NEW QUESTION 1

- (Exam Topic 1)

A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.

Which design should the solutions architect use?

A.  Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage

B.  Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage

C.  Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue

D.  Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic

Answer: C

Explanation:

"Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue"

In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue.To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue

NEW QUESTION 2

- (Exam Topic 1)

An application development team is designing a microservice that will convert large images to smaller, compressed images. When a user uploads an image through the web interface, the microservice should store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function, and store the image in its compressed form in a different S3 bucket.

A solutions architect needs to design a solution that uses durable, stateless components to process the images automatically. Which combination of actions will meet these requirements? (Choose two.)

A.  Create an Amazon Simple Queue Service (Amazon SQS) queue Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket

B.  Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS) queue as the invocation source When the SQS message is successfully processed, delete the message in the queue

C.  Configure the Lambda function to monitor the S3 bucket for new uploads When an uploaded image is detected write the file name to a text file in memory and use the text file to keep track of the images that were processed

D.  Launch an Amazon EC2 instance to monitor an Amazon Simple Queue Service (Amazon SQS) queue When items are added to the queue log the file name in a text file on the EC2 instance and invoke the Lambda function

E.  Configure an Amazon EventBridge (Amazon CloudWatch Events) event to monitor the S3 bucket When an image is uploade

F.  send an alert to an Amazon Simple Notification Service (Amazon SNS) topic with the application owner's email address for further processing

Answer: AB

Explanation:

 Creating an Amazon Simple Queue Service (SQS) queue and configuring the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket will ensure that the Lambda function is triggered in a stateless and durable manner.

 Configuring the Lambda function to use the SQS queue as the invocation source, and deleting the message in the queue after it is successfully processed will ensure that the Lambda function processes the image in a stateless and durable manner.

Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating-message oriented middleware, and empowers developers to focus on differentiating work. When new images are uploaded to the S3 bucket, SQS will trigger the Lambda function to process the image and compress it. Once the image is processed, the SQS message is deleted, ensuring that the Lambda function is stateless and durable.

NEW QUESTION 3

- (Exam Topic 1)

A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.

During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.

Which solution will meet these requirements?

A.  Refactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances.Connect the database by using native Java Database Connectivity (JDBC) drivers.

B.  Change the platform from Aurora to Amazon DynamoD

C.  Provision a DynamoDB Accelerator (DAX) cluste

D.  Use the DAX client SDK to point the existing DynamoDB API calls at the DAX cluster.

E.  Set up two Lambda function

F.  Configure one function to receive the informatio

G.  Configure the other function to load the information into the databas

H.  Integrate the Lambda functions by using Amazon Simple Notification Service (Amazon SNS).

I.  Set up two Lambda function

J.  Configure one function to receive the informatio

K.  Configure the other function to load the information into the databas

L.  Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon SQS) queue.

Answer: B

Explanation:

bottlenecks can be avoided with queues (SQS).

NEW QUESTION 4

- (Exam Topic 1)

A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.

What should the solutions architect do to meet these requirements?

A.  Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.

B.  Provision a VPN tunnel connection to a Region for private connectivit

C.  Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.

D.  Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.

E.  Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Answer: A

Explanation:

"In some cases, this connection alone is not enough. It is always better to guarantee a fallback connection as the backup of DX. There are several options, but implementing it with an AWS Site-To-Site VPN is a real cost-effective solution that can be exploited to reduce costs or, in the meantime, wait for the setup of a second DX."

https://www.proud2becloud.com/hybrid-cloud-networking-backup-aws-direct-connect-network-connection-with

NEW QUESTION 5

- (Exam Topic 1)

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores

user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone placing both behind an Application Load Balancer After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.

What should a solutions architect propose to ensure users see all of their documents at once?

A.  Copy the data so both EBS volumes contain all the documents.

B.  Configure the Application Load Balancer to direct a user to the server with the documents

C.  Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EFS

D.  Configure the Application Load Balancer to send the request to both servers Return each document from the correct server.

Answer: A

Explanation:

Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and a4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools.

For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client.

You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source.

https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-ec2

NEW QUESTION 6

-  (Exam Topic 1)

A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings. In the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur, they will happen very quickly.

What should a solutions architect recommend?

A.  Create a DynamoDB table in on-demand capacity mode.

B.  Create a DynamoDB table with a global secondary index.

C.  Create a DynamoDB table with provisioned capacity and auto scaling.

D.  Create a DynamoDB table in provisioned capacity mode, and configure it as a global table.

Answer: A

NEW QUESTION 7

-  (Exam Topic 1)

An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.

What should the solutions architect recommend?

A.  Change the existing database to a Multi-AZ deploymen

B.  Serve the read requests from the primary Availability Zone.

C.  Change the existing database to a Multi-AZ deploymen

D.  Serve the read requests from the secondary Availability Zone.

E.  Create read replicas for the databas

F.  Configure the read replicas with half of the compute and storage resources as the source database.

G.  Create read replicas for the databas

H.  Configure the read replicas with the same compute and storage resources as the source database.

Answer: D

Explanation:

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_MySQL.Replication.ReadReplicas.html

NEW QUESTION 8

-  (Exam Topic 1)

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

Which solution will meet these requirements with the LEAST operational overhead?

