Amazon Web Services Certforall Saa-C03 Vce Download 2022-Dec-27 by Martin 138q Vce
QUESTION 1
A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.
What should the company do to guarantee the EC2 capacity?
A. Purchase Reserved instances that specify the Region needed
B. Create an On Demand Capacity Reservation that specifies the Region needed
C. Purchase Reserved instances that specify the Region and three Availability Zones needed
D. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed
Answer: D
Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html: "When you create a Capacity Reservation, you specify:
The Availability Zone in which to reserve the capacity"
-------------------------------------------------------------------------------------------------------------------
QUESTION 2
A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using
user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.
What should a solutions architect do to accomplish this goal?
A. Use AWS Secrets Manage
B. Turn on automatic rotation.
C. Use AWS Systems Manager Parameter Stor
D. Turn on automatic rotation.
E. Create an Amazon S3 bucket lo store objects that are encrypted with an AWS Key
F. Management Service (AWS KMS) encryption ke
G. Migrate the credential file to the S3 bucke
H. Point the application to the S3 bucket.
I. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume (or each EC2 instanc
J. Attach the new EBS volume to each EC2 instanc
K. Migrate the credential file to the new EBS volum
L. Point the application to the new EBS volume.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 3
A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon
CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL.
What should a solutions architect do to meet these requirements?
A. Write individual policies for each S3 bucket to grant read permission for only CloudFront access.
B. Create an IAM use
C. Grant the user read permission to objects in the S3 bucke
D. Assign the user to CloudFront.
E. Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN).
F. Create an origin access identity (OAI). Assign the OAI to the CloudFront distributio
G. Configure the S3 bucket permissions so that only the OAI has read permission.
Answer: D
Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-access-to-amazon-s3/
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 4
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and
metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store
the metadata.
The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly
depending on the time of day and day of week. The company must ensure that the application can scale to meet the needs of the growing user base.
Which solution meats these requirements?
A. Use AWS Lambda to process the photo
B. Store the photos and metadata in DynamoDB.
C. Use Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata.
D. Use AWS Lambda to process the photo
E. Store the photos in Amazon S3. Retain DynamoDB to store the metadata.
F. Increase the number of EC2 instances to thre
G. Use Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volumes to store the photos and metadata.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 5
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to
access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?
A. Create a gateway VPC endpoint to the S3 bucket.
B. Stream the logs to Amazon CloudWatch Log
C. Export the logs to the S3 bucket.
D. Create an instance profile on Amazon EC2 to allow S3 access.
E. Create an Amazon API Gateway API with a private link to access the S3 endpoint.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 6
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours The company wants to use these
data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture The data points must
be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data?
A. Use Amazon Athena with Amazon S3
B. Use Amazon API Gateway with AWS Lambda
C. Use Amazon QuickSight with Amazon Redshift.
D. Use Amazon API Gateway with Amazon Kinesis Data Analytics
Answer: D
Explanation:
https://aws.amazon.com/solutions/implementations/aws-streaming-data-solution-for-amazon-kinesis/
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 7
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains more than 10
million rows The database has 2 TB of General Purpose SSD storage There are millions of updates against this data every day through the company's website
The company has noticed that some insert operations are taking 10 seconds or longer The company has determined that the database storage performance is the
problem
Which solution addresses this performance issue?
A. Change the storage type to Provisioned IOPS SSD
B. Change the DB instance to a memory optimized instance class
C. Change the DB instance to a burstable performance instance class
D. Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.
Answer: A
Explanation:
https://aws.amazon.com/ebs/features/
"Provisioned IOPS volumes are backed by solid-state drives (SSDs) and are the highest performance EBS volumes designed for your critical, I/O intensive
database applications. These volumes are ideal for both IOPS-intensive and throughput-intensive workloads that require extremely low latency."
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 8
A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the apnortheast-3 Region. Company administrators are not permitted to connect VPCs to the internet.
Which solutions will meet these requirements? (Choose two.)
A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
B. Use rules in AWS WAF to prevent internet acces
C. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
D. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet acces
E. Deny access to all AWS Regions except ap-northeast-3.
F. Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS
Region other than ap-northeast-3.
G. Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of apnortheast-3.
Answer: AC
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 9
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator
updates the website content infrequently and uses an SFTP client to upload new documents.
The company decides to host its website on AWS and to use Amazon CloudFront. The company's solutions architect creates a CloudFront distribution. The
solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the CloudFront origin.
Which solution will meet these requirements?
A. Create a virtual server by using Amazon Lightsai
B. Configure the web server in the Lightsail instance.Upload website content by using an SFTP client.
C. Create an AWS Auto Scaling group for Amazon EC2 instance
D. Use an Application Load Balancer.Upload website content by using an SFTP client.
E. Create a private Amazon S3 bucke
F. Use an S3 bucket policy to allow access from a CloudFront origin access identity (OAI). Upload website content by using theAWSCLI.
G. Create a public Amazon S3 bucke
H. Configure AWS Transfer for SFT
I. Configure the S3 bucket for website hostin
J. Upload website content by using the SFTP client.
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 10
A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2
instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses.
Downtime is not acceptable for the website.
Which actions should the solutions architect take to protect the website from such an attack? (Select TWO.)
A. Use AWS Shield Advanced to stop the DDoS attack.
B. Configure Amazon GuardDuty to automatically block the attackers.
C. Configure the website to use Amazon CloudFront for both static and dynamic content.
D. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
E. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization
Answer: AC
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 11
A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The
company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 Createlmage API operation is called within the
company's account.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a Createlmage API call is detected.
B. Configure AWS CloudTrail with an Amazon Simple Notification Service {Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use
Amazon Athena to create a new table and to query on Createlmage when an API call is detected.
C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the Createlmage API call.Configure the target as an Amazon Simple Notification Service
(Amazon SNS) topic to send an alert when a Createlmage API call is detected.
D. Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail log
E. Create an AWS Lambda function to send an alert to an Amazon Simple NotificationService (Amazon SNS) topic when a Createlmage API call is detected.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 12
A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand
Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application
Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make
changes to code if needed.
What should the solutions architect do to ensure that the architecture supports distributed session data management?
A. Use Amazon ElastiCache to manage and store session data.
B. Use session affinity (sticky sessions) of the ALB to manage session data.
C. Use Session Manager from AWS Systems Manager to manage the session.
D. Use the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session
Answer: A
Explanation:
https://aws.amazon.com/vi/caching/session-management/
In order to address scalability and to provide a shared data storage for sessions that can be accessible from any individual web server, you can abstract the HTTP
sessions from the web servers themselves. A common solution to for this is to leverage an In-Memory Key/Value store such as Redis and Memcached.
