Notes: Hi all, AWS Solutions Architect Associate Practice Exam will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics.
We highly recommend you should take AWS Solutions Architect Associate Guarantee Part because it include real questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
Audio Version On Our Youtube Channel:
1. A client application requires operating system privileges on a relational database server.What an appropriate configuration for a highly available database architecture?
- A standalone Amazon EC2 instance
- Amazon RDS in a Multi-AZ configuration
- Amazon EC2 instances in a replication configuration utilizing a single Availability zone
- Amazon EC2 instances in a replication configuration utilizing two different Availability zone
Ans : D
2. You have been tasked with choosing a datastore to persist GPS coordinates for a new app.The service needs consistent,single-digit-millisecond latency at any scale.Which AWS service meets your requirements?
- Amazon Redshift
- Amazon DynamoDB
- Amazon S3
- Amazon RDS
ANS: B
3. Your company IT policy prohibits employees from handling application credentials.Any credentials must be rotated least monthly. You plan to deploy a new application on Amazon EC2 instances in an Auto Scaling group within a VPC.The application must access objects within an Amazon S3 bucket.The application will leverage an Amazon SDK.Which approach meets these requirements?
- Have the application call AWS STS to obtain temporary credentials that have access privileges to the Amazon S3 bucket
- Configure the application to retrieve temporary credentials from the Amazon-provided server at 169.254.169.253
- Launch the Amazon EC2 instances with an IAM role that has access privileges to the amazon S3 bucket
- Configure an Amazon S3 bucket policy that grants the application access to the Amazon S3 bucket
Ans: C
4. A company has configured and peered two VPC-1 and VPC-2.VPC-1 contains only private subnets,and VPC-2 CONTAINS only public subnets.The company uses a single AWS Direct Connect connection and private virtual interface to connect their on premises network with VPC-1.Which two methods increases the fault tolerance of the connection to VPC-1?(2 TWO)
- Establish a hardware VPN over the Internet between VPC-2 and the on-premises network
- Establish a hardware VPN over the Internet between VPC-1 and the on-premises network
- Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2
- Establish a new AWS Direct Connect connection and private virtual interface IN A DIFFERENT AWS region than VPC-1
- Establish a new AWS Direct Connect connection and and private virtual interface IN the same AWS region as VPC-1
Ans: B,E
5. Which of the following requires a custom CloudWatch metric to monitor?
- Memory Utilization of an EC2 instance
- CPU Utilization of an EC2 instance
- Disk usage activity of an EC2 instance
- Data transfer of an EC2 instance
Ans: A
6. An application on an Amazon EC2 instance routinely stops responding to requests and requires a reboot to recover.The application logs are already exported into Amazon CloudWatch,and you notice that the problem consistently follows the appearance of a specific message in the log.The application team is working to address the bug,but has not provided a date for the fix.What work around can you implement to automate recovery of the instance until the fix is deployed?
- Create an Amazon CloudWatch alarm on an Amazon CloudWatch Logs filter for that message;based on that alarm,trigger an Amazon CloudWatch action to reboot the instance
- Create an AWS CloudTrail alarm on low CPU;based on that alarm,trigger an Amazon SNS message to the Operations team
- Create an Amazon CloudWatch alarm on instance memory usage;based on that alarm,trigger an Amazon CloudWatch action to reboot the instance
- Create an AWS CloudTrail alarm to detect the deadlock,based on the alarm,trigger an Amazon SNS message to the Operations team
Ans: A
7. When creation of an EBS snapshot is initiated,but not completed,the EBS volume
- Cannot be used until the snapshot completes
- Can be used in read-only mode while the snapshot is in progress
- Can be used while the snapshot is in progress
- Cannot be detached or attached to an EC2 instance until the snapshot completes
Ans: C
8. Your company’s IT policies mandate that all critical data must be duplicated in two physical locations at least 200 miles apart.Which storage option meets this requirement?
- Two Amazon S3 buckets in different regions
- One Amazon S3 bucket
- Two Amazon S3 buckets in the same region
Ans: B
9. You are designing a high performance computing(HPC) cluster.You will launch 20 Amazon EC2 r3.2xlarge instances into a placement group.You need the highest packet-per-second performance and lowest latency for your application. Which configuration should you use?
- Enable enhanced networking on all the Amazon EC2 instances
- Assign a minimum of two elastic network interfaces per Amazon EC2 Instance
- Launch the Amazon EC2 instance across multiple Availability Zones
- Enable EBS optimization on all the Amazon EC2 instances
Ans: A
10. Which services can invoke AWS Lambda functions(2)
- Amazon SNS
- Amazon Redshift
- Amazon Route53
- Amazon DynamoDB
- Elastic Load Balancing
Ans: A,D
11. Which of the following does AWS own under the shared security responsibility mode(select 3)
- Physical security of AWS data centers and facilities
- Logical security of customer SSH private key material
- Patching of Amazon Elastic Compute Cloud hypervisors
- Decommissioning storage devices at end of life
- Encryption of traffic within a virtual private cloud
- Access control within a virtual private cloud
Ans: A,C,D
12. Your organization needs to ingest a big data stream into their data lake on Amazon S3.The data may stream in at a rate of hundreds of megabytes per second.What AWS service will accomplish the goal with the least amount of management?
- Amazon Kinesis Firehose
- Amazon Kinesis Streams
- Amazon CloudFront
- Amazon SQS
Ans: A
13. You have a distributed application that periodically processes large volumes of data across multiple Amazon EC2 instances.The application is designed to recover gracefully from Amazon EC2 instance failures.You are required to accomplish this task in the most cost-effective way.Which of the following will meet your requirements?
- Spot Instances
- Reserved Instances
- Dedicated Instances
- On-Demand Instances
Ans: A
14. Your Amazon RDS MySQL DB instance runs on the largest available instance type.The DB instance runs at near capacity for CPU and network bandwith.You expect traffic to increase and are looking for ways you can continue to scale your database. Which strategies allow you to continue to scale and take on more traffic( select 2)
- Convert the DB instance to a Multi-AZ DEPLOYMENT:configure the app to send read-only calls to the standby
- Create an Amazon ElastiCache duster:configure the app to retrieve frequently accessed data and queries from the cache
- Create a cross-region read replica of the master database:configure the app to send read-only calls to the replica
- Create a read replica of the master database in another Availability Zone :configure the app to send read-only calls to the replica
- Create additional database accounts in the DB instance :configure the app servers to make calls using different account credentials
Ans: B,D
15. Which of the following are characteristics of a reserved instance?(select 3)
- It CAN BE USED to lower Total Cost of Ownership (TCO) of a system
- It can be modified for reservation in another region
- It is specific to an Amazon Machine Image(AMI)
- Its is specific to an Instance Type
- It CAN BE applied to instances launched by Auto Scaling
- It can be cancelled after it is purchased
Ans: A,D.E
16. Which security functions are based on AWS STS?(Select 2)
- Granting cross-account access with IAM roles
- Adding conditions to managed policies
- Authenticating IAM user by using access keys
- Assigning managed policies to IAM GROUPS
Ans: A,C
17. You are trying to use SSH to connect from your laptop an Amazon EC2 instance over the Internet.You cannot establish a connection
- The security group does not allow any outbound TCP traffic to your laptop IP address
- There is no security group and no network ACL associated with the Amazon EC2 instance
- The network ACL is set to deny all outbound TCP traffic to your laptop IP address
- The IAM access key on your laptop does not have console access to the Amazon EC2 instance
Ans : C
18. Your company has separate AWS account for development and production.Each developer is assigned an IAM user in the development account.Developers occasionally need to access the production account to roll out changes to that environment.Your company does not allow the creation of IAM users in the production account?
