MoreExam
1. Question Content...
EXPLANATION
Answer: X - EXPLANATION Content.
Question1: A Solutions Architect has been asked to look at a company's Amazon Redshift cluster, which has quickly become an integral part of its technology and supports key business process. The Solutions Architect is to increase the reliability and availability of the cluster and provide options to ensure that if an issue arises, the cluster can either operate or be restored within four hours.Which of the following solution options BEST addresses the business need in the most cost-effective manner?
Question2: A software as a service (SaaS) company offers a cloud solution for document management to private law firms and the public sector. A Local Government client recently mandated that highly confidential documents cannot be stored outside the country. The company CIO asks a solutions architect to ensure the application can adapt to this new requirement The CIO also wants to have a proper backup plan for these documents, as backups are not currently performed What solution meets these requirements?
Question3: A group of research institutions and hospitals are in a partnership to study 2 PBs of genomic data. The institute that owns the data stores it in an Amazon S3 bucket and updates it regularly. The institute would like to give all of the organizations in the partnership read access to the data. All members of the partnership are extremely cost-conscious, and the institute that owns the account with the S3 bucket is concerned about covering the costs for requests and data transfers from Amazon S3.Which solution allows for secure datasharing without causing the institute that owns the bucket to assume all the costs for S3 requests and data transfers?
Question4: A company standardized its method of deploying applications to AWS using AWS CodePipeline and AWS Cloud Formation. The applications are in TypeScript and Python. The company has recently acquired another business that deploys applications to AWS using Python scripts.Developers from the newly acquired company are hesitant to move their applications under Cloud Formation because it would require that they learn a new domain-specific language and eliminate their access to language features, such as looping.How can the acquired applications quickly be brought up to deployment standards while addressing the developers' concerns?
Question5: A public retail web application uses an Application Load Balancer (ALB) in front of Amazon EC2 instances running across multiple Availability Zones (AZs) in a Region backed by an Amazon RDS MySQL Multi-AZ deployment. Target group health checks are configured to use HTTP and pointed at the product catalog page.Auto Scaling is configured to maintain the web fleet size based on the ALB health check.Recently, the application experienced an outage. Auto Scaling continuously replaced the instances during the outage. A subsequent investigation determined that the web server metrics were within the normal range, but the database tier was experiencing high load, resulting in severely elevated query response times.Which of the following changes together would remediate these issues while improving monitoring capabilities for the availability and functionality of the entire application stack for future growth? (Select TWO.)
Question6: A company currently uses a single 1 Gbps AWS Direct Connect connection to establish connectivity between an AWS Region and its data center. The company has five Amazon VPCs, all of which are connected to the data center using the same Direct Connect connection. The Network team is worried about the single point of failure and is interested in improving the redundancy of the connections to AWS while keeping costs to a minimum.Which solution would improve the redundancy of the connection to AWS while meeting the cost requirements?
Question7: A company has a single AWS master billing account, which is the root of the AWS Organizations hierarchy.The company has multiple AWS accounts within this hierarchy, all organized into organization units (OUs).More OUS and AWS accounts will continue to be created as other parts of the business migrate applications to AWS. These business units may need to use different AWS services. The Security team is implementing the following requirements for all current and future AWS accounts.* Control policies must be applied across all accounts to prohibit AWS servers.* Exceptions to the control policies are allowed based on valid use cases.Which solution will meet these requirements with minimal optional overhead?
Question8: A photo-sharing and publishing company receives 10,000 to 150,000 images daily. The company receives the images from multiple suppliers and users registered with the service. The company is moving to AWS and wants to enrich the existing metadata by adding data using Amazon Rekognition.The following is an example of the additional data:As part of the cloud migration program, the company uploaded existing image data to Amazon S3 and told users to upload images directly to Amazon S3.What should the Solutions Architect do to support these requirements?
Question9: A Solutions Architect is designing a network solution for a company that has applications running in a data center in Northern Virginia. The applications in the company's data center require predictable performance to applications running in a virtual private cloud (VPC) located in us-east-1, and a secondary VPC in us-west-2 within the same account. The company data center is collocated in an AWS Direct Connect facility that serves the us-est-1 region. The company has already ordered an AWS Direct Connect connection and a cross-connect has been established.Which solution will meet the requirements at the LOWEST cost?
Question10: A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket The company requires that only authenticated users are allowed to post content The application generates a preasigned URL that is used to upload objects through a browser interface Most users are reporting slow upload times for objects larger than 100 MB.What can a Solutions Architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?
