Deck 3 Flashcards by Annisha Friall

A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.
This can be accomplished with:

A. an egress-only internet gateway
B. a NAT gateway
C. a custom NAT instance
D. a VPC endpoint

A. an egress-only internet gateway

How well did you know this?

Not at all

Perfectly

A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.
How can the report be created without affecting the performance of the application?

A. Create a read replica of the database.
B. Provision a new RDS instance as a secondary master.
C. Configure the database to be in multiple regions.
D. Increase the number of provisioned storage IOPS.

A. Create a read replica of the database.

How well did you know this?

Not at all

Perfectly

A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data.
What would be the MOST resilient and cost-effective option to meet this requirement?

A. Amazon EFS
B. Amazon RDS
C. AWS Storage Gateway
D. Amazon S3

D. Amazon S3

How well did you know this?

Not at all

Perfectly

A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.
What is the SIMPLEST solution?

A. Associate AWS KMS metrics with Amazon CloudWatch.
B. Use AWS CloudTrail to log AWS KMS key usage.
C. Deploy a monitoring agent on the RDS instances.
D. Poll AWS KMS periodically with a scheduled job.

B. Use AWS CloudTrail to log AWS KMS key usage.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required.
What is the MOST cost-effective way to purchase compute for this platform?

A. Scheduled Reserved Instances
B. Convertible Reserved Instances
C. Standard Reserved Instances
D. Spot Instances

C. Standard Reserved Instances

How well did you know this?

Not at all

Perfectly

A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralized document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamically, and be able to serve up to 100 concurrent EC2 instances.
Which solution meets these requirements?

A. Create an Amazon S3 bucket and store all of the documents in this bucket.
B. Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s).
C. Use Amazon Glacier to store all of the documents.
D. Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.

D. Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.

How well did you know this?

Not at all

Perfectly

A Solution Architect has a two-tier application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone.
Which additional services will improve the availability of the application? (Choose two.)

A. Auto Scaling group
B. AWS CloudTrail
C. ELB Classic Load Balancer
D. Amazon DynamoDB
E. Amazon ElastiCache

A. Auto Scaling group

E. Amazon ElastiCache

How well did you know this?

Not at all

Perfectly

A company is migrating its data center to AWS. As part of this migration, there is a three-tier web application that has strict data-at-rest encryption requirements.
The customer deploys this application on Amazon EC2 using Amazon EBS, and now must provide encryption at-rest.
How can this requirement be met without changing the application?

A. Use AWS Key Management Service and move the encrypted data to Amazon S3.
B. Use an application-specific encryption API with AWS server-side encryption.
C. Use encrypted EBS storage volumes with AWS-managed keys.
D. Use third-party tools to encrypt the EBS data volumes with Key Management Service Bring Your Own Keys.

C. Use encrypted EBS storage volumes with AWS-managed keys.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system.
What security measure would satisfy these requirements?

A. Store the AWS Access Key ID/Secret Access Key combination in software comments.
B. Assign an IAM user to the Amazon EC2 instance.
C. Assign an IAM role to the Amazon EC2 instance.
D. Enable multi-factor authentication for the AWS root account.

C. Assign an IAM role to the Amazon EC2 instance.

How well did you know this?

Not at all

Perfectly

An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time.
What solution should be implemented to improve database performance using persistent storage?

A. Migrate the data on the Amazon EBS volume to an SSD-backed volume.
B. Change the EC2 instance type to one with EC2 instance store volumes.
C. Migrate the data on the EBS volume to provisioned IOPS SSD (io1).
D. Change the EC2 instance type to one with burstable performance.

C. Migrate the data on the EBS volume to provisioned IOPS SSD (io1).

How well did you know this?

Not at all

Perfectly

A company’s website receives 50,000 requests each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized.
What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?

A. Amazon Kinesis Stream
B. Amazon SQS standard queue
C. Amazon SQS FIFO queue
D. AWS CloudTrail trail

A. Amazon Kinesis Stream

How well did you know this?

