MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A company runs a memory-intensive analytics application using on-demand Amazon EC2 compute optimized instance. The application is used continuously and application demand doubles during working hours. The application currently scales based on CPU usage. When scaling in occurs, a lifecycle hook is used because the instance requires 4 minutes to clean the application state before terminating.Because users reported poor performance during working hours, scheduled scaling actions were implemented so additional instances would be added during working hours. The Solutions Architect has been asked to reduce the cost of the application.Which solution is MOST cost-effective?
Question2: An internal security audit of AWS resources within a company found that a number of Amazon EC2 instances running Microsoft Windows workloads were missing several important operating system-level patches. A Solutions Architect has been asked to fix existing patch deficiencies, and to develop a workflow to ensure that future patching requirements are identified and taken care of quickly. The Solutions Architect has decided to use AWS Systems Manager. It is important that EC2 instance reboots do not occur at the same time on all Windows workloads to meet organizational uptime requirements.Which workflow will meet these requirements in an automated manner?
Question3: A Solutions Architect is working with a company that operates a standard three-tier web application in AWS.The web and application tiers run on Amazon EC2 and the database tier runs on Amazon RDS. The company is redesigning the web and application tiers to use Amazon API Gateway and AWS Lambda, and the company intends to deploy the new application within 6 months. The IT Manager has asked the Solutions Architect to reduce costs in the interim.Which solution will be MOST cost effective while maintaining reliability?
Question4: An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in each organizational unit (OU) that will be used by procurement managers. The procurement team's policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Marketplace to be restricted to a role named procurement-manager-role, which could be assumed by procurement managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.What is the MOST efficient way to design an architecture to meet these requirements?
Question5: A company has a requirement that only allows specially hardened AMIs to be launched into public subnets in a VPC, and for the AMIs to be associated with a specific security group. Allowing non-compliant instances to launch into the public subnet could present a significant security risk if they are allowed to operate.A mapping of approved AMIs to subnets to security groups exists in an Amazon DynamoDB table in the same AWS account. The company created an AWS Lambda function that, when invoked, will terminate a given Amazon EC2 instance if the combination of AMI, subnet, and security group are not approved in the DynamoDB table.What should the Solutions Architect do to MOST quickly mitigate the risk of compliance deviations?
Question6: A Solution Architect is designing a deployment strategy for an application tier and gas the following requirements.* The application code will need a 500 HB static dataset to be present before application startup.* The application tier be able to scale Up and down based on demand with as little startup time as possible.* The development team should be able to update the code multiple times each day.* Critical operating system (OS) patches must be installed within 48 hours of being released.Which deployment strategy meets these requirements?
Question7: A solution architect is migrating an existing workload to AWS Fargate. The task can only run in a private subnet within the VPC where there is no direct connectivity from outside the system to the application. When the Fargate task is launched, the task fails with the following error:How should the solution architect correct this error?
Question8: A company is migrating its marketing website and content management system from an on-premises data center to AWS. The company wants the AWS application to be developed in a VPC with Amazon EC2 instances used for the web servers and an Amazon RDS instance for the database.The company has a runbook document that describes the installation process of the on-premises system. The company would like to base the AWS system on the processes referenced in the runbook document. The runbook document describes the installation and configuration of the operating systems, network settings, the website, and content management system software on the servers. After the migration is complete, the company wants to be able to make changes quickly to take advantage of other AWS features.How can the application and environment be deployed and automated in AWS, while allowing for future changes?
Question9: A company wants to follow its website on AWS using serverless architecture design patterns for global customers. The company has outlined its requirements as follow:* The website should be responsive.* The website should offer minimal latency.* The website should be highly available.* Users should be able to authenticate through social identity providers such as Google, Facebook, and Amazon.* There should be baseline DDoS protections for spikes in traffic.How can the design requirements be met?
Question10: During a security audit of a Service team's application a Solutions Architect discovers that a username and password tor an Amazon RDS database and a set of AWSIAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database and it uses the I AM credentials to call AWS services in a separate management account.The Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code The management account and the Service team's account are in separate AWS Organizations organizational units (OUs) Which combination of changes should the Solutions Architect make to improve the solution's security? (Select TWO)
Question11: A large global company wants to migrate a stateless mission-critical application to AWS. The application is based on IBM WebSphere (application and integration middleware), IBM MQ (messaging middleware), and IBM DB2 (database software) on a z/OS operating system.How should the Solutions Architect migrate the application to AWS?
Question12: A startup company recently migrated a large ecommerce website to AWS The website has experienced a 70% increase in sales. Software engineers are using a private GitHub repository to manage code. The devops team is using Jenkins for builds and unit testing. The engineers need to receive notifications for bad builds and zero downtime during deployments. The engineers also need to ensure any changes to production are seamless for users and can be rolled back in the event of a major issue.The software engineers have decided to use AWS CodePipeline to manage their build and deployment process. Which solution will meet these requirements?