Question11: A Company has a security event whereby an Amazon S3 bucket with sensitive information was made public.Company policy is to never have public S3 objects, and the Compliance team must be informed immediately when any public objects are identified.How can the presence of a public S3 object be detected, set to trigger alarm notifications, and automatically remediated in the future? (Choose two.)
Question12: During an audit a Security team discovered that a Development team was putting IAM user secret access keys in their code and then committing it to an AWS CodeCommit repository The Security team wants to automatically find and remediate instances of this security vulnerability Which solution will ensure that the credentials are appropriately secured automatically?
Question13: A company is developing a new service that will be accessed using TCP on a static port. A solutions architect must ensure that the service is highly available, has redundancy across Availability Zones, and is accessible using the DNS name my.service.com, which is publicly accessible. The service must use fixed address assignments so other companies can add the addresses to their allow lists.Assuming that resources are deployed in multiple Availability Zones in a single Region, which solution will meet these requirements?
Question14: A company is running an email application across multiple AWS Regions. The company uses Ohio (us-east-2) as the primary Region and Northern Virginia (us-east-1) as the Disaster Recovery (DR) Region. The data is continuously replicated from the primary Region to the DR Region by a single instance on the public subnet in both Regions. The replication messages between the Regions have a significant backlog during certain times of the day. The backlog clears on its own after a short time, but it affects the application's RPO.Which of the following solutions should help remediate this performance problem? (Select TWO)
Question15: A company is refactoring an existing web service that provides read and write access to structured data. The service must respond to short but significant spikes in the system load The service must be fault tolerant across multiple AWS Regions.Which actions should be taken to meet these requirements?
Question16: A Solutions Architect is working with a company that operates a standard three-tier web application in AWS.The web and application tiers run on Amazon EC2 and the database tier runs on Amazon RDS. The company is redesigning the web and application tiers to use Amazon API Gateway and AWS Lambda, and the company intends to deploy the new application within 6 months. The IT Manager has asked the Solutions Architect to reduce costs in the interim.Which solution will be MOST cost effective while maintaining reliability?
Question17: A company has multiple lines of business (LOBs) that roll up to the parent company. The company has asked its solutions architect to develop a solution with the following requirements:* Produce a single AWS invoice for all of the AWS accounts used by its LOBs* The costs for each LOB account should be broken out on the invoice* Provide the ability to restrict services and features in the LOB accounts, as defined by the company's governance policy* Each LOB account should be delegated full administrator permissions, regardless of the governance policy Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)
Question18: A company is moving a business-critical, multi-tier application to AWS. The architecture consists of a desktop client application and server infrastructure. The server infrastructure resides in an on-premises data center that frequently fails to maintain the application uptime SLA of 99.95%. A Solutions Architect must re-architect the application to ensure that it can meet or exceed the SLA.The application contains a PostgreSQL database running on a single virtual machine. The business logic and presentation layers are load balanced between multiple virtual machines. Remote users complain about slow load times while using this latency-sensitive application.Which of the following will meet the availability requirements with little change to the application while improving user experience and minimizing costs?
Question19: A company is planning to migrate an existing high performance computing (HPE) solution to the AWS Cloud.The existing solution consists of a 12-node cluster running Linux with high speed interconnectivity developed on a single rack. A solution architect needs to optimize the performance of the HPE cluster.Which combination of steps will meet these requirements? (Select TWO.)
Question20: A company has an application written using an in-house software framework. The framework installation takes 30 minutes and is performed with a user data script. Company Developers deploy changes to the application frequently. The framework installation is becoming a bottleneck in this process.Which of the following would speed up this process?
Question21: A company's security compliance requirements state that all Amazon EC2 images must be scanned for vulnerabilities and must pass a CVE assessment. A solutions architect is developing a mechanism to create security- approved AMIs that can be used by developers. Any new AMIs should go through an automated assessment process and be marked as approved before developers can use them. The approved images must be scanned every30 days to ensure compliance.Which combination of steps should the solutions architect take to meet these requirements while following best practices? (Select TWO.)
Question22: A healthcare company runs a production workload on AWS that stores highly sensitive personal information.The security team mandates that, for auditing purposes, any AWS API action using AWS account root user credentials must automatically create a high-priority ticket in the company's ticketing system. The ticketing system has a monthly 3-hour maintenance window when no tickets can be created.To meet security requirements, the company enabled AWS CloudTrail logs and wrote a scheduled AWSLambda function that uses Amazon Athena to query API actions performed by the root user. The Lambda function submits any actions found to the ticketing system API. During a recent security audit, the security team discovered that several tickets were not created because the ticketing system was unavailable due to planned maintenance.Which combination of steps should a solutions architect take to ensure that the incidents are reported to the ticketing system even during planned maintenance? (Select TWO.)
