Deck 2 Flashcards by Annisha Friall

An application relies on messages being sent and received in order. The volume will never exceed more than 300 transactions each second.
Which service should be used?
A. Amazon SQS
B. Amazon SNS
C. Amazon ECS
D. AWS STS

A. Amazon SQS

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing an application on AWS that uses persistent block storage. Data must be encrypted at rest.
Which solution meets the requirement?
A. Enable SSL on Amazon EC2 instances.
B. Encrypt Amazon EBS volumes on Amazon EC2 instances.
C. Enable server-side encryption on Amazon S3.
D. Encrypt Amazon EC2 Instance Storage.

B. Encrypt Amazon EBS volumes on Amazon EC2 instances.

How well did you know this?

Not at all

Perfectly

A company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS.
Which steps should the company perform to implement a scalable and cost-effective solution? (Choose two.)

A. Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint.
B. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.
C. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.
D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.

D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.

How well did you know this?

Not at all

Perfectly

A manufacturing company captures data from machines running at customer sites. Currently, thousands of machines send data every 5 minutes, and this is expected to grow to hundreds of thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed.
What is the SIMPLEST method to store this streaming data at scale?

A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.
B. Create an Auto Scaling group of Amazon EC2 servers behind ELBs to write the data into Amazon RDS.
C. Create an Amazon SQS queue, and have the machines write to the queue.
D. Create an Amazon EC2 server farm behind an ELB to store the data in Amazon EBS Cold HDD volumes.

A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.

“streaming data”

How well did you know this?

Not at all

Perfectly

A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows.
Which AWS service should be used to run the database?

A. Amazon S3
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon Redshift

B. Amazon Aurora

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a new application that needs to access data in a different AWS account located within the same region. The data must not be accessed over the Internet.
Which solution will meet these requirements with the LOWEST cost?

A. Add rules to the security groups in each account.
B. Establish a VPC Peering connection between accounts.
C. Configure Direct Connect in each account.
D. Add a NAT Gateway to the data account.

B. Establish a VPC Peering connection between accounts.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3.
However, uploading images through the web server will create too much traffic.
What is the MOST efficient method to store images from a mobile application on Amazon S3?

A. Upload directly to S3 using a pre-signed URL.
B. Upload to a second bucket, and have a Lambda event copy the image to the primary bucket.
C. Upload to a separate Auto Scaling group of servers behind an ELB Classic Load Balancer, and have them write to the Amazon S3 bucket.
D. Expand the web server fleet with Spot Instances to provide the resources to handle the images.

A. Upload directly to S3 using a pre-signed URL.

How well did you know this?

Not at all

Perfectly

A company requires that the source, destination, and protocol of all IP packets be recorded when traversing a private subnet.
What is the MOST secure and reliable method of accomplishing this goal.

A. Create VPC flow logs on the subnet.
B. Enable source destination check on private Amazon EC2 instances.
C. Enable AWS CloudTrail logging and specify an Amazon S3 bucket for storing log files.
D. Create an Amazon CloudWatch log to capture packet information.

A. Create VPC flow logs on the subnet.

How well did you know this?

Not at all

Perfectly

A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reverse proxy and current backend set up will be insufficient.
Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select two.)

A. Replace the Amazon EC2 reverse proxy with an ELB internal Classic Load Balancer.
B. Add Auto Scaling to the Amazon EC2 backend fleet.
C. Add Auto Scaling to the Amazon EC2 reverse proxy layer.
D. Use t2 burstable instance types for the backend fleet.
E. Replace both the frontend and reverse proxy layers with an ELB Application Load Balancer.

B. Add Auto Scaling to the Amazon EC2 backend fleet.

E. Replace both the frontend and reverse proxy layers with an ELB Application Load Balancer.

How well did you know this?

Not at all

Perfectly

A company is launching a marketing campaign on their website tomorrow and expects a significant increase in traffic. The website is designed as a multi-tiered web architecture, and the increase in traffic could potentially overwhelm the current design.
What should a Solutions Architect do to minimize the effects from a potential failure in one or more of the tiers?
A. Migrate the database to Amazon RDS.
B. Set up DNS failover to a statistic website.
C. Use Auto Scaling to keep up with the demand.
D. Use both a SQL and a NoSQL database in the design.