ElastiCache offerings for In-Memory key/value stores include ElastiCache for Redis, which can support replication, and ElastiCache for Memcached which does
not support replication.
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 13
A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly.
The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and
minimum development effort.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scalin
B. Use an Application Load Balancer to distribute the incoming requests.
C. Use two Amazon EC2 instances to host the containerized web applicatio
D. Use an Application Load Balancer to distribute the incoming requests
E. Use AWS Lambda with a new code that uses one of the supported language
F. Create multiple Lambda functions to support the loa
G. Use Amazon API Gateway as an entry point to the Lambda functions.
H. Use a high performance computing (HPC) solution such as AWS ParallelClusterto establish an HPC cluster that can process the incoming requests at the
appropriate scale.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 14
A company is implementing a shared storage solution for a media application that is hosted m the AWS Cloud The company needs the ability to use SMB clients to
access data The solution must he fully managed.
Which AWS solution meets these requirements?
A. Create an AWS Storage Gateway volume gatewa
B. Create a file share that uses the required client protocol Connect the application server to the tile share.
C. Create an AWS Storage Gateway tape gateway Configure (apes to use Amazon S3 Connect the application server lo the tape gateway
D. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instanc
E. Connect the application server to the file share.
F. Create an Amazon FSx for Windows File Server tile system Attach the fie system to the origin server.Connect the application server to the tile system
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 15
The management account has an Amazon S3 bucket that contains project reports. The company
wants to limit access to this S3 bucket to only users of accounts within the organization in AWS
Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?
A. Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3bucket policy.
B. Create an organizational unit (OU) for each departmen
C. Add the aws:PrincipalOrgPaths globalcondition key to the S3 bucket policy.
D. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization,LeaveOrganization, and RemoveAccountFromOrganization event
E. Update the S3 bucket policyaccordingly.
F. Tag each user that needs access to the S3 bucke
G. Add the aws:PrincipalTag global condition key tothe S3 bucket policy.
Answer: A
Explanation:
https://aws.amazon.com/blogs/security/control-access-to-aws-resources-by-using-the-awsorganizationof-iam-principals/
The aws:PrincipalOrgID global key provides an alternative to listing all the account IDs for all AWS
accounts in an organization. For example, the following Amazon S3 bucket policy allows members of
any account in the XXX organization to add an object into the examtopics bucket.
{"Version": "2020-09-10",
"Statement": {
"Sid": "AllowPutObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::examtopics/*",
"Condition": {"StringEquals":
{"aws:PrincipalOrgID":["XXX"]}}}}
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 16
A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the
information in an Amazon Aurora PostgreSQL database.
During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to
load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.
Which solution will meet these requirements?
A. Refactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances.Connect the database by using native Java Database
Connectivity (JDBC) drivers.
B. Change the platform from Aurora to Amazon DynamoD
C. Provision a DynamoDB Accelerator (DAX) cluste
D. Use the DAX client SDK to point the existing DynamoDB API calls at the DAX cluster.
E. Set up two Lambda function
F. Configure one function to receive the informatio
G. Configure the other function to load the information into the databas
H. Integrate the Lambda functions by using Amazon Simple Notification Service (Amazon SNS).
I. Set up two Lambda function
J. Configure one function to receive the informatio
K. Configure the other function to load the information into the databas
L. Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon SQS) queue.
Answer: D
Explanation:
bottlenecks can be avoided with queues (SQS).
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 17
A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.
What should a solutions architect do to accomplish this goal?
A. Turn on AWS Config with the appropriate rules.
B. Turn on AWS Trusted Advisor with the appropriate checks.
C. Turn on Amazon Inspector with the appropriate assessment template.
D. Turn on Amazon S3 server access loggin
E. Configure Amazon EventBridge (Amazon Cloud Watch Events).
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 17
A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances. and Amazon Redshift clusters are
configured with tags. The company wants to minimize the effort of configuring and operating this check.
What should a solutions architect do to accomplish this?
A. Use AWS Config rules to define and detect resources that are not properly tagged.
B. Use Cost Explorer to display resources that are not properly tagge
C. Tag those resources manually.
D. Write API calls to check all resources for proper tag allocatio
E. Periodically run the code on an EC2 instance.
F. Write API calls to check all resources for proper tag allocatio
G. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 18
A company is hosting a static website on Amazon S3 and is using Amazon Route 53 for DNS. The website is experiencing increased demand from around the
world. The company must decrease latency for users who access the website.
Which solution meets these requirements MOST cost-effectively?
A. Replicate the S3 bucket that contains the website to all AWS Region
B. Add Route 53 geolocation routing entries.
C. Provision accelerators in AWS Global Accelerato
D. Associate the supplied IP addresses with the S3 bucke
E. Edit the Route 53 entries to point to the IP addresses of the accelerators.
F. Add an Amazon CloudFront distribution in front of the S3 bucke
G. Edit the Route 53 entries to point to the CloudFront distribution.
H. Enable S3 Transfer Acceleration on the bucke
I. Edit the Route 53 entries to point to the new endpoint.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 19
A company has thousands of edge devices that collectively generate 1 TB of status alerts each day.
Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.
The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure.
Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.
What is the MOST operationally efficient solution that meets these requirements?
A. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3
bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
B. Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts Create a script on the EC2
instances that will store tne alerts m an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days
C. Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon
Elasticsearch Service (Amazon ES) duster Set up the Amazon ES cluster to take manual snapshots every day and delete data from the duster that is older than 14
days
D. Create an Amazon Simple Queue Service (Amazon SQS i standard queue to ingest the alerts and set the message retention period to 14 days Configure
consumers to poll the SQS queue check the age of the message and analyze the message data as needed If the message is 14 days old the consumer should
copy the message to an Amazon S3 bucket and delete the message from the SQS queue
Answer: A
Explanation:
https://aws.amazon.com/kinesis/datafirehose/features/?nc=sn&loc=2#:~:text=into%20Amazon%20S3%2C%20Amazon%20Redshift%2C%20Amazon%20OpenSe
arch%20Service%2C%20Kinesis,Delivery%20streams
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 20
A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and
there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to
Amazon S3 and with minimal impact on internet connectivity for internal users.
Which solution meets these requirements?
A. Establish AWS VPN connections and proxy all traffic through a VPC gateway endpoint
B. Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.
C. Order daily AWS Snowball devices Load the data onto the Snowball devices and return the devices to AWS each day.
D. Submit a support ticket through the AWS Management Console Request the removal of S3 service limits from the account.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 21
A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload
transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in
size.
Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been
included. The company wants administrators to be alerted if PII is shared again.
The company also wants to automate remediation.
What should a solutions architect do to meet these requirements with the LEAST development effort?
