The organization seeks a highly accessible connection to an AWS Region with constant low latency. The firm is concerned with cost containment and is ready to endure slower traffic in the event that the main connection breaks.
What actions should the solutions architect take to ensure that these criteria are met? Provision an AWS Direct Connect connection to a Region. Provision a VPN connection as a backup if the primary Direct Connect connection fails. Provision a VPN tunnel connection to a Region for private connectivity. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails. Provision an AWS Direct Connect connection to a Region. Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails. Provision an AWS Direct Connect connection to a Region. Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.
A business is transferring a cluster of NoSQL databases to Amazon EC2. The database duplicates data automatically in order to retain at least three copies of it. The servers' I/O throughput is of the utmost importance.
What sort of instance should a solutions architect propose for the migration? Storage optimized instances with instance store Burstable general purpose instances with an Amazon Elastic Block Store (Amazon EBS) volume Memory optimized instances with Amazon Elastic Block Store (Amazon EBS) optimization enabled Compute optimized instances with Amazon Elastic Block Store (Amazon EBS) optimization enabled.
A media firm uses an application to monitor user clicks on its websites and do analytics in order to deliver near-real-time suggestions. The program is implemented as a Heel of Amazon EC2 instances that collect data from websites and transfer it to an Amazon RDS database instance. Another fleet of Amazon EC2 instances hosts the piece of the program that is constantly monitoring the database for changes and performing SQL queries to generate suggestions. Management has ordered a rethink of the infrastructure in order to decouple it. The solution must guarantee that data analysts write SQL only for the purpose of data analysis. There is no possibility of data loss during the deployment.
What recommendations should a solutions architect make? Use Amazon Kinesis Data Streams to capture the data from the websites Kinesis Data Firehose to persist the data on Amazon S3, and Amazon Athena to query the data. Use Amazon Kinesis Data Streams to capture the data from the websites. Kinesis Data Analytics to query the data, and Kinesis Data Firehose to persist the data on Amazon S3. Use Amazon Simple Queue Service (Amazon SQS) to capture the data from the websites, keep the fleet of EC2 instances, and change to a bigger instance type in the Auto Scaling group configuration. Use Amazon Simple Notification Service (Amazon SNS) to receive data from the websites and proxy the messages to AWS Lambda functions that execute the queries and persist the data. Change Amazon RDS to Amazon Aurora Serverless to persist the data.
A business developed an application that enables users to check in at locations, score them, and provide opinions about their experiences. The application is a success, with a monthly user base that is rapidly growing.
The chief technology officer is concerned that the database that powers the present infrastructure will be unable to manage the additional demand the following month, since the single Amazon RDS for MySQL instance has generated alerts linked to resource depletion due to read requests.
What can a solutions architect propose to minimize code modifications required to avoid service interruptions at the database layer? Create RDS read replicas and redirect read-only traffic to the read replica endpoints. Enable a Multi-AZ deployment. Create an Amazon EMR cluster and migrate the data to a Hadoop Distributed File System (HDFS) with a replication factor of 3. Create an Amazon ElastiCache cluster and redirect all read-only traffic to the cluster. Set up the cluster to be deployed in three Availability Zones. Create an Amazon DynamoDB table to replace the RDS instance and redirect all read-only traffic to the DynamoDB table. Enable DynamoDB Accelerator to offload traffic from the main table.
A healthcare organization maintains extremely confidential patient records. Compliance necessitates the storage of several copies in distinct places. Each record must be retained for a period of seven years. The corporation has a service level agreement (SLA) with government agencies that requires documents to be provided instantly for the first 30 days and then within four hours of a request after that.
What recommendations should a solutions architect make? Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier using lifecycle policy. Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days, transition the data to Amazon S3 Glacier using a lifecycle policy. Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Achieve using a lifecycle policy. Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.
On-premises, a business manages health records. The firm must retain these documents in perpetuity, disable any alterations made to them after they are saved, and audit access at all levels granularly. The chief technology officer (CTO) is worried because millions of data are currently unused by any application and the present infrastructure is running out of capacity. The Chief Technology Officer has asked that a solutions architect build a solution for migrating old data and supporting future records.
Which solutions architect services may be recommended to suit these requirements? Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events. Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events. Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events. Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging.
A business hosts their application on AWS. The application is hosted on Amazon EC2 instances behind an Elastic Load Balancer and an Amazon DynamoDB database. The organization needs to guarantee that the application may be moved to another AWS Region with the least amount of downtime possible.