- Create an IAM role in the development account .Allow IAM Users in the development account to assume the role
- Create an IAM group in the production account Grant IAM users in the development account membership in the group
- Create an IAM role in the production account Allow IAM users in the development account to assume the role
- Create an IAM group in the development account Grant IAM users in the development account membership in the group
Ans : C
19. Which of the following are characteristics of Amazon VPC subnets?(select 2)
- Each subnet spans at least 2 Availability Zones to provide a high-availability environment
- Each subnet maps to a single Availability Zone
- A CIDR block mask of /25 is the smallest range supported
- By default all subnets can route between each other,whether they are private or public
- Instances in a private subnet can communicate with the Internet only if they have an Elastic IP
Ans : B
20. A customer is leveraging Amazon Simple Storage Service in eu-west-1 to store static content for a web-based property.The customer is storing objects using the Standard Storage class.Where are the customer’s objects replicated?
- A single facility in eu-west-1 and a single facility in eu-central-1
- A single facility in eu-west-1 and a single facility in us-east-1
- Multiple facilities in eu-west-1
- A single facility in eu-west-1
Ans : C
21. You have been asked to design a fault-tolerant and scalable web application across three Availability zones.The presentation logic will reside on web servers behind an ELB classic Load Balancer,and the application logic will reside on a set of app servers behind a second load balancer.How should you use Auto Scaling groups?
- Deploy one auto scaling group that includes all the web and app servers across all availability zones
- Deploy three auto scaling group:one for each availability zone that includes both web and app servers
- Deploy two auto scaling groups:one for the web servers in all availability zones and one for the app servers in all availability zones
- Deploy six auto scaling groups:a web server group in each availability zone and an app server group in each availability zone
Ans : C
22. You are launching an application in an Auto Scaling group.TO store the user session state,you need structured storage,service with durability and low latency.Which service meets your needs?
- Amazon elasticache
- Amazon s3
- Amazon ec2 instance storage
- Amazon dynamodb
Ans : A
23. You have an application running on an Amazon ec2 instance that uploads 4-gb video objects to amazon s3.Video uploads are taking longer than expected,resulting in poor application performance.Which action can help improve the upload performance?
- Apply an amazon s3 bucket policy
- Use amazon ebs provisioned IOPS
- Use amazon s3 multipart upload
- Request a service limit increase
Ans : C
24. After creating a new IAM user which of the following must be done before they can successfully make API calls?
- Add a password to the user
- Enable multi-factor authentication for the user
- Assign a password policy to the user
- Create a set of access keys for the user
Ans : D
25. You’ve been tasked with choosing a datastore to persist GPS coordinates for a new app.The service needs consistent,single-digit-millisecond latency at any scale.In order to support future growth,the datastore must also support cross-region replication.Which AWS service meets your requirements?
- Amazon redshift
- Amazon dynamodb
- Amazon s3
- Amazon rds
Ans : B
26. Your company runs an application that generates several thousand 1-gb reports a month.Approximately 10% of these reports will be accessed once during the first 30 days and must be available on demand.After 30 days,reports are no longer accessed as a part of normal business processes but must be retained for compliance reasons.Which architecture would meets these requirements with the lowest cost?
- Upload the reports to amazon s3 standard storage class.Set a lifecycle configuration on the bucket to transition the reports to Amazon Glacier after 30 days
- Upload the reports to amazon s3 standard-infrequent access storage class.Set a lifecycle configuration on the bucket to transition the reports to Amazon glacier after 30 days
- Upload the reports to amazon glacier.When reports are requested,copy them to amazon s3 standard storage class for access.Delete the copied reports after they have been viewed
- Upload the reports to amazon s3 standard-infrequent access storage class.When reports are requested,copy them to amazon s3 standard storage class for access.Delete the copied reports after they have been viewed
Ans : A
27. You are designing a scalable web application with stateless web servers.Which service or feature is well suited to store user session information?
- Amazon ebs
- Amazon dynamodb
- Amazon ec2 instance store
- Amazon sqs
Ans : B
28. A company has a workflow that uploads video files from their data center to AWS for transcoding.They use Amazon EC2 worker instances that pull transcoding jobs from SQS.Why is SQS an appropriate service for this scenario?
- SQS can accommodate message payloads of any size XX
- SQS check the health of the worker instances
- SQS synchronously provides transcoding output
- SQS decouples the transcoding task from the upload
Ans : D
https://aws.amazon.com/sqs/faqs/
29. Which of the following services natively encrypts data at rest within an AWS region(select 2)
- AWS storage gateway
- Amazon dynamodb
- Amazon cloudfront
- Amazon glacier
- Amazon simple queue service
Ans : A,D
30.Per the AWS Acceptable Use Policy,penetration testing of EC2 instances:
- May be performed by the customer on their own instances,only if performed from EC2 instances
- May be performed by AWS,and is periodically performed by AWS
- May be performed by AWS,and will be performed by AWS upon customer request
- Are expressly prohibited under all circumstances
- May be performed by the customer on their own instances with prior authorization from AWS
Ans : E
31. You have a CloudFront distribution configured with the following path patterns:
a)static1/* -> an s3 bucket in us-east-1
b)* -> an ELB in us-east-1
c)static2/* -> an S3 bucket in us-west-2
When users request objects that start with ‘static2/’.they are receiving 404 response codes..What might be the problem ?
- CloudFront distributions cannot have origins in different AWS Regions
- CloudFront distributions cannot have multiple different origin types
- The ‘*’path pattern must appear after the ‘static2/*’ path.
- The ‘*’path pattern must appear before ‘static1/*’ path.
Ans : C
32. You are running a mobile media application and are considering API Gateway for the client entry point.What benefits would this provide?(Select TWO)
- Caching API responses
- IP blacklisting
- Intrusion prevention
- Load balancing
- Throttling traffic
Ans : C,E
33. You have been asked to architect a life system for user’s home directories. The solution must be accessible simultaneously to individuals across an organization. Users and groups must have permissions defined at the file or directory level.What AWS service can meet all of these requirements ?
- Amazon ebs
- Amazon s3
- Amazon EFS
- Amazon dynamodb
Ans : C
34. Your Auto Scaling group is configured to launch one new Amazon EC2 instance if the overall CPU load exceeds 65% over a five-minute interval. Occasionally, the Auto Scaling group launches a second Amazon EC2 instance before the first is operational. The second instance is not required and introduces needless compute costs.How can you prevent the Auto Scaling group from launching the second instance?
- Configure a lifecycle hook for your Auto Scaling group
- Add a scaling-specific cooldown period to the scaling policy
- Adjust the CPU threshold that triggers a scaling action
- Attach a new launch configuration to the Auto Scaling group
Ans : B
35. You’re building an API backend available at services.your company.com.The API is implemented with API Gateway and Lambda.You successfully tested the API curl.You implemented javaScript to call the API from a webpage on your corporate website www.yourcompany.com .When you access that page in your browser,you get the following error:“The same origin policy disallows reading the remote resource”How can you allow your corporate webpages to invoke the API ?
- Add a policy.xss file to your website
- Add a Policy:xss header to the API request
- Enable CORS in the API Gateway
- Enable CORS in the Javascript frontend
Ans : C
35. You have a Cassandra cluster running in private subnets in an Amazon VPC.A new application in a different Amazon VPC needs access to the database.How can the new application access the database?
- Set up a dual-homed instance with ENIs in both Amazon VPCs
- Set up a VPC peering connection between the two Amazon VPCs
- Set up a NAT Gateway in the database’s Amazon VPC
- Set up a NAT Gateway in the application’s Amazon VPC
Ans : B
36. A company is preparing to give AWS Management Console access to developers. Company policy mandates identity federation and role-based access control .Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console?(Select TWO)
- AWS Directory Service AD Connector
- AWS Directory Service Simple AD
- AWS Identity and Access Management groups
- AWS Identity and Access Management roles
- AWS Identity and Access Management users
Ans : A,D
37. A client application requires operating system privileges on relational database server.What is an appropriate configuration for a highly available database architecture?
- A standalone Amazon EC2 instance
- Amazon RDS in a Multi-AZ configuration
- Amazon EC2 instances in a replication configuration utilizing a single Availability Zone
- Amazon EC2 instances in a replication configuration utilizing two different Availability Zones
Ans : D
38. You need to pass a custom script to new Amazon Linux instances created in your Auto Scaling group.Which feature allows you to accomplish this?