Question23: What combination of steps could a Solutions Architect take to protect a web workload running on Amazon EC2 from DDoS and application layer attacks? (Select two.)
Question24: An online e-commerce business is running a workload on AWS. The application architecture includes a web tier, an application tier for business logic, and a database tier for user and transactional data management. The database server has a 100 GB memory requirement. The business requires cost-efficient disaster recovery for the application with an RTO of 5 minutes and an RPO of 1 hour. The business also has a regulatory for out-of region disaster recovery with a minimum distance between the primary and alternate sites of 250 miles.Which of the following options can the Solutions Architect design to create a comprehensive solution for this customer that meets the disaster recovery requirements?
Question25: A company is planning on hosting its ecommerce platform on AWS using a multi-tier web application designed for a NoSQL database. The company plans to use the us-west-2 Region as its primary Region. The company want to ensure that copies of the application and data are available in second Region, us-west-1, for disaster recovery. The company wants to keep the time to fall over as tow as possible. Fading back to the primary Region should be possible without administrative interaction after the primary service is restored.Which design should the solutions architect use?
Question26: A company is migrating an application to AWS. It wants to use fully managed services as much as possible during the migration. The company needs to store large, important documents within the application with the following requirements:The data must be highly durable and available.The data must always be encrypted at rest and in transit.The encryption key must be managed by the company and rotated periodically.Which of the following solutions should the Solutions Architect recommend?
Question27: While debugging a backend application for an loT system that supports globally distributed devices a Solutions Architect notices that stale data is occasionally being sent to user devices. Devices often share data, and stale data does not cause issues in most cases However device operations are disrupted when a device reads the stale data after an update The global system has multiple identical application stacks deployed In different AWS Regions If a user device travels out of its home geographic region it will always connect to the geographically closest AWS Region to write or read data The same data is available in all supported AWS Regions using an Amazon DynamoDB global table What change should be made to avoid causing disruptions in device operations'?
Question28: A solutions architect is designing a network for a new cloud deployment Each account will need autonomy to modify route tables and make changes. Centralized and controlled egress internet connectivity is also needed The cloud footprint is expected to grow to thousands of AWS accounts Which architecture will meet these requirements?
Question29: An enterprise runs 103 line-of-business applications on virtual machines in an on-premises data center. Many of the applications are simple PHP, Java, or Ruby web applications, are no longer actively developed, and serve little traffic.Which approach should be used to migrate these applications to AWS with the LOWEST infrastructure costs ?
Question30: A company wants to ensure that the workloads for each of its business units have complete autonomy and a minimal blast radius in AWS. The Security team must be able to control access to the resources and services in the account to ensure that particular services are not used by the business units.How can a Solutions Architect achieve the isolation requirements?
Question31: A three-tier web application runs on Amazon EC2 instances. Cron daemons are used to trigger scripts that collect the web server, application, and database logs and send them to a centralized location every hour.Occasionally, scaling events or unplanned outages have caused the instances to stop before the latest logs were collected, and the log files were lost.Which of the following options is the MOST reliable way of collecting and preserving the log files?
Question32: A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account A.The company's applications and databases are running in Account B.A solutions architect will deploy a two-tier application in a new VPC. To simplify the configuration, the db.example.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53 During deployment the application failed to start Troubleshooting revealed that db.example.com is not resolvable on the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53.Which combination of steps should the solutions architect take to resolve this issue? (Select TWO)
Question33: A company CFO recently analyzed the company's AWS monthly bill and identified an opportunity to reduce the cost for AWS Elastic Beanstalk environments in use. The CFO has asked a Solutions Architect to design a highly available solution that will spin up an Elastic Beanstalk environment in the morning and terminate it at the end of the day.The solution should be designed with minimal operational overhead and to minimize costs. It should also be able to handle the increased use of Elastic Beanstalk environments among different teams, and must provide a one-stop scheduler solution for all teams to keep the operational costs low.What design will meet these requirements?
Question34: A solutions architect is designing a disaster recovery strategy for a three-tier application. The application has an RTO of 30 minutes and an RPO of 5 minutes for the data tier. The application and web tiers are stateless and leverage a fleet of Amazon EC2 instances. The data tier consists of an 50 TB Amazon Aurora database.Which combination of steps satisfies the RTO and RPO requirements while optimizing costs? (Select Two.)
