Deck 4 Flashcards by Annisha Friall

A Solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and
Windows.
Which solution meets this requirement?

A. Default Amazon CloudWatch metrics.
B. Custom Amazon CloudWatch metrics.
C. Amazon Inspector resource monitoring.
D. Default monitoring of Amazon EC2 instances.

B. Custom Amazon CloudWatch metrics.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is creating a new relational database. The Compliance team will use the database, and mandates that data content must be stored across three different Availability Zones.
Which of the following options should the Architect Use?
A. Amazon Aurora
B. Amazon RDS MySQL with Multi-AZ enabled
C. Amazon DynamoDB
D. Amazon ElastiCache

A. Amazon Aurora

How well did you know this?

Not at all

Perfectly

A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2.
Which option represents the SIMPLIEST way to implement this design?
A. Add an S3 lifecycle rule to move any files from the bucket in us-east-1 to the bucket in ap-southeast-2.
B. Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2.
C. Use SNS to notify the bucket in ap-southeast-2 to create a file whenever the file is created in the bucket in us-east-1.
D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2.

D. Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2.

How well did you know this?

Not at all

Perfectly

An organization has a long-running image processing application that runs on Spot Instances that will be terminated when interrupted. A highly available workload must be designed to respond to Spot Instance interruption notices. The solution must include a two-minute warning when there is not enough capacity.
How can these requirements be met?
A. Use Amazon CloudWatch Events to invoke an AWS Lambda function that can launch On-Demand Instances.
B. Regularly store data from the application on Amazon DynamoDB. Increase the maximum number of instances in the AWS Auto Scaling group.
C. Manually place a bid for additional Spot Instances at a higher price in the same AWS Region and Availability Zone.
D. Ensure that the Amazon Machine Image associated with the application has the latest configurations for the launch configuration.

A. Use Amazon CloudWatch Events to invoke an AWS Lambda function that can launch On-Demand Instances.

How well did you know this?

Not at all

Perfectly

A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system.
How can the responsiveness of the primary database be improved?

A. Use asynchronous replication for standby to maximize throughput during peak demand.
B. Offload SELECT queries that can tolerate stale data to READ replica.
C. Offload SELECT and UPDATE queries to READ replica.
D. Offload SELECT query that needs the most current data to READ replica.

B. Offload SELECT queries that can tolerate stale data to READ replica.

How well did you know this?

Not at all

Perfectly

A company is designing a failover strategy in Amazon Route 53 for its resources between two AWS Regions. The company must have the ability to route a user’s traffic to the region with least latency, and if both regions are healthy, Route 53 should route traffic to resources in both regions.
Which strategy should the Solutions Architect recommend?

A. Configure active-active failover using Route 53 latency DNS records.
B. Configure active-passive failover using Route 53 latency DNS records.
C. Configure active-active failover using Route 53 failover DNS records.
D. Configure active-passive failover using Route 53 failover DNS records.

A. Configure active-active failover using Route 53 latency DNS records.

How well did you know this?

Not at all

Perfectly

A company is developing several critical long-running applications hosted on Docker.
How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS?

A. Use Amazon ECS and Service Auto Scaling.
B. Use Spot Instances for orchestration and for scaling containers on existing Amazon EC2 instances.
C. Use AWS OpsWorks to launch containers in new Amazon EC2 instances.
D. Use Auto Scaling groups to launch containers on existing Amazon EC2 instances.

A. Use Amazon ECS and Service Auto Scaling.

ECS = Docker

How well did you know this?

Not at all

Perfectly

A Solutions Architect is developing a new web application on AWS. The Architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances.
What solution is appropriate?

A. Amazon API Gateway and AWS Lambda
B. Elastic Load Balancing with Auto Scaling groups and Amazon EC2
C. Amazon API Gateway and Amazon EC2
D. Amazon CloudFront and AWS Lambda

A. Amazon API Gateway and AWS Lambda

How well did you know this?