A. Use an Amazon S3 bucket as a secure transfer poin
B. Use Amazon Inspector to scan me objects in the bucke
C. If objects contain Pl
D. trigger an S3 Lifecycle policy to remove the objects that contain Pll.
E. Use an Amazon S3 bucket as a secure transfer poin
F. Use Amazon Macie to scan the objects in the bucke
G. If objects contain Pl
H. Use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects mat contain Pll.
I. Implement custom scanning algorithms in an AWS Lambda functio
J. Trigger the function when objects are loaded into the bucke
K. It objects contain Rl
L. use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain Pll.
M. Implement custom scanning algorithms in an AWS Lambda functio
N. Trigger the function when objects are loaded into the bucke
O. If objects contain Pl
P. use Amazon Simple Email Service (Amazon STS) to trigger a notification to the administrators and trigger on S3 Lifecycle policy to remove the objects mot
contain PII.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 22
A company's website uses an Amazon EC2 instance store for its catalog of items. The company wants to make sure that the catalog is highly available and that
the catalog is stored in a durable location.
What should a solutions architect do to meet these requirements?
A. Move the catalog to Amazon ElastiCache for Redis.
B. Deploy a larger EC2 instance with a larger instance store.
C. Move the catalog from the instance store to Amazon S3 Glacier Deep Archive.
D. Move the catalog to an Amazon Elastic File System (Amazon EFS) file system.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 23
A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics,
organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. Configure the application to send the data to Amazon Kinesis Data Firehose.
B. Use Amazon Simple Email Service (Amazon SES) to format the data and to send the report by email.
C. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Glue job to query the application's API for the data.
D. Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Lambda function to query the application's API for the
data.
E. Store the application data in Amazon S3. Create an Amazon Simple Notification Service (Amazon SNS) topic as an S3 event destination to send the report by
Answer: DE
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 25
A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of
terabytes The application data must be stored in a standard file system structure
The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.
Which solution will meet these requirements?
A. Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage
B. Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage
C. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
D. Use Amazon Elastic File System (Amazon EFS) for storage.
E. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
F. Use Amazon Elastic Block Store (Amazon EBS) for storage.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 26
A company needs to keep user transaction data in an Amazon DynamoDB table. The company must retain the data for 7 years.
What is the MOST operationally efficient solution that meets these requirements?
A. Use DynamoDB point-in-time recovery to back up the table continuously.
B. Use AWS Backup to create backup schedules and retention policies for the table.
C. Create an on-demand backup of the table by using the DynamoDB consol
D. Store the backup in an Amazon S3 bucke
E. Set an S3 Lifecycle configuration for the S3 bucket.
F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda functio
G. Configure the Lambda function to back up the table and to store the backup in an Amazon S3 bucke
H. Set an S3 Lifecycle configuration for the S3 bucket.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 27
A company has more than 5 TB of file data on Windows file servers that run on premises Users and applications interact with the data each day
The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file
storage with minimum latency The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access
patterns. The company uses an AWS Site-to-Site VPN connection for connectivity to AWS
What should a solutions architect do to meet these requirements?
A. Deploy and configure Amazon FSx for Windows File Server on AW
B. Move the on-premises file data to FSx for Windows File Serve
C. Reconfigure the workloads to use FSx for Windows File Server on AWS.
D. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to the S3 File Gateway Reconfigure the on-premises workloads
and the cloud workloads to use the S3 File Gateway
E. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to Amazon S3 Reconfigure the workloads to use either Amazon
S3 directly or the S3 File Gateway, depending on each workload's location
F. Deploy and configure Amazon FSx for Windows File Server on AWS Deploy and configure an Amazon FSx File Gateway on premises Move the on-premises
file data to the FSx File Gateway Configure the cloud workloads to use FSx for Windows File Server on AWS Configure the on-premises workloads to use the FSx
File Gateway
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 28
A company is running a high performance computing (HPC) workload on AWS across many Linux based Amazon EC2 instances. The company needs a shared
storage system that is capable of sub-millisecond latencies, hundreds of Gbps of throughput and millions of IOPS. Users will store millions of small files.
Which solution meets these requirements?
A. Create an Amazon Elastic File System (Amazon EFS) file system Mount me file system on each of the EC2 instances
B. Create an Amazon S3 bucket Mount the S3 bucket on each of the EC2 instances
C. Ensure that the EC2 instances ate Amazon Elastic Block Store (Amazon EBS) optimized Mount Provisioned lOPS SSD (io2) EBS volumes with Multi-Attach on
each instance
D. Create an Amazon FSx for Lustre file syste
E. Mount the file system on each of the EC2 instances
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 29
A rapidly growing ecommerce company is running its workloads in a single AWS Region. A solutions architect must create a disaster recovery (DR) strategy that
includes a different AWS Region. The company wants its database to be up to date in the DR Region with the least possible latency. The remaining infrastructure
in the DR Region needs to run at reduced capacity and must be able to scale up if necessary.
Which solution will meet these requirements with the LOWEST recovery time objective (RTO)?
A. Use an Amazon Aurora global database with a pilot light deployment.
B. Use an Amazon Aurora global database with a warm standby deployment.
C. Use an Amazon RDS Multi-AZ DB instance with a pilot light deployment.
D. Use an Amazon RDS Multi-AZ DB instance with a warm standby deployment.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 30
A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance
receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon.
The company needs a highly scalable solution that minimizes operational overhead.
Which combination of steps should a solutions architect take to meet these requirements9 (Select TWO.)
A. Use AWS Glue to process the raw data in Amazon S3.
B. Use Amazon Route 53 to route traffic to different EC2 instances.
C. Add more EC2 instances to accommodate the increasing amount of incoming data.
D. Send the raw data to Amazon Simple Queue Service (Amazon SOS). Use EC2 instances to process the data.
E. Use Amazon API Gateway to send the raw data to an Amazon Kinesis data strea
F. Configure Amazon Kinesis Data Firehose to use the data stream as a source to deliver the data to Amazon S3.
Answer: BE
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 31
A company is expecting rapid growth in the near future. A solutions architect needs to configure existing users and grant permissions to new users on AWS The
solutions architect has decided to create IAM groups The solutions architect will add the new users to IAM groups based on department
Which additional action is the MOST secure way to grant permissions to the new users?
A. Apply service control policies (SCPs) to manage access permissions
B. Create IAM roles that have least privilege permission Attach the roles lo the IAM groups
C. Create an IAM policy that grants least privilege permission Attach the policy to the IAM groups
D. Create IAM roles Associate the roles with a permissions boundary that defines the maximum permissions
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 32
A company hosts a serverless application on AWS. The application uses Amazon API Gateway. AWS Lambda, and an Amazon RDS for PostgreSQL database.
The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The
company needs a solution that reduces the application failures with the least amount of change to the code.
What should a solutions architect do to meet these requirements?