Question35: A company used Amazon EC2 instances to deploy a web fleet to host a blog site. The EC2 instances are behind an Application Load Balancer (ALB) and are configured in an Auto Scaling group. The web application stores all blog content on an Amazon EFS volume.The company recently added a feature for bloggers to add video to their posts, attracting 10 times the previous user traffic. At peak times of day, users report buffering and timeout issues while attempting to reach the site or watch videos.Which is the MOST cost-efficient and scalable deployment that will resolve the issues for users?
Question36: A company is planning the migration of several lab environments used for software testing. An assortment of custom tooling is used to manage the test runs for each lab. The labs use immutable infrastructure for the software test runs, and the results are stored in a highly available SQL database cluster. Although completely rewriting the custom tooling is out of scope for the migration project, the company would like to optimize workloads during the migration.Which application migration strategy meets this requirement?
Question37: A North American company with headquarters on the East Coast is deploying a new web application running on Amazon EC2 in the us-east-1 Region. The application should dynamically scale to meet user demand and maintain resiliency. Additionally, the application must have disaster recover capabilities in an active-passive configuration with the us-west-1 Region.Which steps should a solutions architect take after creating a VPC in the us-east-1 Region?
Question38: A company will several AWS accounts is using AWS Organizations and service control policies (SCPs). An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111:Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the Administrator address this problem?
Question39: To abide by industry regulations, a Solutions Architect must design a solution that will store a company's critical data in multiple public AWS Regions, including in the United States, where the company's headquarters is located. The Solutions Architect is required to provide access to the data stored in AWS to the company's global WAN network. The Security team mandates that no traffic accessing this data should traverse the public internet.How should the Solutions Architect design a highly available solution that meets the requirements and is cost-effective?
Question40: A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements:* Inbound requests must be filtered for common vulnerability attacks* Rejected requests must be sent to a third-party auditing application* All resources should be highly availableWhich solution meets these requirements''
Question41: A company is migrating its on-premises build artifact server to an AWS solution. The current system consists of an Apache HTTP server that serves artifacts to clients on the local network, restricted by the perimeter firewall. The artifact consumers are largely build automation scripts that download artifacts via anonymous HTTP, which the company will be unable to modify within its migration timetable.The company decides to move the solution to Amazon S3 static website hosting. The artifact consumers will be migrated to Amazon EC2 instances located within both public and private subnets in a virtual private cloud (VPC).Which solution will permit the artifact consumers to download artifacts without modifying the existing automation scripts?
Question42: A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:Consolidate all accounts into one organization.Allow full access to the Amazon EC2 service from the master account and the secondary accounts.Minimize the effort required to add additional secondary accounts.Which combination of steps should be included in the solution? (Choose two.)
Question43: A company has multiple AWS accounts hosting IT applications. An Amazon CloudWatch Logs agent is installed on all Amazon EC2 instances. The company wants to aggregate all security events in a centralized AWS account dedicated to log storage.Security Administrators need to perform near-real-time gathering and correlating of events across multiple AWS accounts.Which solution satisfies these requirements?
Question44: A company runs a Windows Server host in a public subnet that is configured to allow a team of administrators to connect over RDP to troubleshoot issues with hosts in a private subnet. The host must be available at all times outside of a scheduled maintenance window, and needs to receive the latest operating system updates within 3 days of release.What should be done to manage the host with the LEAST amount of administrative effort?
Question45: A company has a Microsoft SOL Server database in its data center and plans to migrate data to Amazon Aurora MySQL. The company has already used Vie AWS Schema Conversion Tool to migrate triggers, stored procedures and other schema objects to Aurora MySQL The database contains 1 TB of data and grows toss than 1 M6 per day The company's data center is connected to AWS through a dedicated 1Gbps AWS Direct Connect connection.The company would like to migrate data to Aurora MySQL and perform reconfigurations with minimal downtime to the applications.Which solution meets the company's requirements?
Question46: A group of Amazon EC2 instances have been configured as high performance computing (HPC) cluster. The instances are running in a placement group, and are able to communicate with each other at network of up to20 Gbps.The cluster needs to communicate with a control EC2 instance outside of the placement group. The control instance has the same instance type and AMI as the other instances, and is configured with a public IP address.How can the Solutions Architect improve the network speeds between the control instance and the instances in the placement group?
Question47: A company runs its containerized batch jobs on Amazon ECS. The jobs are scheduled by submitting a container image, a task definition, and the relevant data to an Amazon S3 bucket. Container images may be unique per job. Running the jobs as quickly as possible is of utmost importance, so submitting jobs artifacts to the S3 bucket triggers the job to run immediately. Sometimes there may no jobs running at all. However, jobs of any size can be submitted with no prior warning to the IT Operations team. Job definitions include CPU and memory resource requirements.What solution will allow the batch jobs to complete as quickly as possible after being scheduled?
