Deck 5 Flashcards by Annisha Friall

A Solutions Architect is designing a public-facing web application for employees to upload images to their social media account. The application consists of multiple Amazon EC2 instances behind an elastic load balancer, an Amazon S3 bucket where uploaded images are stored, and an Amazon DynamoDB table for storing image metadata.
Which AWS service can the Architect use to automate the process of updating metadata in the DynamoDB table upon image upload?

A. Amazon CloudWatch
B. AWS CloudFormation
C. AWS Lambda
D. Amazon SQS

C. AWS Lambda

How well did you know this?

Not at all

Perfectly

A company’s policy requires that all data stored in Amazon S3 is encrypted. The company wants to use the option with the least overhead and does not want to manage any encryption keys.
Which of the following options will meet the company’s requirements?

A. AWS CloudHSM
B. AWS Trusted Advisor
C. Server Side Encryption (SSE-S3)
D. Server Side Encryption (SSE-KMS)

C. Server Side Encryption (SSE-S3)

How well did you know this?

Not at all

Perfectly

A company has gigabytes of web log files stored in an Amazon S3 bucket. A Solutions Architect wants to copy those files into Amazon Redshift for analysis. The company’s security policy mandates that data is encrypted at rest both in the Amazon Redshift cluster and the Amazon S3 bucket.
Which process will fulfill the security requirements?

A. Enable server-side encryption on the Amazon S3 bucket. Launch an unencrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster.
B. Enable server-side encryption on the Amazon S3 bucket. Copy data from the Amazon S3 bucket into an unencrypted Redshift cluster. Enable encryption on the cluster.
C. Launch an encrypted Amazon Redshift cluster. Copy the data from the Amazon S3 bucket into the Amazon Redshift cluster. Copy data back to the Amazon S3 bucket in encrypted form.
D. Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster.

D. Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster.

How well did you know this?

Not at all

Perfectly

An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are terminated, the Systems Operations team cannot determine the route cause, because the logs reside on the terminated instances and are lost.
How can the root cause be determined?

A. Use ephemeral volumes to store the log files.
B. Use a scheduled Amazon CloudWatch Event to take regular Amazon EBS snapshots.
C. Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs.
D. Use AWS CloudTrail to pull the logs from the Amazon EC2 instances.

C. Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a customer order processing application that will likely have high usage spikes.
What should the Architect do to ensure that customer orders are not lost before being written to an Amazon RDS database? (Choose two.)

A. Use Amazon CloudFront to deliver the application front end.
B. Use Elastic Load Balancing with a round-robin routing algorithm.
C. Have the orders written into an Amazon SQS queue.
D. Scale the number of processing nodes based on pending order volume.
E. Have a standby Amazon RDS instance in a separate Availability Zone.

C. Have the orders written into an Amazon SQS queue.

D. Scale the number of processing nodes based on pending order volume.

How well did you know this?

Not at all

Perfectly

Employees from several companies use an application once a year during a specific 30-day period. The periods are different for each company. Traffic to the application spikes during these 30-day periods.
How can the application be designed to handle these traffic spikes?

A. Use an Amazon Route 53 latency routing policy to route traffic to an Amazon EC2 instance with the least lag time.
B. Use Amazon S3 to cache static elements of the website requests.
C. Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic.
D. Use Amazon Cloud Front to serve static assets to decrease the load on the EC2 instances.

C. Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic.

How well did you know this?

Not at all

Perfectly

A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free.
What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list?

A. Amazon SNS
B. AWS Lambda with sequential dispatch
C. A FIFO queue in Amazon SQS
D. A standard queue in Amazon SQS

C. A FIFO queue in Amazon SQS

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a solution for a dynamic website, “example.com,” that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The
Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to “example.com”.
Which service should the Architect use to achieve this goal with the LEAST administrative effort?

A. Amazon CloudFront with geolocation routing
B. Amazon Route 53
C. Application Load Balancer
D. Network Load Balancer deployed across multiple regions

B. Amazon Route 53

How well did you know this?

Not at all

Perfectly

A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud.
Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?

A. Amazon EC2 and an Application Load Balancer
B. Amazon S3 and Amazon CloudFront
C. Amazon EC2 and Amazon Elastic Transcoder
D. AWS Lambda and Amazon API Gateway

D. AWS Lambda and Amazon API Gateway

How well did you know this?