B. Set up DNS failover to a statistic website.

How well did you know this?

Not at all

Perfectly

A web application experiences high compute costs due to serving a high amount of static web content.
How should the web server architecture be designed to be the MOST cost-efficient?

A. Create an Auto Scaling group to scale out based on average CPU usage.
B. Create an Amazon CloudFront distribution to pull static content from an Amazon S3 bucket.
C. Leverage Reserved Instances to add additional capacity at a significantly lower price.
D. Create a multi-region deployment using an Amazon Route 53 geolocation routing policy.

B. Create an Amazon CloudFront distribution to pull static content from an Amazon S3 bucket.

How well did you know this?

Not at all

Perfectly

A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability.
What is the MOST efficient method to achieve similar high availability with NAT gateway?

A. Remove source/destination check on NAT instances.
B. Launch a NAT gateway in each Availability Zone.
C. Use a mix of NAT instances and NAT gateway.
D. Add an ELB Application Load Balancer in front of NAT gateway.

B. Launch a NAT gateway in each Availability Zone.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a solution to store a large quantity of event data in Amazon S3. The Architect anticipates that the workload will consistently exceed 100 requests each second.
What should the Architect do in Amazon S3 to optimize performance?
A. Randomize a key name prefix.
B. Store the event data in separate buckets.
C. Randomize the key name suffix.
D. Use Amazon S3 Transfer Acceleration.

A. Randomize a key name prefix.

How well did you know this?

Not at all

Perfectly

A user is testing a new service that receives location updates from 3,600 rental cars every hour.
Which service will collect data and automatically scale to accommodate production workload?
A. Amazon EC2
B. Amazon Kinesis Firehose
C. Amazon EBS
D. Amazon API Gateway

B. Amazon Kinesis Firehose

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a web application. The web and application tiers need to access the Internet, but they cannot be accessed from the Internet.
Which of the following steps is required?

A. Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public subnet.
B. Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
C. Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on port 80.
D. Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.

B. Launch a NAT gateway in the public subnet and add a route to it from the private subnet.

How well did you know this?

Not at all

Perfectly

An application stack includes an Elastic Load Balancer in a public subnet, a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS
MySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure.
How should a Solutions Architect perform this task?

A. Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.
B. Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.
C. Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.
D. Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

B. Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500 MB/s.
Which storage type will meet the performance requirements of this application?

A. EBS Provisioned IOPS SSD
B. EBS General Purpose SSD
C. EBS Cold HDD
D. EBS Throughput Optimized HDD

D. EBS Throughput Optimized HDD

How well did you know this?

Not at all

Perfectly

A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place.
How should the Architect meet this requirement?

A. Create an IAM role that allows access from the corporate network to Amazon S3.
B. Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.
C. Use Amazon API Gateway to do IP whitelisting.
D. Configure IP whitelisting on the customer’s gateway.

A. Create an IAM role that allows access from the corporate network to Amazon S3.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance, and requires long-term persistence.
Which storage solution BEST meets these requirements?

A. An Amazon EBS Provisioned IOPS volume
B. An Amazon EBS General Purpose volume
C. An Amazon EBS Magnetic volume
D. An Amazon EC2 Instance Store

A. An Amazon EBS Provisioned IOPS volume

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing solution with AWS Lambda where different environments require different database passwords.
What should the Architect do to accomplish this in a secure and scalable way?

A. Create a Lambda function for each individual environment.
B. Use Amazon DynamoDB to store environmental variables.
C. Use encrypted AWS Lambda environmental variables.
D. Implement a dedicated Lambda function for distributing variables.

C. Use encrypted AWS Lambda environmental variables.

How well did you know this?

Not at all

Perfectly

A news organization plans to migrate their 20 TB video archive to AWS. The files are rarely accessed, but when they are, a request is made in advance and a 3 to
5-hour retrieval time frame is acceptable. However, when there is a breaking news story, the editors require access to archived footage within minutes.
Which storage solution meets the needs of this organization while providing the LOWEST cost of storage?

A. Store the archive in Amazon S3 Reduced Redundancy Storage.
B. Store the archive in Amazon Glacier and use standard retrieval for all content.
C. Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed.
D. Store the archive in Amazon S3 with a lifecycle policy to move this to S3 Infrequent Access after 30 days.

C. Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in a private subnet. Only the web servers can be accessed from the Internet. The database servers must have Internet access for software updates.
Which solution meets the requirements?

A. Assign Elastic IP addresses to the database instances.
B. Allow Internet traffic on the private subnet through the network ACL.
C. Use a NAT Gateway.
D. Use an egress-only Internet Gateway.

C. Use a NAT Gateway.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances.
How should the request be authorized?
A. Create an IAM access and secret key, and store it in the Lambda function.
B. Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances.
C. Create an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.
D. Create an IAM access and secret key, and store it in an encrypted RDS database.

B. Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is building an application on AWS that will require 20,000 IOPS on a particular volume to support a media event. Once the event ends, the
IOPS need is no longer required. The marketing team asks the Architect to build the platform to optimize storage without incurring downtime.
How should the Architect design the platform to meet these requirements?

A. Change the Amazon EC2 instant types.
B. Change the EBS volume type to Provisioned IOPS.
C. Stop the Amazon EC2 instance and provision IOPS for the EBS volume.
D. Enable an API Gateway to change the endpoints for the Amazon EC2 instances.

B. Change the EBS volume type to Provisioned IOPS.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed. Which AWS service should the Architect use to store this metadata? A. Amazon S3 B. Amazon DynamoDB C. Amazon Kinesis D. Amazon EFC

B. Amazon DynamoDB

An interactive, dynamic website runs on Amazon EC2 instances in a single subnet behind an ELB Classic Load Balancer. Which design changes will make the site more highly available? A. Move some Amazon EC2 instances to a subnet in a different way. B. Move the website to Amazon S3. C. Change the ELB to an Application Load Balancer. D. Move some Amazon EC2 instances to a subnet in the same Availability Zone.

A. Move some Amazon EC2 instances to a subnet in a different way.

A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table. What combination of steps does AWS recommend to achieve secure authorization? (Select two.) A. Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table. B. Attach an IAM user to the Amazon EC2 instance. C. Create an IAM role with permissions to write to the DynamoDB table. D. Attach an IAM role to the Amazon EC2 instance. E. Attach an IAM policy to the Amazon EC2 instance.

C. Create an IAM role with permissions to write to the DynamoDB table. D. Attach an IAM role to the Amazon EC2 instance.

A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements: 1 They get an alert when the requests per second go over 50,000 2 They get an alert when latency goes over 5 seconds 3 They can validate how many times a day users call the API requesting highly-sensitive data Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.) A. Ensure that CloudTrail is enabled. B. Create a custom CloudWatch metric to monitor the API for data access. C. Configure CloudWatch alarms for any metrics the support team requires. D. Ensure that detailed monitoring for the EC2 instances is enabled. E. Create an application to export and save CloudWatch metrics for longer term trending analysis.

A. Ensure that CloudTrail is enabled. | C. Configure CloudWatch alarms for any metrics the support team requires.

A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation. What is the MOST efficient way to fulfill this requirement? A. Use Amazon CloudWatch to monitor utilization. B. Use Amazon API Gateway to monitor availability. C. Use an Amazon Elastic Load Balancer. D. Use Amazon Route 53 health checks.

D. Use Amazon Route 53 health checks.

A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers. How should the Architect design a solution to meet the requirements without impacting running applications? A. Create a network ACL on the web server's subnet, and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet. B. Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group. C. Create a network ACL on the web server's subnet, and allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic. D. Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.

B. Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.

Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx? A. AWS Lambda B. Auto Scaling C. AWS Elastic Beanstalk D. Elastic Load Balancing

C. AWS Elastic Beanstalk

An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames. Which AWS service will decouple the users from specific Amazon EC2 instances? A. Amazon SQS B. Auto Scaling group C. Amazon EC2 security group D. Amazon ELB

D. Amazon ELB

A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL. Which service should the Architect choose to distribute the workload? A. ELB Classic Load Balancer B. Amazon Route 53 DNS C. ELB Application Load Balancer D. Amazon CloudFront

C. ELB Application Load Balancer

A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the above requirements? A. Store data in a filesystem backed by Amazon Elastic File System (EFS). B. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a filesystem to the database server. C. Store data in Amazon Dynamo DB and emulate relational database semantics. D. Stripe data across multiple Amazon EBS volumes using RAID 0.