Not at all

Perfectly

A Solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available.
What should the Architect do to achieve this goal with Amazon RDS?

A. Create a read replica of the primary database and deploy it in a different AWS Region.
B. Enable multi-AZ to create a standby database in a different Availability Zone.
C. Enable multi-AZ to create a standby database in a different AWS Region.
D. Create a read replica of the primary database and deploy it in a different Availability Zone.

B. Enable multi-AZ to create a standby database in a different Availability Zone.

How well did you know this?

Not at all

Perfectly

An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution.
Which solution should a Solutions Architect recommend to meet the requirements?
A. Use Amazon Cognito Identity with SMS-based MFA.
B. Edit AWS IAM policies to require MFA for all users.
C. Federate IAM against corporate AD that requires MFA.
D. Use Amazon API Gateway and require SSE for photos.

A. Use Amazon Cognito Identity with SMS-based MFA.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a solution to monitor weather changes by the minute. The frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually unlimited size, and data retrieval must occur with minimal latency.
Which AWS service should the Architect use to store the data and achieve these requirements?
A. Amazon S3
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon EBS

B. Amazon DynamoDB

How well did you know this?

Not at all

Perfectly

A company hosts a website on premises. The website has a mix of static and dynamic content, but users experience latency when loading static files.
Which AWS service can help reduce latency?

A. Amazon CloudFront with on-premises servers as the origin
B. ELB Application Load Balancer
C. Amazon Route 53 latency-based routing
D. Amazon EFS to store and server static files

A. Amazon CloudFront with on-premises servers as the origin

How well did you know this?

Not at all

Perfectly

A company wants to analyze all of its sales information aggregated over the last 12 months. The company expects there to be over 10TB of data from multiple sources.
What service should be used?
A. Amazon DynamoDB
B. Amazon Aurora MySQL
C. Amazon RDS MySQL
D. Amazon Redshift

D. Amazon Redshift

Keyword: Analyze, aggregate

How well did you know this?

Not at all

Perfectly

A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default
Auto Scaling termination policy. The web servers’ Auto Scaling group currently has 15 instances running.
Which instance will be terminated first during a scale-in operation?

A. The instance with the oldest launch configuration.
B. The instance in the Availability Zone that has most instances.
C. The instance closest to the next billing hour.
D. The oldest instance in the group.

B. The instance in the Availability Zone that has most instances.

How well did you know this?

Not at all

Perfectly

A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays.
A Solutions Architect needs to implement a system for processing those sensor messages; the results must be available for the Data Analysis team.
Which architecture should be used to meet these requirements?

A. Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.
B. Create an Amazon EC2 instance to server as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download.
C. Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table.
D. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.

A. Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.

How well did you know this?

Not at all

Perfectly

A client is migrating a legacy web application to the AWS Cloud. The current system uses an Oracle database as a relational database management system solution. Backups occur every night, and the data is stored on-premises. The Solutions Architect must automate the backups and identity a storage solution while keeping costs low.
Which AWS service will meet these requirements?

A. Amazon RDS
B. Amazon RedShift
C. Amazon DynamoDB Accelerator
D. Amazon ElastiCache

A. Amazon RDS

How well did you know this?

Not at all

Perfectly

A company has an Amazon RDS database backing its production website. The Sales team needs to run queries against the database to track training program effectiveness. Queries against the production database cannot impact performance, and the solution must be easy to maintain.
How can these requirements be met?

A. Use an Amazon Redshift database. Copy the product database into Redshift and allow the team to query it.
B. Use an Amazon RDS read replica of the production database and allow the team to query against it.
C. Use multiple Amazon EC2 instances running replicas of the production database, placed behind a load balancer.
D. Use an Amazon DynamoDB table to store a copy of the data.

B. Use an Amazon RDS read replica of the production database and allow the team to query against it.

How well did you know this?

Not at all

Perfectly

A company must collect temperature data from thousands of remote weather devices. The company must also store this data in a data warehouse to run aggregations and visualizations.
Which services will meet these requirements? (Choose two.)