Not at all

Perfectly

A company has instances in private subnets that require outbound access to the internet.
This requires:

A. Assigning a public IP address to the instance.
B. Updating the route table associated with the subnet to point internet traffic through a NAT gateway.
C. Updating the security group associated with the subnet to allow ingress on 0.0.0.0/0.
D. Routing traffic from the instance through a VPC endpoint that has internet access.

B. Updating the route table associated with the subnet to point internet traffic through a NAT gateway.

How well did you know this?

Not at all

Perfectly

An organization regularly backs up their application data. The application backups are required to be stored on Amazon S3 for a certain amount of time. The backups should be accessed instantly in the event of a disaster recovery.
Which of the following Amazon S3 storage classes would be the MOST cost-effective option to meet the needs of this scenario?
A. Glacier Storage Class
B. Standard Storage Class
C. Standard “” Infrequent Access (IA)
D. Reduced Redundancy Class (RRS)

C. Standard “” Infrequent Access (IA)

How well did you know this?

Not at all

Perfectly

An organization runs an online voting system for a television program. During broadcasts, hundreds of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection requests.
What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?

A. Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process the message information into RDBMS database.
B. As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances.
C. Re-provision the RDBMS database with larger, memory-optimized instances. When voting ends, re-provision the back-end database with smaller instances.
D. Send votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.

A. Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process the message information into RDBMS database.

How well did you know this?

Not at all

Perfectly

An application publishes Amazon SNS messages in response to several events. An AWS Lambda function subscribes to these messages. Occasionally the function will fail while processing a message, so the original event message must be preserved for root cause analysis.
What architecture will meet these requirements without changing the workflow?

A. Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from the queue.
B. Configure Lambda to write failures to an SQS Dead Letter Queue.
C. Configure a Dead Letter Queue for the Amazon SNS topic.
D. Configure the Amazon SNS topic to invoke the Lambda function synchronously.

B. Configure Lambda to write failures to an SQS Dead Letter Queue.

How well did you know this?

Not at all

Perfectly

An application uses an Amazon RDS MySQL cluster for the database layer. Database growth requires periodic resizing of the instance. Currently, administrators check the available disk space manually once a week.
How can this process be improved?

A. Use the largest instance type for the database.
B. Use AWS CloudTrail to monitor storage capacity.
C. Use Amazon CloudWatch to monitor storage capacity.
D. Use Auto Scaling to increase storage size.

D. Use Auto Scaling to increase storage size.

How well did you know this?

Not at all

Perfectly

A customer owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it rarely changed. Clients only access one record at a time.
Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?

A. Amazon RDS
B. Amazon DynamoDB
C. Amazon Redshift
D. AWS Data Pipeline

B. Amazon DynamoDB

How well did you know this?

Not at all

Perfectly

A business team requires a structured storage solution to store all of a company’s historical sales data. Currently there are 4 TB of data, which will grow to hundreds of terabytes within a few years. The team must be able to regularly run queries against the data using current business intelligence tools. Fast performance is required despite the dataset growth.
Which solution should the company use?

A. Amazon Redshift
B. Amazon Aurora
C. Amazon DynamoDB
D. Amazon S3

A. Amazon Redshift

How well did you know this?

Not at all

Perfectly

A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process is not overly resource-intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run.
What would be the MOST effective compute solution for this use case?

A. Amazon ECS
B. Amazon EC2 Spot instances
C. AWS Lambda functions
D. AWS Elastic Beanstalk

C. AWS Lambda functions

How well did you know this?

Not at all

Perfectly

An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3 buckets.
Which steps can a Solutions Architect take to ensure that the calls are made without exposing credentials?
A. Generate an access key ID and a secret key, and assign an IAM role with least privilege.
B. Create an IAM policy granting access to all services and assign it to the Amazon EC2 instance profile.
C. Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile.
D. Generate temporary access keys to grant users temporary access to the Amazon EC2 instance.

C. Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile.

How well did you know this?

Not at all

Perfectly

A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints.
Which of the following should the Architect recommend?

A. Create a crontab job script in each instance to push the logs regularly to Amazon S3.
B. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.
C. Enable Amazon CloudWatch Events in the AWS Management Console.
D. Enable AWS CloudTrail to map all API calls invoked by the applications.

B. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.

How well did you know this?

Not at all

Perfectly

A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued.
Which of the following answers this question?

A. The user needs to place a PUT request to decrypt the object.
B. The user needs to decrypt the object using a private key.
C. Amazon S3 manages encryption and decryption automatically.
D. Amazon S3 provides a server-side key for decrypting the object.