What should a solutions architect do to ensure that these criteria are met with the MINIMUM possible downtime? Create an Auto Scaling group and a load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Regionג€™s load balancer. Create an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be executed when needed. Configure DNS failover to point to the new disaster recovery Regionג€™s load balancer. Create an AWS CloudFormation template to create EC2 instances and a load balancer to be executed when needed. Configure the DynamoDB table as a global table. Configure DNS failover to point to the new disaster recovery Regionג€™s load balancer. Create an Auto Scaling group and load balancer in the disaster recovery Region. Configure the DynamoDB table as a global table. Create an Amazon CloudWatch alarm to trigger and AWS Lambda function that updates Amazon Route 53 pointing to the disaster recovery load balancer.
A solutions architect is developing a new API that will accept requests from customers using Amazon API Gateway. Request traffic varies significantly; many hours may pass without getting a single request. Asynchronous data processing will occur, but should be finished within a few seconds of a request being made.
Which compute service should the solutions architect instruct the API to call in order to meet the requirements efficiently? An AWS Glue job An AWS Lambda function A containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS) A containerized service hosted in Amazon ECS with Amazon EC2.
A solutions architect is responsible for the development of an application. The application will be deployed on Amazon EC2 instances distributed across several Availability Zones inside a VPC.
The Amazon EC2 instances will regularly access huge files containing sensitive data. These files are processed in Amazon S3 buckets. The solutions architect's network design must be optimized to reduce data transmission expenses.
What actions should the solutions architect take to ensure that these criteria are met? Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint. Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway. Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint. Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.
In an Amazon S3 bucket, a business is storing 60 TB of production-level data. A solutions architect is responsible for bringing that data on-premises in order to comply with quarterly audit requirements. This data export must be encrypted in transit. The corporation uses a low-bandwidth network connection between AWS and its on-premises data center.
What actions should the solutions architect take to ensure that these criteria are met? Deploy AWS Migration Hub with 90-day replication windows for data transfer. Deploy an AWS Storage Gateway volume gateway on AWS. Enable a 90-day replication window to transfer the data. Deploy Amazon Elastic File System (Amazon EFS), with lifecycle policies enabled, on AWS. Use it to transfer the data. Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS Snowball console.
A business runs an application on an Amazon EC2 instance with a maximum storage requirement of 200 GB. The application is utilized rarely, with mornings and evenings being the busiest times. Disk I/O varies but reaches a maximum of 3,000 IOPS. The company's chief financial officer is worried about expenses and has requested a recommendation from a solutions architect for the most cost-effective storage choice that does not compromise performance.
Which solution should the architect of solutions recommend? Amazon Elastic Block Store (Amazon EBS) Cold HDD (sc1) Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io1) Amazon Elastic Block Store (Amazon EBS) Throughput Optimized HDD (st1).
A business wishes to share forensic accounting data with an external auditor that is kept in an Amazon RDS DB instance. The auditor has its own Amazon Web Services (AWS) account and demands a copy of the database.
How should the organization share the database with the auditor in a secure manner? Create a read replica of the database and configure IAM standard database authentication to grant the auditor access. Copy a snapshot of the database to Amazon S3 and assign an IAM role to the auditor to grant access to the object in that bucket. Export the database contents to text files, store the files in Amazon S3, and create a new IAM user for the auditor with access to that bucket. Make an encrypted snapshot of the database, share the snapshot, and allow access to the AWS Key Management Service (AWS KMS) encryption key.
A business want to duplicate its data to AWS in order to be able to recover in the case of a catastrophe. A system administrator nowadays has programs that transfer data to an NFS share.
Individual backup files must be retrieved quickly by program administrators in order to address processing issues.
What recommendations should a solutions architect make to satisfy these requirements? Modify the script to copy data to an Amazon S3 bucket instead of the on-premises NFS share. Modify the script to copy data to an Amazon S3 Glacier Archive instead of the on-premises NFS share. Modify the script to copy data to an Amazon Elastic File System (Amazon EFS) volume instead of the on-premises NFS share. Modify the script to copy data to an AWS Storage Gateway for File Gateway virtual appliance instead of the on-premises NFS share.
The website of a business is served by an Auto Scaling group of Amazon EC2 instances in a single AWS Region. A database is not required for the website.