Question48: A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Select TWO.)
Question49: A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.In each AWS account with a client an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit logs using the VPC endpoint.Which combination of steps should a solutions architect take to resolve this issue? (Select TWO)
Question50: A Solutions Architect needs to design a highly available application that will allow authenticated users to stay connected to the application even when there are underlying failures.Which solution will meet these requirements?
Question51: A company runs a legacy system on a single m4.2xlarge Amazon EC2 instance with Amazon EBS2 storage.The EC2 instance runs both the web server and a self-managed Oracle database. A snapshot is made of the EBS volume every 12 hours, and an AMI was created from the fully configured EC2 instance.A recent event that terminated the EC2 instance led to several hours of downtime. The application was successfully launched from the AMI, but the age of the EBS snapshot and the repair of the database resulted in the loss of 8 hours of data. The system was also down for 4 hours while the Systems Operators manually performed these processes.What architectural changes will minimize downtime and reduce the chance of lost data?
Question52: A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an er implement the following application design changes to improve security:* The database must use strong, randomly generated passwords stored in a secure AWS managed service.* The application resources must be deployed through AWS CloudFormation.* The application must rotate credentials for the database every 90 days.A solutions architect will generate a CloudFormation template to deploy the application.Which resources specified in the CloudFormation template will meet the security engineer's requirements e LEAST amount of operational overhead?
Question53: A company is using AWS to run an internet-facing production application written in Node.js. The Development team is responsible for pushing new versions of their software directly to production. The application software is updated multiple times a day. The team needs guidance from a Solutions Architect to help them deploy the software to the production fleet quickly and with the least amount of disruption to the service.Which option meets these requirements?
Question54: A company is running web application on Amazon EC2. The web tier consists of an Application Load Balancer (ALB) backed by a Auto Scaling group of web server Instances spanning multiple Availability Zones. The database tier is using Amazon Aurora MySQL. The company's security team has deployed AWS WAF and integrated it with the ALB to prevent SQL injection attacks against the application.Recently, a security breach was reported In which the attacker was able to gain access to an individual web server and the company's database from random IP addresses. The security team was eventually able to write a better rule to match the SQL injection technique that the attacker had used. However, this process took about an hour from when the third-party security agent running on the EC2 instances successfully detected the attack.Which strategy allows the security team to protect the database and overall infrastructure?
Question55: A company's CISO has asked a Solutions Architect to re-engineer the company's current CI/CD practices to make sure patch deployments to its applications can happen as quickly as possible with minimal downtime if vulnerabilities are discovered. The company must also be able to quickly roll back a change in case of errors.The web application is deployed in a fleet of Amazon EC2 instances behind an Application Load Balancer.The company is currently using GitHub to host the application source code and has configured an AWS CodeBuild project to build the application. The company also intends to use AWS CodePipeLine to trigger builds form GitHub commits using the existing CodeBuild project.What CI/CD configuration meets all of the requirements?
Question56: An organization has two Amazon EC2 instances:The first is running an ordering application and an inventory application.The second is running a queuing system.During certain times of the year, several thousand orders are placed per second. Some orders were lost when the queuing system was down. Also, the organization's inventory application has the incorrect quantity of products because some orders were processed twice.What should be done to ensure that the applications can handle the increasing number of orders?
Question57: A company's application is increasingly popular and experiencing latency because of high volume reads on the database server.The service has the following properties:A highly available REST API hosted in one region using Application Load Balancer (ALB) with auto scaling.A MySQL database hosted on an Amazon EC2 instance in a single Availability Zone.The company wants to reduce latency, increase in-region database read performance, and have multi-region disaster recovery capabilities that can perform a live recovery automatically without any data or performance loss (HA/DR).Which deployment strategy will meet these requirements?
Question58: A company has created an account for individual Development teams, resulting in a total of 200 accounts. All accounts have a single virtual private cloud (VPC) in a single region with multiple microservices running in Docker containers that need to communicate with microservices in other accounts. The Security team requirements state that these microservices must not traverse the public internet, and only certain internal services should be allowed to call other individual services. If there is any denied network traffic for a service, the Security team must be notified of any denied requests, including the source IP.How can connectivity be established between services while meeting the security requirements?
Question59: A company wants to follow its website on AWS using serverless architecture design patterns for global customers. The company has outlined its requirements as follow:The website should be responsive.The website should offer minimal latency.The website should be highly available.Users should be able to authenticate through social identity providers such as Google, Facebook, and Amazon.There should be baseline DDoS protections for spikes in traffic.How can the design requirements be met?