C. Amazon S3 manages encryption and decryption automatically.

How well did you know this?

Not at all

Perfectly

A company is looking for a fully-managed solution to store its players’ state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which can scale according to the incoming traffic. The request can be routed to any of the nodes, therefore, the state information must be stored in a centralized database. The players’ state information needs to be read with strong consistency and needs conditional updates for any changes.
Which service would be MOST cost-effective, and scale seamlessly?

A. Amazon S3
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift

B. Amazon DynamoDB

How well did you know this?

Not at all

Perfectly

An application is running on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability
Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault-tolerant up to the loss of one Availability Zone.
Which is the MOST cost-efficient way to meet these requirements?

A. Deploy two instances in each of three Availability Zones.
B. Deploy two instances in each of two Availability Zones.
C. Deploy four instances in each of two Availability Zones.
D. Deploy one instance in each of three Availability Zones.

A. Deploy two instances in each of three Availability Zones.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 instances running behind an ELB Classic Load
Balancer. The security team requires that all web servers must be accessible only through the Load Balancer, and that none of the web servers are directly accessible from the Internet.
How should the Architect meet these requirements?

A. Use a Load Balancer installed on an Amazon EC2 instance.
B. Configure the web servers’ security group to deny traffic from the public Internet.
C. Create an Amazon CloudFront distribution in front of the ELB Classic Load Balancer.
D. Configure the web tier security group to allow only traffic from the ELB Classic Load Balancer.

D. Configure the web tier security group to allow only traffic from the ELB Classic Load Balancer.

How well did you know this?

Not at all

Perfectly

A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators.
Which of the following options should the Architect recommend? (Choose two.)

A. Create a bastion host in a public subnet, and use the bastion host to connect to the database.
B. Log in to the web servers in the public subnet to connect to the database.
C. Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet.
D. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database.
E. Attach an Elastic IP address to the database.

A. Create a bastion host in a public subnet, and use the bastion host to connect to the database.
D. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database.

How well did you know this?

Not at all

Perfectly

A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s during peak hours. The application is currently throttling errors from the DynamoDB table during peak hours. What is the MOST cost-efficient change to support the increased traffic with minimal changes to the application? A. Use Amazon SQS to manage the write operations to the DynamoDB table. B. Change DynamoDB table configuration to 600 write capacity units. C. Increase the number of Amazon EC2 instances to support the traffic. D. Configure Amazon DynamoDB Auto Scaling to handle the extra demand.

D. Configure Amazon DynamoDB Auto Scaling to handle the extra demand.

One company wants to share the contents of their Amazon S3 bucket with another company. Security requirements mandate that only the other company's AWS accounts have access to the contents of the Amazon S3 bucket. Which Amazon S3 feature will allow secure access to the Amazon S3 bucket? A. Bucket policy B. Object tagging C. CORS configuration D. Lifecycle policy

A. Bucket policy

A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours. What is the MOST cost-effective way to provide enough compute? A. Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization. B. Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization. C. Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM. D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.

D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.

A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two Availability Zones. What would be the MOST appropriate VPC design for this specific use case? A. Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS. B. One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS. C. One public subnet for the elastic load balancer, one public subnet for the web servers, and one private subnet for the database. D. Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.

D. Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.

A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database. How should the Solutions Architect modify this workload to be both highly available and scalable? A. Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones. Create an Auto Scaling group with the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group. B. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group. C. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group. D. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use Amazon Route 53 weighted routing to balance traffic across the Auto Scaling group.

C. Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group.

A Solutions Architect is developing a new web application on AWS. The services must scale to support an increasing load. The Architect wants to focus on software development and deploying new features rather than provisioning or managing servers. Which AWS service is appropriate? A. Auto Scaling B. Elastic Beanstalk C. EC2 Container Service D. CloudFormation

B. Elastic Beanstalk

estion #167Topic 1 A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task? A. EC2 Reserved Instances B. EC2 Spot Instances C. EC2 Dedicated Hosts D. EC2 Placement Groups

C. EC2 Dedicated Hosts

An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system. Where should the data be stored? A. Amazon S3 B. Amazon DynamoDB C. Amazon EFS D. Amazon EBS

C. Amazon EFS "shared file system"

A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10,000 records daily as they arrive in the Kinesis stream. The MOST scalable way to design the microservice is: A. As an AWS Lambda function. B. As a process on an Amazon EC2 instance. C. As a Docker container running on Amazon ECS. D. As a Docker container on an EC2 instance.