Question13: A company wants to host a global web application on AWS. It has the following design requirements.* The access pattern must allow for latching data from multiple data sources.* Minimize the of API calls.* Keep page load times to within 50 ms.* Provide user authentication and authorization and manage data access for different user personas (for example, administrator, manager, or engineer).* Use a server less designWhich set of strategies should a solution architect use?
Question14: An ecommerce website running on AWS uses an Amazon RDS for MySQL DB instance with General Purpose SSD storage. The developers chose an appropriate instance type based on demand, and configured100 GB of storage with a sufficient amount of free space.The website was running smoothly for a few weeks until a marketing campaign launched On the second day of the campaign, users reported long wait times and time outs Amazon CloudWatch metrics indicated that both reads and writes to the DB instance were experiencing long response times. The CloudWatch metrics show40% to 50% CPU and memory utilization, and sufficient free storage space is still available The application server logs show no evidence of database connectivity issues What could be the root cause of the issue with the marketing campaign?
Question15: An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services46 account in each organizational unit (OU) that will be used by procurement managers. The procurement team's policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Market procurement managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.What is the MOST efficient way to design an architecture to meet these requirements?
Question16: A solutions architect is designing a web application on AWS that requires 99.99% availability. The application will consist of a three-tier architecture that supports 300.000 web requests each minute when experiencing peak traffic. The application will use Amazon Route 53 for DNS resolution. Amazon CloudFront as the content delivery network (CDN), an Elastic Load Balancer far load balancing. Amazon EC2 Auto Scaling groups to scale the application tier, and Amazon Aurora MySQL as the backend database. The backend database load will average 90% reads and 10% writes. The company wants to build a cost-effective solution, but reliability is critical.Which set of strategies should the solutions architect use?
Question17: A public retail web application uses an Application Load Balancer (ALB) in front of Amazon EC2 instances running across multiple Availability Zones (AZs) in a Region backed by an Amazon RDS MySQL Multi-AZ deployment. Target group health checks are configured to use HTTP and pointed at the product catalog page.Auto Scaling is configured to maintain the web fleet size based on the ALB health check.Recently, the application experienced an outage. Auto Scaling continuously replaced the instances during the outage. A subsequent investigation determined that the web server metrics were within the normal range, but the database tier was experiencing high load, resulting in severely elevated query response times.Which of the following changes together would remediate these issues while improving monitoring capabilities for the availability and functionality of the entire application stack for future growth? (Select TWO.)
Question18: The Solutions Architect manages a serverless application that consists of multiple API gateways, AWS Lambda functions, Amazon S3 buckets, and Amazon DynamoDB tables. Customers say that a few application components slow while loading dynamic images, and some are timing out with the "504 Gateway Timeout" error. While troubleshooting the scenario, the Solutions Architect confirms that DynamoDB monitoring metrics are at acceptable levels.Which of the following steps would be optimal for debugging these application issues? (Choose two.)
Question19: A company's application is increasingly popular and experiencing latency because of high volume reads on the database server.The service has the following properties:* A highly available REST API hosted in one region using Application Load Balancer (ALB) with auto scaling.* A MySQL database hosted on an Amazon EC2 instance in a single Availability Zone.The company wants to reduce latency, increase in-region database read performance, and have multi-region disaster recovery capabilities that can perform a live recovery automatically without any data or performance loss (HA/DR).Which deployment strategy will meet these requirements?
Question20: A company is using an existing orchestration tool to manage thousands of Amazon EC2 instances. A recent penetration test found a vulnerability in the company's software stack. This vulnerability has prompted the company to perform a full evaluation of its current production environment. The analysis determined that the following vulnerabilities exist within the environment* Operating systems with outdated libraries and known vulnerabilities are being used in production* Relational databases hosted and managed by the company are running unsupported versions with known vulnerabilities* Data stored in databases is not encryptedThe solutions architect intends to use AWS Contig to continuously audit and assess the compliance ot the company's AWS resource configurations with the company's policies and guidelines What additional steps will enable the company to secure its environments and track resources while adhering to best practices?
Question21: A company is designing a new highly available web application on AWS. The application requires consistent and reliable connectivity from the application servers in AWS to a backend REST API hosted in the company's on-premises environment. The backend connection between AWS and on-premises will be routed over an AWS Direct Connect connection through a private virtual interface. Amazon Route 53 will be used to manage private DNS records for the application to resolve the IP address on the backend REST API.Which design would provide a reliable connection to the backend API?