A. Amazon Kinesis Data Firehouse
B. Amazon SQS
C. Amazon Redshift
D. Amazon SNS
E. Amazon DynamoDB

A. Amazon Kinesis Data Firehouse
C. Amazon Redshift

Amazon Kinesis Data Firehouse –Amazon Kinesis Analytics allows you to process streaming data coming from IoT devices in real timE
Amazon Redshift–Amazon Redshift is a fast, fully managed, and cost-effective data warehouse that gives you petabyte scale data warehousing and exabyte scale data lake analytics together in one service

How well did you know this?

Not at all

Perfectly

A company has a legal requirement to store point-in-time copies of its Amazon RDS PostGreSQL database instance in facilities that are at least 200 miles apart.
Use of which of the following provides the easiest way to comply with this requirement?

A. Cross-region read replica
B. Multiple Availability Zone snapshot copy
C. Multiple Availability Zone read replica
D. Cross-region snapshot copy

D. Cross-region snapshot copy

How well did you know this?

Not at all

Perfectly

After reviewing their logs, a startup company noticed large, random spikes in traffic to their web application. The company wants to configure a cost-efficient Auto
Scaling solution to support high availability of the web application.
Which scaling plan should a Solutions Architect recommend to meet the company’s needs?

A. Dynamic
B. Scheduled
C. Manual
D. Lifecycle

A. Dynamic

How well did you know this?

Not at all

Perfectly

To meet compliance standards, a company must have encrypted archival data storage. Data will be accessed infrequently, with lead times well in advance of when archived data must be recovered. The company requires that the storage be secure, durable, and provided at the lowest price per 1TB of data stored.
What type of storage should be used?

A. Amazon S3
B. Amazon EBS
C. Amazon Glacier
D. Amazon EFS

C. Amazon Glacier

How well did you know this?

Not at all

Perfectly

An online company wants to conduct real-time sentiment analysis about its products from its social media channels using SQL.
Which of the following solutions has the LOWEST cost and operational burden?

A. Set up a streaming data ingestion application on Amazon EC2 and connect it to a Hadoop cluster for data processing. Send the output to Amazon S3 and use Amazon Athena to analyze the data.
B. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to write SQL queries against the stream.
C. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Firehose to send data to an Amazon Redshift cluster, and then query directly against Amazon Redshift
D. Set up streaming data ingestion application on Amazon EC2 and send the output to Amazon S3 using Kinesis Data Firehose. Use Athena to analyze the data.

B. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon Kinesis Data Analytics to write SQL queries against the stream.

How well did you know this?

Not at all

Perfectly

An organization must process a stream of large-volume hashtag data in real time and needs to run custom SQL queries on the data to get insights on certain tags.
The organization needs this solution to be elastic and does not want to manage clusters.
Which of the following AWS services meets these requirements?

A. Amazon Elasticsearch Service
B. Amazon Athena
C. Amazon Redshift
D. Amazon Kinesis Data Analytics

D. Amazon Kinesis Data Analytics

How well did you know this?

Not at all

Perfectly

Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stop rather than terminate when its Spot
Instance is interrupted? (Choose two.)

A. The Spot Instance request type must be one-time.
B. The Spot Instance request type must be persistent.
C. The root volume must be an Amazon EBS volume.
D. The root volume must be an instance store volume.
E. The launch configuration is changed.

B. The Spot Instance request type must be persistent.

C. The root volume must be an Amazon EBS volume.

How well did you know this?

Not at all

Perfectly

An application hosted on AWS uses object storage for storing internal reports that are accessed daily by the CFO. Currently, these reports are publicly available. How should a Solutions Architect re-design this architecture to prevent unauthorized access to these reports? A. Encrypt the files on the client side and store the files on Amazon Glacier, then decrypt the reports on the client side. B. Move the files to Amazon ElastiCache and provide a username and password for downloading the reports. C. Specify the use of AWS KMS server-side encryption at the time of an object creation on Amazon S3. D. Store the files on Amazon S3 and use the application to generate S3 pre-signed URLs to users.