D. Stripe data across multiple Amazon EBS volumes using RAID 0.

An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions. How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy? A. Add an IAM policy for IAM database access to the Lambda execution role. B. Store a one-way hash of the password in the Lambda function. C. Have the Lambda function use the AWS Systems Manager Parameter Store. D. Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.

C. Have the Lambda function use the AWS Systems Manager Parameter Store.

A company has two different types of reporting needs on their 200-GB data warehouse: ✑ Data scientists run a small number of concurrent ad hoc SQL queries that can take several minutes each to run. ✑ Display screens throughout the company run many fast SQL queries to populate dashboards. Which design would meet these requirements with the LEAST cost? A. Replicate relevant data between Amazon Redshift and Amazon DynamoDB. Data scientists use Redshift. Dashboards use DynamoDB. B. Configure auto-replication between Amazon Redshift and Amazon RDS. Data scientists use Redshift. Dashboards use RDS. C. Use Amazon Redshift for both requirements, with separate query queues configured in workload management. D. Use Amazon Redshift for Data Scientists. Run automated dashboard queries against Redshift and store the results in Amazon ElastiCache. Dashboards query ElastiCache.

C. Use Amazon Redshift for both requirements, with separate query queues configured in workload management.

A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices. Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.) A. Move static files from ECS to Amazon S3 B. Use an Amazon Route 53 geolocation routing policy C. Scale the environment based on real-time AWS CloudTrail logs D. Create a dedicated Elastic Load Balancer for each microservice E. Create RDS read replicas and change the application to use these replicas

A. Move static files from ECS to Amazon S3 | E. Create RDS read replicas and change the application to use these replicas

A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime. What could a Solutions Architect recommend to the company in order to keep track of customers' current session data? A. Amazon EC2 B. Amazon RDS C. AWS CloudTrail D. Amazon DynamoDB

D. Amazon DynamoDB

A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for web requests to the application. Based on these requirements, what security group rules should be put on the Amazon EC2 instances? A. An inbound rule allowing traffic from the security group attached to the ALB B. An inbound rule allowing traffic from the network ACLs attached to the ALB C. An outbound rule allowing traffic to the security group attached to the ALB D. An outbound rule blocking all traffic to the Internet

A. An inbound rule allowing traffic from the security group attached to the ALB

A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic. Which of the following architectures would meet these requirements? A. Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. Use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required. B. Re-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. Use an Application Load Balancer to forward incoming requests to web and application servers running on-premises. C. Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier. D. Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. Use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.

C. Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier.

A company uses AWS Elastic Beanstalk to deploy a web application running on c4.large instances. Users are reporting high latency and failed requests. Further investigation reveals that the EC2 instances are running at or near 100% CPU utilization. What should a Solutions Architect do to address the performance issues? A. Use time-based scaling to scale the number of instances based on periods of high load. B. Modify the scaling triggers in Elastic Beanstalk to use the CPUUtilization metric. C. Swap the c4.large instances with the m4.large instance type. D. Create an additional Auto Scaling group, and configure Amazon EBS to use both Auto Scaling groups to increase the scaling capacity. Question #218

B. Modify the scaling triggers in Elastic Beanstalk to use the CPUUtilization metric.

A Solutions Architect is working on a PCI-compliant architecture that needs to call an external service provider's API. The external provider requires IP whitelisting to verify the calling party. How should the Solutions Architect provide the external party with the IP addresses for whitelisting? A. Use an API Gateway in proxy mode, and provide the API Gateway's IP address to the external service provider. B. Associate a public elastic network interface to a published stage/endpoint in API Gateway, exposing the AWS Lambda function, and provide the IP address for the public network interface to the external party to whitelist. C. Deploy the Lambda function in private subnets and route outbound traffic through a NAT gateway. Provide the NAT gateway's Elastic IP address to the external service provider. D. Provide the external party the allocated AWS IP address range for Lambda functions, and send change notifications by using a subscription to the AmazonIpSpaceChanged SNS topic.