Question22: A company is in the process of implementing AWS Organizations to constrain its developers to use only Amazon. EC2, and Amazon S3, and Amazon DynamoDB. The developers account resides in a dedicated organizational unit (OU). The Solution Architect has implemented the following SCP on the Developers account:When this policy is deployed, IAM users in the Developers account are still to use AWS services that are not listed in the policy.What should the Solution Architect do to eliminate the developers' ability to use services outside the scope of this policy?
Question23: A company is migrating its application to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of Developers who are responsible for the development and maintenance of all application. The company is expecting rapid growth in the number of users The company's Chief Technology Officer has the following requirement* Developers must launch the AWS Infrastructure using AWS CloudFormation* Developers must not be able to create resources outside of CloudFormation* The solution must be able to scale to hundreds of AWS accountsWhich of the following would meet these requirements? (Select TWO)
Question24: A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast). Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more during weather events. The forecast data is overwritten every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.Which design meets the required request rate and response time?
Question25: A company currently uses a single 1 Gbps AWS Direct Connect connection to establish connectivity between an AWS Region and its data center. The company has five Amazon VPCs, all of which are connected to the data center using the same Direct Connect connection. The Network team is worried about the single point of failure and is interested in improving the redundancy of the connections to AWS while keeping costs to a minimum.Which solution would improve the redundancy of the connection to AWS while meeting the cost requirements?
Question26: A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an er implement the following application design changes to improve security:* The database must use strong, randomly generated passwords stored in a secure AWS managed service.* The application resources must be deployed through AWS CloudFormation.* The application must rotate credentials for the database every 90 days.A solutions architect will generate a CloudFormation template to deploy the application.Which resources specified in the CloudFormation template will meet the security engineer's requirements e LEAST amount of operational overhead?
Question27: A large global financial services company has multiple business units. The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads. The Security team is concerned about the access strategy for on-premises and AWS implementations. They would like to enforce governance for AWS services used by business team for regulatory workloads, including Payment Card Industry (PCI) requirements.Which solution will address the Security team's concerns and allow the Developers to try new services?
Question28: A company wants to move a web application to AWS. The application stores session information locally on each web server, which will make auto scaling difficult. As part of the migration, the application will be rewritten to decouple the session data from the web servers. The company requires low latency, scalability, and availability.Which service will meet the requirements for storing the session information in the MOST cost-effective way?
Question29: A company is manually deploying its application to production and wants to move to a more mature deployment pattern. The company has asked a solutions architect to design a solution that leverages its current Chef tools and knowledge The application must be deployed to a staging environment for testing and verification before being deployed to production Any new deployment must be rolled back in 5 minutes if errors are discovered after a deployment Which AWS service and deployment pattern should the solutions architect use to meet these requirements?
Question30: A solutions architect is designing a disaster recovery strategy for a three-tier application. The application has an RTO of 30 minutes and an RPO of 5 minutes for the data tier. The application and web tiers are stateless and leverage a fleet of Amazon EC2 instances. The data tier consists of an 50 TB Amazon Aurora database.Which combination of steps satisfies the RTO and RPO requirements while optimizing costs? (Select Two.)
Question31: A company operates pipelines across North America and South America. The company assesses pipeline inspection gauges with imagery and ultrasonic sensor data to monitor the condition of its pipelines. The pipelines are in areas with intermittent or unavailable internet connectivity. The imager data at each site requires terabytes of storage each month. The company wants a solution to collect the data at each site in monthly intervals and to store the data with high durability. The imagery captured must be preprocessed and uploaded to a central location for persistent Storage.Which actions should a solutions architect take to meet these requirements?
Question32: A company has been using a third-party provider for its content delivery network and recently decided to switch to Amazon CloudFront the Development team wants to maximize performance for the global user base.The company uses a content management system (CMS) that serves both static and dynamic content. The CMS is both md an Application Load Balancer (ALB) which is set as the default origin for the distribution.Static assets are served from an Amazon S3 bucket. The Origin Access Identity (OAI) was created property d the S3 bucket policy has been updated to allow the GetObject action from the OAI, but static assets are receiving a 404 error Which combination of steps should the Solutions Architect take to fix the error? (Select TWO. )
Question33: A mobile gaming application publishes data continuously to Amazon Kinesis Data Streams. An AWS Lambda function processes records from the data stream and writes to an Amazon DynamoDB table. The DynamoDB table has an auto scaling policy enabled with the target utilization set to 70%. For several minutes at the start and end of each day, there is a spike in traffic that often exceeds five times the normal load. The company notices the GetRecords.IteratorAge Milliseconds metric of the Kinesis data stream temporarily spikes to over a minute for several minutes. The AWS Lambda function writes Provisioned Throughput Exceeded Exception messages to Amazon CloudWatch Logs during these times, and some records are redirected to the dead letter queue. No exceptions are thrown by the Kinesis producer on the gaming application What change should the company make to resolve this issue?