- User data
- EC2Config service
- IAM roles
- AWS Config
Ans : A
39. An Auto-Scaling group spans 3 AZs and currently has 4 running EC2 instances.When Auto Scaling needs to terminate an EC2 instance,by default AutoScaling will: (Select 2)
- Terminate the instance with the least active network connections.If multiple instances meet this criterion one will be randomly selected
- Terminate an instance in the AZ which currently has 2 running EC2 instances
- Send an SNS notification if configured to do so
- Randomly select one of the 3 AZs,and then terminate an instance in that AZ
- Allow at least five minutes for Windows/Linux shutdown scripts to complete before terminating the instance
Ans : B,C
40. Which of the following notification endpoints or clients are supported by Amazon Simple Notification Service?(select two)
- CloudFront distribution
- File Transfer Protocol
- Simple Network Management Protocol
Ans : A,D
41. Your application currently stores data on an unencrypted EBS volume.A new security policy mandates that all data must be encrypted at rest How can you encrypt the data?
- Create a snapshot of the volume.Create a new,encrypted volume from the snapshot.Replace the volume
- Stop the instance.Detach the volume.Modify the EBS settings to encrypt the volume.Reattach the volume.Start the instance
- Create a snapshot of the volume.Make an encrypted copy of the snapshot.Create a new volume from the new snapshot.Replace the volume
- Modify the EBS settings to encrypt the volume.You do need to detach the volume or stop the instance
Ans : C
42. You are running a web application with four Amazon EC2 instances across two Availability Zones.The instances are in an Auto Scaling group behind an ELB Classic Load Balancer.A scaling event adds one instance to the group.After the event,you notice that,although all instances are serving traffic,some instances are serving more traffic than others.Which of the following could be the problem?
- Cross-zone load balancing is not configured on the ELB Classic Load Balancer
- Access logs are not enabled on the ELB Classic Load Balancer
- A SSL/TLS certificate has not been deployed on the ELB Classic Load Balancer
- Sticky bits is not enabled on the ELB Classic Load Balancer
Ans : A
43. Which of the following are true regarding encrypted Amazon Elastic Block Store(EBS) volumes?(Select 2)
- Supported on all Amazon EBS volume types
- Snapshots are automatically encrypted
- Available to all instance types
- Existing volumes can be encrypted
- Shared volumes can be encrypted
Ans : A,B
44. Your security team requires each Amazon ECS task to have an IAM policy that limits the task’s privileges to only those required for its use of AWS services.How can you achieve this?
- Use IAM roles for Amazon ECS tasks to associate a specific IAM role with each ECS task definition
- Use IAM roles on the Amazon ECS container instances to associate IAM role with each ECS task on that instance
- Connect to each running amazon ECS container instance and add discrete credentials
- Reboot each Amazon ECS task programmatically to generate new instance metadata for each task
Ans : A
45. You have created an API powered by API gateway and AWS Lambda.Because of a new feature release,you expect traffic volume on your API to increase 10-fold
Which configuration should you use?
- Use a multiple copies of the Lambda function,each with API Gateway as the trigger.You are changed per request not per function
- Use one Lambda function with API Gateway as the trigger.AWS Lambda will allocate capacity to match the rate of incoming events
- Use one Lambda function with API Gateway as the trigger.Increase the amount of memory configured for the Lambda function
- Use multiple API Gateway endpoints,each triggering a Lambda function
Ans : B
46. You bid $0.22 for an Amazon EC2 Spot Instance when the market price was $0.20.For 90 minutes,the market price remained at $0.20.Then the market price changed to $0.25,and your instance was terminated by AWS What was your cost of running the instance for the entire duration?
- $0.47
- $0.20
- $0.40
- $0.22
Ans : D
46. A company is building software on AWS that requires access to various AWS services.Which configuration should be used to ensure that AWS credentials (i.e,Access Key ID/Secret Access Key combination) are not compromised
- Enable Multi-Factor Authentication for your AWS root account XX
- Assign an IAM role to the Amazon EC2 instance
- Store the AWS Access Key ID/Secret Access Key combination in software comments XX
- Assign an IAM user to the Amazon EC2 instance XX
Ans : B
47. Your application provides data transformation services.Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances.File submitted by your premium customers must be transformed with the highest priority.How should you implement such a system?
- Use a single SQS queue.Each message contains the priority level.Transformation instances poll high-priority messages first
- Use two SQS queues,one for high priority messages,the other for default priority.Transformation instances first poll the high priority queue;if there is no message,they poll the default priority queue
- Use a DynamoDB table with an attribute defining the priority level.Transformation instances will scan the table for tasks.sorting the results by priority level
- Use router 53 latency based-routing to send high priority tasks to the closest transformation instances.
Ans : B
48. You have been asked to design a NAT solution for your company ‘s VPC-based web application .Traffic from the private subnets varies throughout the day from 500Mbps to spikes of 7 Gbps What is the most cost-effective and scalable solution?
- More the Internet gateway for the VPC to a public subnet route all Internet traffic through the Internet gateway XX
- Create an Amazon EC2 NAT instance with a second elastic network interface (ENI) in a public subnet:route all private subnet Internet traffic through the NAT gateway
- Create a NAT gateway in a public subnet route all private subnet Internet traffic through the NAT gateway
- Create an Auto Scaling group of Amazon EC2 NAT instances in a public subnet;route all private subnet Internet traffic through the NAT XX
Ans : C
49. A customer’s security team requires the logging of all network access attempts to Amazon EC2 instances in their production VPC on AWS Which configuration will meet the security team’s requirement?
- Enable CloudTrail for the production VPC
- Enable VPC Flow Logs for the production VPC
- Enable both CloudTrail and VPC Flow Logs for the production VPC
- Enable both CloudTrail and VPC Flow Logs for the AWS account
Ans : B
50. Which AWS services are valid origins for an Amazon CloudFront distribution?(Select 2)
- Amazon RDS
- ELB Classic Load Balancer
- Amazon S3
- Amazon DynamoDB
- Amazon Glacier
Ans : B,C
51. You are running a Customer Relationship Management application and want to minimize costs.You need 400GB of disk space and 1000 IOPS,but occasionally up to 2000 IOPS Which EBS volume types should you choose?
- General Purpose SSD
- Provisioned IOPS SSD with 1000 IOPS
- Provisioned IOPS SSD with 2000 IOPS
- Throughput-Optimized HDD
Ans : A
52. A company is designing a hybrid IT architecture and requires a private connection between an on-premises data center and their virtual private cloud(VPC).Which of the following would enable the company to achieve this ?(Select 2)
- AWS Data Pipeline
- ClassicLink
- AWS Direct Connect
- Amazon Route53
- VPN connection
==========================================================================================
New practice questions were updated on 20 August 2019.
- A company is using AWS Key Management Service(KMS) to secure. They has recommended that the company log all use of their AWS KMS keys. What is the SIMPLEST solution?
- Associate AWS KMS metrics with Amazon Cloudwatch
- Use AWS Cloudtrail to log AWS KMS key usage.
- Deploy a monitoring agent o the RDS instances.
- Poll AWS KMS periodically with a scheduled job.
2. What is the solutions for managed VPN connections? How to monitor the VPN connection up or down , the architect should use ?
- An external service to ping the VPN endpoint from outside the VPC.
- AWS CloudTrail to monitor the endpoint.
- The CloudWatch TunnelState Metric.
- An AWS Lambda function that parses the VPN connection logs.
3. Your company has plan to migrate their 20TB video archive to AWS. The files are rarely accessed but sometime they would like to access and a 3 to 5 hour retrieval time frame is accesptable. However when there is a breakup the editors require access to archived footage within minutes. Which storage solution meets the needs of this organization while providing the LOWEST cost of storage?
- Store the archive in Amazon S3 Reduced Redundancy Storage.
- Store the archive in Amazon Glacier and use standard retrieval for all content.
- Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed.
- Store the archive in Amazon S3 with a life cycle policy to move this to S3 infrequent access after 30 days.
4. You are creating a new online transaction processing ( OLTP) application for a small database that is very read. A single table in the database is updated continuous through out the day, and the delivery at the database performance is consistent. Which Amazon EBS storage option will archieve the MOST consistent performance to help maintain the performance?