D. Store the files on Amazon S3 and use the application to generate S3 pre-signed URLs to users.

A Solutions Architect is designing an application on AWS that will connect to the on-premise data center through a VPN connection. The solution must be able to log network traffic over the VPN. Which service logs this network traffic? A. AWS CloudTrail logs B. Amazon VPC flow logs C. Amazon S3 bucket logs D. Amazon CloudWatch Logs

B. Amazon VPC flow logs

A company wants to durably store data in 8 KB chunks. The company will access the data once every few months. However, when the company does access the data, it must be done with as little latency as possible. Which AWS service should a Solutions Architect recommend if cost is NOT a factor? A. Amazon DynamoDB B. Amazon EBS Throughput Optimized HDD Volumes C. Amazon EBS Cold HDD Volumes D. Amazon ElastiCache

A. Amazon DynamoDB

``` A media company has more than 100TB of data to be stored and retrieved infrequently. However, the company occasionally receives requests for data within an hour. The company needs a low-cost retrieval method to handle the requests. Which service meets this requirement? A. Amazon S3 Standard B. Amazon Glacier standard retrievals C. Amazon Glacier bulk retrievals D. Amazon S3 Standard Infrequent Access ```

D. Amazon S3 Standard Infrequent Access

An on-premises database is experiencing significant performance problems when running SQL queries. With 10 users, the lookups are performing as expected. As the number of users increases, the lookups take three times longer than expected to return values to an application. Which action should a Solutions Architect take to maintain performance as the user count increases? A. Use Amazon SQS. B. Deploy Multi-AZ RDS MySQL C. Configure Amazon RDS with additional read replicas. D. Migrate from MySQL to RDS Microsoft SQL Server.

C. Configure Amazon RDS with additional read replicas.

A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger a Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability? A. Enable cross-region replication in the Amazon S3 bucket. B. Create a Lambda function for each Availability Zone the application is deployed in. C. Enable multi-AZ on the RDS PostgreSQL database. D. Create a DynamoDB stream for the DynamoDB table.

C. Enable multi-AZ on the RDS PostgreSQL database.

A media company must store 10 TB of audio recordings. Retrieval happens infrequently and requestors agree on an 8-hour turnaround time. What is the MOST cost-effective solution to store the files? A. Amazon S3 Standard "" Infrequent Access (Standard "" IA) B. EBS Throughput Optimized HDD (st1) C. EBS Cold HDD (sc1) D. Amazon Glacier

D. Amazon Glacier

A company wants to improve the performance of their web application after receiving customer complaints. An analysis concluded that the same complex database queries were causing increased latency. What should a Solutions Architect recommend to improve the application's performance? A. Migrate the database to MySQL. B. Use Amazon RedShift to analyze the queries. C. Integrate Amazon ElastiCache into the application. D. Use a Lambda-triggered request to the backend database.

C. Integrate Amazon ElastiCache into the application.

``` Which tool analyzes account resources and provides a detailed inventory of changes over time? A. AWS Config B. AWS CloudFormation C. Amazon CloudWatch D. AWS Service Catalog ```

A. AWS Config

A Solutions Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted. Which is the MOST efficient option to fulfill the security policy using Amazon RDS? A. Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and backups. B. Launch an Amazon RDS instance. Enable encryption for database, logs and backups. C. Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted. D. Launch an Amazon RDS instance. Enable encryption for backups. Encrypt logs with a database-engine feature.

C. Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted.