Not at all

Perfectly

A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6 TB of data and will grow exponentially.
Which solution should a Solutions Architect recommend?

A. Amazon Aurora
B. Amazon Redshift
C. Amazon DynamoDB
D. Amazon RDS MySQL

A. Amazon Aurora

How well did you know this?

Not at all

Perfectly

A company hosts a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the Internet.
Which of the following options will achieve these requirements? (Choose two.)
A. Security group rule that allows inbound Internet traffic for port 443.
B. Security group rule that denies all inbound Internet traffic except port 443.
C. Network ACL rule that allows port 443 inbound and all ports outbound for Internet traffic.
D. Security group rule that allows Internet traffic for port 443 in both inbound and outbound.
E. Network ACL rule that allows port 443 for both inbound and outbound for all Internet traffic.

A. Security group rule that allows inbound Internet traffic for port 443.
C. Network ACL rule that allows port 443 inbound and all ports outbound for Internet traffic.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region.
The design should route DynamoDB traffic through:
A. VPC peering connection.
B. NAT gateway
C. VPC endpoint
D. AWS Direct Connect

C. VPC endpoint

How well did you know this?

Not at all

Perfectly

A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service meets this requirement?
A. Amazon EFS
B. Amazon S3
C. Amazon EBS
D. Amazon ElastiCache

B. Amazon S3

How well did you know this?

Not at all

Perfectly

A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking.
Which storage service meets the requirements of this use case?

A. Amazon S3
B. Amazon EFS
C. Amazon EBS
D. Cached Volumes

B. Amazon EFS

How well did you know this?

Not at all

Perfectly

A company runs a legacy application with a single-tier architecture on an Amazon EC2 instance. Disk I/O is low, with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily.
Which storage option is MOST appropriate for this workload?

A. Amazon EC2 instance storage
B. Amazon EBS General Purpose SSD (gp2) storage
C. Amazon S3
D. Amazon EBS Provision IOPS SSD (io1) storage

B. Amazon EBS General Purpose SSD (gp2) storage

How well did you know this?

Not at all

Perfectly

As part of securing an API layer built on Amazon API gateway, a Solutions Architect has to authorize users who are currently authenticated by an existing identity provider. The users must be denied access for a period of one hour after three unsuccessful attempts.
How can the Solutions Architect meet these requirements?
A. Use AWS IAM authorization and add least-privileged permissions to each respective IAM role.
B. Use an API Gateway custom authorizer to invoke an AWS Lambda function to validate each user’s identity.
C. Use Amazon Cognito user pools to provide built-in user management.
D. Use Amazon Cognito user pools to integrate with external identity providers.

D. Use Amazon Cognito user pools to integrate with external identity providers.

How well did you know this?

Not at all

Perfectly

An organization runs an online media site, hosted on-premises. An employee posted a product review that contained videos and pictures. The review went viral and the organization needs to handle the resulting spike in website traffic.
What action would provide an immediate solution?

A. Redesign the website to use Amazon API Gateway, and use AWS Lambda to deliver content.
B. Add server instances using Amazon EC2 and use Amazon Route 53 with a failover routing policy.
C. Serve the images and videos via an Amazon CloudFront distribution created using the news site as the origin.
D. Use Amazon ElasticCache for Redis for caching and reducing the load requests from the origin.

C. Serve the images and videos via an Amazon CloudFront distribution created using the news site as the origin.

How well did you know this?

Not at all

Perfectly

A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system.
Which action should a Solutions Architect recommend to improve this process?

A. Use the AWS CLI to create queues using AWS IAM Access Keys.
B. Write a script to create the Amazon SQS queue using AWS Lambda.
C. Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues.
D. Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.

D. Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.

How well did you know this?

Not at all

Perfectly

A development team is building an application with front-end and backend application tiers. Each tier consists of Amazon EC2 instances behind an ELB Classic
Load Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale.
What should the VPC subnet design be in each Availability Zone?