Question34: A company runs an ordering system on AWS using Amazon SQS and AWS Lambda, with each order received as a JSON message. recently the company had a marketing event that led to a tenfold increase in orders. With this increase, the following undesired behaviors started in the ordering system:* Lambda failures while processing orders lead to queue backlogs.* The same orders have been processed multiple times.A solutions Architect has been asked to solve the existing issues with the ordering system and add the following resiliency features:* Retain problematic orders for analysis.* Send notification if errors go beyond a threshold value.How should the Solutions Architect meet these requirements?
Question35: A company has an Amazon EC2 deployment that has the following architecture:* An application tier that contains 8 m4.xlarge instances* A Classic Load Balancer* Amazon S3 as a persistent data storeAfter one of the EC2 instances fails, users report very slow processing of their requests. A Solutions Architect must recommend design changes to maximize system reliability. The solution must minimize costs.What should the Solution Architect recommend?
Question36: A company has several teams, and each team has their own Amazon RDS database that totals 100 TB The company is building a data query platform for Business Intelligence Analysts to generate a weekly business report The new system must run ad-hoc SQL queries What is the MOST cost-effective solution?
Question37: An e-commerce company is revamping its IT infrastructure and is planning to use AWS services. The company's CIO has asked a Solutions Architect to design a simple, highly available, and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in an Amazon DynamoDB table. The application has a sporadic traffic pattern and should be able to scale during marketing campaigns to process the orders with minimal delays.Which of the following is the MOST reliable approach to meet the requirements?
Question38: A company currently has data hosted in an IBM Db2 database A web application calls an API that runs stored procedures on the database to retrieve user information data that is read-only. This data is historical in nature and changes on a daily basis. When a user logs in to the application, this data needs to be retrieved within 3 seconds. Each time a user logs in. the stored procedures run. Users log in several times a day to check stock prices.Running this database has become cost-prohibitive due to Db2 CPU licensing. Performance goals are not being met. Timeouts from Db2 are common due to long-running queries Which approach should a solutions architect take to migrate this solution to AWS?
Question39: A company has released a new version of a website to target an audience in Asia and South America. The website's media assets are hosted on Amazon S3 and have an Amazon CloudFront distribution to improve end-user performance. However, users are having a poor login experience the authentication service is only available in the us-east-1 AWS Region.How can the Solutions Architect improve the login experience and maintain high security and performance with minimal management overhead?
Question40: A company has multiple lines of business (LOBs) that roll up to the parent company. The company has asked its solutions architect to develop a solution with the following requirements:* Produce a single AWS invoice for all of the AWS accounts used by its LOBs* The costs for each LOB account should be broken out on the invoice* Provide the ability to restrict services and features in the LOB accounts, as defined by the company's governance policy* Each LOB account should be delegated full administrator permissions, regardless of the governance policy Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)
Question41: A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1. The application must be active in both regions at the same time. The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1. Both regions are connected by a VPN.The company wants to ensure that the application remains available even in the event of a region-level failure of all of the application's components. It is acceptable for the application to be in read-only mode for up to 1 hour. The company plans to configure two Amazon Route 53 record sets, one for each of the regions.How should the company complete the configuration to meet its requirements while providing the lowest latency for the application end-users? (Choose two.)
Question42: A retail company is running an application that stores invoice files in Amazon S3 bucket and metadata about the files in an Amazon. The S3 bucket and DynamoDB table are in us-east-1. The company wants to protect itself from data corruption and loss of connectivity to either Region.Which option meets these requirements?
Question43: A web application is hosted in a dedicated VPC that is connected to a company's on-premises data center over a Site-to-Site VPN connection. The application is accessible from the company network only. This is a temporary non-production application that is used during business hours The workload is generally low with occasional surges The application has an Amazon Aurora MySQL provisioned database cluster on the backend. The VPC has an internet gateway and a NAT gateways attached. The web servers are in private subnets in an Auto Scaling group behind an Elastic Load Balancer. The web servers also upload data to an Amazon S3 bucket through the internet A solutions architect needs to reduce operational costs and simplify the architecture.Which strategy should the solutions architect use?
Question44: A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.The company recently acquired a new business unit and invited the new unit's existing AWS account to the organization Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the company's policies.Which option will allow administrators to make changes and continue to enforce the current policies without introducing additional long-term maintenance?
Question45: A company wants to ensure that the workloads for each of its business units have complete autonomy and a minimal blast radius in AWS. The Security team must be able to control access to the resources and services in the account to ensure that particular services are not used by the business units.How can a Solutions Architect achieve the isolation requirements?
