A company runs a dynamic website that is hosted on an on-premises server in the United States. The company is expanding to Europe and is investigating how they can optimize the performance of the website for European users. The website’s backed must remain in the United States. The company requires a solution that can be implemented within a few days.
What should a Solutions Architect recommend?
Use Amazon CloudFront with a custom origin pointing to the on-premises servers.
https://digitalcloud.training/amazon-cloudfront/
A solutions architect is designing an application on AWS. The compute layer will run in parallel across EC2 instances. The compute layer should scale based on the number of jobs to be processed. The compute layer is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.
Which design should the solutions architect use?
Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue
A company runs a web application that serves weather updates. The application runs on a fleet of Amazon EC2 instances in a Multi-AZ Auto scaling group behind an Application Load Balancer (ALB). The instances store data in an Amazon Aurora database. A solutions architect needs to make the application more resilient to sporadic increases in request rates.
Which architecture should the solutions architect implement? (Select TWO.)
- Add Amazon CloudFront distribution in front of ALB
- Add Amazon Aurora Replicas
A company is deploying a fleet of Amazon EC2 instances running Linux across multiple Availability Zones within an AWS Region. The application requires a data storage solution that can be accessed by all of the EC2 instances simultaneously. The solution must be highly scalable and easy to implement. The storage must be mounted using the NFS protocol.
Which solution meets these requirements?
Create an Amazon EFS file system with mount targets in each Availability Zone. Configure the application instances to mount the file system.
A solutions architect is creating a document submission application for a school. The application will use an Amazon S3 bucket for storage. The solution must prevent accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to upload and modify the documents.
Which combination of actions should be taken to meet these requirements? (Select TWO.)
- Enable MFA Delete on the bucket
- Enable versioning on bucket
A company is working with a strategic partner that has an application that must be able to send messages to one of the company’s Amazon SQS queues. The partner company has its own AWS account.
How can a Solutions Architect provide least privilege access to the partner?
Update the permission policy on the SQS queue to grant the sqs:SendMessage permission to the partner’s AWS account.
A Solutions Architect has deployed an application on several Amazon EC2 instances across three private subnets. The application must be made accessible to internet-based clients with the least amount of administrative effort.
How can the Solutions Architect make the application available on the internet?
Create an Application Load Balancer and associate three public subnets from the same Availability Zones as the private instances. Add the private instances to the ALB.
To make the application instances accessible on the internet the Solutions Architect needs to place them behind an internet-facing Elastic Load Balancer. The way you add instances in private subnets to a public facing ELB is to add public subnets in the same AZs as the private subnets to the ELB. You can then add the instances and to the ELB and they will become targets for load balancing.
A web application runs in public and private subnets. The application architecture consists of a web tier and database tier running on Amazon EC2 instances. Both tiers run in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)
- Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment
- Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs
A company needs to connect its on-premises data center network to a new virtual private cloud (VPC). There is a symmetrical internet connection of 100 Mbps in the data center network. The data transfer rate for an on-premises application is multiple gigabytes per day. Processing will be done using an Amazon Kinesis Data Firehose stream.
What should a solutions architect recommend for maximum performance?
Kinesis Data Firehose can be connected to the VPC using AWS PrivateLink. Install a 1 Gbps AWS Direct Connect connection between the on-premises network and AWS. To send data from on-premises to Kinesis Data Firehose, use the PrivateLink endpoint.
An Amazon RDS Read Replica is being deployed in a separate region. The master database is not encrypted but all data in the new region must be encrypted. How can this be achieved?
Encrypt a snapshot from the master DB instance, create a new encrypted master DB instance, and then create an encrypted cross-region Read Replica
There are two applications in a company: a sender application that sends messages containing payloads, and a processing application that receives messages containing payloads. The company wants to implement an AWS service to handle messages between these two different applications. The sender application sends on average 1,000 messages each hour and the messages depending on the type sometimes take up to 2 days to be processed. If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.
Which solution meets these requirements and is the MOST operationally efficient?
Provide an Amazon Simple Queue Service (Amazon SQS) queue for the sender and processor applications. Set up a dead-letter queue to collect failed messages.
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work.
A company is migrating from an on-premises infrastructure to the AWS Cloud. One of the company’s applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.
Which service should the solutions architect use?
Amazon FSx
Amazon FSx for Windows File Server provides fully managed, highly reliable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol.
Amazon FSx is built on Windows Server and provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists (ACLs).
Additionally, Amazon FSX for Windows File Server supports Distributed File System Replication (DFSR) in Single-AZ deployments as can be seen in the feature comparison table below.
An AWS Organization has an OU with multiple member accounts in it. The company needs to restrict the ability to launch only specific Amazon EC2 instance types. How can this policy be applied across the accounts with the least effort?