Question60: A Solutions Architect is building a solution for updating user metadata that is initiated by web servers. The solution needs to rapidly scale from hundreds lo tens of thousands of jobs in less than 30 seconds. The solution must be asynchronous always avertable and minimize costs Which strategies should the Solutions Architect use to meet these requirements?
Question61: A company has several Amazon EC2 instances to both public and private subnets within a VPC that is not connected to the corporate network. A security group associated with the EC2 instances allows the company to use the Windows remote desktop protocol (RDP) over the internet to access the instances. The security team has noticed connection attempts from unknown sources. The company wants to implement a more secure solution to access the EC2 instances.Which strategy should a solutions architect implement?
Question62: An ecommerce company has an order processing application it wants to migrate to AWS The application has inconsistent data volume patterns, but needs to be avail at all times. Orders must be processed as they occur and in the order that they are received.Which set of steps should a solutions architect take to meet these requirements?
Question63: A company's data center is connected to the AWS Cloud over a minimally used 10-Gbps AWS Direct Connect connection with a private virtual interface to its virtual private cloud (VPC) The company internet connection is 200 Mbps and the company has a 150-TB dataset that is created each Friday The data must be transferred and available in Amazon S3 on Monday morning Which is the LEAST expensive way to meet the requirements while allowing for data transfer growth?
Question64: A company with multiple accounts is currently using a configuration that does not meet the following security governance policies* Prevent ingress from port 22 to any Amazon EC2 instance* Require billing and application tags for resources* Encrypt all Amazon EBS volumesA Solutions Architect wants to provide preventive and detective controls including notifications about a specific resource, if there are policy deviations.Which solution should the Solutions Architect implement?
Question65: A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint The Solutions Architect wants an end-to-end view of each request to analyze the latency of the request and create service maps How can the Solutions Architect design the API Gateway access control and perform request inspections?
Question66: A media storage application uploads user photos to Amazon S3 for processing. End users are reporting that some uploaded photos are not being processed properly. The Application Developers trace the logs and find that AWS Lambda is experiencing execution issues when thousands of users are on the system simultaneously.Issues are caused by:Limits around concurrent executions.The performance of Amazon DynamoDB when saving data.Which actions can be taken to increase the performance and reliability of the application? (Choose two.)
Question67: AnyCompany has acquired numerous companies over the past few years. The CIO for AnyCompany would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses.The Solutions Architect is tasked with designing an AWS architecture that allows AnyCompany to achieve the following:Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses.AnyCompany can pay for AWS services for all its companies through a single invoice.Developers in each acquired company have access to resources in their company only.Developers in an acquired company should not be able to affect resources in their company only.A single identity store is used to authenticate Developers across all companies.Which of the following approaches would meet these requirements? (Choose two.)
Question68: A company has an application behind a load balancer with enough Amazon EC2 instances to satisfy peak demand. Scripts and third-party deployment solutions are used to configure EC2 instances when demand increases or an instance fails. The team must periodically evaluate the utilization of the instance types to ensure that the correct sizes are deployed.How can this workload be optimized to meet these requirements?
Question69: A company needs to move its on-premises resources to AWS. The current environment consists of 100 virtual machines (VMs) with a total of 40 TB of storage. Most of the VMs can be taken offline because they support functions during business hours only; however, some are mission critical, so downtime must be minimized.The administrator of the on-premises network provisioned 10 Mbps of internet bandwidth for the migration.The on-premises network throughput has reached capacity and would be costly to increase. A solutions architect must design a migration solution that can be performed within the next 3 months.Which method would fulfill these requirements?
Question70: A company is using AWS CloudFormation as its deployment tool for all application. It stages all application binaries and templates within Amazon S3 bucket with versioning enable Developers have access to an Amazon EC2 instance that hosts the integrated development (IDE). The developers download the application binaries from Amazon S3 to the EC2 instance, make changes, and upload the binaries to an S3 bucket after running the unit locally. The developers want to improve the existing deployment mechanism and implement Ci/CD using AWS CodePipeline.The developers have the following requirements:Use AWS CodeCommit for source controlAutomate unit testing and security scanning.Alert the developers when unit tests failTurn application features on and off, and customize deployment dynamically as part of Ci/CD.Have the lead developer provide approval before deploying an application.Which solution will meet these requirements?
Question71: A company collects a steady stream of 10 million data records from 100,000 sources each day. These records are written to an Amazon RDS MySQL DB. A query must produce the daily average of a data source over the past 30 days. There are twice as many reads as writes. Queries to the collected data are for one source ID at a time.How can the Solutions Architect improve the reliability and cost effectiveness of this solution?