A. One public subnet for the load balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier.
B. One shared public subnet for all tiers of the application.
C. One public subnet for the load balancer tier and one shared private subnet for the application tiers.
D. One shared private subnet for all tiers of the application.

C. One public subnet for the load balancer tier and one shared private subnet for the application tiers.

How well did you know this?

Not at all

Perfectly

A Solutions Architect must select the storage type for a big data application that requires very high sequential I/O. The data must persist if the instance is stopped.
Which of the following storage types will provide the best fit at the LOWEST cost for the application?

A. An Amazon EC2 instance store local SSD volume.
B. An Amazon EBS provisioned IOPS SSD volume.
C. An Amazon EBS throughput optimized HDD volume.
D. An Amazon EBS general purpose SSD volume.

C. An Amazon EBS throughput optimized HDD volume.

How well did you know this?

Not at all

Perfectly

Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A Solutions Architect wants to make sure that
Application A can make requests to Application B, but Application B should be denied from making requests to Application A.
Which is the SIMPLEST solution to achieve this policy?
A. Using security groups that reference the security groups of the other application
B. Using security groups that reference the application server’s IP addresses
C. Using Network Access Control Lists to allow/deny traffic based on application IP addresses
D. Migrating the applications to separate subnets from each other

A. Using security groups that reference the security groups of the other application

How well did you know this?

Not at all

Perfectly

Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. The
Amazon EC2 instance is a bottleneck and single point of failure, so the company would like to address these issues.
Which services could address this architectural use case? (Choose two.)
A. Amazon SNS
B. AWS STS
C. Amazon SQS
D. Amazon Route 53
E. AWS Glue

A. Amazon SNS

C. Amazon SQS

How well did you know this?

Not at all

Perfectly

A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday, Wednesday, and Friday from 5 AM to 11 AM. Which is the MOST cost-effective Amazon EC2 pricing model? A. Amazon EC2 Spot Instances B. On-Demand Amazon EC2 Instances C. Scheduled Reserved Instances D. Dedicated Amazon EC2 Instances

C. Scheduled Reserved Instances

A workload consists of downloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation. How should a Solutions Architect redesign the process so that it is highly available? A. Change the Amazon EC2 instance to compute optimized. B. Launch a second Amazon EC2 instance to monitor the health of the first. C. Trigger a Lambda function when a new object is uploaded. D. Initially copy the images to an attached Amazon EBS volume.

C. Trigger a Lambda function when a new object is uploaded.

An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet. How can these requirements be met? A. Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the NAT gateway. B. Configure a gateway VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint. C. Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint. D. Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.

C. Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.

``` A Solutions Architect is building an application that stores object data. Compliance requirements state that the data stored is immutable. Which service meets these requirements? A. Amazon S3 B. Amazon Glacier C. Amazon EFS D. AWS Storage Gateway ```

B. Amazon Glacier

A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects. How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted? A. Set a CORS configuration. B. Set a bucket policy to encrypt all Amazon S3 objects. C. Enable default encryption on the bucket. D. Set permission for users.

B. Set a bucket policy to encrypt all Amazon S3 objects.

An application tier currently hosts two web services on the same set of instances, listening on different ports. Which AWS service should a Solutions Architect use to route traffic to the service based on the incoming request path? A. AWS Application Load Balancer B. Amazon CloudFront C. Amazon Classic Load Balancer D. Amazon Route 53

A. AWS Application Load Balancer

A data analytics startup company asks a Solutions Architect to recommend an AWS data store options for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300 KB. The startup is flexible with data storage and is more interested in a database that requires minimal effort to scale with a growing dataset size. Which AWS data store service should the Architect recommend? A. Amazon RDS B. Amazon Redshift C. Amazon DynamoDB D. Amazon S3

C. Amazon DynamoDB

A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows: ✑ Limit access to users origination from the corporate network. ✑ Web servers cannot have SSH access directly from the Internet. ✑ Web servers reside in a private subnet. Which combination of steps must the Architect complete to meet these requirements? (Choose two.) A. Create a bastion host that authenticates users against the corporate directory. B. Create a bastion host with security group rules that only allow traffic from the corporate network. C. Attach an IAM role to the bastion host with relevant permissions. D. Configure the web servers' security group to allow SSH traffic from a bastion host. E. Deny all SSH traffic from the corporate network in the inbound network ACL.

B. Create a bastion host with security group rules that only allow traffic from the corporate network. D. Configure the web servers' security group to allow SSH traffic from a bastion host.

A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premises datacenter. Which solution allows rapid provision of working, fully-scaled production environment? A. Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary. B. Continuously replicate the production database server to Amazon RDS. Create one application load balancer and register on-premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down. C. Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy. D. Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.

A. Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary.

A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when the database is under load. How should the database environment be re-designed to resolve the IOPS fluctuation? A. Change the RDS instance type to get more RAM. B. Change the storage type to Provisioned IOPS. C. Scale the web server tier horizontally. D. Split the DB layer into separate RDS instances.

B. Change the storage type to Provisioned IOPS.

A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request. Which implementation can satisfy all requirements? A. Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups. B. Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header. C. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used. D. Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.

D. Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.

A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places 1-MB images is an S3 bucket. The application then uses a single t2.large instance to transform the image to include a watermark with the company's brand before writing the image back to the S3 bucket. What should the Solutions Architect recommend to increase the fault tolerance of the solution? A. Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events. B. Increase the instance size to m4.xlarge and configure Enhanced Networking. C. Convert the code to a Lambda function triggered by Amazon S3 events. D. Create an Amazon SQS queue to send the images to the t2.large instance.

C. Convert the code to a Lambda function triggered by Amazon S3 events.

A Solutions Architect has been asked to deliver video content stored on Amazon S3 to specific users from Amazon CloudFront while restricting access by unauthorized users. How can the Architect implement a solution to meet these requirements? A. Configure CloudFront to use signed-URLs to access Amazon S3. B. Store the videos as private objects in Amazon S3, and let CloudFront serve the objects by using only Origin Access Identity (OAI). C. Use Amazon S3 static website as the origin of CloudFront, and configure CloudFront to deliver the videos by generating a signed URL for users. D. Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in CloudFront cache behavior to use signed URLs.

D. Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in CloudFront cache behavior to use signed URLs.

A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers. Use of which AWS service will satisfy these requirements? A. Amazon EC2 B. Amazon API Gateway C. AWS Elastic Beanstalk D. Amazon EC2 Container Service

C. AWS Elastic Beanstalk

A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address. Which tool or service should a Solutions Architect recommend to block the IP address? A. Security groups B. Network ACL C. AWS WAF D. AWS Shield

B. Network ACL

A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity. What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application? A. Use Amazon ElastiCache to provide a caching layer B. Use a Lambda function to make concurrent requests for caching C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer D. Obtain Reserved Capacity for Amazon DynamoDB to manage the increased number of queries

C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer

A Solutions Architect has five web servers serving requests for a domain. Which of the following Amazon Route 53 routing policies can distribute traffic randomly among all healthy web servers? A. Simple B. Failover C. Weighted D. Multivalue Answer

D. Multivalue Answer

A web server will be provisioned on two Amazon EC2 instances with an Application Load Balancer. Which of the following configurations will allow traffic on HTTP and HTTPS when configuring a security group to apply to each of these servers? A. Allow all inbound traffic, with explicit denies on non-HTTP and non-HTTPS ports. B. Allow incoming traffic to HTTP and HTTPS ports. C. Allow incoming traffic to HTTP and HTTPS ports, with explicit denies to all other ports. D. Deny all traffic to non-HTTP and non-HTTPS ports

B. Allow incoming traffic to HTTP and HTTPS ports.

A company wants to run a static website served through Amazon CloudFront. What is an advantage of storing the website content in an S3 bucket instead of an EBS volume? A. S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within a region. B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin. C. S3 buckets can be encrypted, allowing for secure storage of the web files. EBS volumes cannot be encrypted. D. S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object-level throttling.

B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin.

A customer is running a critical payroll system in a production environment in one data center and a disaster recovery (DR) environment in another. The application includes load-balanced web servers and failover for the MySQL database. The customer's DR process is manual and error-phone. For this reason, management has asked IT to migrate the application to AWS and make it highly available so that IT no longer has to manually fail over the environment. How should a Solutions Architect migrate the system to AWS? A. Migrate the production and DR environments to different Availability Zones within the same region. Let AWS manage failover between the environments. B. Migrate the production and DR environments to different regions. Let AWS manage failover between the environments. C. Migrate the production environment to a single Availability Zone, and set up instance recovery for Amazon EC2. Decommission the DR environment because it is no longer needed. D. Migrate the production environment to span multiple Availability Zones, using Elastic Load Balancing and Multi-AZ Amazon RDS. Decommission the DR environment because it is no longer needed.