A.  Use the EC2 serial console to directly access the terminal interface of each instance for administration.

B.  Attach the appropriate IAM role to each existing instance and new instanc

C.  Use AWS Systems Manager Session Manager to establish a remote SSH session.

D.  Create an administrative SSH key pai

E.  Load the public key into each EC2 instanc

F.  Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

G.  Establish an AWS Site-to-Site VPN connectio

H.  Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

Answer: B

Explanation:

https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-launch-managed-instance.html

NEW QUESTION 9

-  (Exam Topic 1)

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC A solutions architect needs to connect from the on-premises network, through the company's internet connection to the bastion host and to the application servers The solutions architect must make sure that the security groups of all the EC2 instances will allow that access

Which combination of steps should the solutions architect take to meet these requirements? (Select TWO)

A.  Replace the current security group of the bastion host with one that only allows inbound access from the application instances

B.  Replace the current security group of the bastion host with one that only allows inbound access from the internal IP range for the company

C.  Replace the current security group of the bastion host with one that only allows inbound access from the external IP range for the company

D.  Replace the current security group of the application instances with one that allows inbound SSH access from only the private IP address of the bastion host

E.  Replace the current security group of the application instances with one that allows inbound SSH access from only the public IP address of the bastion host

Answer: CD

Explanation:

https://digitalcloud.training/ssh-into-ec2-in-private-subnet/

NEW QUESTION 10

-  (Exam Topic 1)

A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company’s AWS account can have the ability to delete the objects. What should a solutions architect do to meet these requirements?

A.  Create an S3 Glacier vault Apply a write-once, read-many (WORM) vault lock policy to the objects

B.  Create an S3 bucket with S3 Object Lock enabled Enable versioning Set a retention period of 100 years Use governance mode as the S3 bucket's default retention mode for new objects

C.  Create an S3 bucket Use AWS CloudTrail to (rack any S3 API events that modify the objects Upon notification, restore the modified objects from any backup versions that the company has

D.  Create an S3 bucket with S3 Object Lock enabled Enable versioning Add a legal hold to the objects Add the s3 PutObjectLegalHold permission to the IAM policies of users who need to delete the objects

Answer: D

Explanation:

"The Object Lock legal hold operation enables you to place a legal hold on an object version. Like setting a retention period, a legal hold prevents an object version from being overwritten or deleted. However, a legal hold doesn't have an associated retention period and remains in effect until removed." https://docs.aws.amazon.com/AmazonS3/latest/userguide/batch-ops-legal-hold.html

NEW QUESTION 10

-  (Exam Topic 1)

A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances. and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check.

What should a solutions architect do to accomplish this?

A.  Use AWS Config rules to define and detect resources that are not properly tagged.

B.  Use Cost Explorer to display resources that are not properly tagge

C.  Tag those resources manually.

D.  Write API calls to check all resources for proper tag allocatio

E.  Periodically run the code on an EC2 instance.

F.  Write API calls to check all resources for proper tag allocatio

G.  Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.

Answer: A

NEW QUESTION 15

-  (Exam Topic 1)

A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.

Which solution meets these requirements?

A.  Establish AWS VPN connections and proxy all traffic through a VPC gateway endpoint

B.  Establish a new AWS Direct Connect connection and direct backup traffic through this new connection.

C.  Order daily AWS Snowball devices Load the data onto the Snowball devices and return the devices to AWS each day.

D.  Submit a support ticket through the AWS Management Console Request the removal of S3 service limits from the account.

Answer: B

NEW QUESTION 16

-  (Exam Topic 1)

A company wants to reduce the cost of its existing three-tier web architecture. The web, application, and database servers are running on Amazon EC2 instances for the development, test, and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non- peak hours.

The production EC2 instances run 24 hours a day. The development and test EC2 instances run for at least 8 hours each day. The company plans to implement automation to stop the development and test EC2 instances when they are not in use.

Which EC2 instance purchasing solution will meet the company's requirements MOST cost-effectively?

A.  Use Spot Instances for the production EC2 instance

B.  Use Reserved Instances for the development and test EC2 instances.

C.  Use Reserved Instances for the production EC2 instance

D.  Use On-Demand Instances for the development and test EC2 instances.

E.  Use Spot blocks for the production EC2 instance

F.  Use Reserved Instances for the development and test EC2 instances.

G.  Use On-Demand Instances for the production EC2 instance

H.  Use Spot blocks for the development and test EC2 instances.

Answer: B

NEW QUESTION 21

-  (Exam Topic 1)

A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.

The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.

What should a solutions architect do to meet these requirements?

A.  Enable HTTP health checks on the NL

B.  supplying the URL of the company's application.

C.  Add a cron job to the EC2 instances to check the local application's logs once each minut

D.  If HTTP errors are detected, the application will restart.

E.  Replace the NLB with an Application Load Balance

F.  Enable HTTP health checks by supplying the URL of the company's applicatio

G.  Configure an Auto Scaling action to replace unhealthy instances.

H.  Create an Amazon Cloud Watch alarm that monitors the UnhealthyHostCount metric for the NL

I.  Configure an Auto Scaling action to replace unhealthy instances when the alarm is in the ALARM state.

Answer: C

NEW QUESTION 25

-  (Exam Topic 1)

A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company’s product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.

