Deck 1 Flashcards by Annisha Friall

A Solutions Architect is designing an application that will encrypt all data in an Amazon Redshift cluster.
Which action will encrypt the data at rest?

A. Place the Redshift cluster in a private subnet.
B. Use the AWS KMS Default Customer master key.
C. Encrypt the Amazon EBS volumes.
D. Encrypt the data using SSL/TLS.

B. Use the AWS KMS Default Customer master key.

How well did you know this?

Not at all

Perfectly

A website experiences unpredictable traffic. During peak traffic times, the database is unable to keep up with the write request.
Which AWS service will help decouple the web application from the database?

A. Amazon SQS
B. Amazon EFS
C. Amazon S3
D. AWS Lambda

A. Amazon SQS

How well did you know this?

Not at all

Perfectly

A legacy application needs to interact with local storage using iSCSI. A team needs to design a reliable storage solution to provision all new storage on AWS.
Which storage solution meets the legacy application requirements?

A. AWS Snowball storage for the legacy application until the application can be re-architected.
B. AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3.
C. AWS Storage Gateway in stored mode for the legacy application storage to write data to Amazon S3.
D. An Amazon S3 volume mounted on the legacy application server locally using the File Gateway service.

B. AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3.

Cached volumes – You store your data in Amazon Simple Storage Service (Amazon S3) and retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises. You also retain low-latency access to your frequently accessed data.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently accessed queries.
Which service or feature should the Architect add to prevent a bottleneck?

A. Multi-AZ feature on the RDS MySQL Database
B. ELB Classic Load Balancer in front of the web application tier
C. Amazon SQS in front of RDS MySQL Database
D. Amazon ElastiCache in front of the RDS MySQL Database

D. Amazon ElastiCache in front of the RDS MySQL Database

How well did you know this?

Not at all

Perfectly

A company is launching an application that it expects to be very popular. The company needs a database that can scale with the rest of the application. The schema will change frequently. The application cannot afford any downtime for database changes.
Which AWS service allows the company to achieve these objectives?

A. Amazon Redshift
B. Amazon DynamoDB
C. Amazon RDS MySQL
D. Amazon Aurora

B. Amazon DynamoDB

(You need to pick the database that can be changed easily with less effort.)

Explanation:
Amazon DynamoDB transactions simplify the developer experience of making coordinated, all-or-nothing changes to multiple items both within and across tables. Transactions provide atomicity, consistency, isolation, and durability (ACID) in DynamoDB, enabling you to maintain data correctness in your applications easily.
R

How well did you know this?

Not at all

Perfectly

A Solution Architect is designing a disaster recovery solution for a 5 TB Amazon Redshift cluster. The recovery site must be at least 500 miles (805 kilometers) from the live site.
How should the Architect meet these requirements?

A. Use AWS CloudFormation to deploy the cluster in a second region.
B. Take a snapshot of the cluster and copy it to another Availability Zone.
C. Modify the Redshift cluster to span two regions.
D. Enable cross-region snapshots to a different region.

D. Enable cross-region snapshots to a different region.

How well did you know this?

Not at all

Perfectly

A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3.
What could be the problem, given that the application logic is otherwise correct?

A. The application is reading parts of objects from Amazon S3 using a range header.
B. The application is reading objects from Amazon S3 using parallel object requests.
C. The application is updating records by writing new objects with unique keys.
D. The application is updating records by overwriting existing objects with the same keys.

D. The application is updating records by overwriting existing objects with the same keys.

Why? Here there are asking to download the whole object(Not in parts) so the correct answer is D only..
Why “A” is wrong”( here retrieval in parts)
For GETs, range http header can help to improve the downloads by
allowing the object to be retrieved in parts instead of the whole object
quick recovery from failures, as only the part that failed to download needs to be retried

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a new social media application. The application must provide a secure method for uploading profile photos. Each user should be able to upload a profile photo into a shared storage location for one week after their profile is created.
Which approach will meet all of these requirements?