C. Deploy the Lambda function in private subnets and route outbound traffic through a NAT gateway. Provide the NAT gateway's Elastic IP address to the external service provider.

A Solutions Architect is designing a shared file system for a company. Multiple users will be accessing it at any given time. Different teams will have their own directories, and the company wants to secure files so that users can access only files owned by their team. How should the Solutions Architect design this? A. Use Amazon EFS and control permissions by using file-level permissions. B. Use Amazon S3 and control permissions by using ACLs. C. Use Amazon EFS and control permissions by using security groups. D. Use AWS Storage Gateway and control permissions by using AWS Identity and Access Management (IAM)

A. Use Amazon EFS and control permissions by using file-level permissions.

A company requires operating system permission on a relational database server. What should a Solutions Architect suggest as a configuration for a highly available database architecture? A. Multiple EC2 instances in a database replication configuration that uses two Availability Zones. B. A standalone Amazon EC2 instance with a selected database installed. C. Amazon RDS in a Multi-AZ configuration with Provisioned IOPS. D. Multiple EC2 instances in a replication configuration that uses two placement groups.

A. Multiple EC2 instances in a database replication configuration that uses two Availability Zones.

An application has a web tier that runs on EC2 instances in a public subnet. The application tier instances run in private subnets across two Availability Zones. All traffic is IPv4 only, and each subnet has its own custom route table. A new feature requires that application tier instances can call an external service over the Internet; however, they must still not be accessible to Internet traffic. What should be done to allow the application servers to connect to the Internet, maintain high availability, and minimize administrative overhead? A. Add an Amazon egress-only internet gateway to each private subnet. Alter each private subnet's route table to include a route from 0.0.0.0/0 to the egress-only internal gateway in the same Availability Zone. B. Add an Amazon NAT Gateway to each public subnet. Alter each private subnet's route table to include a route from 0.0.0.0/0 to the NAT Gateway in the same Availability Zone. C. Add an Amazon NAT instance to one of the public subnets Alter each private subnet's route table to include a route from 0.0.0.0/0 to the Internet gateway in the VPC. D. Add an Amazon NAT Gateway to each private subnet. Alter each private subnet's route table to include a route from 0.0.0.0/0 to the NAT Gateway in the other Availability Zone.

B. Add an Amazon NAT Gateway to each public subnet. Alter each private subnet's route table to include a route from 0.0.0.0/0 to the NAT Gateway in the same Availability Zone.

An application uses an Amazon SQS queue as a transport mechanism to deliver data to a group of EC2 instances for processing. The application owner wants to add a mechanism to archive the incoming data without modifying application code on the EC2 instances. How can this application be re-architected to archive the data without modifying the processing instances? A. Trigger a Lambda function by using Amazon CloudWatch Events to retrieve messages from the SQS queue and archive to Amazon S3. B. Use an Amazon SNS topic to fan out the data to the SQS queue in addition to a Lambda function that records the data to an S3 bucket. C. Set up an Amazon Kinesis Data Stream so that multiple instances can receive data. Add a separate EC2 instance that is configured to archive all data it receives. D. Write the data to an S3 bucket, and use an SQS queue for S3 event notifications to tell the instances where to retrieve the data.

B. Use an Amazon SNS topic to fan out the data to the SQS queue in addition to a Lambda function that records the data to an S3 bucket.

A Solutions Architect must select the most cost-efficient architecture for a service that responds to web requests. These web requests are small and query a DynamoDB table. The request rate ranges from zero to several hundred each second, without any predictable patterns. What is the MOST cost-efficient architecture for this service? A. Network Load Balancer/Amazon EC2 B. Application Load Balancer/Amazon ECS C. API Gateway/AWS Lambda D. AWS Elastic Beanstalk/AWS Lambda

C. API Gateway/AWS Lambda

A company has a web application running in a Docker container that connects to a MySQL server in an on-premises data center. The deployment and maintenance of this application are becoming time-consuming and slowing down new feature releases. The company wants to migrate the application to AWS and use services that helps facilitate infrastructure management and deployment. Which architectures should the company consider on AWS? (Choose two.) A. Amazon ECS for the web application, and an Amazon RDS for MySQL for the database. B. AWS Elastic Beanstalk Docker Multi-container either for the web application or database. C. AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database. D. AWS CloudFormation with Lambda Custom Resources without VPC for the web application, and an Amazon RDS for MySQL database. E. AWS CloudFormation with Lambda Custom Resources running in a VPC for the web application, and an Amazon RDS for MySQL database.