A company has an application that accesses a MySQL database installed on a single EC2 instance. The instance recently experienced a fault and brought down the entire application for several hours. The company wants to address the issue but is concerned about spending too much time modifying application code or managing the legacy application. What should the Solutions Architect recommend to remove this single point of failure with the FEWEST changes to the application code and the LEAST amount of administrative effort? A. Implement a caching layer by using Amazon ElastiCache to store query results of frequently accessed information. B. Deploy a second EC2 instance with MySQL installed, and configure replication between this instance and the existing MySQL instance. C. Migrate the database to an RDS MySQL Multi-AZ DB instance, and point the application servers to the new RDS instance. D. Create a DynamoDB table to use as a cache layer, and update the application to query data from Amazon DynamoDB before querying MySQL.

C. Migrate the database to an RDS MySQL Multi-AZ DB instance, and point the application servers to the new RDS instance.

A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster. How should the Solutions Architect ensure that the connections for read activities are load balanced? A. Reader endpoint for Amazon Aurora B. Cluster endpoint for Amazon Aurora C. Primary DB instance endpoint for Amazon Aurora D. Replica DB instances endpoint for Aurora

A. Reader endpoint for Amazon Aurora

A company plans to migrate a website to AWS to use a serverless architecture. The website contains both static and dynamic content and is accessed by users across the world. The website should maintain sessions for returning users to improve the user experience. Which service should a Solutions Architect use for a cost-efficient solution with the LOWEST latency? A. Amazon S3, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB B. Amazon CloudFront, AWS Lambda, API Gateway, and Amazon RDS C. Amazon CloudFront, Elastic Load Balancing, Amazon EC2, and Amazon RDS D. Amazon S3, Amazon CloudFront, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB.

D. Amazon S3, Amazon CloudFront, AWS Lambda, Amazon API Gateway, and Amazon DynamoDB.

A Solutions Architect is helping a customer migrate an application to AWS. The application is composed of a fleet of Linux servers that currently use a shared file system to read and write data. One of the goals of moving this application to AWS is to increase the reliability of the storage tier. What solution would increase reliability while minimizing the operational overhead of managing this infrastructure? A. Create an EBS volume and mount it to all the servers. B. Create an EFS file system and mount it to all the servers. C. Create an S3 bucket that can be accessed through an S3 VPC Endpoint. D. Create two EC2 instances in separate Availability Zones that act as file servers.

B. Create an EFS file system and mount it to all the servers.

A Solution Architect is designing a two-tier application for maximum security, with a web tier running on EC2 instances and the data stored in an RDS DB instance. The web tier should accept user access only through HTTPS connections (port 443) from the Internet, and the data must be encrypted in transit to and from the database. What combination of steps will MOST securely meet the stated requirements? (Choose two.) A. Create a security group for the web tier instances that allows inbound traffic only over port 443. B. Enforce Transparent Data Encryption (TDE) on the RDS database. C. Create a network ACL that allows inbound traffic only over port 443. D. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances. E. Create a customer master key in AWS KMS and apply it to encrypt the RDS instance.

A. Create a security group for the web tier instances that allows inbound traffic only over port 443. D. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances.

A credit card processing application, hosted on an on-premises server, needs to communicate directly with a database hosted on an Amazon EC2 instance running in a private subnet of a VPC. Compliance requirements state that end-to-end communication should be encrypted. Which solution will ensure that this requirement is met? A. Use HTTPS for traffic over VPC peering between the VPC and the on-premises datacenter. B. Use HTTPS for traffic over the Internet between the on-premises server and the Amazon EC2 instance. C. Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter. D. Use HTTPS for traffic over gateway VPC endpoints that have been configured for the Amazon EC2 instance.

C. Use HTTPS for traffic over a VPN connection between the VPC and the on-premises datacenter.

An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance. The ratio of read requests to write requests is about 2 to 1. Recent increases in traffic are causing very high latency. How can this problem be corrected? A. Create a similar RDS PostgreSQL instance and direct all traffic to it. B. Use the secondary instance of the Multiple Availability Zone for read traffic only. C. Create a read replica and send half of all traffic to it. D. Create a read replica and send all read traffic to it.