A. Use Amazon Kinesis with AWS CloudTrail for auditing the specific times when profile photos are uploaded.
B. Use Amazon EBS volumes with IAM policies restricting user access to specific time periods.
C. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site profile is created.
D. Use Amazon CloudFront with AWS CloudTrail for auditing the specific times when profile photos are uploaded.

C. Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site profile is created.

How well did you know this?

Not at all

Perfectly

An application requires block storage for file updates. The data is 500 GB and must continuously sustain 100 MiB/s of aggregate read/write operations.
Which storage option is appropriate for this application?

A. Amazon S3
B. Amazon EFS
C. Amazon EBS.
D Amazon Glacier

C. Amazon EBS.

EFS is NOT block storage

How well did you know this?

Not at all

Perfectly

A mobile application serves scientific articles from individual files in an Amazon S3 bucket. Articles older than 30 days are rarely read. Articles older than 60 days no longer need to be available through the application, but the application owner would like to keep them for historical purposes.
Which cost-effective solution BEST meets these requirements?

A. Create a Lambda function to move files older than 30 days to Amazon EBS and move files older than 60 days to Amazon Glacier.
B. Create a Lambda function to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon EBS.
C. Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move files older than 60 days to Amazon Glacier.
D. Create lifecycle rules to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon S3 Standard Infrequent Access.

C. Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move files older than 60 days to Amazon Glacier.

How well did you know this?

Not at all

Perfectly

An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and semi-structured documents in their data center.
They are planning to move this data to AWS.
Which of one of the following services MOST effectively meets their needs?

A. Amazon Redshift
B. Amazon RDS
C. Amazon DynamoDB
D. Amazon Aurora

C. Amazon DynamoDB

DynamoDB “semi-structured” data

How well did you know this?

Not at all

Perfectly

A Lambda function must execute a query against an Amazon RDS database in a private subnet.
Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)

A. Create a VPC Endpoint for Amazon RDS.
B. Create the Lambda function within the Amazon RDS VPC.
C. Change the ingress rules of Lambda security group, allowing the Amazon RDS security group.
D. Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.
E. Add an Internet Gateway (IGW) to the VPC, route the private subnet to the IGW.

B. Create the Lambda function within the Amazon RDS VPC.

D. Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.

How well did you know this?

Not at all

Perfectly

A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region.
Which approach can the Architect take to address this requirement?

A. Modify the Redshift cluster and configure cross-region snapshots to the other region.
B. Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region.
C. Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region.
D. Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.

A. Modify the Redshift cluster and configure cross-region snapshots to the other region.

How well did you know this?

Not at all

Perfectly

A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available.
What should an administrator do to improve performance?
A. Convert the database to Amazon Redshift.
B. Create a CloudFront distribution.
C. Convert the database to use EBS Provisioned IOPS.
D. Create one or more read replicas.

D. Create one or more read replicas.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary.
How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.)

A. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.
B. Store all static files in a multi-AZ Amazon Aurora database.
C. Create an CloudFront distribution pointing to static content in Amazon S3.
D. Use Amazon Route 53 to route traffic to the correct region.
E. Use Amazon S3 multi-part uploads to improve upload times.

A. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.
C. Create an CloudFront distribution pointing to static content in Amazon S3.

How well did you know this?

Not at all

Perfectly

A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.
How should the Architect configure the database servers to meet the requirements?

A. Configure the database security group to allow database traffic from the application server IP addresses.
B. Configure the database security group to allow database traffic from the application server security group.
C. Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
D. Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.

B. Configure the database security group to allow database traffic from the application server security group.

How well did you know this?

Not at all

Perfectly

An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon
EC2 instances and database resources to access the Internet. These instances are not assigned with public IP addresses.
Which component poses a potential single point of failure in this architecture?

A. Amazon EC2
B. NAT instance
C. ELB Classic Load Balancer
D. Amazon RDS

B. NAT instance

How well did you know this?

Not at all

Perfectly

A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solution Architect determines that a large percentage of the call center staff starts work at 9:00
AM, so Auto Scaling does not have enough time to scale out to meet demand.
How can the Architect fix the problem?