The business is growing, and the technical team expands the website to a second Region. The firm want to spread traffic across the two Regions in order to allow expansion and catastrophe recovery. The solution should avoid serving visitors from regions where the website is infected.
Which policy or resource should the business implement in order to comply with these requirements? An Amazon Route 53 simple routing policy An Amazon Route 53 multivalue answer routing policy An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions.
A business has an ecommerce application that uses an on-premises SQL database to store data. The organization has chosen to move this database to Amazon Web Services (AWS).
However, as part of the migration, the organization wishes to achieve response times of less than a millisecond for frequent read requests.
A solutions architect understands that performance is critical and that a tiny amount of stale data returned during database reads is acceptable.
What recommendations should the solutions architect make? Build Amazon RDS read replicas. Build the database as a larger instance type. Build a database cache using Amazon ElastiCache. Build a database cache using Amazon Elasticsearch Service (Amazon ES).
A business keeps sensitive user data in an Amazon S3 bucket. The organization wishes to safeguard access to this bucket from the application layer, which is comprised of Amazon EC2 instances operating inside a VPC.
Which actions should a solutions architect use in conjunction to achieve this? (Select two.) Configure a VPC gateway endpoint for Amazon S3 within the VPC. Create a bucket policy to make the objects in the S3 bucket public. Create a bucket policy that limits access to only the application tier running in the VPC. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.
A business develops a mobile application that enables clients to submit images to a website. The application requires a secure login process that includes multi-factor authentication (MFA). The firm want to minimize the time required to construct and maintain the solution.
Which solution, according to a solutions architect, should be recommended to satisfy these requirements? Use Amazon Cognito Identity with SMS-based MFA. Edit IAM policies to require MFA for all users. Federate IAM against the corporate Active Directory that requires MFA. Use Amazon API Gateway and require server-side encryption (SSE) for photos.
For many years, an application needs a development environment (DEV) and a production environment (PROD). DEV instances will be available for 10 hours per day during regular business hours, whereas PROD instances will be available 24 hours per day. A solutions architect must decide on a strategy for purchasing compute instances in order to reduce expenses.
Which of the following is the MOST cost-effective solution? DEV with Spot Instances and PROD with On-Demand Instances DEV with On-Demand Instances and PROD with Spot Instances DEV with Scheduled Reserved Instances and PROD with Reserved Instances DEV with On-Demand Instances and PROD with Scheduled Reserved Instances.
A business want to migrate a multi-tiered application from on-premises to the AWS Cloud in order to optimize its performance. The program is divided into levels that connect with one another using RESTful services. When a tier gets overloaded, transactions are dropped. A solutions architect is responsible for developing a solution that addresses these concerns and modernizes the application.
Which solution satisfies these parameters and is the MOST OPTIMAL in terms of operational efficiency? Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer. Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services. Use Amazon CloudWatch metrics to analyze the application performance history to determine the serverג€™s peak utilization during the performance failures. Increase the size of the application serverג€™s Amazon EC2 instances to meet the peak requirements. Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required. Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
An ecommerce website is hosted on Amazon EC2 instances that are managed by an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance difficulties as a result of a significant volume of requests from unauthorized external systems using dynamic IP addresses. The security team is concerned about the possibility of DDoS assaults on the website. The firm must prohibit unauthorized inbound requests in a manner that has the fewest possible adverse effects on legal users.
What recommendations should a solutions architect make? Deploy Amazon Inspector and associate it with the ALB. Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule. Deploy rules to the network ACLs associated with the ALB to block the incoming traffic. Deploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty.
Permissions are required for a group to list and remove things from an Amazon S3 bucket. To provide access to the bucket, an administrator developed the following IAM policy and applied it to the group. The group does not have the ability to remove items from the bucket. The organization adheres to the principle of least privilege when it comes to access.
Which sentence in the policy should a solutions architect include to rectify bucket access?
"Action":[
"s3:*Object"
],
"Resource": [
"arn:aws:s3:::bucket-name/*"
],
Effect": "Allow" "Action":[
"s3:*"
],
"Resource": [
"arn:aws:s3:::bucket-name/*"
],
Effect": "Allow" "Action":[
"s3:*DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-name/*"
],
Effect": "Allow" "Action":[
"s3:*DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-name/*"
],
Effect": "Allow".
A business is considering moving its virtual server-based workloads to AWS. The corporation utilizes load balancers on the internet that are backed up by application servers. Patches are applied to the application servers using an internet-hosted repository.