A. Reduce the Lambda concurrency rate.
B. Enable RDS Proxy on the RDS DB instance.
C. Resize the ROS DB instance class to accept more connections.
D. Migrate the database to Amazon DynamoDB with on-demand scaling
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 33
A company wants to use the AWS Cloud to make an existing application highly available and resilient. The current version of the application resides in the
company's data center. The application recently experienced data loss after a database server crashed because of an unexpected power outage.
The company needs a solution that avoids any single points of failure. The solution must give the application the ability to scale to meet user demand.
Which solution will meet these requirements?
A. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zone
B. Use an Amazon RDS DB instance in a Multi-AZ configuration.
C. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group in a single Availability Zon
D. Deploy the database on an EC2 instanc
E. Enable EC2 Auto Recovery.
F. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zone
G. Use an Amazon RDS DB instance with a read replica in a single Availability Zon
H. Promote the read replica to replace the primary DB instance if the primary DB instance fails.
I. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones Deploy the primary and secondary
database servers on EC2 instances across multiple Availability Zones Use Amazon Elastic Block Store (Amazon EBS) Multi-Attach to create shared storage
between the instances.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 34
A public-facing web application queries a database hosted on a Amazon EC2 instance in a private subnet. A large number of queries involve multiple table joins,
and the application performance has been degrading due to an increase in complex queries. The application team will be performing updates to improve
performance.
What should a solutions architect recommend to the application team? (Select TWO.)
A. Cache query data in Amazon SQS
B. Create a read replica to offload queries
C. Migrate the database to Amazon Athena
D. Implement Amazon DynamoDB Accelerator to cache data.
E. Migrate the database to Amazon RDS
Answer: BE
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 35
A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an
Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of
static files and dynamic server-side code.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)
A. Store the static files on Amazon S3. Use Amazon
B. CloudFront to cache objects at the edge.
C. Store the static files on Amazon S3. Use Amazon ElastiCache to cache objects at the edge.
D. Store the server-side code on Amazon Elastic File System (Amazon EFS). Mount the EFS volume on each EC2 instance to share the files.
E. Store the server-side code on Amazon FSx for Windows File Serve
F. Mount the FSx for Windows File Server volume on each EC2 instance to share the files.
G. Store the server-side code on a General Purpose SSD (gp2) Amazon Elastic Block Store (Amazon EBS) volum
H. Mount the EBS volume on each EC2 instance to share the files.
Answer: AE
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 36
A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon ROS for MySQL DB
instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behaviour in its AWS environment the
company already has added AWS WAF to its architecture.
What should a solutions architect do next lo protect against threats?
A. Use Amazon GuardDuty to perform threat detectio
B. Configure Amazon EventBridge (Amazon CloudWatch Events) to filler for GuardDuty findings and to invoke pin AWS Lambda function to adjust the AWS WAF
rules
C. Use AWS Firewall Manager to perform threat detection Configure Amazon EventBridge (Amazon CloudWatch Events) to filter for Firewall Manager findings and
to invoke an AWS Lambda function to adjust the AWS WAF web ACL
D. Use Amazon Inspector to perform three! detection and to update the AWS WAT rules Create a VPC network ACL to limit access to the web application
E. Use Amazon Macie to perform throat detection and to update the AWS WAF rules Create a VPC network ACL to limit access to the web application
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 37
A company has an on-premises MySQL database that handles transactional data The company is migrating the database to the AWS Cloud The migrated
database must maintain compatibility with the company's applications that use the database The migrated database also must scale automatically during periods
of increased demand.
Which migration solution will meet these requirements?
A. Use native MySQL tools to migrate the database to Amazon RDS for MySQL Configure elastic storage scaling
B. Migrate the database to Amazon Redshift by using the mysqldump utility Turn on Auto Scaling for the Amazon Redshift cluster
C. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora Turn on Aurora Auto Scaling.
D. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB Configure an Auto Scaling policy.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 38
A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application
uses HTTPS but needs another layer" of security The sensitive information should be protected throughout the entire application stack end access to the
information should be restricted to certain applications
Which action should the solutions architect take?
A. Configure a CloudFront signed URL
B. Configure a CloudFront signed cookie.
C. Configure a CloudFront field-level encryption profile
D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 39
A company uses Amazon EC2 instances to host its internal systems As pan of a deployment operation, an administrator tries to use the AWS CLI to terminate an
EC2 instance However, the administrator receives a 403 (Access Dented) error message
The administrator is using an IAM role that has the following 1AM policy attached:
What is the cause of the unsuccessful request?
A. The EC2 Instance has a resource-based policy win a Deny statement.B The principal has not been specified in the policy statement
B. The "Action" field does not grant the actions that are required to terminate the EC2 instance
C. The request to terminate the EC2 instance does not originate from the CIDR blocks 192 0 2.0:24 or 203.0.113.0/24.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 40
A company's website handles millions of requests each day and the number of requests continues to increase. A solutions architect needs to improve the response
time of the web application. The solutions architect determines that the application needs to decrease latency when retrieving product details from the Amazon
DynamoDB table
Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Set up a DynamoDB Accelerator (DAX) cluster Route all read requests through DAX.
B. Set up Amazon ElastiCache for Redis between the DynamoDB table and the web application Route all read requests through Redis.
C. Set up Amazon ElastrCachertor Memcached between the DynamoDB table and the web application Route all read requests through Memcached.
D. Set up Amazon DynamoDB streams on the table and have AWS Lambda read from the table andpopulate Amazon ElastiCache Route all read requests through
ElastiCache
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 41
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer The EC2 instances run in an Auto Scaling
group and access an Amazon RDS DB instance
The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone A solutions architect
must update the design to use a second Availability Zone
Which solution will make the application highly available?
A. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across bothAvailability Zones Configure the DB
instance with connections to each network
B. Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones
Configure the DB instance with connections to each network
C. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB
instance for Multi-AZ deployment
D. Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones
Configure the DB instance for Multi-AZ deployment
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 42
A company has five organizational units (OUS) as part of its organization in AWS Organization. Each OU correlate to the five business that the company owns.
The company research and development R&D business is separating from the company and will need its own organization. A solutions architect creates a
separate new management account for this purpose.
A. Have the R&D AWS account be part of both organizations during the transition.
B. Invite the R&D AWS account to be part of the new organization after the R&D AWS account has left the prior organization.
C. Create a new R&D AWS account in the new organizatio
D. Migrate resources from the period R&D AWS account to thee new R&D AWS account
E. Have the R&D AWS account into the now organisatio
F. Make the now management account a member of the prior organisation
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 43
A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3
to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company’s AWS account can
have the ability to delete the objects. What should a solutions architect do to meet these requirements?
A. Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects
B. Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket's default
retention mode for new objects
C. Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup
versions that the company has
D. Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the 1AM
policies of users who need to delete the objects
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 44
A company has a web-based map application that provides status information about ongoing repairs. The application sometimes has millions of users. Repair
teams have a mobile app that sends current location and status in a JSON message to a REST-based endpoint.
Few repairs occur on most days. The company wants the application to be highly available and to scale when large numbers of repairs occur after nature
disasters. Customer use the application most often during these times. The company does not want to pay for idle capacity.
A. Create a webpage that is based on Amazon S3 to display informatio
B. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data m Amazon S3.
C. Use Amazon EC2 instances as wad servers across multiple Availability Zone
D. Run the EC2 instances inan Auto Scaling grou
E. Use Amazon API Gateway and AWS Lambda to receive the JSON status data Store the JSON data In Amazon S3.
F. Use Amazon EC2 instances as web servers across multiple Availability Zone
G. Run the EC2 instances in an Auto Scaling grou
H. Use a REST endpoint on the EC2 instances to receive the JSON status dat
I. Store the JSON data in an Amazon RDS Mufti-AZ DB instance.
J. Use Amazon EC? instances as web servers across multiple Availability zones Run the FC? instances in an Auto Scaling group Use a REST endpoint on the
EC? instances to receive the JSON status data Store the JSON data in an Amazon DynamoDB table.
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 45
A company has a web application that is based ornavaan^PH^Tnecompan^lanstomove the application from on premises to AWS The company needs the ability to
test new site features frequently The company also needs a highly available and managed solution that requires minimum operational overhead.
Which solution will meet these requirements?
A. Create an Amazon S3 bucket Enable static web hosting on the S3 bucket Upload the static content to the S3 bucket Use AWS Lambda to process all dynamic
content
B. Deploy the web application to an AWS Elastic Beanstalk environment Use URL swapping to switch between multiple Elastic Beanstalk environments for feature
testing
C. Deploy the web application to Amazon EC2 instances that are configured with Java and PHP Use Auto Scaling groups and an Application Load Balancer to
manage the website's availability.
D. Containerize the web application Deploy the web application to Amazon EC2 instances Use the AWS Load Balancer Controller to dynamically route traffic
between containers that contain the new site features for testing
Answer: D
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 46
A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine image (AMI)
The instances will run m an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.
Which solution meets these requirements?
A. Use the aws ec2 register-image command to create an AMI from a snapshot Use AWS Step Functions to replace the AMI in the Auto Scaling group
B. Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot Provision an AMI by using the snapshot Replace the AMI m the Auto
Scaling group with the new AMI
C. Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM) Create an AWS Lambda function that modifies the AMI in the
Auto Scaling group
D. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke AWS Backup lifecycle policies that provision AMIs Configure Auto Scaling group capacity
limits as an event source in EventBridge (CloudWatch Events)
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 47
A company runs a high performance computing (HPC) workload on AWS. The workload required low-latency network performance and high network throughput
with tightly coupled node-to-node communication. The Amazon EC2 instances are properly sized for compute and storage capacity, and are launched using
default options.
What should a solutions architect propose to improve the performance of the workload?
A. Choose a cluster placement group while launching Amazon EC2 instances.
B. Choose dedicated instance tenancy while launching Amazon EC2 instances.
C. Choose an Elastic Inference accelerator while launching Amazon EC2 instances.
D. Choose the required capacity reservation while launching Amazon EC2 instances.
Answer: A
Explanation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-placementgroup.html "A cluster placement group is a logical grouping of
instances within a single Availability Zone that benefit from low network latency, high network throughput"
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 48
A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda The hospital uses API Gateway and Lambda to upload reports that are
in PDF format and JPEG format The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports
Which solution will meet these requirements with the LEAST operational overhead?
A. Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.
B. Use Amazon Textract to extract the text from the reports Use Amazon SageMaker to identify the PHI from the extracted text.
C. Use Amazon Textract to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text
D. Use Amazon Rekognition to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 49
A company has an application that loads documents into an Amazon 53 bucket and converts the documents into another format. The application stores the
converted documents m another S3 bucket and saves the document name and URLs in an Amazon DynamoOB table The DynamoOB entries are used during
subsequent days to access the documents The company uses a DynamoOB Accelerator (DAX) cluster in front of the table
Recently, traffic to the application has increased. Document processing tasks are timing out during the scheduled DAX maintenance window. A solutions architect
must ensure that the documents continue to load during the maintenance window
What should the solutions architect do to accomplish this goal?
A. Modify the application to write to the DAX cluster Configure the DAX cluster to write to the DynamoDB table when the maintenance window is complete
B. Enable Amazon DynamoDB Streams for the DynamoDB tabl
C. Modify the application to write to the stream Configure the stream to load the data when the maintenance window is complete.
D. Convert the application to an AWS Lambda function Configure the Lambda function runtime to be longer than the maintenance window Create an Amazon
CloudWatch alarm to monitor Lambda timeouts
E. Modify the application to write the document name and URLs to an Amazon Simple Queue Service (Amazon SOS) queue Create an AWS Lambda function to
read the SOS queue and write to DynamoDB.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 50
A gaming company hosts a browser-based application on AWS The users of the application consume a large number of videos and images that are stored in
Amazon S3. This content is the same for all users
The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users
while reducing the load on the origin
Which solution meets these requirements MOST cost-effectively?
A. Deploy an AWS Global Accelerator accelerator in front of the web servers
B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket
C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers
D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers
Answer: B
Explanation:
CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint.
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 51
An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an
Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts and the
application did not process the orders of those customers A solutions architect determined that the CPU utilization and memory utilization were high on the
database because of a large number of open connections The solutions architect needs to prevent the timeout errors while making the least possible changes to
the application.
Which solution will meet these requirements?
A. Configure provisioned concurrency for the Lambda function Modify the database to be a global database in multiple AWS Regions
B. Use Amazon RDS Proxy to create a proxy for the database Modify the Lambda function to use the RDS Proxy endpoint instead of the database endpoint
C. Create a read replica for the database in a different AWS Region Use query string parameters in API Gateway to route traffic to the read replica
D. Migrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS| Modify the Lambda function to use
the OynamoDB table
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 52
A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's
elasticity and availability
The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full
export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The
development team is unable to use the staging environment until the procedure completes
A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the
development team the ability to continue using the staging environment without delay
Which solution meets these requirements?
A. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for productio
B. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
C. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand
D. Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.
E. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for productio
F. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 53
A company is deploying a web portal. The company wants to ensure that only the web portion of the application is publicly accessible. To accomplish this, the VPC
was designed with two public subnets and two private subnets. The application will run on several Amazon EC2 instances in an Auto Scaling group. SSL
termination must be offloaded from the EC2 instances.