D. Migrate the production environment to span multiple Availability Zones, using Elastic Load Balancing and Multi-AZ Amazon RDS. Decommission the DR environment because it is no longer needed.

A company is creating a web application that will run on an Amazon EC2 instance. The application on the instance needs access to an Amazon DynamoDB table for storage. What should be done to meet these requirements? A. Create another AWS account root user with permissions to the DynamoDB table. B. Create an IAM role and assign the role to the EC2 instance with permissions to the DynamoDB table. C. Create an identity provider and assign the identity provider to the EC2 instance with permissions to the DynamoDB table. D. Create identity federation with permissions to the DynamoDB table.

B. Create an IAM role and assign the role to the EC2 instance with permissions to the DynamoDB table.

A company is creating a web application that allows customers to view photos in their web browsers. The website is hosted in us-east-1 on Amazon EC2 instances behind an Application Load Balancer. Users will be located in many places around the world. Which solution should provide all users with the fastest photo viewing experience? A. Implement an AWS Auto Scaling group for the web server instances behind the Application Load Balancer. B. Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin. C. Move the photos into an Amazon S3 bucket and enable static website hosting. D. Enable Amazon ElastiCache in the web server subnet.

B. Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin.

A Solutions Architect is designing a highly available web application on AWS. The data served on the website is dynamic and is pulled from Amazon DynamoDB. All users are geographically close to one another. How can the Solutions Architect make the application highly available? A. Host the website data on Amazon S3 and set permissions to enable public read-only access for users. B. Host the web server data on Amazon CloudFront and update the objects in the Cloudfront distribution when they change. C. Host the application on EC2 instances across multiple Availability Zones. Use an Auto Scaling group coupled with an Application Load Balancer. D. Host the application on EC2 instances in a single Availability Zone. Replicate the EC2 instances to a separate region, and use an Application Load Balancer for high availability.

C. Host the application on EC2 instances across multiple Availability Zones. Use an Auto Scaling group coupled with an Application Load Balancer.

A company is migrating on-premises databases to AWS. The company's backend application produces a large amount of database queries for reporting purposes, and the company wants to offload some of those reads to Read Replica, allowing the primary database to continue performing efficiently. Which AWS database platforms will accomplish this? (Select TWO.) ``` A. Amazon RDS for Oracle B. Amazon RDS for PostgreSQL C. Amazon RDS for MariaDB D. Amazon DynamoDB E. Amazon RDS for Microsoft SQL Server ```

B. Amazon RDS for PostgreSQL | C. Amazon RDS for MariaDB

An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region? A. Use an internet gateway. B. Use AWS PrivateLink. C. Use a NAT gateway. D. Use a proxy instance.

B. Use AWS PrivateLink.

A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database (less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck. What is the MOST cost-efficient way to improve the database response times? A. Enable EBS optimization on the instance and keep the temporary files on the existing volume. B. Put the temporary database on a new 50-GB EBS gp2 volume. C. Move the temporary database onto instance storage. D. Put the temporary database on a new 50-GB EBS io1 volume with a 3-K IOPS provision.

C. Move the temporary database onto instance storage.

Question #282Topic 1 An application produces monthly reports that must be immediately accessible for up to 7 days. After 7 days, the data can be archived. Compliance policies require that the archived data be retrievable within 24 hours of a request. What is the MOST cost-effective approach to satisfy the compliance requirement? ``` A. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days, then transition to the GLACIER storage class after 30 days B. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days C. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 30 days D. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 7 days ```

D. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the data to the GLACIER storage class after 7 days

A company has an application that generates invoices and makes the invoices available online. Invoices are stored as PDFs in an Amazon S3 bucket. Customers typically only view each invoice during the month it is issued. However, past invoices need to be immediately available. There are concerns over rising storage costs as the company gains more customers. What is the MOST cost-effective method to store the data? A. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to the GLACIER storage class after 30 days. B. Store the invoices as text files. Use Amazon CloudFront to convert the invoices from text to PDF when customers download invoices. C. Store the invoices as binaries in an Amazon RDS database instance. Retrieve them from the database when customers request invoices. D. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

D. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.

A company is running its application in a single region on Amazon EC2 with Amazon EBS and Amazon S3 part of the storage design. What should be done to reduce data transfer costs? A. Create a copy of the compute environment in another region B. Convert the application to run on Lambda@Edge C. Create an Amazon CloudFront distribution with Amazon S3 as the origin D. Replicate Amazon S3 data to buckets in regions closer to the requester

C. Create an Amazon CloudFront distribution with Amazon S3 as the origin

An application server needs to be in a private subnet without access to the Internet. The solution must retrieve and upload files to an Amazon S3 bucket. How should a Solutions Architect design a solution to meet these requirements? A. Use Amazon S3 VPC endpoints B. Deploy a proxy server C. Use a NAT Gateway D. Use a private Amazon S3 bucket

A. Use Amazon S3 VPC endpoints

A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium, shared content that is stored in an S3 bucket. Upon payment, content will be available for download for 14 days before the user is denied access. Which of the following would be the LEAST complicated implementation? A. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days. B. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB. C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URI. D. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary.

C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URI.

A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing. The Architect decides to use Elastic Load Balancing Application Load Balancers. What is the MOST efficient method for achieving secure communication? A. Create a wildcard certificate and upload it to the Application Load Balancer B. Create an SNI certificate and upload it to the Application Load Balancer C. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer D. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer

B. Create an SNI certificate and upload it to the Application Load Balancer

A Solutions Architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent instances running, dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder. Which storage type meets the requirements? A. Amazon S3 B. Amazon EFS C. Amazon EBS volumes D. Amazon EC2 instance store

B. Amazon EFS