- Provisioned IOP SSD
- General purpose SSD
- Cold HDD
- ThroughtputOptimized HDD.
5. An Administrator is hosting an application on a single Amazon EC2 instance, which user can access by the public host name. The administrator is adding a second instance, but does not want users to have to decide between many public host names. Which AWS service will decouple the users from specific Amazon EC2 instances?
- Amazon SQS
- Auto Scaling Group
- Amazon EC2 security Group
- Amazon ELB
6. A solutions architect is designing a highly-available website that is served by multiple web servers hosted outside AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation. What is the MOST efficient way to fulfill this requirement?
- A.Use Amazon CloudWatch to monitor utilization
- Use Amazon API Gateway to monitor availability
- Use an Amazon ElasticLoadBalancer
- Use Amazon Route 53 health checks.
7. An application tier currently hosts two web services on the same set of instances, listening on different ports. Which AWS service should a solutions architect use to route traffic to the service based on the in comming request.
- AWS Application Load Balancer
- Amazon Cloudfront
- Amazon Route 53
- AWS Classic Load Balancer
8. An application is running on an Amazon EC2 instance in a private sub net. The application needs to read and write data on to Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet. How can these requirements be met?
- Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the Nat gateway.
- Configure a gateway VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.
- Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the interface VPC endpoint.
- Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.
9. An organization stores customer files and must frequently increase the size of its on-premises storage system to enable quick access and archiving. The organization needs an AWS solution. How can this requirement be met at the lowest cost?
- Use Amazon Glacier for regular storage and Amazon S3 for archiving data.
- Use Amazon S3 for regular storage and Amazon Glacier for archiving data.
- Use Amazon EBS for regular storage and Amazon S3 for archiving data.
- Use Amazon EBS for archiving data and Amazon Glacier for regular storage.
10. A startup company is building an application to track the high scores for a popular video game. Their Solution Architect tasked with designing a solution to allow real-time processing of scores from millions of players worldwide.
Which AWS service should the Architect use to provide reliable data ingestion from the video game into the datastore?
- AWS Data Pipeline
- Amazon Kinesis Firehose
- Amazon DynamoDB Streams
- Amazon Elasticsearch Service
- A development team is building an application with front-end and backend application tiers. Each tier consist of Amazon EC2 instances behind an ELB Classic Load Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale. What should the VPC subnet design be in each Availability Zone ?
- One public subnet for the lad balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier.
- One shared public subnet for all tiers of the application.
- One public subnet for the load balancer tier and one shared private subnet for the application tiers.
- One shared private subnet for all tiers of the application.
12.Your company deploy a simple API for their website that receives about 1000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance. Which changes to the architecture will provide high availability at the LOWEST cost?
- Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an Application Load Balancer to balance the traffic.
- Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.
- Create an Auto Scaling group with a minimum and a maximum of low instances, then use an Allication Load Balancer to balance the traffic.
- Recreate the API using Amazon API Gateway and integrate the new API with the existing backend service.
- A Company is developing several critical long-running applications hosted on Docker. How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS ?
- Use Amazon ECS and Service Auto Scaling.
- Use Spot Instances for orchestration and for scaling containers on existing Amazon EC2 Instances.
- Use AWS Opsworks to launch containers in new Amazon EC2 Instances.
- Use Auto Scaling groups to launch containers on existing Amazon EC2 Instances.
- A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three –tier web application hosted in an on-premises datacenter.
Which solution allows rapid provision of a working, fully-scaled production environment?
- Continuously replicate the production database server to Amazon RDS. Use AWS Cloudformation to deploy the application and any additional servers if necessary.
- Continously replicate the production database server to Amazon RDS. Create one application load balancer and register on-premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down.
- Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy.
- Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.
- A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralization document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamic and able to serve up to 100 concurrent EC2 instances. Which solution meets these requirements?
- Create an Amazon S3 bucket and store all of the documents in this bucket.
- Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s).
- Use Amazon Glacier to store all of the documents.
- Create an Amazon Elastic File System ( Amazon EFS ) to store and share the documents.
- A solution architect is designing new social media application. The application must provide a secure method uploading profile photos. Each user should be able to upload a profile photo into a shared storage location after profile is created. Which approach will meet all of these requirements?
- Use Amazon Kinesis with AWS Cloudtrail for auditing the specific times when profile photos are uploaded.
- Use Amazon EBS volumes with IAM policies restricting user access to specific time periods.
- Use Amazon S3 with the default private access policy and generate pre-signed URLs each time a new site is created.
- Use Amazon Cloudfront with AWS CloudTrail for auditing the specific times when profile photos are uploaded.
- A solution architect is creating a new relational database. The compliance will use the database and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect use?
- Amazon Aurora
- Amazon RDS MySQL with Multi-AZ enabled.
- Amazon DynamoDB
- Amazon ElasticCache
- A solution Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follow:
– Limit access to users originating from the corporate network.
– Web servers cannot have SSH access directly from the internet.
– Web servers reside in a private subnet.
Which combination of steps must the Architect complete to meet these requirements? ( Select TWO)
- Create a bastion host that authenticates users againts the corporate directory.
- Create a bastion host with security group rules that only allow traffic from the corporate network.
- Attach an Iam role to the bastion host with relevant permissions.
- Configure the web servers security group to allow SSH traffic from a bastion host.
- Deny all SSH traffic from the corporate network in the inbound network ACL.
- A data analytics startup company asks a Solutions Architect to recommend an AWS data store option for indexed data. The data processing engine will generate and input more than 64 TB of processed data every day, with item sizes reaching up to 300KB. Thestart upis flexible with data storage models and is more interested in a database that requires minimal effort to scale with a growing dataset size.
Which AWS data store service should the Architect recommend?
- Amazon RDS
- Amazon Redshift
- Amazon DynamoDB
- Amazon S3
- An application is running on Amazon EC2 instances behind an Application Load Balancer. The Instances run in an auto scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that theopreationis fault-tolerant up to the loss of one Availability Zone.
Which is the MOST cost-efficient way to meet these requirements?
- Deploy two instances in each of three Availability Zones.
- Deploy two instances in each of two Availability Zones.
- Deploy four instanes in each of two Availability Zones.
- Deploy one instance in each of three Availability Zones.
- An organization runs an online voting system for a television program. During broadcast,hundred of thousands of votes are submitted within minutes and sent to a front-end fleet of auto-scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection request.
What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?
- Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process meassage information into the RDBMS database.
- As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances.
- Re-provision the RDBMS database with larger, memory-optimized instances. When voting end, re-provision the back-end database with smaller instances.
- Send votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.
- A company must ingest and aggregate advertising data in near real time. Thousands of records arrive each second. What service can meet this requirement ?
- AWS Data Pipeline
- Amazon KinesisData Streams.
- Amazon Redshift.
- Amazon S3.
23. A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading images through the web server will create too much traffic.
What is the MOST efficient to store images from a mobile application on Amazon S3?
- Upload directly to S3 using a pre-signed URL
- Upload to a second bucket, and have a Lambda event copy the image to the primary bucket.
- Upload to a separate Auto Scaling group of servers behind an ELB Classic Load Balancer, and have them write to the Amazon S3 bucket.
- Expand the web server fleet with Spot Instances to provide the resources to handle the images.
- A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-east-1 are also available in another bucket in ap-southeast-2
Which option represents the SIMPLEST way to implement this design ?
- Add an S3 lifecycle rule to move any new files from the bucket in us-east-1 to the bucket in ap-southeast-2
- Create a Lambda function to be triggered for every new file in us-east-1 that copies the file to the bucket in ap-southeast-2
- Use SNS to notify the bucket in ap-southeast-2 to create a file whenever a file is created in the bucket in us-east-1
- Enable versioning and configure cross-region replication from the bucket in us-east-1 to the bucket in ap-southeast-2
- Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A solutions architect wants to make sure that ApplicationA can make request to Application B, but Application B should be denied from making request to Application A. Which is the SIMPLEST solution to achieve this policy?
- Using security groups that reference the security groups of the other application.
- Using security groups that reference the application servers IP address.