Question72: A company operating a website on AWS requires high levels of scalability, availability and performance. The company is running a Ruby on Rails application on Amazon EC2. It has a data tier on MySQL 5.6 on Amazon EC2 using 16 TB of Amazon EBS storage. Amazon CloudFront is used to cache application content. The Operations team is reporting continuous and unexpected growth of EBS volumes assigned to the MySQL database. The Solutions Architect has been asked to design a highly scalable, highly available, and high-performing solution.Which solution is the MOST cost-effective at scale?
Question73: A company has several Amazon EC2 instates to both public and private subnets within a VPC that is not connected to the corporate network. A security group associated with the EC2 instances allows the company to use the Windows remote desktop protocol (RDP) over the internet to access the instances. The security team has noticed connection attempts from unknown sources. The company wants to implement a more secure solution to access the EC2 instances.Which strategy should a solutions architect implement?
Question74: A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company's internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period.What is the LEAST complex method of migrating the database securely and reliably?
Question75: An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services46 account in each organizational unit (OU) that will be used by procurement managers. The procurement team's policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Market procurement managers. Other IAM users, groups, roles, and account administrators in the company should be denied Private Marketplace administrative access.What is the MOST efficient way to design an architecture to meet these requirements?
Question76: A Solutions Architect is designing the storage layer for a data warehousing application. The data files are large, but they have statically placed metadata at the beginning of each file that describes the size and placement of the file's index. The data files are read in by a fleet of Amazon EC2 instances that store the index size, index location, and other category information about the data file in a database. That database is used by Amazon EMR to group files together for deeper analysis.What would be the MOST cost-effective, high availability storage solution for this workflow?
Question77: A bank is designing an online customer service portal where customers can chat with customer service agents.The portal is required to maintain a 15-minute RPO or RTO in case of a regional disaster. Banking regulations require that all customer service chat transcripts must be preserved on durable storage for at least 7 years, chat conversations must be encrypted in-flight, and transcripts must be encrypted at rest. The Data Lost Prevention team requires that data at rest must be encrypted using a key that the team controls, rotates, and revokes.Which design meets these requirements?
Question78: A company has a website that enables users to upload videos Company policy states the uploaded videos must be analyzed for restricted content An uploaded video is placed in Amazon S3, and a message is pushed to an Amazon SQS queue with the video's location A backend application pulls this location from Amazon SQS and analyzes the video The video analysis is compute-intensive and occurs sporadically during the day The website scales with demand The video analysis application runs on a fixed number of instances Peak demand occurs during the holidays, so the company must add instances to the application during this time All instances used are currently on-demand Amazon EC2 T2 instances The company wants to reduce the cost of the current solution.Which of the following solutions is MOST cost-effective?
Question79: A company is adding a new approved external vendor that only supports IPv6 connectivity. The company's backend systems sit in the private subnet of an Amazon VPC. The company uses a NAT gateway to allow these systems to communicate with external vendors over IPv4. Company policy requires systems that communicate with external vendors use a security group that limits access to only approved external vendors.The virtual private cloud (VPC) uses the default network ACL.The Systems Operator successfully assigns IPv6 addresses to each of the backend systems. The Systems Operator also updates the outbound security group to include the IPv6 CIDR of the external vendor (destination). The systems within the VPC are able to ping one another successfully over IPv6. However, these systems are unable to communicate with the external vendor.What changes are required to enable communication with the external vendor?
Question80: A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances m the us-east-1 Region. Artists upload photos of their work as large-size, high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region The users in Europe are reporting slow performance for their image uploads.How can a solutions architect improve the performance of the image upload process?
Question81: A company had a tight deadline to migrate its on-premises environment to AWS. It moved over Microsoft SQL Servers and Microsoft Windows Servers using the virtual machine import/export service and rebuild other applications native to the cloud. The team created both Amazon EC2 databases and used Amazon RDS.Each team in the company was responsible for migrating their applications, and they have created individual accounts for isolation of resources. The company did not have much time to consider costs, but now it would like suggestions on reducing its AWS spend.Which steps should a Solutions Architect take to reduce costs?
Question82: A Solutions Architect is building a containerized NET Core application that will run in AWS Fargate The backend of the application requires Microsoft SQL Server with high availability All tiers of the application must be highly available The credentials used for the connection string to SQL Server should not be stored on disk within the .NET Core front-end containers.Which strategies should the Solutions Architect use to meet these requirements'?