Question46: A company hosts a web application on AWS in the us-east-1 Region. The application server are distributed across three Availability Zones behind an Application Load Balancer. The database is hosted in MYSQL database on an Amazon EC2 instance. A solutions architect needs to design a cross-Region data recovery solution using AWS services with an RTO of less than 5 minutes and an RPO of less than 1 minute. The solutions architect is deploying application servers in us-west-2, and has configured Amazon Route 53 hearth checks and DNS failover to us-west-2.Which additional step should the solutions architect take?
Question47: A fleet of Amazon ECS instances is used to poll an Amazon SQS queue and update items in an Amazon DynamoDB database. Items in the table are not being updated, and the SQS queue is filling up. Amazon CloudWatch Logs are showing consistent 400 errors when attempting to update the table. The provisioned write capacity units are appropriately configured, and no throttling is occurring.What is the LIKELY cause of the failure?
Question48: A company CFO recently analyzed the company's AWS monthly bill and identified an opportunity to reduce the cost for AWS Elastic Beanstalk environments in use. The CFO has asked a Solutions Architect to design a highly available solution that will spin up an Elastic Beanstalk environment in the morning and terminate it at the end of the day.The solution should be designed with minimal operational overhead and to minimize costs. It should also be able to handle the increased use of Elastic Beanstalk environments among different teams, and must provide a one-stop scheduler solution for all teams to keep the operational costs low.What design will meet these requirements?
Question49: A retail company processes point-of-state data on application servers in its data center and writes outputs to Amazon DynamoDB table. The data center is connected to the company's VPC with an AWS Direct Connect (DX) connection, and the application servers require a consistent network connection at speed greater than 2 Gbps.The company decides that the DynamoDB table needs to be highly available and fault tolerant. The company policy states that the data should be available across two regions.What changes should the company make to meet these requirements?
Question50: A company has an internal AWS Elastic Beanstalk worker environment inside a VPC that must access an external payment gateway API available on an HTTPS endpoint the public internet Because of security policies, the payment gateway's Application team can grant access to only one public IP address.Which architecture will set up an Elastic Beanstalk environment to access the company's application without making multiple changes on the company's end?
Question51: A healthcare company runs a production workload on AWS that stores highly sensitive personal information.The security team mandates that, for auditing purposes, any AWS API action using AWS account root user credentials must automatically create a high-priority ticket in the company's ticketing system. The ticketing system has a monthly 3-hour maintenance window when no tickets can be created.To meet security requirements, the company enabled AWS CloudTrail logs and wrote a scheduled AWSLambda function that uses Amazon Athena to query API actions performed by the root user. The Lambda function submits any actions found to the ticketing system API. During a recent security audit, the security team discovered that several tickets were not created because the ticketing system was unavailable due to planned maintenance.Which combination of steps should a solutions architect take to ensure that the incidents are reported to the ticketing system even during planned maintenance? (Select TWO.)
Question52: The company Security team requires that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per-user basis, with different users having access to different encryption keys.Which of the following architectures will meet these requirements? (Choose two.)
Question53: A company has more than 100 AWS accounts, with one VPC per account, that need outbound HTTPS connectivity to the internet. The current design contains one NAT gateway per Availability Zone (AZ) in each VPC. To reduce costs and obtain information about outbound traffic, management has asked for a new architecture for internet access.Which solution will meet the current needs, and continue to grow as new accounts are provisioned, while reducing costs?
Question54: A solution architect must enable an AWS CloudHSM M of N access control-also named a quorum authentication mechanism-to allow security officers to make administrative changes to a hardware security module (MSM). The new security policy states that at least three of the five security officers must authorize any administrative changes to CloudHSM.Which well-architected design ensures the security officers can authenticate as a quorum?
Question55: A company's data center is connected to the AWS Cloud over a minimally used 10-Gbps AWS Direct Connect connection with a private virtual interface to its virtual private cloud (VPC) The company internet connection is 200 Mbps and the company has a 150-TB dataset that is created each Friday The data must be transferred and available in Amazon S3 on Monday morning Which is the LEAST expensive way to meet the requirements while allowing for data transfer growth?
Question56: A company hosts a blog post application on AWS using Amazon API Gateway. Amazon DynampDB, and AWS Lambda. The application currently does not use API keys to authorize requests. The API model is as follows:GET/posts/[postid] to get post detailsGET/users[userid] to get user detailsGET /comments/[commentid] to get comments detailsThe company has noticed are actively discussing topics in the comments section, and the company wants to increase use engagement by marking the comments appears in real time.Which design should be used to reduce comment latency and improve user experience?