- Using Network Access Control Lists to allow/deny traffic based on application IP address.
- Migrating the applications to separate subnets from each other.
- A workload consists of dowloading an image from an Amazon S3 bucket, processing the image, and moving it to another Amazon S3 Bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation. How should a Solutions Architect redesign the process so that it is highly available?
- Change the Amazon EC2 instance to compute optimized.
- Launch a second Amazon EC2 instance to monitor the health of the first
- Trigger a Lambda function when a new object is uploaded.
- Initially copy the images to an attached Amazon EBS volume.
- A company hosts a website on premises. The website has a mix of static and dynamic content but users experience latency when loading static files.
Which AWS service can help reduce latency?
- Amazon Cloudfront with on-premises servers as the origin.
- ELB Application Load Balancer.
- Amazon Route 53 latency-based routing.
- Amazon EFS to store and serve static files.
- A Solutions Architect has a two-tier blog application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone. Which additional services will improve the availability of the application ? ( Select TWO.)
- Auto Scaling Group
- AWS CLoudTrail
- ELB Classic Load Balancer
- Amazon Dynamo DB
- Amazon ElastiCache
- A Solutions Architect is designing an architecture for a mobile gaming application. The application is expected to be very popular. The Architect needs to prevent the Amazon RDS MySQL database from becoming a bottleneck due to frequently accessed queries. Which service or feature should the Architect add to prevent a bottleneck?
- Multi-AZ feature on the RDS MySQL database.
- ELB Classic Load Balancer in front of the web application tier.
- Amazon SQS in front of RDS MySQL database.
- Amazon ElastiCache in front of the RDS MySQL Database.
- A Solutions Architect is developing a solution for sharing files in an organization. The solution must allow multiple users to access the storage service at once from different virtual machines and scale automatically. It must also support file-level locking. Which storage service meets the requirements of this use case?
- Amazon S3
- Amazon EFS
- Amazon EBS
- Cached Volumes
- A client notices that their engineer often make mistakes when creating Amazon SQS queues for their backend system. Which action should a Solutions Architect recommend to improve this process?
- Use the AWS CLI to create queues using AWS IAM Access Keys.
- Write a script to create the Amazon SQS queue using AWS Lambda.
- Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues.
- Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.
- An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system.
Where should the data be stored?
- Amazon S3
- Amazon DynamoDB
- Amazon EFS
- Amazon EBS
- A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system. What security measure would satisfy these requirements?
- Store the AWS Access Key ID/Secret Access Key combination in software comments.
- Assign an IAM user to the Amazon EC2 Instance.
- Assign an IAM role to the Amazon EC2 instance.
- Enable multi-factor authentication for the AWS root account.
- A solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement?
- Default Amazon CloudWatch metrics.
- Custom Amazon CloudWatch metrics.
- Amazon Inspector resource monitoring.
- Detailed monitoring of Amazon EC2 instances.
- A solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required. What is the MOST cost-effective way to purchase compute for this platform?
- Scheduled Reserved Instances.
- Convertible Reserved Instances.
- Standard Reserved Instances.
- Spot Instances.
- A solutions Architect is designing an application that will encrypt all data in an Amazon redshift cluster. Which action will encrypt the data at rest?
- Place the Redshift cluster in a private subnet.
- Use the AWS KMS Default Customer master key.
- Encrypt the Amazon EBS volumes.
- Encrypt the data using SSL/TLS.
- A solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect to do achieve this goal with Amazon RDS?
- Create a read replica of the primary database and deploy it in a different AWS Region.
- Enable multi-AZ to create a standby database in a different Availability Zone.
- Enable multi-AZ to create a standby database in a different AWS Region.
- Create a read replica of the primary database and deploy it in a different Availability Zone.
- A bank is writing new software that is heavily dependent upon database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows. Which AWS service should be used to run the database?
- Amazon S3
- Amazon Aurora
- Amazon DynamoDB
- Amazon Redshift
- A Solutions Architect is designing a solution with AWS Lambda where different environments require different database passwords. What should the Architect do to accomplish this in a secure and scalable way?
- Create a Lambda function for each individual environment.
- Use Amazon DynamoDB to store environment variables.
- Use encrypted AWS Lambda environment variables.
- Implement a dedicated Lambda function for distributing environment variables.
- A Solutions Architect is developing a new web application on AWS. The architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances. Which solution is appropriate?
- Amazon API Gateway and AWS Lambda
- Elastic Load Balancing with Auto Scaling groups and Amazon EC2
- Amazon API Gateway and Amazon EC2
- Amazon Cloudfront and AWS Lambda.
- A Solutions Architect notices slower response times from an application. The CloudWatch metrics on the MySQL RDS indicate Read IOPs are high and fluctuate significantly when the database is under load. How should the database environment be re-designed to resolve the IOPs fluctuation?
- Change the RDS instance type to get more RAM
- Change the storage type to provisioned IOPS
- Scale the web server tier horizontally
- Split the DB layer into separate RDS instance.
- A Solutions Architect is designing a solution that retains traffic information between network interfaces. This traffic information will be monitored for anomalies by an InfoSec team using Amazon Cloudwatch. What approach should the Architect take?
- Save all inbound request to Amazon DynamoDB
- Maintain traffic history on each Amazon EC2 instance.
- Enable Amazon VPC Flow Logs.
- Save all inbound request to Amazon S3
- A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table,and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer request are put onto the waiting list?
- Amazon SNS
- AWS Lambda with sequential dispatch
- A FIFO queue in Amazon SQS
- A standard queue in Amazon SQS
- A solutions Architect is building an application that stores data into Amazon RDS. One table in particular is read heavy and minimal latency is critical. Which of the following would provide the highest level of performance?
- Use Amazon DynamoDB Accelerator
- Use Amazon RDS read replicas.
- Use Amazon Cloudfront
- Use Amazon Elasticache.
- A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom. Which steps should a Solutions Architect take to satify the security requirements requested by the CISO?
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C)
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
- Create an Amazon S3 bucket to store the reports and use Amazon S3 versioning with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
- A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through.
- VPC peering connection.
- NAT gateway
- VPC Endpoint.
- AWS Direct Connect.
- A Company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective solution? (Select TWO)
- Host the website on an Amazon EC2 instance with ELB and Auto scaling, and map a Route 53 alias record to the ELB endpoint.
- Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.
- Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.
- Serve the webiste from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
- Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.
- A company runs a legacy with a single-tiers architecture on an Amazon EC2 instance. Disk I/0 is low with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily.
Which storage options is MOST appropriate for this workload?
- Amazon EC2 instance storage
- Amazon EBS General Purpose SSD (gp2) storage
- Amazon S3
- Amazon EBS Provision IOPS SSD (io1) storage
- A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6TB of data and will grow exponentially. Which solution should a Solutions Architect recommend?
- Amazon Aurora
- Amazon Redshift
- Amazon DynamoDB
- Amazon RDS MySQL
- A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday, Wednesday and Friday from 5 AM to 11 AM. Which is the MOST cost-effective Amazon EC2 pricing model?
- Amazon EC2 Spot Instances
- On-Demand Amazon EC2 instances
- Scheduled Reserved Instances
- Dedicated Amazon EC2 Instances
- A Solutions Architect is building a multi-tier website. The web servers will be in a public subnet, and the database servers will be in private subnet. Only the web servers can be accessed from the internet. The database servers must have internet access for software updates. Which solution meets these requirements?
- Assign Elastic IP addresses to the database instances.
- Allow Internet traffic on the private subnet through the network ACL
- Use a NAT Gateway
- Use an egress-only Internet Gateway.
- A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive read and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the above requirements?
- Store data in a file system backed by Amazon Elastic File System (EFS)
- Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a file system to the database server.
- Store data in Amazon DynamoDB and emulate relational database semantics.
- Stripe data across multiple Amazon EBS volumes using RAID 0
- A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manage able and highly available. How can these requirements be met?
- Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones.
- Use Amazon RDS with a multiple Availability Zone option.
- Use RDS with a single Availability Zone option and schedule periodic database snapshots.