A. Amazon ECS for the web application, and an Amazon RDS for MySQL for the database. C. AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database.

A Solutions Architect has designed a VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design. How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort? A. Deploy an AWS CloudFormation template that defines components of the VPC. B. Run a script that uses the AWS Command Line Interface to deploy the VPC. C. Clone the existing authorized VPC for each new project. D. Use AWS Elastic Beanstalk to deploy both the VPC and the application.

A. Deploy an AWS CloudFormation template that defines components of the VPC.

What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Choose two.) A. The RDS instance is stopped manually B. A replica of the RDS instance is created in a different region C. An Availability Zone becomes unavailable D. Another master user is created E. A failure of the primary database instance

C. An Availability Zone becomes unavailable | E. A failure of the primary database instance

A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access. What lifecycle action should be taked to meet the requirements while reducing costs? A. Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) B. Transition objects to expire after 5 years. C. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) D. Transition objects from Amazon S3 Standard to the GLACIER storage class.

A. Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA)

A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant. What should be done to meet these requirements? A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection. B. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs. C. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it. D. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.

A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.

A company hosts a website using Amazon API Gateway on the front end. Recently, there has been heavy traffic on the website and the company wants to control access by allowing authenticated traffic only. How should the company limit access to authenticated users only? (Select TWO.) A. Allow users that are authenticated through Amazon Cognito. B. Limit traffic through API Gateway. C. Allow X.509 certificates to authenticate traffic. D. Deploy AWS KMS to identify users. E. Assign permissions in AWS IAM to allow users.

A. Allow users that are authenticated through Amazon Cognito. E. Assign permissions in AWS IAM to allow users.

Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests. How should these requirements be met? A. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue B. Publish the message to an Amazon SNS topic that an Amazon EC2 subscriber can receive and process C. Save the requests to an Amazon DynamoDB table with a DynamoDB stream that triggers an Amazon EC2 Spot Instance D. Use Amazon S3 to store the requests and configure an event notification to have Amazon EC2 instances process the new object

A. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue

A Solutions Architect is designing an Amazon VPC that requires access to a remote API server using IPv6. Resources within the VPC should not be accessed directly from the Internet. How should this be achieved? A. Use a NAT gateway and deny public access using security groups B. Attach an egress-only internet gateway and update the routing tables C. Use a NAT gateway and update the routing tables D. Attach an internet gateway and deny public access using security groups

B. Attach an egress-only internet gateway and update the routing tables

When designing an Amazon SQS message-processing solution, messages in the queue must be processed before the maximum retention time has elapsed. Which actions will meet this requirement? (Choose two.) A. Use AWS STS to process the messages B. Use Amazon EBS-optimized Amazon EC2 instances to process the messages C. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length D. Increase the SQS queue attribute for the message retention period E. Convert the SQS queue to a first-in first-out (FIFO) queue

C. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length D. Increase the SQS queue attribute for the message retention period

A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about loss of data in the web and application tiers. What is the MOST efficient way to prevent data loss? A. Create an Amazon EFS file system and run a shell script to copy the data B. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule C. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes D. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes

D. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes

A company is using Amazon S3 for backups from an on-premises environment. Regulatory requirements state that data must be retained for at least 7 years. The data is infrequently accessed for 35 days, but needs to be instantly available. After 35 days, the data is rarely accessed. Which combination of actions will provide the MOST cost-effective solution? (Choose two) A. Change the backup so the data goes to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) directly B. Create an S3 lifecycle policy that moves the data to the GLACIER storage class after 7 years C. Change the backup so the data goes to Amazon Glacier directly D. Create an S3 lifecycle policy that moves the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 35 days E. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35 days

``` A. Change the backup so the data goes to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) directly E. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35 days ```

A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items. Images of items will be stored in Amazon S3 buckets organized by item category. When an item is no longer available for purchase, the item image will be deleted from the S3 bucket. Occasionally, during testing, item images deleted from the S3 bucket are still visible to some users. What is a flaw in this design approach? A. Defining S3 buckets by item may cause partition distribution errors, which will impact performance. B. Amazon S3 DELETE requests are eventually consistent, which may cause other users to view items that have already been purchased C. Amazon S3 DELETE requests apply a lock to the S3 bucket during the operation, causing other users to be blocked D. Using Amazon S3 for persistence exposes the application to a single point of failure

B. Amazon S3 DELETE requests are eventually consistent, which may cause other users to view items that have already been purchased

An application running on AWS Lambda requires an API key to access a third-party service. The key must be stored securely with audited access to the Lambda function only. What is the MOST secure way to store the key? A. As an object in Amazon S3 B. As a secure string in AWS Systems Manager Parameter Store C. Inside a file on an Amazon EBS volume attached to the Lambda function D. Inside a secrets file stored on Amazon EFS

B. As a secure string in AWS Systems Manager Parameter Store

An application provides a feature that allows users to securely download private and personal files. The web server is currently overwhelmed with serving files for download. A Solutions Architect must find a more effective solution to reduce web server load and costs, and must allow users to download only their own files. Which solution meets all requirements? A. Store the files securely on Amazon S3 and have the application generate an Amazon S3 pre-signed URL for the user to download. B. Store the files in an encrypted Amazon EBS volume, and use a separate set of servers to serve the downloads. C. Have the application encrypt the files and store them in the local Amazon EC2 Instance Store prior to serving them up for download. D. Create an Amazon CloudFront distribution to distribute and cache the files.

A. Store the files securely on Amazon S3 and have the application generate an Amazon S3 pre-signed URL for the user to download.

An application calls a service run by a vendor. The vendor charges based on the number of calls. The finance department needs to know the number of calls that are made to the service to validate the billing statements. How can a Solutions Architect design a system to durably store the number of calls without requiring changes to the application? A. Call the service through an internet gateway. B. Decouple the application from the service with an Amazon SQS queue. C. Publish a custom Amazon CloudWatch metric that counts calls to the service. D. Call the service through a VPC peering connection.

C. Publish a custom Amazon CloudWatch metric that counts calls to the service.

An application runs in a VPC on Amazon EC2 instances behind an Application Load Balancer. Traffic to the Amazon EC2 instances must be limited to traffic from the Application Load Balancer. Based on these requirements, the security group configuration should only allow traffic from: A. the public IPs of the Application Load Balancer nodes. B. the IP range of the Application Load Balancer subnets. C. the security group attached to the Application Load Balancer. D. the VPC CIDR

C. the security group attached to the Application Load Balancer.

A Solutions Architect is reviewing an application that writes data to an Amazon DynamoDB table on a daily basis. Random table reads occur many times per second. The company needs to allow thousands of low-latency reads and avoid any negative impact to the rest of the application. What should the Solutions Architect do to meet the company's goals? A. Use DynamoDB Accelerator to cache reads. B. Increase DynamoDB write capacity units. C. Add Amazon SQS to decouple requests. D. Implement Amazon Kinesis to decouple requests.

A. Use DynamoDB Accelerator to cache reads.

An environment has an Auto Scaling group across two Availability Zones referred to as AZ-a and AZ-b and a default termination policy. AZ-a has four Amazon EC2 instances, and AZ-b has three EC2 instances. None of the instances is protected from a scale-in. How will Auto Scaling proceed if there is a scale-in event? A. Auto Scaling selects an instance to terminate randomly. B. Auto Scaling terminates the instance with the oldest launch configuration of all instances. C. Auto Scaling selects the Availability Zone with four EC2 instances and then continues to evaluate. D. Auto Scaling terminates the instance with the closest next billing hour of all instances.

C. Auto Scaling selects the Availability Zone with four EC2 instances and then continues to evaluate.

A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manageable and highly available. How can these requirements be met? A. Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones. B. Use Amazon RDS with a multiple Availability Zone option. C. Use RDS with a single Available Zone option and schedule periodic database snapshots. D. Use Amazon DynamoDB.

B. Use Amazon RDS with a multiple Availability Zone option.

Deck 2 Flashcards

(66 cards)