What should a solutions architect do to ensure these requirements are met? Configure a Network Load Balancer in the public subnets. Configure the Auto Scaling
A. group in the private subnets and associate it with an Application Load Balancer Configure a Network Load Balancer in the public subnet
B. Configure the Auto Scaling
C. group in the public subnets and associate it with an Application Load Balancer.
D. Configure an Application Load Balancer in the public subnet
E. Configure the Auto Scaling group in the private subnets and associate it with the Application Load
F. Balancer, Configure an Application Load Balancer in the private subnet
G. Configure the Auto Scaling group in the private subnets and associate it with the Application Load Balancer.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 54
A company hosts an application on AWS. The application uses AWS Lambda functions and stores data in Amazon DynamoDB tables. The Lambda functions are
connected to a VPC that does not have internet access.
The traffic to access DynamoDB must not travel across the internet. The application must have write access to only specific DynamoDB tables.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)
A. Attach a VPC endpoint policy for DynamoDB to allow write access to only the specific DynamoDB tables.
B. Attach a security group to the interface VPC endpoint to allow write access to only the specific DynamoDB tables.
C. Create a resource-based 1AM policy to grant write access to only the specific DynamoDB table
D. Attach the policy to the DynamoDB tables.
E. Create a gateway VPC endpoint for DynamoDB that is associated with the Lambda VP
F. Ensure that the Lambda execution role can access the gateway VPC endpoint.
G. Create an interface VPC endpoint for DynamoDB that is associated with the Lambda VP
H. Ensure that the Lambda execution role can access the interface VPC endpoint.
Answer: AD
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 55
A company has developed a new content-sharing application that runs on Amazon Elastic Container Service (Amazon ECS). The application runs on Amazon
Linux Docker tasks that use the Amazon EC2 launch type. The application requires a storage solution that has the following characteristics:
• Accessibility (or multiple ECS tasks through bind mounts
• Resiliency across Availability Zones
• Burstable throughput of up to 3 Gbps
• Ability to be scaled up over time
Which storage solution meets these requirements?
A. Launch an Amazon FSx for Windows File Server Multi-AZ instanc
B. Configure the ECS task definitions to mount the Amazon FSx instance volume at launch.
C. Launch an Amazon Elastic File System (Amazon EFS) instanc
D. Configure the ECS task definitions to mount the EFS Instance volume at launch.
E. Create a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach set to enable
F. Attach the EBS volume to the ECS EC2 instance Configure ECS task definitions to mount the EBS instance volume at launch.
G. Launch an EC2 instance with several Provisioned IOPS SSD (k>2) Amazon Elastic Block Store (Amazon EBS) volumes attached m a RAID 0 configuratio
H. Configure the EC2 instance as an NFS storage serve
I. Configure ECS task definitions to mount the volumes at launch.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 56
An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The
company has set up S3 event notifications to publish the object creation events to an A company has a service that produces event queue. The SQS queue serves
as the event source for an AWS Lambda function that processes the images and sends the results to users through email.
Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the
Lambda function more than once, resulting in multiple email messages.
What should the solutions architect do to resolve this issue with the LEAST operational overhead?
A. Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.
B. Change the SQS standard queue to an SQS FIFO queu
C. Use the message deduplication ID to discard duplicate messages.
D. Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.
E. Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 57
A company wants to establish connectivity between its on-premlses data center and AWS (or an existing workload. The workload runs on Amazon EC2 Instances
in two VPCs In different AWS Regions. The VPCs need to communicate with each other. The company needs to provide connectivity from Its data center to both
VPCs. The solution must support a bandwidth of 600 Mbps to the data center.
Which solution will meet these requirements?
A. Set up an AWS Site-to-Site VPN connection between the data center and one VP
B. Create a VPC peering connection between the VPCs.
C. Set up an AWS Site-to-Site VPN connection between the data center and each VP
D. Create a VPC peering connection between the VPCs.
E. Set up an AWS Direct Connect connection between the data center and one VP
F. Create a VPC peering connection between the VPCs.
G. Create a transit gatewa
H. Attach both VPCs to the transit gatewa
I. Create an AWS Slte-to-Site VPN tunnel to the transit gateway.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 58
A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company mutt ensure that no API calls and no data aim routed
through public internet routes Only the EC2 instance can have access to upload data to the S3 bucket.
Which solution will meet these requirements?
A. Create an interlace VPC endpoinl for Amazon S3 in the subnet where the EC2 instance is located Attach a resource policy to the S3 bucket to only allow the
EC2 instance's 1AM rote for access
B. Create a gateway VPC endpoinl for Amazon S3 in the Availability Zone where the EC2 instance is located Attach appropriate security groups to the endpoint
Attach a resource policy to the S3 bucket to only allow the EC2 instance's lAM tote for access
C. Run the nslookup toot from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint Create a route in the VPC route
table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's AM role for access
D. Use the AWS provided publicly available ip-ranges |son file to obtam the pnvate IP address of the S3 bucket's service API endpoint Create a route in the VPC
route table to provide the EC2 instance with access to the S3 bucket Attach a resource policy to the S3 bucket to only allow the EC2 instance's 1AM role for
access
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 59
A company wants to build a data lake on AWS from data that is stored in an onpremises Oracle relational database. The data lake must receive ongoing updates
from the on-premises database.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS DataSync to transfer the data to Amazon S3. Use AWS Glue to transform the data and integrate the data into a data lake.
B. Use AWS Snowball to transfer the data to Amazon S3. Use AWS Batch to transform the data and integrate the data into a data lake.
C. Use AWS Database Migration Service (AWS DMS) to transfer the data to Amazon S3 Use AWS Glue to transform the data and integrate the data into a data
lake.
D. Use an Amazon EC2 instance to transfer the data to Amazon S3. Configure the EC2 instance to transform the data and integrate the data into a data lake.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 60
An online photo application lets users upload photos and perform image editing operations The application offers two classes of service free and paid Photos
submitted by paid users are processed before those submitted by free users Photos are uploaded to Amazon S3 and the job information is sent to Amazon SQS.
Which configuration should a solutions architect recommend?
A. Use one SQS FIFO queue Assign a higher priority to the paid photos so they are processed first
B. Use two SQS FIFO queues: one for paid and one for free Set the free queue to use short polling and the paid queue to use long polling
C. Use two SQS standard queues one for paid and one for free Configure Amazon EC2 instances to prioritize polling for the paid queue over the free queue.
D. Use one SQS standard queu
E. Set the visibility timeout of the paid photos to zero Configure Amazon EC2 instances to prioritize visibility settings so paid photos are processed first
Answer: C
Explanation:
https://acloud.guru/forums/guru-of-the-week/discussion/-L7Be8rOao3InQxdQcXj/ https://aws.amazon.com/sqs/features/
Priority: Use separate queues to provide prioritization of work. https://aws.amazon.com/sqs/features/
https://aws.amazon.com/sqs/features/#:~:text=Priority%3A%20Use%20separate%20queues%20to%20provide%
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-short-and-long-polling.