- Use Amazon DynamoDB
- A Solutions Architect is designing a micro service to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The micro service must be capable of concurrently processing 10000 records daily as they arrive in the Kinesis Stream. The MOST scalable way to design the microservice is:
- As an AWS Lambda function.
- As a process on an Amazon EC2 instance.
- As a Docker container running on Amazon ECS.
- As a Docker container on an EC2 instance.
- A solutions architect is migrating a company’s MySQL database to an Amazon RDS MySQL database. The company requires the database to be resilient with minimum downtime when failures occur. How can these requirements be met?
- Enable a read replica in another Availability Zone.
- Enable multiple Availability Zones in a different AWS Region.
- Enable multiple Availability Zones in the same AWS Region.
- Enable Amazon RDS instance snapshots in on Availability Zone.
- A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service meets this requirement?
- Amazon EFS
- Amazon S3
- Amazon EBS
- Amazon ElastiCache
- A Solutions Architect is designing a solution to monitor weather changes by the minute. The frontend application is hosted on Amazon EC2 instances. The backend must be scalable to a virtually unlimited size, and data retrieval must occur with minimal latency. Which AWS service should the Architect use to store the data and achieve these requirements?
- Amazon S3
- Amazon DynamoDB
- Amazon RDS
- Amazon EBS
- An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across tow Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the internet. These instances are not assigned with public IP address. Which component poses a potential single point of failure in this architecture?
- Amazon EC2
- NAT instance
- ELB Classic Load Balancer
- Amazon RDS.
- Legacy applications currently send messages through a single Amazon EC2 instance, which then routes the messages to the appropriate destinations. The AmazonEC2 instance is a bottleneck and single point of failure, so the company would like to address these issues.
Which services could address this architectural use case? ( Select TWO)
- Amazon SNS
- AWS STS
- Amazon SQS
- Amazon Route53
- AWS Glue
- A company’s website receives 50000 request each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized. What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?
- Amazon Kinesis Stream
- Amazon SQS standard queue
- Amazon SQS FIFO queue
- AWS CloudTrail trail
- A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reserve proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reserve proxy and current backend setup will be insufficient. Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select TWO)
- Replace the Amazon EC2 reserve proxy with an ELB internal Classic Load Balancer
- Add Auto Scaling to the Amazon EC2 backend fleet.
- Add Auto Scaling to the Amazon EC2 reserve proxy layer.
- Use t2 burstable instance types for the backend fleet.
- Replace both the frontend and reserve proxy layers with an ELB Application Load Balancer.
- A solutions architect must select the storage type for a big data application that requires very high sequential I/0. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?
- An Amazon EC2 instance store local SSD volume
- An Amazon EBS provisioned IOPS SSD volume
- An Amazon EBS throughput optimized HDD volume
- An Amazon EBS general purpose SSD volume
- An organization designs a mobile application for their customersto upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements?
- Use Amazon Cognito Identity with SMS-based MFA
- Edit AWS IAM policies to require MFA for all users.
- Federate IAM against corporate AD that requires MFA
- Use Amazon API Gateway and require SSE for photos.
- A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?
- Amazon Dynamo DB
- Amazon S3
- Amazon EBS
- Amazon EFS
- A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT instances with scripts to manage high availability. What is the MOST efficient method to achieve similar high availability with NAT gateway?
- Remove source/destination check on NAT instances.
- Launch a NAT gateway in each Availability Zone
- Use a mix of NAT instances and NAT gateway
- Add an ELB Application Load Balancer in front of NAT gateway
157. A team is building an application that must persist and index JSON files in a highly-available data store. Latency of data access must remain consistent despite very high application traffic. Which service should the team choose?
- Amazon EFS
- Amazon Redshift
- DynamoDB
- AWS Cloudformation
158. A company is migrating an on-premise 10TB MySQL database to AWS. The company expects the database to quadruple in size and the bussiness requirement is that replica lag must be kept under 100 milliseconds. Which Amazon RDS engine meet these requirements?
- MySQL
- Microsoft SQL server
- Oracle
- Amazon Aurora
159. A Solutions Architect is designing a highly-scalable system to track records. Record must remain available for immediate dowload for three months and then the records must be deleted
What is the most appropriate decision for this use case?
- Store the files on Amazon EBS, and create a life cycle policy to remove the files after three months
- Store the files in Amazon S3 and create a lifecycle policy to remove the files after three months.
- Store the files in Amazon Glacier and create a lifecycle policy to remove the files after three months.
- Store the files on Amazon EFS and create a lifecycle policy to remove the files after three months.
160. An Administrator runs a highly-available application in AWS. The Administrator needs a file storage layer that can share between instances and scale the platform more easily. Which AWS service can perform this action?
- Amazon EBS
- Amazon EFS
- Amazon S3
- Amazon EC2 instance store
161. A Solution Architect is designing a solution to store and archive corporate documents, and has determined that Amazon Glacier is right solution. Data must be delivered within 10 minutes of a retrieval request. Which feature in Amazon Glacier can help meet these requirement?
- Vault lock
- Expedited retrieval
- Bulk retrieval
- Standard retrieval
162. A Solution Architect is designing a web page for event registrations and need a manage service to send a text message to users every time users sign up for an event. Which AWS service should the Architect use to archive this?
- Amazon STS
- Amazon SQS
- Lambda
- Amazon SNS
163. A retailer exports data from its transactional databases daily into an S3 bucket. The retailer data warehousing team wants to import that data into an existing Amazon Redshift cluster in their VPC. Corporate security mandates that this data can only be transported within a VPC. What combination of following steps will satisfy the security policy? ( SELECT TWO)
- Enable Amazon Redshift enhanced VPC routing
- Create a cluster security group to allow the Amazon Redshift cluster to access S3
- Create a NAT gateway in a public subnet to allow the Amazon Redshift cluster to access Amazon S3
- Create and configure an Amazon S3 VPC endpoint
- Setup a NAT gateway in a private subnet to allow the Amazon Redshift cluster to access Amazon S3
164. An application with a 150GB relation database runs on Amazon EC2 instances. The application is used infrequently with small peaks in the morning and evening. What is the MOST cost-effective storage type?
- Amazon EBS Provisioned IOPS SSD
- Amazon EBS Throughput Optimized HDD
- Amazon EBS General Purpose SSD
- Amazon EFS
165. A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a private VPC subnet was created with default ACL settings. The web servers must be accessible only to customers on an SSL connection. The database should only be accessible to web servers in a public subnet. Which solution meets these requirements without impacting other running applications ? (SELECT TWO)
- Create a network ACL on the web server’s subnet, allow HTTPS port 443 inbound, and specify the source as 0.0.0.0/0
- Create a web server security group that allows HTTPS port 443 inbound traffic from Anywhere (0.0.0.0/0) and apply it to the web servers
- Create a web DB server security group that allows MySQL port 3306 inbound and specify the source as a web server security group
- Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for web servers, and deny all outbound traffic
- Create a DB server security group that allows the HTTPS port 443 inbound and specify the source as a web server security group
166. An application will read and write small objects to an S3 bucket. When the application is fully deployed, the read/write traffic will be very high. How should the architect maximize Amazon S3 performance?
- Prefix each object name with a random string
- Use the STANDARD_IA storage class
- Prefix each project name with the current date
- Enable versioning on the S3 bucket
167. For which of the following workloads should a Solutions Architect consider using Elastic Beanstalk ? (SELECT TWO)
- A web application using Amazon RDS
- An enterprise data warehouse
- A long running worker process
- A static website
- A management task run once nightly
168. A website runs on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availablity Zones. The instance deliver several large files (images,PDFs, etc.) that are stored on a shared Amazon EFS file system. The company needs to avoid serving the files from EC2 instances every time a user requests these digital assets. What should the company do to improve the user experience of the website?
- Move the digital assets to Amazon Glacier
- Cache static content using Cloudfront
- Resize the images so that they are smaller
- Use reserved EC2 instances.
169. A Solutions Architect is developing a document-sharing application and needs a storage layer. The storage should provide automatic support for versioning so that users can easily roll back to a previous version or recover a deleted document. Which AWS service will meet these requirements?