A. Change the Auto Scaling group’s scale out event to scale based on network utilization.
B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.
C. Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.
D. Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources, but leverage Spot Instances.

B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.

You want to meet the demand of Call Center Agents there fore set the autoscalling to scale at 8:30 while the staff will join at 9:00am

How well did you know this?

Not at all

Perfectly

An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week after the product is launched.
Which is the MOST efficient way for management to ensure that capacity requirements are met?

A. Add a Step Scaling policy.
B. Add a Dynamic Scaling policy.
C. Add a Scheduled Scaling action.
D. Add Amazon EC2 Spot Instances.

B. Add a Dynamic Scaling policy.

How well did you know this?

Not at all

Perfectly

A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance.
Which changes to the architecture will provide high availability at the LOWEST cost?

A. Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an Application Load Balancer to balance the traffic.
B. Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.
C. Create an Auto Scaling group with a maximum of two instances, then use an Application Load Balancer to balance the traffic.
D. Recreate the API using Amazon API Gateway and integrate the new API with the existing backend service.

B. Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.

Because the the number of Request and respond time , Lambda function is highly advisable

How well did you know this?

Not at all

Perfectly

A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region.
How should the Architect meet this requirement?

A. Create EBS snapshots directly from one region to another.
B. Move the data to an Amazon S3 bucket and enable cross-region replication.
C. Create EBS snapshots and then copy them to the desired region.
D. Use a script to copy data from the current Amazon EBS volume to the destination Amazon EBS volume.

C. Create EBS snapshots and then copy them to the desired region.

How well did you know this?

Not at all

Perfectly

A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.
What can a Solutions Architect do to address these issues?

A. Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.
B. Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.
C. Replicate the bucket in eu-west-1 and use an Amazon Route 53 failover routing policy to determine which bucket it should serve the request to.
D. Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute the GET request between CloudFront and the Amazon S3 bucket directly.

B. Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a solution that includes a managed VPN connection.
To monitor whether the VPN connection is up or down, the Architect should use:

A. an external service to ping the VPN endpoint from outside the VPC.
B. AWS CloudTrail to monitor the endpoint.
C. the CloudWatch TunnelState Metric.
D. an AWS Lambda function that parses the VPN connection logs.

C. the CloudWatch TunnelState Metric.

How well did you know this?

Not at all

Perfectly

A social networking portal experiences latency and throughput issues due to an increased number of users. Application servers use very large datasets from an
Amazon RDS database, which creates a performance bottleneck on the database.
Which AWS service should be used to improve performance?

A. Auto Scaling
B. Amazon SQS
C. Amazon ElastiCache
D. ELB Application Load Balancer

C. Amazon ElastiCache

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the public Internet. What is the MOST secure way to satisfy this requirement? A. Use a NAT Instance. B. Use a NAT Gateway. C. Use a VPC endpoint. D. Use a Virtual Private Gateway.

C. Use a VPC endpoint.

A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2 instance. Which Amazon storage type satisfies these requirements? A. EBS Provisioned IOPS SSD (io1) B. EBS General Purpose SSD (gp2) C. EBS Throughput Optimized HDD (st1) D. EBS Cold HDD (sc1)

C. EBS Throughput Optimized HDD (st1) "log-processing, sequentially"

A company's development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance of Amazon S3. Which naming scheme should the company use? A. Add a date as the prefix. B. Add a sequential id as the suffix. C. Add a hexadecimal hash as the suffix. D. Add a hexadecimal hash as the prefix.

D. Add a hexadecimal hash as the prefix.

A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view of all API events for current and future AWS regions. How should the Architect accomplish this task? A. Enable AWS CloudTrail logging in each individual region. Repeat this for all future regions. B. Enable Amazon CloudWatch logs for all AWS services across all regions and aggregate them in a single Amazon S3 bucket. C. Enable AWS Trusted Advisor security checks and report all security incidents for all regions. D. Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.

D. Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.

A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use? A. Amazon DynamoDB B. Amazon S3 C. Amazon EBS D. Amazon EFS

C. Amazon EBS

A company plans to use AWS for all new batch processing workloads. The company's developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7. How should a Solutions Architect design this architecture in a cost-efficient manner? A. Purchase Reserved Instances to run all containers. Use Auto Scaling groups to schedule jobs. B. Host a container management service on Spot Instances. Use Reserved Instances to run Docker containers. C. Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances. D. Use Amazon ECS to manage container orchestration. Purchase Reserved Instances to run all batch workloads at the same time.

C. Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances.

A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom. Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO? A. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C). B. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3). C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS). D. Create an Amazon S3 bucket to store the reports and use Amazon s3 versioning with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).

C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).

A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case? A. Amazon S3 B. Amazon RDS C. Amazon RedShift D. AWS Storage Gateway

B. Amazon RDS A:S3 Wrong-Because it is used for storing object . Question is asking about storing data from the application end .So RDS is the right answer.

A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3, the Architect must insert a new item to a DynamoDB table. Which AWS-managed service is the BEST fit to insert the item? A. Lambda@Edge B. AWS Lambda C. Amazon API Gateway D. Amazon EC2 instances

B. AWS Lambda

As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration? A. Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. B. Use a third-party solution for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2. C. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. D. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.

C. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.

A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application. How can a Solutions Architect meet this requirement? A. Enable AWS CloudTrail for the Application Load Balancer. B. Enable Access Logs on the Application Load Balancer. C. Install CloudWatch Agent on the Application Load Balancer. D. Enable CloudWatch metrics on the Application Load Balancer.

B. Enable Access Logs on the Application Load Balancer.

An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances. What should the Solutions Architect recommend to optimize the cost of the environment after business hours? A. Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost. B. Replace all On-Demand Instances with Spot Instances in the Auto Scaling group. C. Purchase Reserved Instances for the minimum number of Auto Scaling instances. D. Reduce the number of minimum instances to 0. New requests to the Application Load Balancer create new instances.

C. Purchase Reserved Instances for the minimum number of Auto Scaling instances.

A Solutions Architect is designing a web application for document sharing. The users will upload documents that are then made available to other users. There will be tens of thousands of these documents. What is the MOST cost-effective storage solution? A. Amazon EFS B. Amazon S3 C. Amazon Glacier D. Amazon EBS

B. Amazon S3

A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices. What should the Architect do to implement security best practices in an efficient manner? A. Use VPC peering to enforce network consistency B. Restrict users from deploying an AWS CloudFormation template C. Provide the teams a nested AWS CloudFormation template that builds the VPC correctly D. Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards

C. Provide the teams a nested AWS CloudFormation template that builds the VPC correctly

A Solutions Architect has been given the following requirements for a company's VPC: ✑ The solution is a two-tiered application with a web tier and a database tier. ✑ All web traffic to the environment must be directed from the Internet to an Application Load Balancer. ✑ The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet. ✑ Because of security requirements, databases may not share a route table or subnet with any other service. ✑ The environment must be highly available within the same VPC for all services. What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices? A. 2 B. 3 C. 4 D. 6

D. 6

A company is building a critical ingestion service on AWS that will receive 1,000 incoming events per second. The events must be processed in order, and no events may be lost. Multiple applications will need to process each event. The company will expose the service as RESTful calls through an API Gateway. What should a Solutions Architect use to receive the events based on these requirements? A. Amazon Kinesis Data Stream B. Amazon DynamoDB C. Amazon SQS D. Amazon SNS

A. Amazon Kinesis Data Stream

An organization is deploying Amazon ElastiCache for Redis and requires password protection to improve their data security posture. Which solution should a Solutions Architect recommend? A. Redis Auth B. AWS Single Sign-On C. IAM database authentication D. VPC security group for Redis

A. Redis Auth

A Solutions Architect is designing a solution to send Amazon CloudWatch Alarm notifications to a group of users on a smartphone mobile application. What are the key steps to this solution? (Choose two.) A. Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic whenever there is an alarm. B. Configure the CloudWatch Alarm to send the notification to a mobile phone number whenever there is an alarm. C. Configure the CloudWatch Alarm to send the notification to the email addresses whenever there is an alarm. D. Create the platform endpoints for mobile devices and subscribe the SNS topic with platform endpoints. E. Subscribe the SNS topic with an Amazon SQS queue, and poll the messages continuously from the queue. Use each mobile platform's libraries to send the message to the mobile application.

A. Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic whenever there is an alarm. D. Create the platform endpoints for mobile devices and subscribe the SNS topic with platform endpoints.

A company uses Amazon S3 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion. Which is the MOST cost-efficient solution? A. Create lifecycle policies that move the objects to Amazon Glacier and delete them after 30 days. B. Enable cross-region replication. Empty the replica bucket every 30 days using an AWS Lambda function. C. Enable versioning and create a lifecycle policy to remove expired versions after 30 days. D. Enable versioning and MFA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days old.

C. Enable versioning and create a lifecycle policy to remove expired versions after 30 days.

An application running on Amazon EC2 has been experiencing performance issues when accessing an Amazon RDS for Oracle database. The database has been provisioned correctly for average workloads, but there are several usage spikes each day that have saturated the database, causing the application to time out. The application is write-heavy, updating information more often than reading information. A Solutions Architect has been asked to review the application design. What should the Solutions Architect recommend to improve performance? A. Put an Amazon ElastiCache cluster in front of the database and use lazy loading to limit database access during peak periods. B. Put an Amazon Elasticsearch domain in front of the database and use a Write-Through cache to reduce database access during peak periods. C. Configure an Amazon RDS Auto Scaling group to automatically scale the RDS instance during load spikes. D. Change the Amazon RDS instance storage type from General Purpose SSD to provisioned IOPS SSD.

D. Change the Amazon RDS instance storage type from General Purpose SSD to provisioned IOPS SSD.

During performance testing of an application, the Amazon RDS database caused a performance bottleneck. What steps can be taken to improve the database performance? (Choose two.) A. Change the RDS database instance to multiple Availability Zones. B. Scale up to a larger RDS instance type. C. Redirect read queries to RDS read replicas. D. Scale out using an Auto Scaling group for RDS. E. Use RDS in a separate AWS Region.

B. Scale up to a larger RDS instance type. | C. Redirect read queries to RDS read replicas.

A Solutions Architect must design an Amazon DynamoDB table to store data about customer activities. The data is used to analyze recent customer behavior, so data that is less than a week old is heavily accessed and older data is accessed infrequently. Data that is more than one month old never needs to be referenced by the application, but needs to be archived for year-end analytics. What is the MOST cost-efficient way to meet these requirements? (Choose two.) A. Use DynamoDB time-to-live settings to expire items after a certain time period. B. Provision a higher write capacity unit to minimize the number of partitions. C. Create separate tables for each week's data with higher throughput for the current week. D. Pre-process data to consolidate multiple records to minimize write operations. E. Export the old table data from DynamoDB to Amazon S3 using AWS Data Pipeline, and delete the old table.

C. Create separate tables for each week's data with higher throughput for the current week. E. Export the old table data from DynamoDB to Amazon S3 using AWS Data Pipeline, and delete the old table.

A Solutions Architect is concerned that the current security group rules for a database tier are too permissive and may permit requests that should be restricted. Below are the current security group permissions for the database tier: ✑ Protocol: TCP ✑ Port Range: 1433 (MS SQL) ✑ Source: ALL Currently, the only identified resource that needs to connect to the databases is the application tier consisting of an Auto Scaling group of EC2 instances. What changes can be made to this security group that would offer the users LEAST privilege? A. Change the source to -1 to remove source IP addresses previously unseen. B. Change the source to the VPC CIDR block. C. Change the source to the application instances IDs. D. Change the source to the security group ID attached to the application instances.