``` A Solutions Architect is designing an application that is expected to have millions of users. The Architect needs options to store session data. Which option is the MOST performant? A. Amazon ElastiCache B. Amazon RDS C. Amazon S3 D. Amazon EFS ```

A. Amazon ElastiCache

A company is launching a dynamic website, and the Operations team expects up to 10 times the traffic on the launch date. This website is hosted on Amazon EC2 instances and traffic is distributed by Amazon Route 53. A Solutions Architect must ensure that there is enough backend capacity to meet user demands. The Operations team wants to scale down as quickly as possible after the launch. What is the MOST cost-effective and fault-tolerant solution that will meet the company's customer demands? (Choose two.) A. Set up an Application Load Balancer to distribute traffic to multiple EC2 instances B. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scale-out and scale-in policies C. Create an Amazon CloudWatch alarm to send an email through Amazon SNS when EC2 instances experience higher loads D. Create an AWS Lambda function to monitor website load time, run it every 5 minutes, and use the AWS SDK to create a new instance if website load time is longer than 2 seconds E. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date

A. Set up an Application Load Balancer to distribute traffic to multiple EC2 instances B. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scale-out and scale-in policies

A customer has an application that is used by enterprise customers outside of AWS. Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the amount of traffic. What can a Solutions Architect do to support the customer and allow for more capacity? (Choose two.) A. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. B. Create additional EC2 instances and put them on standby. Remap an Elastic IP address to a standby instance in the event of a failure. C. Use Amazon Route 53 with a weighted, round-robin routing policy across the Elastic IP addresses to resolve one at a time. D. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53 E. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.

A. Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. E. Switch the two existing EC2 instances for an Auto Scaling group, and register them with the Network Load Balancer.

A Solutions Architect is designing a new web application on Amazon EC2. The system must make application-specific metrics, such as application security events, available to the SysOps teams. How should the Solutions Architect enable this in the design? A. Install AWS SDK on the application instances. Design the application to use the AWS SDK to log events directly to an Amazon S3 bucket. B. Install the Amazon Inspector agent on the application instances. Design the application to store events in application log files. C. Install the Amazon CloudWatch Logs agent on the application instances. Design the application to store events in application log files. D. Install AWS SDK on the application instances. Design the application to use AWS SDK to log sensitive events directly to AWS CloudTrail.

C. Install the Amazon CloudWatch Logs agent on the application instances. Design the application to store events in application log files.

A Solutions Architect needs to convert potential single points of failure to a highly-available configuration. The current architecture contains Amazon EC2 instances with databases running in one Availability Zone. Web-tier resources have not been given public addresses, but still require Internet access. Which solution should the Architect use to maintain high availability? A. Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy a NAT gateway in one Availability Zone. B. Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy NAT gateways in both Availability Zones. C. Use ELB Classic Load Balancer with the database tier. Deploy Amazon EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy NAT gateways in both Availability Zones. D. Use ELB Classic Load Balancer with the database tier. Deploy Amazon EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy a NAT gateway in one Availability Zone.

B. Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy NAT gateways in both Availability Zones.

An organization hosts 10 microservices, each in an Auto Scaling group behind individual Classic Load Balancers. Each EC2 instance is running at optimal load. Which of the following actions would allow the organization to reduce costs without impacting performance? A. Reduce the number of EC2 instances behind each Classic Load Balancer. B. Change instance types in the Auto Scaling group launch configuration. C. Change the maximum size but leave the desired capacity of the Auto Scaling groups. D. Replace the Classic Load Balancers with a single Application Load Balancer.

D. Replace the Classic Load Balancers with a single Application Load Balancer.

A Solutions Architect is designing a ride-sharing application. The application needs consistent and single-digit millisecond latency. In addition, the application must integrate with a highly scalable and fully managed database service to track GPS coordinates and user data for all rides. Which database service should the Solutions Architect use to meet these performance requirements? A. Amazon RDS B. Amazon Redshift C. Amazon DynamoDB D. Amazon Aurora

C. Amazon DynamoDB

An application has components running in a public subnet and a private subnet. The components within the private subnet must connect to the internet to receive updates. How should this be accomplished without moving the components into a public subnet? A. Add an internet gateway to the private subnet and update the private subnet route table. B. Add a NAT gateway to the public subnet and update the public subnet route table. C. Add an internet gateway to the VPC and update the private subnet route table. D. Add a NAT gateway to the public subnet and update the private subnet route table.

D. Add a NAT gateway to the public subnet and update the private subnet route table.

A Solutions Architect is designing a disaster recovery (DR) environment in a separate AWS region from an application's primary workload. The application uses a multi-tier architecture, and only the RDS instance will have frequent changes. The application installation process takes 60 minutes on average. The disaster recovery plan must have an RPO of less than 90 minutes and an RTO of less than 30 minutes. Which of the following would enable the Solutions Architect to meet these requirements? (Choose two.) A. An Aurora instance as the primary database with a read replica in the DR region. B. Inter-region VPC peering between the primary workload VPC and the DR VPC C. A cross-region Amazon EC2 Amazon Machine Image (AMI) copy D. Amazon S3 cross-region replication of application-tier installers E. Amazon CloudWatch Events in the primary region that trigger the failover to the DR region

A. An Aurora instance as the primary database with a read replica in the DR region. C. A cross-region Amazon EC2 Amazon Machine Image (AMI) copy

Deck 3 Flashcards

(66 cards)