- Amazon S3
- Amazon EBS
- Amazon EFS
- Amazon Storage gateway VTL
170. You are deploying an application on Amazon EC2 that must call AWS APIs. What method of securely passing credentials to the application should you use?
- Pass API credentials to the instance using instance userdata
- Store API credentials as an object in Amazon S3
- Embed the API credentials into your JAR files
- Assign IAM roles to the EC2 instances.
171. You have an application running in us-west-2 that requires six EC2 instances running at all times. With three Availablity Zones in that region (us-west-2a, us-west-2b and us-west-2c) which of the following deployments provides fault tolerance if any Availablity Zon in us-west-2 become unavailable? (SELECT TWO)
- 2 EC2 instances in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c
- 3 EC2 instances in us-west-2a, 3 EC2 instances in us-west-2b, no EC2 instances in us-west-2c
- 4 EC2 instances in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c
- 6 EC2 instances in us-west-2a, 6 EC2 instances in us-west-2b, no EC2 instances in us-west-2c
- 3 EC2 instances in us-west-2a, 3 EC2 instances in us-west-2b, 3 EC2 instances in us-west-2c
172. A consulting firm repeatedly builds large , standardized architectures for their customers using AWS resources from many AWS services, including IAM, Amazon EC2, Amazon RDS, DynamoDB, and Amazon VPC. The consultants have architecture diagrams for each of their architectures and they are frushtrated that they cannot use them to automatically create their resources. Which service should provide immediate benefits to the organization?
- Elastic Beantalk
- AWS Cloudformation
- AWS Codebuild
- AWS CodeDeploy
173. An application currently stores all data on Amazon EBS Volumes. All EBS volumes must be backed up durably across multiple Availability Zones.What is the MOST resilient way to backup the volumes?
- Take regular EBS snapshots
- Enable EBS volume encryption
- Create a script to copy data to an EC2 instance store
- Mirror data across two EBS volumes
174. An organization hosts a multi-language website on AWS. The website is served using Cloudfront. The language is specified in the HTTP request.
http://d111111abcdef8.cloudfront.net/main.html?language=de
http://d111111abcdef8.cloudfront.net/main.html?language=en
http://d111111abcdef8.cloudfront.net/main.html?language=es
How should cloudfront be configured to deliver cached data in the correct language?
- Forward cookies to the origin
- Based on query string parameters
- Cache objects at the origin
- Serve dynamic content
175. An application allow manufacturing sites to upload files. Each 3GB file is then processed to extract metadata, with the processing taking a few seconds for each file. The frequency updates is unpredictable- there may be no updates for hours, then several files uploaded concurrently. What architecture will address this workload the most efficiently?
- Use a kinesis data delivery stream to store the file, and use Lambda for processing
- Use an SQS queue to store the file, which is then accessed by a fleet of EC2 instances
- Store the file in an EBS volume, which can be then be accessed by another EC2 instance for processing
- Store the file in an S3 bucket and use Amazon S3 event notification to invoke a Lambda function to process the file
176. A company is generating large datasets with milions of rows that must be summarized by column. Existing business intelligence tools will be used to build daily reports. Which storage service meet these requirements?
- Amazon Redshift
- Amazon RDS
- Elastic Cache
- Dynamo DB
177. The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet the requirements?
- AWS KMS API
- AWS Certificate Manager
- API Gateway with STS
- IAM access key
178. A data processing application in AWS must pull data from an Internet Service. A Solutions architect must design a highly-available solution to access data without placing bandwidth constraints on the application traffic. Which solution meets these requirements?
- Launch a NAT Gateway and add routes for 0.0.0.0/0
- Attach a VPC endpoint and add routes for 0.0.0.0/0
- Attach an Internet Gateway and add routes for 0.0.0.0/0
- Deploy NAT instances in a public subnet and add routes for 0.0.0.0/0
179. In interviewing the Auto scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? (SELECT TWO)
- Modify the Auto Scaling group termination policy to terminate the oldest instance first
- Modify the Auto Scaling group termination policy to terminate the newest instance first
- Modify the Auto Scaling group cool-down timers
- Modify the Auto Scaling policy to use scheduled scaling actions
- Modify the cloudwatch alarm period that triggers your auto scaling scale down policy
180. A Solution Architect is designing a shared services for hosting containers from several customer on Amazon ECS. These containers will use several ECS services. A container from one customer must not be able to access data from another customer. Which solution should the architect use to meet these requirements?
- IAM Roles for tasks
- IAM Roles for EC2 instances
- IAM Instance profile for EC2 instances
- Security group rules
181. A Company runs a service on AWS to provide offsite backups for images on laptops and phones. The solution must support millions of customers, with thoudsands of images per customer. Images will be retrieved infrequently, but must be retrieval available for retrieval immediately. Which is the MOST cost-efficient storage option that meets these requirements?
- Amazon Glacier with expedited retrievals.
- Amazon S3 Standard-Infrequent access
- Amazon EFS
- Amazon S3 standard.
182. A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premise data center. Which solution allows rapid provision of a working, fully-scaled production environment?
- Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary.
- Continuously replicate the production database server to Amazon RDS. Create one application load balancer and register on premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down.
- Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy.
- Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.
183. An application server needs to be in a private subnet without access to the internet. The solution must retrieve and upload files to an Amazon S3 bucket. How should a Solutions Architect design a solution to meet these requirements?
- Use Amazon S3 VPC endpoints
- Deploy a proxy server
- Use a NAT Gateway
- Use a private Amazon S3 Bucket
184. A popular e-comerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available. What should an administrator do to improve performance?
- Convert the database to Amazon Redshift
- Create a Cloudfront distribution
- Convert the database to use EBS provisioned IOPS
- Create one or more read replicas.
185. A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage of the call center staff starts work at 9:00 AM, so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix the problem?
- Change the Auto Scaling group’s scale out event to scale based on network utilization.
- Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.
- Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.
- Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources, but leverage Spot Instances.
186. A Company requires that the sources, destination, and protocol of all IP packets be recorded when traversing a private subnet. What is the MOST secure and reliable method of accomplishing this goal?
- Create VPC flow logs on the subnet
- Enable source destination check on private Amazon EC2 instances.
- Enable AWS CloudTrail logging and specify an Amazon s3 bucket for storing log files.
- Create an Amazon CloudWatch log to capture packet information.
187. A solutions Architect is architecting a workload that requires a highly available shared block file storage system that must be consumed by multiple Linux applications. Which service meets this requirement?
- Amazon EFS
- Amazon S3
- AWS Storage Gateway
- Amazon EBS
188. An application is running in a single AWS region. The business team adds a requirement to run the application in a second region for multi-region high availability. A Solutions Architect needs to enable traffic to be distributed to multiple regions for high availability. Which AWS service meets the requirements?
- Amazon Route 53
- Elastic Load Balancing
- Amazon Cloudfront
- Amazon S3 Website hosting.
189. A legacy application running on premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the Architect meet this requirement?
- Create an IAM role that allows access from the corporate network to Amazon S3
- Configure a proxy on Amazon Ec2 and use an Amazon S3 VPC endpoint
- Use Amazon API Gateway to do IP whitelisting.
- Configure IP whitelisting on the customers gateway.
190. An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week of future product launches. Which is the MOST efficient way for management to ensure that capacity requirements are met?
- Add a Step Scalling policy
- Add a Dynamic Scaling policy
- Add a Scheduled Scaling action
- Add Amazon EC2 Spot instances.
191. A Solutions Architect is designing a solution to store a large quantity of event data in Amazon S3. The architect anticipates that the workload will consitently exceed 100 requests each second. What should the architect do in Amazon S3 to optimize performance?
- Randomize a key name prefix
- Store the event data in separate buckets
- Randomize the key name suffix
- Use Amazon S3 Transfer Acceleration
192. A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances. How should the request be authorized?
- Create an IAM access and secret key, and store it in the Lambda function
- Assign an IAM role to the Lambda function with permissions to list all Amazon RDS instances.
- Assign an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.
- Create an IAM access and secret key, and store it in an encrypted RDS database.
193. A user is designing a new service that receives location updates from 3600 rental cars every hour. The cars upload the location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale?