Which services should a solution architect propose for public subnet hosting? (Select two.) NAT gateway Amazon RDS DB instances Application Load Balancers Amazon EC2 application servers Amazon Elastic File System (Amazon EFS) volumes.
A business uses Amazon ECS to execute an application. The program resizes an original picture and then uses the Amazon S3 API to store the scaled photos in Amazon S3.
How can a solutions architect guarantee that an application is granted access to Amazon S3? Update the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container. Create an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition. Create a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster. Create an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account.
An application makes a request to a vendor-hosted service. The seller charges on a per-call basis. The finance department need information on the number of calls made to the service in order to verify the billing bills.
How can a solutions architect develop a system that can reliably record the number of calls without needing application changes? Call the service through an internet gateway. Decouple the application from the service with an Amazon Simple Queue Service (Amazon SQS) queue. Publish a custom Amazon CloudWatch metric that counts calls to the service. Call the service through a VPC peering connection.
A firm uses AWS to power a popular gaming platform. The program is sensitive to latency since it might degrade the user experience and give certain players an unfair edge. The application is available across all AWS Regions. It is hosted on Amazon EC2 instances that are configured as members of Auto Scaling groups behind Application Load Balancers (ALBs). A solutions architect must include a system for monitoring the application's health and redirecting traffic to healthy endpoints.
Which solution satisfies these criteria? Configure an accelerator in AWS Global Accelerator. Add a listener for the port that the application listens on and attach it to a Regional endpoint in each Region. Add the ALB as the endpoint. Create an Amazon CloudFront distribution and specify the ALB as the origin server. Configure the cache behavior to use origin cache headers. Use AWS Lambda functions to optimize the traffic. Create an Amazon CloudFront distribution and specify Amazon S3 as the origin server. Configure the cache behavior to use origin cache headers. Use AWS Lambda functions to optimize the traffic. Configure an Amazon DynamoDB database to serve as the data store for the application. Create a DynamoDB Accelerator (DAX) cluster to act as the in- memory cache for DynamoDB hosting the application data.
A business hosts an application on Amazon EC2 instances in two VPCs spread across several AWS Regions. The instances interact with one another over the internet. The security team want to guarantee that no communication occurs over the internet between the instances.
What actions should a solutions architect take to achieve this? Create a NAT gateway and update the route table of the EC2 instancesג€™ subnet. Create a VPC endpoint and update the route table of the EC2 instancesג€™ subnet. Create a VPN connection and update the route table of the EC2 instancesג€™ subnet. Create a VPC peering connection and update the route table of the EC2 instancesג€™ subnet.
A business is operating a publicly available serverless application on AWS Lambda and Amazon API Gateway. Recently, the application's traffic increased significantly as a result of bogus requests from botnets.
Which actions should a solutions architect take to prevent unauthorized users from submitting requests? (Select two.) Create a usage plan with an API key that is shared with genuine users only. Integrate logic within the Lambda function to ignore the requests from fraudulent IP addresses. Implement an AWS WAF rule to target malicious requests and trigger actions to filter them out. Convert the existing public API to a private API. Update the DNS records to redirect users to the new API endpoint. Create an IAM role for each user attempting to access the API. A user will assume the role when making the API call.
A corporation has migrated an on-premises Oracle database to an Amazon RDS for Oracle Multi-AZ DB instance in the us-east-l Region through an Amazon RDS for Oracle Multi-AZ DB instance in the us-east-l Region. A solutions architect is creating a disaster recovery plan that will provide the database in the us-west-2 Region in the event that the database becomes inaccessible in the us-east-1 Region. The architecture must guarantee that the database is supplied within a maximum of two hours in the us-west-2 Region, with a maximum data loss window of three hours.
How are these stipulations to be met? Edit the DB instance and create a read replica in us-west-2. Promote the read replica to master in us-west-2 in case the disaster recovery environment needs to be activated. Select the multi-Region option to provision a standby instance in us-west-2. The standby instance will be automatically promoted to master in us-west-2 in case the disaster recovery environment needs to be created. Take automated snapshots of the database instance and copy them to us-west-2 every 3 hours. Restore the latest snapshot to provision another database instance in us-west-2 in case the disaster recovery environment needs to be activated. Create a multimaster read/write instances across multiple AWS Regions. Select VPCs in us-east-1 and us-west-2 to make that deployment. Keep the master read/write instance in us-west-2 available to avoid having to activate a disaster recovery environment.