C. As a Docker container running on Amazon ECS.

A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU is greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each Monday, and 80% of students, attempt to access their unique result within the first 30 minutes. Despite Auto Scaling being enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. on Monday. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner? A. Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load. B. Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units. C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m. D. Use Amazon CloudFront to cache web request and reduce the load on EC2 and DynamoDB.

C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m.

A company has asked a Solutions Architect to ensure that data is protected during data transfer to and from Amazon S3. Use of which service will protect the data in transit? A. AWS KMS B. HTTPS C. SFTP D. FTPS

B. HTTPS

A Solutions Architect is trying to bring a data warehouse workload to an Amazon EC2 instance. The data will reside in Amazon EBS volumes and full table scans will be executed frequently. What type of Amazon EBS volume would be most suitable in this scenario? A. Throughput Optimized HDD (st1) B. Provisioned IOPS SSD (io1) C. General Purpose SSD (gp2) D. Cold HDD (sc1)

A. Throughput Optimized HDD (st1)

A Solutions Architect has a three-tier web application that serves customers worldwide. Analysis reveals that product images take more time to load than expected. Which action will improve the image load time? A. Store product images on Amazon EBS-optimized storage volumes B. Store product images in an Amazon S3 bucket C. Use an Amazon CloudFront distribution for product images D. Use an Auto Scaling group to add instances for product images

C. Use an Amazon CloudFront distribution for product images

A gaming application is heavily dependent on caching and uses Amazon ElastiCache for Redis. The application performance was recently degraded due to failure of the cache node. What should a Solutions Architect recommend to minimize performance degradation in the future? A. Migrate from ElastiCache to Amazon RDS B. Configure automatic backup to save cache data C. Configure ElastiCache Multi-AZ with automatic failover D. Use Auto Scaling to provision cache nodes based on CPU usage

C. Configure ElastiCache Multi-AZ with automatic failover

A client has set up an Auto Scaling group associated with a load balancer. The client has noticed that instances launched by the Auto Scaling group are reported unhealthy as the result of an Elastic Load Balancing (ELB) health check, but these unhealthy instances are not being terminated. What can a Solutions Architect do to ensure that the instances marked unhealthy will be terminated and replaced? A. Increase the value for the health check interval set on the ELB load balancer. B. Change the thresholds set on the Auto Scaling group health check. C. Change the health check type to ELB for the Auto Scaling group. D. Change the health check set on the ELB load balancer to use TCP rather than HTTP checks.

C. Change the health check type to ELB for the Auto Scaling group.

A Solutions Architect must review an application deployed on EC2 instances that currently stores multiple 5-GB files on attached instance store volumes. The company recently experienced a significant data loss after stopping and starting their instances and wants to prevent the data loss from happening again. The solution should minimize performance impact and the number of code changes required. What should the Solutions Architect recommend? A. Store the application data in Amazon S3 B. Store the application data in an EBS volume C. Store the application data in Amazon ElastiCache D. Store the application data in Amazon DynamoDB

B. Store the application data in an EBS volume

A company is setting up a new website for online sales. The company will have a web tier and a database tier. The web tier consists of load-balanced, auto-scaled Amazon EC2 instances in multiple Availability Zones (AZs). The database tier is an Amazon RDS Multi-AZ deployment. The EC2 instances must connect securely to the database. How should the resources be launched? A. EC2 instances: public subnet RDS database instances: public subnet Load balancer: public subnet B. EC2 instances: public subnet RDS database instances: private subnet Load balancer: private subnet C. EC2 instances: private subnet RDS database instances: public subnet Load balancer: public subnet D. EC2 instances: private subnet RDS database instances: private subnet Load balancer: public subnet

D. EC2 instances: private subnet RDS database instances: private subnet Load balancer: public subnet

A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows access from the customer's Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances. How should the Architect design the infrastructure? A. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway. B. Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway. C. Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway. D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway

D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway

A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely to be used again, the raw data needs to be preserved for compliance and auditing purposes. What is the MOST cost-effective way to store the data in AWS? A. Amazon EBS Cold HDD (sc1) B. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) C. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) D. Amazon Glacier

D. Amazon Glacier

A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure. All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow. Which of the following will provide the MOST cost-effective solution? A. Amazon EC2 instance with Amazon EBS B. AWS Lambda function with Amazon API Gateway C. Amazon CloudFront with an Amazon S3 bucket origin D. Amazon S3 with a static website