Question57: A Solutions Architect is designing the storage layer for a data warehousing application. The data files are large, but they have statically placed metadata at the beginning of each file that describes the size and placement of the file's index. The data files are read in by a fleet of Amazon EC2 instances that store the index size, index location, and other category information about the data file in a database. That database is used by Amazon EMR to group files together for deeper analysis.What would be the MOST cost-effective, high availability storage solution for this workflow?
Question58: A company is running a .NET three-tier web application on AWS. The team currently uses XL storage optimized instances to store serve the website's image and video files on local instance storage. The company has encountered issues with data loss from replication and instance failures. The Solutions Architect has been asked to redesign this application to improve its reliability while keeping costs low.Which solution will meet these requirements?
Question59: A company is planning to deploy a new business analytics application that requires 10.000 hours of compute time each month. The compute resources can have flexible availability, but must be as cost-effective as possible. The company will also provide a reporting service to distribute analytics reports, which needs to run at all times How should the solutions architect design a solution that meets these requirements?
Question60: A company has an existing on-premises three-tier web application. The Linux web servers serve content from a centralized file share on a NAS server because the content is refreshed several times a day from various sources. The existing infrastructure is not optimized and the company would like to move to AWS in order to gain the ability to scale resources up and down in response to load. On-premises and AWS resources are connected using AWS Direct Connect.How can the company migrate the web infrastructure to AWS without delaying the content refresh process?
Question61: A company has developed a web application that runs on Amazon EC2 instances in one AWS Region. The company has taken on new business in other countries and must deploy its application into other to meet low-latency requirements for its users. The regions can be segregated, and an application running in one region does not need to communicate with instances in other regions.How should the company's Solutions Architect automate the deployment of the application so that it can be MOST efficiently deployed into multiple regions?
Question62: A company is refactoring an existing web service that provides read and write access to structured data. The service must respond to short but significant spikes in the system load The service must be fault tolerant across multiple AWS Regions.Which actions should be taken to meet these requirements?
Question63: A software as a service (SaaS) company offers a cloud solution for document management to private law firms and the public sector. A Local Government client recently mandated that highly confidential documents cannot be stored outside the country. The company CIO asks a solutions architect to ensure the application can adapt to this new requirement The CIO also wants to have a proper backup plan for these documents, as backups are not currently performed What solution meets these requirements?
Question64: A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements:* Inbound requests must be filtered for common vulnerability attacks* Rejected requests must be sent to a third-party auditing application* All resources should be highly availableWhich solution meets these requirements''
Question65: A company has several Amazon EC2 instances to both public and private subnets within a VPC that is not connected to the corporate network. A security group associated with the EC2 instances allows the company to use the Windows remote desktop protocol (RDP) over the internet to access the instances. The security team has noticed connection attempts from unknown sources. The company wants to implement a more secure solution to access the EC2 instances.Which strategy should a solutions architect implement?
Question66: A company wants to improve cost awareness for its Amazon EMR platform. The company has allocated budgets for each team's Amazon EMR usage. When a budgetary threshold is reached, a notification should be sent by email to the budget office's distribution list. Teams should be able to view their EMR cluster expenses to date. A solutions architect needs to create a solution that ensures the policy is proactrvely and centrally enforced in a multi-account environment.Which combination of steps should the solutions architect take to meet these requirements? (Select TWO )
Question67: A company has an application behind a load balancer with enough Amazon EC2 instances to satisfy peak demand. Scripts and third-party deployment solutions are used to configure EC2 instances when demand increases or an instance fails. The team must periodically evaluate the utilization of the instance types to ensure that the correct sizes are deployed.How can this workload be optimized to meet these requirements?
Question68: A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The Quality Assurance (QA) department needs to launch a large number of short-lived environments to test the application.The application environments are currently launched by the Manager of the department using an AWS CloudFormation template. To launch the stack, the Manager uses a role with permission to use CloudFormation, EC2 and Auto Scaling APIs. The Manager wants to allow testers to launch their own environments, but does not want to grant broad permission to each user. Which set up would achieve these goals?
Question69: An enterprise company's data science team wants to provide a safe, cost-effective way to provide easy access to Amazon SageMaker. The data scientists have limited AWS knowledge and need to be able to launch a Jupyter notebook instance. The notebook instance needs to have a preconfigured AWS KMS key to encrypt data at rest on the machine learning storage volume without exposing the complex setup requirements.Which approach will allow the company to set up a self-service mechanism for the data scientists to launch Jupyter notebooks in its AWS accounts with the LEAST amount of operational overhead?
Question70: A company hosts a legacy application that runs on an Amazon EC2 instance inside a VPC without internet access Users access the application with a desktop program installed on their corporate laptops.Communication between the laptops and the VPC flows through AWS Direct Connect (DX). A new requirement states that all data in transit must be encrypted between users and the VPC.Which strategy should a solutions architect use to maintain consistent network performance while meeting this new requirement?