Create an SCP w/ deny rule that denies all but specific instance types
To apply restrictions across multiple member accounts must use Service Control Policy (SCP) in AWS Organization
With IAM you need to apply the policy within each account rather than centrally so this would require much more effort
AWS Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization
The database tier of a web application is running on a Windows server on-premises. The database is a Microsoft SQL Server database. The application owner would like to migrate the database to an Amazon RDS instance.
How can the migration be executed with minimal administrative effort and downtime?
Use the AWS Database Migration Service (DMS) to directly migrate the database to RDS
You can directly migrate Microsoft SQL Server from an on-premises server into Amazon RDS using the Microsoft SQL Server database engine. This can be achieved using the native Microsoft SQL Server tools.
AWS DataSync is used for migrating data, not databases
Company runs large batch processing job at end of every quarter. Processing job runs for 5 hours per day.
Company is investigating ways to reduce cost of batch processing job.
Which pricing model should company choose?
On-Demand Instances
Each EC2 instance runs for 5 hours a day for 5 days per quarter or 20 days per year. This is time duration is insufficient to warrant reserved instances as these require a commitment of a minimum of 1 year and the discounts would not outweigh the costs of having the reservations unused for a large percentage of time. In this case, there are no options presented that can reduce the cost and therefore on-demand instances should be used.
A company hosts an application on Amazon EC2 instances behind Application Load Balancers in several AWS Regions. Distribution rights for the content require that users in different geographies must be served content from specific regions.
Which configuration meets these requirements?
Create Amazon Route 53 records with a geolocation routing policy.
To protect the distribution rights of the content and ensure that users are directed to the appropriate AWS Region based on the location of the user, the geolocation routing policy can be used with Amazon Route 53.
Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from.
When you use geolocation routing, you can localize your content and present some or all of your website in the language of your users. You can also use geolocation routing to restrict distribution of content to only the locations in which you have distribution rights.
- “Create Amazon Route 53 records with a geoproximity routing policy” is incorrect. Use this routing policy when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.
- “Configure Amazon CloudFront with multiple origins and AWS WAF” is incorrect. AWS WAF protects against web exploits but will not assist with directing users to different content (from different origins).
- “Configure Application Load Balancers with multi-Region routing” is incorrect. There is no such thing as multi-Region routing for ALBs.
Solutions Architect has been tasked with re-deploying an application running on AWS to enable high availability. Application processes messages that are received in an ActiveMQ queue running on single Amazon EC2 instance. Messages are then processed by consumer application running on Amazon EC2. After processing messages consumer application writes results to MySQL database running on Amazon EC2.
Which architecture offers highest availability & low operational complexity?
Deploy Amazon MQ w/ active/standby brokers configured across two Availability Zones. Create an Auto Scaling group for consumer EC2 instances across two Availability Zones. Use Amazon RDS MySQL database w/ Multi-AZ enabled.
The correct answer offers the highest availability as it includes Amazon MQ active/standby brokers across two AZs, an Auto Scaling group across two AZ,s and a Multi-AZ Amazon RDS MySQL database deployment.
This architecture not only offers the highest availability it is also operationally simple as it maximizes the usage of managed services.
An application running on Amazon ECS container instance using EC2 launch type needs permissions to write data to Amazon DynamoDB.
How can you assign these permissions only to the specific ECS task that is running the application?
Create an IAM policy with permissions to DynamoDB and assign It to a task using the taskRoleArn parameter
To specify permissions for a specific task on Amazon ECS you should use IAM Roles for Tasks. The permissions policy can be applied to tasks when creating the task definition, or by using an IAM task role override using the AWS CLI or SDKs. The taskRoleArn parameter is used to specify the policy.
Though you will need a security group to allow outbound connections to DynamoDB, the question is asking how to assign permissions to write data to DynamoDB and a security group cannot provide those permissions.
The AmazonECSTaskExecutionRolePolicy policy is the Task Execution IAM Role. This is used by the container agent to be able to pull container images, write log file etc.
-
Basic Terms36
-
EBS HD Types7
-
AWS Well Architected Framework1
-
AWS Services215
-
Storage Services3
-
Disaster Recovery Strategies5
-
Additional Info3
-
Important Info34
-
Policy Types6
-
Architecture Patterns131
-
EC2 Instance Families & Types7
-
IP Addresses & Interfaces6
-
EC2 Placement Groups3
-
NAT Instance vs NAT Gateway2
-
Amazon EC2 Pricing Options23
-
Amazon EC2 Scaling41
-
Elastic Load Balancing3
-
AWS Organizations & Control Tower18
-
Amazon Virtual Private Cloud (VPC)55
-
Amazon Simple Storage Service (S3)39
-
DNS, Caching, & Performance Optimization47
-
Block & File Storage52
-
Docker Containers & ECS52
-
Serverless Applications43
-
Database & Analytics95
-
Deployment & Management42
-
Monitoring, Logging, & Auditing22
-
Security in Cloud60
-
Migration & Transfer31
-
Web, Mobile, ML & Cost Management27
-
Practice Test 118