C. Amazon CloudFront with an Amazon S3 bucket origin

A company is running a series of national TV campaigns. These 30-second advertisements will introduce sudden traffic peaks targeted at a Node.js application. The company expects traffic to increase from five requests each minute to more than 5,000 requests each minute. Which AWS service should a Solutions Architect use to ensure traffic surges can be handled? A. AWS Lambda B. Amazon ElastiCache C. Size EC2 instances to handle peak load D. An Auto Scaling group for EC2 instances

A. AWS Lambda

An insurance company stores all documents related to annual policies for the duration of the policies. The documents are created once and then stored until they are required, typically at the end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud. Which service should a Solutions Architect recommend as a cost-effective solution that meets the company's requirements? A. Amazon RDS MySQL B. Amazon S3 Standard-Infrequent Access C. Amazon Glacier D. Amazon S3 Standard

B. Amazon S3 Standard-Infrequent Access

How can a user track memory usage in an EC2 instance? A. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance. B. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric. C. Use an instance type that supports memory usage reporting to a metric by default. D. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

D. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and is discarded after 30 days. Which service will be MOST cost-effective in meeting these requirements? A. Import the logs into an RDS MySQL instance. B. Use AWS Data Pipeline to import the logs into a DynamoDB table. C. Write the files to an S3 bucket and use Amazon Athena to query the data. D. Import the logs to an Amazon Redshift cluster

C. Write the files to an S3 bucket and use Amazon Athena to query the data.

A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers. How can the Architect meet these requirements? A. Configure a Network Load Balancer. B. Configure an Application Load Balancer. C. Configure a Classic Load Balancer. D. Configure a Layer-4 Load Balancer.

B. Configure an Application Load Balancer.

A Solution Architect is designing a web application that runs on Amazon EC2 instances behind a load balancer. All data in transit must be encrypted. Which solutions will meet the encryption requirement? (Select TWO.) A. Use an Application Load Balancer (ALB) in passthrough mode, then terminate SSL on EC2 instances. B. Use an Application Load Balancer (ALB) with a TCP listener, then terminate SSL on EC2 instances. C. Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances. D. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the ALB and EC2 instances. E. Use a Network Load Balancer (NLB) with an HTTPS listener, then install SSL certificates on the NLB and EC2 instances.

C. Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances. D. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the ALB and EC2 instances.

A client reports that they want see an audit log of any changes made to AWS resources in their account. What can the client do to achieve this? A. Set up Amazon CloudWatch monitors on services they own B. Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket C. Use Amazon CloudWatch Events to parse logs D. Use AWS OpsWorks to manage their resources

B. Enable AWS CloudTrail logs to be delivered to an Amazon S3 bucket

An application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network. How should this requirement be met? A. Configure a network ACL on DynamoDB to limit traffic to the private subnet B. Enable DynamoDB encryption at rest using an AWS KMS key C. Add a NAT gateway and configure the route table on the private subnet D. Create a VPC endpoint for DynamoDB and configure the endpoint policy

D. Create a VPC endpoint for DynamoDB and configure the endpoint policy

A three-tier application is being created to host small news articles. The application is expected to serve millions of users. When breaking news occurs, the site must handle very large spikes in traffic without significantly impacting database performance. Which design meets these requirements while minimizing costs? A. Use Auto Scaling groups to increase the number of Amazon EC2 instances delivering the web application B. Use Auto Scaling groups to increase the size of the Amazon RDS instances delivering the database C. Use Amazon DynamoDB strongly consistent reads to adjust for the increase in traffic D. Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database

D. Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database

During a review of business applications, a Solutions Architect identifies a critical application with a relational database that was built by a business user and is running on the user's desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi- tiered solution in AWS. What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business? A. Create an import package of the application code for upload to AWS Lambda, and include a function to create another Lambda function to migrate data into an Amazon RDS database B. Create an image of the user's desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group C. Pre-stage new Amazon EC2 instances running the application code on AWS behind an Application Load Balancer and an Amazon RDS Multi-AZ DB instance D. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk

D. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk

A company has thousands of files stored in an Amazon S3 bucket that has a well-defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days, accessing these files should never take more than a few seconds. Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern? ``` A. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage for the first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. B. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that. C. Use Amazon S3 Standard storage for first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. D. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the first 30 days. After that, move the data to the GLACIER storage class, where is will be deleted automatically. ```

B. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that.