Question71: A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket The company requires that only authenticated users are allowed to post content The application generates a preasigned URL that is used to upload objects through a browser interface Most users are reporting slow upload times for objects larger than 100 MB.What can a Solutions Architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?
Question72: A company is migrating to the cloud. It wants to evaluate the configurations of virtual machines in its existing data center environment to ensure that it can size new Amazon EC2 instances accurately. The company wants to collect metrics, such as CPU, memory, and disk utilization, and it needs an inventory of what processes are running on each instance. The company would also like to monitor network connections to map communications between servers.Which would enable the collection of this data MOST cost effectively?
Question73: A media storage application uploads user photos to Amazon S3 for processing. End users are reporting that some uploaded photos are not being processed properly. The Application Developers trace the logs and find that AWS Lambda is experiencing execution issues when thousands of users are on the system simultaneously.Issues are caused by:* Limits around concurrent executions.* The performance of Amazon DynamoDB when saving data.Which actions can be taken to increase the performance and reliability of the application? (Choose two.)
Question74: A Solutions Architect must design a highly available, stateless, REST service. The service will require multiple persistent storage layers for service object meta information and the delivery of content. Each request needs to be authenticated and securely processed. There is a requirement to keep costs as low as possible?How can these requirements be met?
Question75: An IoT company has rolled out a fleet of sensors for monitoring temperatures in remote locations. Each device connect to AWS IoT Core and sends a message 30 seconds, updating an Amazon DynamoDB table. A System Administrator users AWS IoT to verify the devices are still sending messages to AWS IoT Core: the database is not updating.What should a Solution Architect check to determine why the database is not being updated?
Question76: A company has an internal application running on AWS that is used to track and process shipments in the company's warehouse. Currently, after the system receives an order, it emails the staff the information needed to ship a package. Once the package is shipped, the staff replies to the email and the order is marked as shipped.The company wants to stop using email in the application and move to a serverless application model.Which architecture solution meets these requirements?
Question77: A solutions architect has been assigned to migrate a 50 TB Oracle data warehouse that contains sales data from on-premises to Amazon Redshift Major updates to the sales data occur on the final calendar day of the month. For the remainder of the month the data warehouse only receives minor daily updates and is primarily used for reading and reporting Because of this the migration process must start on the first day of the month and must be complete before the next set of updates occur. This provides approximately 30 days to complete the migration and ensure that the minor daily changes have been synchronized with the Amazon Redshift data warehouse Because the migration cannot impact normal business network operations the bandwidth allocated to the migration for moving data over the internet is 50 Mbps. The company wants to keep data migration costs low Which stops will allow the solutions architect to perform the migration within the specified timeline?
Question78: A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company's internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period.What is the LEAST complex method of migrating the database securely and reliably?
Question79: A company runs an application on a fleet of Amazon EC2 instances The application requires low latency and random access to 100 GB of data The application must be able to access the data at up to 3.000 IOPS A Development team has configured the EC2 launch template to provision a 100-GB Provisioned IOPS (PIOPS) Amazon EBS volume with 3 000 IOPS provisioned A Solutions Architect is tasked with lowering costs without impacting performance and durability Which action should be taken?
Question80: A company's security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment. A solutions architect is developing a mechanism to create security- approved AMIs that can be used by developers. Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them. The approved images must be scanned every30 days to ensure compliance.Which combination of steps should the solutions architect take to meet these requirements while following best practices? (Select TWO.)
Question81: A company uses an Amazon EMR cluster to process data once a day. The raw data comes from Amazon S3, and the resulting processed data is also stored in Amazon S3. The processing must complete within 4 hours; currently, it only takes 3 hours. However, the processing time is taking 5 to 10 minutes. longer each week due to an increasing volume of raw data.The team is also concerned about rising costs as the compute capacity increases. The EMR cluster is currently running on three m3.xlarge instances (one master and two core nodes).Which of the following solutions will reduce costs related to the increasing compute needs?
Question82: A company is planning to migrate an application from on-premises to AWS. The application currently uses an Oracle database and the company can tolerate a brief downtime of 1 hour when performing the switch to the new infrastructure. As part of the migration, the database engine will be changed to MySQL. A Solutions Architect needs to determine which AWS services can be used to perform the migration while minimizing the amount of work and time required.Which of the following will meet the requirements?
Question83: A company provides AWS solutions to its users with AWS CloudFormation templates. Users launch the templates in their accounts to have different solutions provisioned for them. The users want to improve the deployment strategy for solutions while retaining the ability to do the following:* Add their own features to a solution for their specific deployments.* Run unit tests on their changes.* Turn features on and off for their deployments.* Automatically update with code changes.* Run security scanning tools for their deployments.Which strategies should the solutions architect use to meet the requirements?