Question83: A company is implementing a multi-account strategy; however, the Management team has expressed concerns that services like DNS may become overly complex. The company needs a solution that allows private DNS to be shared among virtual private clouds (VPCs) in different accounts. The company will have approximately 50 accounts in total.What solution would create the LEAST complex DNS architecture and ensure that each VPC can resolve all AWS resources?
Question84: A company is migrating its three-tier web application from on-premises to the AWS Cloud. The company has the following requirements for the migration process* Ingest machine images from the on-premises environment* Synchronize changes from the on-premises environment to the AWS environment until the production cutover* Minimize downtime when executing the production cutover* Migrate the virtual machines' root volumes and data volumesWhich solution will satisfy these requirements with minimal operational overhead?
Question85: An advisory firm is creating a secure data analytics solution for its regulated financial services users Users will upload their raw data to an Amazon 53 bucket, where they have PutObject permissions only Data will be analyzed by applications running on an Amazon EMR cluster launched in a VPC The firm requires that the environment be isolated from the internet All data at rest must be encrypted using keys controlled by the firm Which combination of actions should the Solutions Architect take to meet the user's security requirements?(Select TWO )
Question86: A company is manually deploying its application to production and wants to move to a more mature deployment pattern. The company has asked a solutions architect to design a solution that leverages its current Chef tools and knowledge The application must be deployed to a staging environment for testing and verification before being deployed to production Any new deployment must be rolled back in 5 minutes if errors are discovered after a deployment Which AWS service and deployment pattern should the solutions architect use to meet these requirements?
Question87: An organization has a write-intensive mobile application that uses Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. The application has scaled well, however, costs have increased exponentially because of higher than anticipated Lambda costs. The application's use is unpredictable, but there has been a steady 20% increase in utilization every month.While monitoring the current Lambda functions, the Solutions Architect notices that the execution-time averages 4.5 minutes. Most of the wait time is the result of a high-latency network call to a 3-TB MySQL database server that is on-premises. A VPN is used to connect to the VPC, so the Lambda functions have been configured with a five-minute timeout.How can the Solutions Architect reduce the cost of the current architecture?
Question88: A development team has created a series of AWS CloudFormation templates to help deploy services. They created a template for a network/virtual private (VPC) stack, a database stack, a bastion host stack, and a web application-specific stack. Each service requires the deployment of at least:Each template has multiple input parameters that make it difficult to deploy the services individually from the AWS CloudFormation console. The input parameters from one stack are typically outputs from other stacks.For example, the VPC ID, subnet IDs, and security groups from the network stack may need to be used in the application stack or database stack.Which actions will help reduce the operational burden and the number of parameters passed into a service deployment? (Choose two.)
Question89: A company receives clickstream data files to Amazon S3 every five minutes. A Python script runs as a cron job once a day on an Amazon EC2 instance to process each file and load it into a database hosted on Amazon RDS. The cron job takes 15 to 30 minutes to process 24 hours of data. The data consumers ask for the data be available as soon as possible.Which solution would accomplish the desired outcome?
Question90: A company wants to change its internal cloud billing strategy for each of its business units Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations to manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application environment and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on its cloud spending. The solution should also send notifications for any cloud spending that exceeds a set threshold Which solution is the MOST cost-effective way to meet these requirements?
Question91: During a security audit of a Service team's application a Solutions Architect discovers that a username and password tor an Amazon RDS database and a set of AWSIAM user credentials can be viewed in the AWS Lambda function code. The Lambda function uses the username and password to run queries on the database and it uses the I AM credentials to call AWS services in a separate management account.The Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code The management account and the Service team's account are in separate AWS Organizations organizational units (OUs) Which combination of changes should the Solutions Architect make to improve the solution's security? (Select TWO)
Question92: A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.Which of the following actions should the Solutions Architect consider to improve performance? (Choose two.)
Question93: A company had a tight deadline to migrate its on-premises environment to AWS. It moved over Microsoft SQL Servers and Microsoft Windows Servers using the virtual machine import/export service and rebuild other applications native to the cloud. The team created both Amazon EC2 databases and used Amazon RDS.Each team in the company was responsible for migrating their applications, and they have created individual accounts for isolation of resources. The company did not have much time to consider costs, but now it would like suggestions on reducing its AWS spend.Which steps should a Solutions Architect take to reduce costs?
Question94: The Security team needs to provide a team of interns with an AWS environment so they can build the serverless video transcoding application. The project will use Amazon S3, AWS Lambda, Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and Amazon Elastic Transcoder.The interns should be able to create and configure the necessary resources, but they may not have access to create or modify AWS IAM roles. The Solutions Architect creates a policy and attaches it to the interns' group.How should the Security team configure the environment to ensure that the interns are self-sufficient?