A company creates business-critical 3D images every night. The images are batch-processed every Friday and require an uninterrupted 48 hours to complete. What is the MOST cost-effective Amazon EC2 pricing model for this scenario? A. On-Demand Instances B. Scheduled Reserved Instances C. Reserved Instances D. Spot Instances

B. Scheduled Reserved Instances

An application generates audit logs of operational activities. Compliance requirements mandate that the application retain the logs for 5 years. How can these requirements be met? A. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete (MFA Delete) on the bucket. B. Save the logs in an Amazon EFS volume and use Network File System version 4 (NFSv4) locking with the volume. C. Save the logs in an Amazon Glacier vault and use the Vault Lock feature. D. Save the logs in an Amazon EBS volume and take monthly snapshots.

C. Save the logs in an Amazon Glacier vault and use the Vault Lock feature.

A Solutions Architect is creating an application running in an Amazon VPC that needs to access AWS Systems Manager Parameter Store. Network security rules prohibit any route table entry with a 0.0.0.0/0 destination. What infrastructure addition will allow access to the AWS service while meeting the requirements? A. VPC peering B. NAT instance C. NAT gateway D. AWS PrivateLink

D. AWS PrivateLink

A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted. How should the thumbnail images be stored to ensure the LOWEST cost? A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication B. Amazon S3 C. Amazon Glacier D. Amazon S3 with cross-region replication

B. Amazon S3

A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest. Which options can achieve this? (Select TWO.) A. Use S3 server-side encryption with an Amazon EC2 key pair. B. Use S3 server-side encryption with customer-provided keys (SSE-C). C. Use S3 bucket policies to restrict access to the data at rest. D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys. E. Use SSL to encrypt the data while in transit to Amazon S3.

B. Use S3 server-side encryption with customer-provided keys (SSE-C). D. Use client-side encryption before ingesting the data to Amazon S3 using encryption keys.

A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort. What will allow the EC2 instances to access the endpoint while meeting these requirements? A. NAT gateway B. Elastic IP address C. AWS Direct Connect D. Virtual private gateway

A. NAT gateway

An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behind an Application Load Balancer. The load balancer is in public subnets; the EC2 instances are in private subnets and must not be accessible from the internet. The EC2 instances must call external services on the internet. If one AZ becomes unavailable, the remaining EC2 instances must still be able to call the external services. How should these requirements be met? A. Create a NAT gateway attached to the VPC. Add a route to the gateway to each private subnet route table B. Configure an internet gateway. Add a route to the gateway to each private subnet route table. C. Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance. D. Create a NAT gateway in each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway.

D. Create a NAT gateway in each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway.

A company plans to use Amazon GuardDuty to detect unexpected and potentially malicious activity. The company wants to use Amazon CloudWatch to ensure that when findings occur, remediation takes place automatically. Which CloudWatch feature should be used to trigger an AWS Lambda function to perform the remediation? A. Events B. Dashboards C. Metrics D. Alarms

A. Events

A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora MySQL databases is securely managed with short-lived connection credentials. How can the Solutions Architect meet these requirements? A. Create a database user to run the GRANT statement with a short-lived token. B. Create the user account to use the AWS-provided AWSAuthenticationPlugin with IAM. C. Use AWS Systems Manager to securely save the connection secrets, and use the secrets while connecting. D. Use AWS KMS to securely save the connection secrets, and use the secrets while connecting.

B. Create the user account to use the AWS-provided AWSAuthenticationPlugin with IAM.

A customer has a legacy application with a large amount of data. The files accessed by the application are approximately 10 GB each, but are rarely accessed. However, when files are accessed, they are retrieved sequentially. The customer is migrating the application to AWS and would like to use Amazon EC2 and Amazon EBS. What is the Least expensive EBS volume type for this use case? A. Cold HDD (sc1) B. Provisioned IOPS SSD (io1) C. General Purpose SSD (gp2) D. Throughput Optimized HDD (st1)

A. Cold HDD (sc1)

A Solutions Architect is creating a multi-tiered architecture for an application that includes a public-facing web tier. Security requirements state that the Amazon EC2 instances running in the application tier must not be accessible directly from the internet. What should be done to accomplish this? A. Create a multi-VPC peering mesh with network access rules limiting communications to specific ports. Implement an internet gateway on each VPC for external connectivity. B. Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication conduit. Configure a NAT gateway for external communications. C. Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC peer connection to the instances hosted in the private VPC. D. Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet. Install an internet gateway and use security groups to control communications between the layers.

D. Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet. Install an internet gateway and use security groups to control communications between the layers.

Deck 5 Flashcards

(66 cards)