A business operates a media shop using several Amazon EC2 instances dispersed across various Availability Zones under a single VPC. The organization need a high-performance solution for data sharing across all EC2 instances, but wishes to retain data inside the VPC.
What recommendations should a solutions architect make? Create an Amazon S3 bucket and call the service APIs from each instanceג€™s application. Create an Amazon S3 bucket and configure all instances to access it as a mounted volume. Configure an Amazon Elastic Block Store (Amazon EBS) volume and mount it across all instances. Configure an Amazon Elastic File System (Amazon EFS) file system and mount it across all instances.
A business is worried that the two NAT instances now in operation would be unable to handle the traffic required for the business's application. A solutions architect wishes to develop a highly available, fault-tolerant, and self-scaling system.
What recommendations should the solutions architect make? Remove the two NAT instances and replace them with two NAT gateways in the same Availability Zone. Use Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones. Remove the two NAT instances and replace them with two NAT gateways in different Availability Zones. Replace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer.
A business maintains a multi-tiered web application for the purpose of hosting news information. The application is deployed on Amazon EC2 instances that are routed via an Application Load Balancer. The instances are distributed across various Availability Zones through an Amazon EC2 Auto Scaling group and use an Amazon Aurora database. A solution architect must strengthen the application's resistance to frequent spikes in request rates.
Which architecture should be implemented by the solutions architect? (Select two.) Add AWS Shield. Add Aurora Replica. Add AWS Direct Connect. Add AWS Global Accelerator. Add an Amazon CloudFront distribution in front of the Application Load Balancer.
A firm is developing a web application on AWS utilizing containers. At any one moment, the organization needs three instances of the web application to be running. The application must be highly available and scalable in order to keep up with demand increases.
Which solution satisfies these criteria? Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks. Use the Amazon EC2 launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in one Availability Zone. Create a task definition for the web application. Place one task for each container instance. Use the AWS Fargate launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has three container instances in three different Availability Zones. Create a task definition for the web application. Create an ECS service that has a desired count of three tasks. Use the Amazon EC2 launch type to create an Amazon Elastic Container Service (Amazon ECS) cluster that has one container instance in two different Availability Zones. Create a task definition for the web application. Place two tasks on one container instance. Place one task on the remaining container instance.
A business demands the retention of all versions of items in its Amazon S3 bucket. During the first 30 days, current object versions will be often visited; afterwards, they will be seldom accessed and must be retrievable within 5 minutes. Previous object versions must be retained indefinitely, will be viewed seldom, and may be recovered within a week. All storage options must be very accessible and durable.
What should a solutions architect propose as the MOST cost-effective method of meeting these requirements? Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier after 1 day. Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Glacier after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day. Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 Standard-infrequent Access (S3 Standard-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day. Create an S3 lifecycle policy for the bucket that moves current object versions from S3 Standard storage to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days and moves previous object versions to S3 Glacier Deep Archive after 1 day.
A business must reassess its requirements for the Amazon EC2 instances it has supplied in an Auto Scaling group. At the moment, the Auto Scaling group is set to run no less than two instances and no more than four instances across two Availability Zones. A solutions architect evaluated Amazon CloudWatch analytics and discovered that CPU usage for all EC2 instances is consistently low.
What should the solutions architect propose to improve usage while maintaining fault tolerance in the application? Remove some EC2 instances to increase the utilization of remaining instances. Increase the Amazon Elastic Block Store (Amazon EBS) capacity of instances with less CPU utilization. Modify the Auto Scaling group scaling policy to scale in and out based on a higher CPU utilization metric. Create a new launch configuration that uses smaller instance types. Update the existing Auto Scaling group.
A firm is installing an application in three AWS Regions utilizing an Application Load Balancer. To distribute traffic across these Regions, Amazon Route 53 will be utilized.
Which Route 53 configuration should a solutions architect employ to get the highest possible performance? Create an A record with a latency policy. Create an A record with a geolocation policy. Create a CNAME record with a failover policy. Create a CNAME record with a geoproximity policy.
Within 30 days, a corporation must move 20 TB of data from a data center to the AWS Cloud. The network capacity of the organization is restricted to 15 Mbps and cannot exceed 70% use.
What actions should a solutions architect take to ensure that these criteria are met? Use AWS Snowball. Use AWS DataSync. Use a secure VPN connection. Use Amazon S3 Transfer Acceleration.