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 61
A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier
uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available
Which combination of configuration options will meet these requirements? (Select TWO.)
A. Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets
B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets
C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets
D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the
public subnet
E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the
public subnets
Answer: AE
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 62
A company has an AWS Glue extract. transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3
bucket.
New data is added to the S3 bucket every day. A solutions architect notices that AWS Glue is processing all
the data during each run.
What should the solutions architect do to prevent AWS Glue from reprocessing old data?
A. Edit the job to use job bookmarks.
B. Edit the job to delete data after the data is processed
C. Edit the job by setting the NumberOfWorkers field to 1.
D. Use a FindMatches machine learning (ML) transform.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 63
A company hosts a website on Amazon EC2 instances behind an Application Load Balancer (ALB) The website serves static content Website traffic is increasing,
and the company is concerned about a potential increase in cost.
What should a solutions architect do to reduce the cost of the website?
A. Create an Amazon CloudFront distribution to cache static files at edge locations.
B. Create an Amazon ElastiCache cluster Connect the ALB to the ElastiCache cluster to serve cached files.
C. Create an AWS WAF web ACL, and associate it with the ALB Add a rule to the web ACL to cache static files.
D. Create a second ALB in an alternative AWS Region Route user traffic to the closest Region to minimize data transfer costs.
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 64
A company has an application that processes customer of tiers. The company hosts the application on an Amazon EC2 instance that saves the orders to an
Amazon Aurora database. Occasionally when traffic Is high, the workload does not process orders fast enough.
What should a solutions architect do to write the orders reliably to the database as quickly as possible?
A. Increase the instance size of the EC2 instance when baffle Is hig
B. Write orders to Amazon Simple Notification Service (Amazon SNS) Subscribe the database endpoint to the SNS topic
C. Write orders to an Amazon Simple Queue Service (Amazon SOS) queue Use EC2 instances in an Auto Scaling group behind an Application Load Balancer to
read born the SQS queue and process orders into the database
D. Write orders to Amazon Simple Notification Service (Amazon SNS). Subscribe the database endpoint to the SNS topi
E. Use EC2 ^stances in an Auto Scaling group behind an Application Load Balancer to read from the SNS topic.
F. Write orders to an Amazon Simple Queue Service (Amazon SQS) queue when the EC2 instance reaches CPU threshold limit
G. Use scheduled scaling of EC2 instances in an Auto Scaling group behind an Application Load Balancer to read from the SQS queue and process orders into
the database
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 65
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains more than 10
million rows The database has 2 TB of General Purpose SSD storage There are millions of updates against this data every day through the company's website
The company has noticed that some insert operations are taking 10 seconds or longer The company has determined that the database storage performance is the
problem
Which solution addresses this performance issue?
A. Change the storage type to Provisioned IOPS SSD
B. Change the DB instance to a memory optimized instance class
C. Change the DB instance to a burstable performance instance class
D. Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication.
Answer: A
Explanation:
https://aws.amazon.com/ebs/features/
"Provisioned IOPS volumes are backed by solid-state drives (SSDs) and are the highest performance EBS volumes designed for your critical, I/O intensive
database applications. These volumes are ideal for both IOPS-intensive and throughput-intensive workloads that require extremely low latency."
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 66
A research company runs experiments that are powered by a simulation application and a visualization application. The simulation application runs on Linux and
outputs intermediate data to an NFS share every 5 minutes. The visualization application is a Windows desktop application that displays the simulation output and requires an SMB file system.
The company maintains two synchronized tile systems. This strategy is causing data duplication and inefficient resource usage. The company needs to migrate the
applications to AWS without making code changes to either application.
Which solution will meet these requirements?
A. Migrate both applications to AWS Lambda Create an Amazon S3 bucket to exchange data between the applications.
B. Migrate both applications to Amazon Elastic Container Service (Amazon ECS). Configure Amazon FSx File Gateway for storage.
C. Migrate the simulation application to Linux Amazon EC2 instance
D. Migrate the visualization application to Windows EC2 instance
E. Configure Amazon Simple Queue Service (Amazon SOS) to exchange data between the applications.
F. Migrate the simulation application to Linux Amazon EC2 instance
G. Migrate the visualization application to Windows EC2 instance
H. Configure Amazon FSx for NetApp ONTAP for storage.
I. B
Answer: E
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 67
A company has an application with a REST-based interface that allows data to be received in near-real time from a third-party vendor Once received the
application processes and stores the data for further analysis. The application is running on Amazon EC2 instances.
The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application When the data volume spikes, the compute
capacity reaches its maximum limit and the application is unable to process all requests.
Which design should a solutions architect recommend to provide a more scalable solution?
A. Use Amazon Kinesis Data Streams to ingest the data Process the data using AWS Lambda function.
B. Use Amazon API Gateway on top of the existing applicatio
C. Create a usage plan with a quota limit for the third-party vendor
D. Use Amazon Simple Notification Service (Amazon SNS) to ingest the data Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer
E. Repackage the application as a container Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an
Auto Scaling group
Answer: A
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 68
A company wants to direct its users to a backup static error page if the company's primary website is unavailable. The primary website's DNS records are hosted in
Amazon Route 53. The domain is pointing to an Application Load Balancer (ALB). The company needs a solution that minimizes changes and infrastructure
overhead.
Which solution will meet these requirements?
A. Update the Route 53 records to use a latency routing polic
B. Add a static error page that is hosted in an Amazon S3 bucket to the records so that the traffic is sent to the most responsive endpoints.
C. Set up a Route 53 active-passive failover configuratio
D. Direct traffic to a static error page that is hosted in an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy.
E. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance that hosts a static error page as endpoint
F. Configure Route 53 to send requests to the instance only if the health checks fail for the ALB.
G. Update the Route 53 records to use a multivalue answer routing polic
H. Create a health chec
I. Direct traffic to the website if the health check passe
J. Direct traffic to a static error page that is hosted in Amazon S3 if the health check does not pass.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 69
A company needs to retain application logs files for a critical application for 10 years. The application team regularly accesses logs from the past month for
troubleshooting, but logs older than 1 month are rarely accessed. The application generates more than 10 TB of logs per month.
Which storage option meets these requirements MOST cost-effectively?