D. Create a read replica and send all read traffic to it.

A Solutions Architect is designing a system that will store Personally Identifiable Information (PII) in an Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and unencrypted data should never be sent to AWS. What Amazon S3 encryption technique should the Architect choose? A. Amazon S3 client-side encryption with an AWS KMS-managed customer master key (CMK) B. Amazon S3 server-side encryption with an AWS KMS-managed key C. Amazon S3 client-side encryption with a client-side master key D. Amazon S3 server-side encryption with a customer-provided key

C. Amazon S3 client-side encryption with a client-side master key

A Security team reviewed their company's VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company's goal is to eliminate internet access and allow the application to continue to function. What change should be made in the VPC before updating the route table? A. Create a NAT gateway for Amazon S3 access B. Create a VPC endpoint for Amazon S3 access C. Create a VPC endpoint for Amazon EC2 access D. Create a NAT gateway for Amazon EC2 access

B. Create a VPC endpoint for Amazon S3 access

A company is deploying a reporting application on Amazon EC2. The application is expected to generate 1,000 documents every hour and each document will be 800 MB. The company is concerned about strong data consistency and file locking, as various applications hosted on other EC2 instances will process the report documents in parallel when they become available. What storage solution will meet these requirements with the LEAST amount of administrative overhead? A. Amazon EFS B. Amazon S3 C. Amazon ElastiCache D. Amazon EBS

A. Amazon EFS

A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon EC2. This application serves as a blog for an international internet security company. The application must be geographically redundant and scalable. It must separate the public Amazon EC2 web servers from the private Amazon RDS database, it must be highly available, and it must support dynamic port routing. Which combination of AWS services or capabilities will meet these requirements? A. AWS Auto Scaling with a Classic Load Balancer, and AWS CloudTrail B. Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront C. A VPC, a NAT gateway and Auto Scaling with a Network Load Balancer D. CloudFront, Route 53, and Auto Scaling with a Classic Load Balancer

B. Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront

An e-commerce application places orders in an Amazon SQS queue. When a message is received, Amazon EC2 worker instances process the request. The EC2 instances are in an Auto Scaling group. How should the architecture be designed to scale up and down with the LEAST amount of operational overhead? A. Use an Amazon CloudWatch alarm on the EC2 CPU to scale the Auto Scaling group up and down. B. Use an EC2 Auto Scaling health check for messages processed on the EC2 instances to scale up and down. C. Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down. D. Use an Amazon CloudWatch alarm based on the CPU to scale the Auto Scaling group up or down.

C. Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down.

A customer is migrating to AWS and requires applications to access Network File System shares without code changes. Data is critical and accessed frequently. Which storage solution should a Solutions Architect recommend to maximize availability and durability? A. Amazon EBS B. Amazon S3 C. AWS Storage Gateway for files D. Amazon EFS

D. Amazon EFS

A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policies require that data on the attached Amazon EBS volume must be retained. Which actions will meet this requirement without impacting performance? A. Enable Termination Protection on the Amazon EC2 instances. B. Disable DeleteOnTermination for the Amazon EBS volumes. C. Use Amazon EC2 user data to set up a synchronization job for root volume data. D. Change the auto scaling Health Check to point to a source on the root volume.

B. Disable DeleteOnTermination for the Amazon EBS volumes.

A company wants to expand its web services from us-east-1 into ap-southeast-1. The company stores a large amount of static content on its website, and recently received complaints about slow loading speeds and the website timing out. What should be done to meet the expansion goal while also addressing the latency and timeout issues? A. Store the static content in Amazon S3 and enable S3 Transfer Acceleration. B. Store the static content in an Amazon EBS volume in the ap-southeast-1 region and provision larger Amazon EC2 instances for the website. C. Use an Amazon Route 53 simple routing policy to distribute cached content across three regions. D. Use Amazon S3 to store the static content and configure an Amazon CloudFront distribution.

D. Use Amazon S3 to store the static content and configure an Amazon CloudFront distribution.

An application is scanning an Amazon DynamoDB table that was created with default settings. The application occasionally reads stale data when it queries the table. How can this issue be corrected? A. Increase the provisioned read capacity of the table. B. Enable AutoScaling on the DynamoDB table. C. Update the application to use strongly consistent reads. D. Re-create the DynamoDB table with eventual consistency disabled.