In the AWS Cloud, a business is operating a multi-tier ecommerce web application. Amazon EC2 instances are used to host the web application. The database layer is hosted on an Amazon Aurora MySQL DB cluster that is deployed with a writer and a reader in a Multi-AZ environment. The database tier's new need is to service the application in order to provide continuous write availability through instance failover.
What is a solutions architect to do in order to comply with this new requirement? Add a new AWS Region to the DB cluster for multiple writes. Add a new reader in the same Availability Zone as the writer. Migrate the database tier to an Aurora multi-master cluster. Migrate the database tier to an Aurora DB cluster with parallel query enabled.
An organization hosts an application on Amazon EC2 instances in a private subnet of a VPC. The EC2 instances are configured in an Auto Scaling group and are connected to an Elastic Load Balancer through an Elastic Load Balancer (ELB). For outbound internet connectivity, the EC2 instances make use of a NAT gateway. EC2 instances, on the other hand, are unable to access to the public internet in order to get software updates.
What might be the underlying reasons of this problem? (Select two.) The ELB is not configured with a proper health check. The route tables in the VPC are configured incorrectly. The EC2 instances are not associated with an Elastic IP address. The security group attached to the NAT gateway is configured incorrectly. The outbound rules on the security group attached to the EC2 instances are configured incorrectly.
A corporation wishes to impose stringent security controls on access to AWS Cloud resources as it migrates production workloads from its data centers to the cloud.
The company's management desires that all users obtain rights according with their employment titles and responsibilities.
Which method satisfies these criteria with the LEAST amount of operational overhead? Create an AWS Single Sign-On deployment. Connect to the on-premises Active Directory to centrally manage users and permissions across the company. Create an IAM role for each job function. Require each employee to call the sts:AssumeRole action in the AWS Management Console to perform their job role. Create individual IAM user accounts for each employee. Create an IAM policy for each job function, and attach the policy to all IAM users based on their job role. Create individual IAM user accounts for each employee. Create IAM policies for each job function. Create IAM groups, and attach associated policies to each group. Assign the IAM users to a group based on their job role.
A business need guaranteed Amazon EC2 capacity in three specified Availability Zones inside a certain AWS Region for a one-week-long event.
What should the organization do to ensure EC2 capacity is maintained? Purchase Reserved Instances that specify the Region needed. Create an On-Demand Capacity Reservation that specifies the Region needed. Purchase Reserved Instances that specify the Region and three Availability Zones needed. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.
A provider of online education is transitioning to the AWS Cloud. The company's student records are stored in a PostgreSQL database. The organization need a solution that ensures its data is always available and accessible across several AWS Regions.
Which method satisfies these criteria with the LEAST amount of operational overhead? Migrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Create a read replica in another Region. Migrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. Set up DB snapshots to be copied to another Region.
A solutions architect is improving an on-premises data center's old document management program running on Microsoft Windows Server.
The program makes extensive use of a network file sharing to store a huge number of files. The chief information officer wants to lower the footprint of on-premises data centers and storage expenses by migrating on-premises storage to AWS.
What actions should the solutions architect take to ensure that these criteria are met? Set up an AWS Storage Gateway file gateway. Set up Amazon Elastic File System (Amazon EFS) Set up AWS Storage Gateway as a volume gateway Set up an Amazon Elastic Block Store (Amazon EBS) volume.
A business keeps symmetric encryption keys in a hardware security module at the moment (HSM). A solutions architect is responsible for designing a solution for key management migration to AWS. Key rotation should be supported, as should the usage of customer-supplied keys.
Where should critical material be housed to ensure compliance with these requirements? Amazon S3 AWS Secrets Manager AWS Systems Manager Parameter store AWS Key Management Service (AWS KMS).
A product data application enables users at a company's headquarters to view product information. The product data is saved in a MySQL database instance hosted by Amazon RDS. The operations team has found a performance delay in the application and want to split read and write traffic. A solutions architect must work fast to optimize an application's performance.
What recommendations should the solutions architect make? Change the existing database to a Multi-AZ deployment. Serve the read requests from the primary Availability Zone. Change the existing database to a Multi-AZ deployment. Serve the read requests from the secondary Availability Zone. Create read replicas for the database. Configure the read replicas with half of the compute and storage resources as the source database. Create read replicas for the database. Configure the read replicas with the same compute and storage resources as the source database.
|