A. Store the Iogs in Amazon S3 Use AWS Backup lo move logs more than 1 month old to S3 Glacier Deep Archive
B. Store the logs in Amazon S3 Use S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive
C. Store the logs in Amazon CloudWatch Logs Use AWS Backup to move logs more then 1 month old to S3 Glacier Deep Archive
D. Store the logs in Amazon CloudWatch Logs Use Amazon S3 Lifecycle policies to move logs more than 1 month old to S3 Glacier Deep Archive
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 70
A company has deployed a server less application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket The
application uses the Lambda function to process the documents After a recent marketing campaign the company noticed that the application did not process many
of The documents
What should a solutions architect do to improve the architecture of this application?
A. Set the Lambda function's runtime timeout value to 15 minutes
B. Configure an S3 bucket replication policy Stage the documents m the S3 bucket for later processing
C. Deploy an additional Lambda function Load balance the processing of the documents across the two Lambda functions
D. Create an Amazon Simple Queue Service (Amazon SOS) queue Send the requests to the queue Configure the queue as an event source for Lambda.
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 71
A company has hired a solutions architect to design a reliable architecture for its application. The application consists of one Amazon RDS DB instance and two
manually provisioned Amazon EC2 instances that run web servers. The EC2 instances are located in a single Availability Zone.
What should the solutions architect do to maximize reliability of the application Infrastructure?
A. Delete one EC2 instance and enable termination protection on the other EC2 instanc
B. Update the DB instance to De multi-AZ, and enable deletion protection.
C. Update the DB instance to be Multi-A
D. and enable deletion protectio
E. Place the EC2 instances behind an Application Load Balancer, and run them in an EC2 Auto Scaling group across multiple Availability Zones
F. Create an additional DB instance along with an Amazon API Gateway and an AWS Lambda function.Configure the application to invoke the Lambda function
through API Gateway Have the Lambda function write the data to the two DB instances.
G. Place the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zone
H. Use Spot Instances instead of On-Demand Instance
I. Set up Amazon CloudWatch alarms to monitor the health of the instance
J. Update the DB instance to be Multi-AZ, and enable deletion protection.
Answer: B
Explanation:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 72
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an
Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is
complete The result is that customer data Is not recorded for some of the event
A solutions architect needs to design a solution that stores customer data that is created during database upgrades
Which solution will meet these requirements?
A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
C. Persist the customer data to Lambda local storag
D. Configure new Lambda functions to scan the local storage to save the customer data to the database.
E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the
customer data in the database
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 73
A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to
capture the text from the audio files. The company must remove from the text any personally identifiable information (Pll) that belongs to customers.
What should a solutions architect do to meet these requirements?
A. Process the audio files by using Amazon Kinesis Video Stream
B. Use an AWS Lambda function to scan for known Pll patterns.
C. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings.
D. Configure an Amazon Transcribe transcription job with Pll redaction turned o
E. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start the transcription jo
F. Store theoutput in a separate S3 bucket.
G. Create an Amazon Connect contact flow that ingests the audio files with transcription turned o
H. Embed an AWS Lambda function to scan for known Pll pattern
I. Use Amazon EventBridge (Amazon CloudWatch Events) to start the contact flow when an audio file is uploaded to the S3 bucket.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 74
A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an
Availability Zone Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the
costs of storing and retrieving the media files.
Which storage option meets these requirements?
A. S3 Standard
B. S3 Intelligent-Tiering
C. S3 Standard-Infrequent Access {S3 Standard-IA)
D. S3 One Zone-Infrequent Access (S3 One Zone-IA)
Answer: B
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 75
A company stores data in an Amazon Aurora PostgreSQL DB cluster. The company must store all the data for 5 years and must delete all the data after 5 years.
The company also must indefinitely keep audit logs of actions that are performed within the database. Currently, the company has automated backups configured
for Aurora.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)
A. Take a manual snapshot of the DB cluster.
B. Create a lifecycle policy for the automated backups.
C. Configure automated backup retention for 5 years.
D. Configure an Amazon CloudWatch Logs export for the DB cluster.
E. Use AWS Backup to take the backups and to keep the backups for 5 years.
Answer: AD
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 76
A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private
subnets for MySQL. The web servers use only HTTPS. The solutions architect has already created a security group for the load balancer allowing port 443 from
0.0.0.0/0.
Company policy requires that each resource has the least access required to still be able to perform its tasks. Which additional configuration strategy should the
solutions architect use to meet these requirements?
A. Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group (or the MySQL servers and allow port 3306 from the web
servers security group.
B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web
servers security group.
C. Create a security group for the web servers and allow port 443 from the load balance
D. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.
E. Create a network ACL for the web servers and allow port 443 from the load balance
F. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 77
A company is creating a new application that will store a large amount of data. The data will be analyzed hourly and will be modified by several Amazon EC2 Linux
instances that are deployed across multiple Availability Zones. The needed amount of storage space will continue to grow for the next 6 Months.
Which storage solution should a solutions architect recommend to meet these requirements?
A. Store the data in Amazon S3 Glacier Update me S3 Glacier vault policy to allow access to the application Instances
B. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume Mount the EBS volume on the application nuances.
C. Store the data in an Amazon Elastic File System (Amazon EFS) tile system Mount the file system on the application instances.
D. Store the data in an Amazon Elastic Block Store (Amazon EBS) Provisioned K)PS volume shared between the application instances.
Answer: C
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 78
A company's web application resizes uploaded images lot users The application stores the original images and the resized images in Amazon S3 The company
needs lo minimize the storage costs tor all the images Original images ate viewed frequently. and resized images are viewed infrequently after they are created
Both types of images need to be immediately available
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.) A. Store the original images In S3 Standard.
A. Store the resized images in S3 Standard
B. Store the original images in S3 Glacier
C. Store the resized Images In S3 Glacier
D. Store the resized Images In S3 One Zone-Infrequent Access (S3 One Zone-IA).
Answer: AD
--------------------------------------------------------------------------------------------------------------------------------
QUESTION 79
A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region The database is encrypted with an AWS Key
Management Service (AWS KMS) customer managed key The company was recently acquired and must securely share a backup of the database with the
acquiring company's AWS account in ap-southeast-3.
What should a solutions architect do to meet these requirements?
A. Create a database snapshot Copy the snapshot to a new unencrypted snapshot Share the new snapshot with the acquiring company's AWS account
B. Create a database snapshot Add the acquiring company's AWS account to the KMS key policy Share the snapshot with the acquiring company's AWS account
C. Create a database snapshot that uses a different AWS managed KMS key Add the acquiring company's AWS account to the KMS key alia
D. Share the snapshot with the acquiring company's AWS account.
E. Create a database snapshot Download the database snapshot Upload the database snapshot to an Amazon S3 bucket Update the S3 bucket policy to allow
access from the acquiring company's AWS account
Answer: A
Labels: AWS SAA-C03, cloud
0 Comments:
Post a Comment
Note: only a member of this blog may post a comment.
<< Home