C. Update the application to use strongly consistent reads.

A company is storing application data in Amazon S3 buckets across multiple AWS regions. Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The Solutions Architect plans to configure cross-region replication. Which solution will encrypt the data whole requiring the LEAST amount of operational overhead? A. Configure the applications to write to an S3 bucket using client-side encryption B. Configure S3 buckets to encrypt using AES-256 C. Configure S3 object encryption using AWS CLI with Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) D. Configure S3 buckets to use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) with imported key material in both regions

D. Configure S3 buckets to use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS) with imported key material in both regions

A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises. Which solution should the Architect use to meet the security requirements? A. AWS CloudHSM B. SSE-KMS: Server-side encryption with AWS KMS managed keys C. SSE-S3: Server-side encryption with Amazon-managed master key D. SSE-C: Server-side encryption with customer-provided encryption keys

D. SSE-C: Server-side encryption with customer-provided encryption keys

A Solutions Architect is considering possible options for improving the security of the data on an Amazon EBS volume attached to an Amazon EC2 instance. Which solution will improve the security of the data? A. Use AWS KMS to encrypt the EBS volume B. Create an IAM policy that restricts read and write access to the volume C. Migrate the sensitive data to an instance store volume D. Use Amazon single sign-on to control login access to the EC2 instance

A. Use AWS KMS to encrypt the EBS volume

A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance? A. Use AWS Lambda to preprocess the data and transform the records into a simpler format, such as CSV. B. Run the MergeShard command to reduce the number of shards that the consumer can more easily process. C. Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput. D. Run the UpdateShardCount command to increase the number of shards in the stream

D. Run the UpdateShardCount command to increase the number of shards in the stream

A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa- east-1 region, which has three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable? A. Deploy six Amazon EC2 instances in sa-east-1a, six Amazon EC2 instances in sa-east-1b, and six Amazon EC2 instances in sa-east-1c B. Deploy six Amazon EC2 instances in sa-east-1a, four Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c C. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b, and three Amazon EC2 instances in sa-east-1c D. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c

C. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b, and three Amazon EC2 instances in sa-east-1c

A Solutions Architect is designing a three-tier web application that will allow customers to upload pictures from a mobile application. The application will then generate a thumbnail of the picture and return a message to the user confirming that the image was successfully uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub second response time to the customers uploading the images, the Solutions Architect wants to separate the web tier from the application tier. Which service would allow the presentation tier to asynchronously dispatch the request to the application tier? A. AWS Step Functions B. AWS Lambda C. Amazon SNS D. Amazon SQS

D. Amazon SQS

A Solutions Architect is designing an application in AWS. The Architect must not expose the application or database tier over the Internet for security reasons. The application must be low-cost and have a scalable front end. The databases and application tier must have only one-way Internet access to download software and patch updates. Which solution helps to meet these requirements? A. Use a NAT Gateway as the front end for the application tier and to enable the private resources to have Internet access. B. Use an Amazon EC2-based proxy server as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources. C. Use an ELB Classic Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow Internet access for private resources. D. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources.

D. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources.

A Solutions Architect is designing a multi-tier application consisting of an Application Load Balancer, an Amazon RDS database instance, and an Auto Scaling group on Amazon EC2 instances. Each tier is in a separate subnet. There are some EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from the EC2 instances in the Auto Scaling group. What should be done to meet these requirements? A. Configure the inbound network ACLs on the database subnet to accept traffic from the IP addresses of the EC2 instances only. B. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group. C. Configure the outbound rules on the security group associated with the Auto Scaling group. Set the destination to the security group associated with the RDS database instance. D. Configure the inbound network ACLs on the database subnet to accept traffic only from the CIDR range of the subnet used by the Auto Scaling group.

B. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group.