D. Change the source to the security group ID attached to the application instances.

A large media site has multiple applications in Amazon ECS. A Solutions Architect needs to use content metadata and route traffic to specific services. What is the MOST efficient method to perform this task? A. Use an AWS Classic Load Balancer with a host-based routing option to route traffic to the correct service. B. Use the AWS CLI to update Amazon Route 53 hosted zone to route traffic as services get updated. C. Use an AWS Application Load Balancer with host-based routing option to route traffic to the correct service. D. Use Amazon CloudFront to manage and route traffic to the correct service.

C. Use an AWS Application Load Balancer with host-based routing option to route traffic to the correct service.

A Solutions Architect must build a secure document ""storage platform that allows clients to access data stored on Amazon S3. Documents must be readily available for the first 15 days. After that, documents need not be readily available, and storage costs should be reduced as much as possible. Which of the following approaches will satisfy these requirements? ``` A. Create a lifecycle rule to transition the documents from the STANDARD storage class to the STANDARD_IA storage class after 15 days, and then to the GLACIER storage class after an additional 15 days. B. Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 30 days. C. Create a lifecycle rule to transition documents from the STANDARD storage class to the STANDARD_IA storage class after 30 days and then to the GLACIER storage class after an additional 30 days. D. Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 15 days. ```

D. Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 15 days.

A Solutions Architect needs to configure scaling policies based on Amazon CloudWatch metrics for an Auto Scaling group. The application running on the instances is memory intensive. How can the Architect meet this requirement? A. Enable detailed monitoring on the Amazon EC2 instances. B. Publish custom metrics to CloudWatch from the application. C. Configuration lifecycle policies for the Amazon EC2 instances. D. Set up high-resolution alarms for the Auto Scaling group

B. Publish custom metrics to CloudWatch from the application.

A user is designing a new service that receives location updates from 3,600 rental cars every hour. The cars upload their location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale? A. Amazon EC2 and Amazon EBS B. Amazon Kinesis Firehouse and Amazon S3 C. Amazon ECS and Amazon RDS D. Amazon S3 events and AWS Lambda

D. Amazon S3 events and AWS Lambda

A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands of images in a large archive. The system will write scratch data to storage during the process. Which storage service is best suited for this scenario? A. EC2 instance store B. Amazon EFS C. Amazon CloudSearch D. Amazon EBS Throughput Optimized HDD (st1)

A. EC2 instance store

A company's Amazon RDS MySQL DB instance may be rebooted for maintenance and to apply patches. This database is critical and potential user disruption must be minimized. What should the Solution Architect do in this scenario? A. Set up an RDS MySQL cluster B. Create an RDS MySQL Read Replica. C. Set RDS MySQL to Multi-AZ. D. Create an Amazon EC2 instance MySQL cluster.

C. Set RDS MySQL to Multi-AZ.

A retail company operates an e-commerce environment that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group. Images are hosted in an Amazon S3 bucket using a custom domain name. During a flash sale with 10,000 simultaneous users, some images on the website are not loading. What should be done to resolve the performance issue? A. Move the images to the EC2 instances in the Auto Scaling group. B. Enable Transfer Acceleration for the S3 bucket. C. Configure an Amazon CloudFront distribution with the S3 bucket as the origin. D. Increase the number of minimum, desired, and maximum EC2 instances in the Auto Scaling group.

C. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

A solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table. What is the MOST secure means of granting the Lambda function access to the DynamoDB table? A. Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function. B. Create a DynamoDB user name and password and give them to the Developer to use in the Lambda function. C. Create an identity and access management (IAM) user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynamoDB table. Have the Developer use these keys to access the resources. D. Create an identity and access management (IAM) role allowing access from AWS Lambda and assign the role to the DynamoDB table.

A. Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function.