Question84: A media company has a 30-TB repository of digital news videos. These videos are stored on tape in an on-premises tape library and referenced by a Media Asset Management (MAM) system. The company wants to enrich the metadata for these videos in an automated fashion and put them into a searchable catalog by using a MAM feature. The company must be able to search based on information in the video, such as objects, scenery items, or people's faces. A catalog is available that contains faces of people who have appeared in the videos that include an image of each person. The company would like to migrate these videos to AWS.The company has a high-speed AWS Direct Connect connection with AWS and would like to move the MAM solution video content directly from its current file system.How can these requirements be met by using the LEAST amount of ongoing management overhead and causing MINIMAL disruption to the existing system?
Question85: A company has multiple AWS accounts and manages these accounts which AWS Organization. A developer was given IAM user credentials to access AWS resources. The developer should have read-only access to all Amazon S3 buckets in the account. However, when the developer tries to access the S3 buckets from the console, they receive an access denied error message with no bucket listed.A solution architect reviews the permissions and finds that the developer's IAM user is listed as having read-only access to all S3 buckets in the account.Which additional steps should the solutions architect take to troubleshoot the issue? (Select TWO.)
Question86: A company is migrating its on-premises systems to AWS. The user environment consists of the following systems:* Windows and Linux virtual machines running on VMware.* Physical servers running Red Hat Enterprise Linux.The company wants to be able to perform the following steps before migrating to AWS:* Identify dependencies between on-premises systems.* Group systems together into applications to build migration plans.* Review performance data using Amazon Athena to ensure that Amazon EC2 instances are right-sized.How can these requirements be met?
Question87: A company recently transformed its legacy infrastructure provisioning scripts to AWS CloudFormation templates. The newly developed templates are hosted in the company's private GitHub repository. Since adopting CloudFortmation, the company has encountered several issues with updates to the CloudFormation templates, causing execution or creating environment Management is concerned by the increase in errors and has asked a Solutions architect to design the automated testing of CloudFortmation template updates.What should the Solution Architecture do to meet these requirements?
Question88: A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint The Solutions Architect wants an end-to-end view of each request to analyze the latency of the request and create service maps How can the Solutions Architect design the API Gateway access control and perform request inspections?
Question89: A fitness tracking company serves users around the world, with its primary markets in North America and Asia. The company needs to design an infrastructure for its read heavy user authorization application with the following requirements:* Be resilient to problem with the application in any region.* Write to a database In a single Region.* Read from multiple regions.* Support resiliency across application tiers in each Region.* Support the relational database semantics reflected in the application.Which combination of steps should a solution architect take? (Select TWO.)
Question90: A large multinational company runs a timesheet application on AWS that is used by staff across the world.The application runs on Amazon EC2 instances in an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer, and stores in an Amazon RDS MySQL Multi-AZ database instance.The CFO is concerned about the impact on the business if the application is not available. The application must not be down for more than two hours, but the solution must be as cost-effective as possible.How should the Solutions Architect meet the CFO's requirements while minimizing data loss?
Question91: A company has an application that sells tickets online and experiences bursts of demand even/ 7 days. The application has a stateless presentation layer running on Amazon EC2 an Oracle database to store unstructured data catalog information and a backend API layer. The front-end layer uses an Elastic Load Balancer to distribute the load across nine On-Demand instances over three Availability Zones (AZs). The Oracle database is running on a single EC2 instance The company is experiencing performance issues when running more than two concurrent campaigns. A solutions architect must design a solution that meets the following requirements* Address scalability issues* Increase the level of concurrency* Eliminate licensing costs* improve reliabilityWhich set of steps should the solutions architect take?
Question92: A solutions architect is implementing federated access to AWS for users of the company's mobile application.Due to regulatory and security requirements, the application must use a custom-built solution for authenticating users and must use IAM roles for authorization.Which of the following actions would enable authentication and authorization and satisfy the requirements?(Select TWO.)
Question93: A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances m the us-east-1 Region. Artists upload photos of their work as large-size, high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region The users in Europe are reporting slow performance for their image uploads.How can a solutions architect improve the performance of the image upload process?
Question94: A Solutions Architect must update an application environment within AWS Elastic Beanstalk using a blue/green deployment methodology. The Solutions Architect creates an environment that is identical to the existing application environment and deploys the application to the new environment.What should be done next to complete the update?
Question95: A company decided to purchase Amazon EC2 Reserved Instances. A solutions architect is tasked with implementing a solution where only the master account in AWS Organizations is able to purchase the Reserved Instances. Current and future member accounts should be blocked from purchasing Reserved Instances.Which solution will meet these requirements?