An organization uses Amazon S3 to store video content served via its website. It only has rights to deliver this content to users within its own country and needs to restrict access. How can the organization ensure that these files are only accessible from within its country? A. Use a custom Amazon S3 bucket policy to allow access only to users inside the organization's country B. Use Amazon CloudFront and Geo Restriction to allow access only to users inside the organization's country C. Use an Amazon S3 bucket ACL to allow access only to users inside the organization's country D. Use file-based ACL permissions on each video file to allow access only to users inside the organization's country

B. Use Amazon CloudFront and Geo Restriction to allow access only to users inside the organization's country

A company is storing data in an Amazon DynamoDB table and needs to take daily backups and retain them for 6 months. How should the Solutions Architect meet these requirements without impacting the production workload? A. Use DynamoDB replication and restore the table from the replica B. Use AWS Data Pipeline and create a scheduled job to back up the DynamoDB table daily C. Use Amazon CloudWatch Events to trigger an AWS Lambda function that makes an on-demand backup of the table D. Use AWS Batch to create a scheduled backup with the default template, then back up to Amazon S3 daily.

C. Use Amazon CloudWatch Events to trigger an AWS Lambda function that makes an on-demand backup of the table

A Solutions Architect is designing a multicontainer-based web application. Parts of the web application, /orders and /sale-event, must scale independently while maintaining a single Fully Qualified Domain Name. Which AWS services will help the Architect build this platform? (Select TWO.) ``` A. Amazon ELB Application Load Balancer B. Amazon ELB Classic Load Balancer C. Amazon EC2 Container Service D. Amazon DynamoDB E. Amazon SQS ```

A. Amazon ELB Application Load Balancer | C. Amazon EC2 Container Service

A company will host a static website within an Amazon S3 bucket. The website will serve millions of users globally, and the company wants to minimize data transfer costs. What should the Solutions Architect do to ensure costs are kept to a minimum? A. Implement an AWS Auto Scaling group for the website to ensure it grows with use. B. Use cross-region replication to copy the website to an additional S3 bucket in a different region. C. Create an Amazon CloudFront distribution, with the S3 bucket as the origin server. D. Move the website to large compute-optimized Amazon EC2 instances.

C. Create an Amazon CloudFront distribution, with the S3 bucket as the origin server.

A company will run different data analytics jobs on large petabyte-scale datasets, using standard SQL and existing business intelligence tools. The data is mostly structured, but part of the data is unstructured and resides in Amazon S3. What technology should be used to support this use case? A. An Amazon Aurora database cluster with 15 replicas distributed across Availability Zones. B. Amazon Redshift with Amazon Redshift Spectrum. C. Amazon DynamoDB with Amazon DynamoDB Accelerator (DAX). D. Amazon ElastiCache for Redis with cluster mode enabled.

B. Amazon Redshift with Amazon Redshift Spectrum.

A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2. The batch job downloads an image from an Amazon S3 bucket, adds copyright information, and uploads it back to Amazon S3. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel, recover from the instance failures, and continue the processing from where it left off. What is the MOST cost-effective purchasing option the Solutions Architect can recommend? A. Standard Reserved Instances B. Scheduled Reserved Instances C. Spot Instances D. On-Demand Instances

C. Spot Instances

A team has developed a new web application in an AWS Region that has three Availability Zones: AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and needs at least six Amazon EC2 instances running at all times. The application must tolerate the loss of connectivity to any single Availability Zone so that the application can continue to run. Which configurations will meet these requirements? (Select TWO.) A. AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2 instances. B. AZ-a with four EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances. C. AZ-a with two EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances. D. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with no EC2 instances. E. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with three EC2 instances.

A. AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2 instances. E. AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with three EC2 instances.

A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company's Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance? A. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes. B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required. C. Encrypt the GUID using Base64 and store it in the user's session cookie. Decrypt the GUID when an audit record is needed. D. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database.

B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required.

Deck 4 Flashcards

(66 cards)