A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Every night, the Auto Scaling group doubles in size. Traffic analysis shows that users in a particular region are requesting the same static content stored locally on the EC2 instances. How can a Solutions Architect reduces the need to scale and improve application performance for the users? A. Re-deploy the application in a new VPC that is closer to the users making the requests. B. Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution. C. Store the contents on Amazon EFS instead of the EC2 root volume. D. Implement Amazon Redshift to create a repository of the content closer to the users.

B. Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution.

A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only? A. Create network ACL rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only. B. Update the EC2 cluster security group to allow incoming access from the IP address of the ALB only. C. Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only. D. Enable AWS WAF on the ALB and enable the ECS rule.

C. Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only.

A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality. What should be done after making the bucket private to restrict access with the LEAST operational overhead? A. Create a CloudFront origin access identity and create a security group that allows access from CloudFront. B. Create a CloudFront origin access identity and update the bucket policy to grant access to it. C. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only. D. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution.

B. Create a CloudFront origin access identity and update the bucket policy to grant access to it.

A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync. What should be used to meet these requirements? A. Amazon Athena with Amazon S3 cross-region replication B. AWS Database Migration Service with change data capture C. Amazon DynamoDB with global tables D. Amazon RDS for PostgreSQL with a cross-region Read Replica

C. Amazon DynamoDB with global tables

A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements? A. Amazon Athena B. Amazon Redshift Spectrum C. Amazon RDS for PostgreSQL D. Amazon Aurora

A. Amazon Athena

A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process takes a few seconds to process an image and make a prediction. The process is not overly resource-intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run. What would be the MOST effective compute solution for this use case? A. Amazon ECS B. Amazon EC2 Spot instances C. AWS Lambda functions D. AWS Elastic Beanstalk

C. AWS Lambda functions

A Solutions Architect is designing the architecture for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS. How should the Architect design the traffic control requirements? A. Use a network ACL to allow outbound ports for HTTP and HTTPS. Deny other traffic for inbound and outbound. B. Use a network ACL to allow inbound ports for HTTP and HTTPS. Deny other traffic for inbound and outbound. C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers. D. Allow outbound ports for HTTP and HTTPS in the security group used by the web servers.

C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers.

A company is launching a new static website on Amazon S3 and Amazon CloudFront. The company wants to ensure that all web requests go through only CloudFront. How can a Solutions Architect meet this requirement? A. Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects. B. Create IAM users in a group that has read access to the S3 bucket. Configure CloudFront to pass credentials to the S3 bucket. C. Create a CloudFront origin access identity (OAI), then update the S3 bucket policy to allow the OAI read access. D. Convert the S3 bucket to an EC2 instance, then give CloudFront access to the instance by using security groups.

C. Create a CloudFront origin access identity (OAI), then update the S3 bucket policy to allow the OAI read access.

An online retailer has a series of flash sales occurring every Friday. Sales traffic will increase during the sales only and the platform will handle the increased load. The platform is a three-tier application. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudFront is used to reduce web server load, but many requests for dynamic content must go to the web servers. What should be done to the web tier to reduce costs without impacting performance or reliability? A. Use T-series instances B. Purchase scheduled Reserved Instances. C. Implement Amazon ElastiCache. D. Use Spot Instances.

B. Purchase scheduled Reserved Instances.

A company's new web application running on Amazon EC2 across multiple Availability Zones (AZs) will be heavily accessed during regular business hours. After business hours, usage will be minimal. What fleet-scaling approach should be used to size the EC2 fleet to handle the traffic demands? A. Manual scaling across all AZs B. Provisioning for peak traffic C. Scheduled scaling D. Programmatic termination of all instances in one AZ during off-peak hours

C. Scheduled scaling

A company is migrating an on-premises application to AWS. The application currently uses their corporate message broker, passing messages between layers by using the MQTT protocol. Because of time and budget constraints, the company cannot rewrite the application and cannot manage a new message broker on the EC2 instances. Which service should a Solutions Architect use to allow the customer to migrate the application to AWS? A. Amazon SNS B. Amazon SQS C. Amazon MQ D. Amazon SWF

C. Amazon MQ

Deck 1 Flashcards

(66 cards)