- Amazon EC2 and Amazon EBS
- Amazon Kinesis Firehose and Amazon S3
- Amazon ECS and Amazon RDS
- Amazon S3 events and AWS Lambda
194. A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers. How should a Solutions Architect design a solution to meet the requirements without impacting running application.
- Create a network ACL on the web server’s subnet, and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet.
- Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
- Create a network ACL on the web servers subnet, allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic.
- Open the MySQL port on the security group for web server and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
195. An Application uses a single-instance deployment of Amazon RDS MySQL database. The database has intensive read operations, and the heavy load is causing performance issues. How can a user improve performance?
- Create read replicas
- Stripe the data across multiple Amazon EBS volumes
- Switch to a Multi-AZ RDS database
- Take hourly database snapshots
196. A solutions Architect is building a new feature using Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed. Which AWS service should the Architecture use to store this metadata?
- Amazon S3
- Amazon DynamoDB
- Amazon Kinesis
- Amazon EFS
197. How can a user trach memory usage in an EC2 instance?
- Call Amazon Cloudwatch to retrieve the memory usage metric data that exists for the EC2 instance
- Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric.
- Use an instance type that suports memory usage reporting to a metric by default.
- Place an agent on the EC2 instance to push memory usage to an Amazon Cloudwatch custom metric.
198. A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability?
- Enable cross-region replication in the Amazon S3 bucket
- Create a Lambda function for each Availability Zone the application is deployed in.
- Enable multi-AZ on the RDS PostgreSQL database.
- Create a DynamoDB stream for the DynamoDB table.
199. A Solutions Architect is designing a web application. The web and application tiers need to access the internet, but they cannot be accessed from the Internet. Which of the following steps is required?
- Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public subnet.
- Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
- Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on port 80
- Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.
200. A Solutions Architect needs a storage for a fleet of Linux web application servers. The solution should provide system interface and be able to support millions of files. Which AWS service should the Architect choose?
- Amazon S3
- Amazon EFS
- Amazon EBS
- Amazon ElastiCache
201. A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10000 each minutes. Usage can vary depending on time day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expect traffic? (Slect TWO)
- Launch Amazon EC2 instances in an Auto Scaling group behind an ELB
- Store all static files in a multi-AZ Amazon Aurora database
- Create an Cloudfront distribution pointing to static content in Amazon S3
- Use Amazon Route 53 to route traffic to the correct region
- Use Amazon S3 multi-part uploads to improve upload times
202. A Solution Architect is designing a solution that must store and retrieve session data and JSON documents. The solution must provide high availability, strong consistent, and data durability. Which solution meets these requirements?
- Amazon EBS volume with Provisioned IOPS
- Amazon EC2 instance store
- Amazon SQS
- Amazon DynamoDB table
203. A Solution Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500MB/s Which storage type will meet the performance requirements of this application?
- EBS Provisioned IOPS SSD
- EBS General Purpose SSD
- EBS Cold HDD
- EBS Throughput Optimized HDD
204. A Solutions Architect is designing an application that stores objects encrypted in an Amazon S3 bucket. The company security requirements state that the encryption key is stored by the organization. Which methods meet this requirement? ( Select TWO )
- Use S3 server-side encryption with customer-provided keys.
- Use S3 client-side encryption
- Use S3 server-side encryption with Amazon S3 managed keys.
- Use S3 server-side encryption with AWS KMS managed keys.
- Use S3 server-side encryption with the company’s own keys imported into AWS KMS
205. An application relies on messages being sent and received in order. The volume will never exceed more than 300 transactions each second. Which service should be used?
- Amazon SQS
- Amazon SNS
- Amazon ECS
- AWS STS
206. A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application store data in DynamoDB. The Architect needs to secure access to the DynamoDB table. What combination of steps does AWS recommend to archive secure authorization? ( Select TWO )
- Store an access key on the Amazon EC2 instance with rights to the DynamoDB table.
- Attach an IAM user to the Amazon EC2 instance.
- Create an IAM role with permissions to write to the DyanamoDB table.
- Attach an IAM role to the Amazon EC2 instance.
- Attach an IAM policy to the Amazon EC2 instance.
207. A Solutions Architect is designing an elastic application that will have between 10 and 50 Amazon EC2 concurrent instances running, dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder. Which storage type meets the requirements?
- Amazon S3
- Amazon EFS
- Amazon EBS volumes
- Amazon EC2 Instance store
208. A solutions Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet the requirements?
- Configure the database security group to allow database traffic from the application server IP addresses.
- Configure the database security group to allow database traffic from the application server security group
- Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
- Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
209. A large enterprise has highly sensitive customer data which is stored in several Amazon S3 buckets. Which of the following features should be enabled to detect unauthorized access to the buckets?
- Amazon VPC flow logs
- Amazon Cloudwatch logs
- Amazon S3 server access logs
- AWS CloudTrail
210. An organization regularly backs up their application data. The application backups are required to be stored on Amazon S3 for a certain amount of time need to be accessed instantly in the event of a disaster recovery.
- Glacier Storage class
- Standard Storage Class
- Standard – Infrequent Access (IA)
- Reduced Redundancy Class (RRS)
211. A company has a popular multi-player mobile game hosted in its on-premise datacenter. The current infrastructure can no longer keep up with demand and the company considering a move to the cloud. Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?
- Amazon EC2 and an Application Load Balancer
- Amazon S3 and Amazon Cloudfront
- Amazon EC2 and Amazon Elastic Transcoder
- AWS Lambda and Amazon API Gateway
212. A mobile client requires data from several application-layer services to populate its user interface. What can the application team use to decouple the client interface from the underlying services behind them?
- Application Load Balancer
- Amazon API Gateway
- Amazon Cognito
- AWS device farm
213. A customer has a production that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time is requested. Which storage service should a Solutions Architect recommend to the best accommodate this use case?
- Amazon S3
- Amazon RDS
- Amazon Redshift
- AWS storage gateway
214. A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances show no traffic, except for web request to the application. Based on these requirements, what security groups rules should be put on the Amazon EC2 instances?
- An inbound rule allowing traffic from the security group attached to the ALB
- An inbound rule allowing traffic from the network ACLs attached to the ALB
- An outbound rule allowing traffic to the security group attached to the ALB
- An outbound rule blocking all traffic to the internet.
215. A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system. Which action should a Solutions Architect recommend to improve this process?
- Use the AWS CLI to create queues using AWS IAM Access Keys.
- Write a script to create the Amazon SQS queue using AWS Lambda
- Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues.
- Use AWS Cloudformation Templates to manage the Amazon SQS queue creation.
216. A media company has more than 100 TB of data and retrieved infrequently. However, the company occasionally receives request for data with in hour. The company needs a low-cost retrieval method to handle the request. Which service meets this requirement?
- Amazon S3 standard
- Amazon Glacier standard retrievals
- Amazon Glacier bulk retrievals
- Amazon S3 Standard Infrequent Access
217. A gaming application is heavily dependent on caching and uses Amazon Elasticache for Redis. The application performance was recently degrade failure of the cache node. What should a Solution Architect recommend to minimize performance degradation in the failure?
- Migrate from ElastiCache to Amazon RDS
- Configure automatic backup to save cache data
- Configure ElastiCache Multi-AZ with automatic failover.
- Use Auto Scaling to provision cache nodes based on the CPU usage.
218. A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam are released at 9:00 a.m, each Monday, and 80% of students attempt to access their unique results within the first 30 minutes. Despite Auto Scaling enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 am. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner?
- Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load
- Implement Amazon DyanamoDB Accelerator to improve database performance and remove the need to scale the read/write units.
- Use a scheduled job to scale out EC2 before 9:00 am on Monday and to scale down after 9:30am
- Use Amazon cloudfront to cache web request and reduce the load on EC2 and DynamoDB
219. A company wants to organize the contents of multiple websites in managed file storage. The company must be able to scale the storage based on demand without needing to provision storage. Multiple servers should be able to access this storage concurrently .Which services should the Solutions Architect recommend?
- Amazon S3
- Amazon EBS
- Amazon EFS
- AWS Storage Gateway-volume gateway