Which solution will meet these requirements?

A.  Share the dashboard from the CloudWatch consol

B.  Enter the product manager’s email address, and complete the sharing step

C.  Provide a shareable link for the dashboard to the product manager.

D.  Create an IAM user specifically for the product manage

E.  Attach the CloudWatch Read Only Access managed policy to the use

F.  Share the new login credential with the product manage

G.  Share the browser URL of the correct dashboard with the product manager.

H.  Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM use

I.  Share the new login credentials with the product manage

J.  Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.

K.  Deploy a bastion server in a public subne

L.  When the product manager requires access to the dashboard, start the server and share the RDP credential

M.  On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

Answer: B

NEW QUESTION 28

-  (Exam Topic 1)

A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.

Which solution will satisfy these requirements?

A.  Configure Amazon EFS storage and set the Active Directory domain for authentication

B.  Create an SMB Me share on an AWS Storage Gateway tile gateway in two Availability Zones

C.  Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume

D.  Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication

Answer: D

NEW QUESTION 30

-  (Exam Topic 1)

A solutions architect is designing a two-tier web application The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet Security is a high priority for the company

How should security groups be configured in this situation? (Select TWO )

A.  Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.

B.  Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.

C.  Configure the security group for the database tier to allow inbound traffic on port 1433 from the securitygroup for the web tier.

D.  Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.

E.  Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.

Answer: AC

Explanation:

"Security groups create an outbound rule for every inbound rule." Not completely right. Statefull does NOT mean that if you create an inbound (or outbound) rule, it will create an outbound (or inbound) rule. What it does mean is: suppose you create an inbound rule on port 443 for the X ip. When a request enters on port 443 from X ip, it will allow traffic out for that request in the port 443. However, if you look at the outbound rules, there will not be any outbound rule on port 443 unless explicitly create it. In ACLs, which are stateless, you would have to create an inbound rule to allow incoming requests and an outbound rule to allow your application responds to those incoming requests.

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#SecurityGroupRules

NEW QUESTION 34

-  (Exam Topic 1)

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week. What should the company do to guarantee the EC2 capacity?

A.  Purchase Reserved instances that specify the Region needed

B.  Create an On Demand Capacity Reservation that specifies the Region needed

C.  Purchase Reserved instances that specify the Region and three Availability Zones needed

D.  Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed

Answer: D

Explanation:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-capacity-reservations.html

Reserve instances: You will have to pay for the whole term (1 year or 3years) which is not cost effective

NEW QUESTION 39

-  (Exam Topic 1)

A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports

Which solution will meet these requirements with the LEAST operational overhead?

A.  Use existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text.

B.  Use Amazon Textract to extract the text from the reports Use Amazon SageMaker to identify the PHI from the extracted text.

C.  Use Amazon Textract to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text

D.  Use Amazon Rekognition to extract the text from the reports Use Amazon Comprehend Medical to identify the PHI from the extracted text

Answer: C

NEW QUESTION 41

-  (Exam Topic 1)

A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The

records must be stored with maximum resiliency. Which solution will meet these requirements?

A.  Store the records in S3 Glacier for the entire 10-year perio

B.  Use an access control policy to deny deletion of the records for a period of 10 years.

C.  Store the records by using S3 Intelligent-Tierin

D.  Use an IAM policy to deny deletion of the records.After 10 years, change the IAM policy to allow deletion.

E.  Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 yea

F.  Use S3 Object Lock in compliance mode for a period of 10 years.

G.  Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 yea

H.  Use S3 Object Lock in governance mode for a period of 10 years.

Answer: C

NEW QUESTION 44

-  (Exam Topic 1)

A solutions architect is developing a multiple-subnet VPC architecture. The solution will consist of six subnets in two Availability Zones. The subnets are defined as public, private and dedicated for databases. Only the Amazon EC2 instances running in the private subnets should be able to access a database.

Which solution meets these requirements?

A.  Create a now route table that excludes the route to the public subnets' CIDR block

B.  Associate the route table to the database subnets.

C.  Create a security group that denies ingress from the security group used by instances in the public subnet

D.  Attach the security group to an Amazon RDS DB instance.

E.  Create a security group that allows ingress from the security group used by instances in the private subnet

F.  Attach the security group to an Amazon RDS DB instance.

G.  Create a new peering connection between the public subnets and the private subnet

H.  Create a different peering connection between the private subnets and the database subnets.

Answer: C

Explanation:

Security groups are stateful. All inbound traffic is blocked by default. If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again. You cannot block specific IP address using Security groups (instead use Network Access Control Lists).

"You can specify allow rules, but not deny rules." "When you first create a security group, it has no inbound rules. Therefore, no inbound traffic originating from another host to your instance is allowed until you add inbound rules to the security group." Source: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#VPCSecurityGroups

NEW QUESTION 46

-  (Exam Topic 1)

A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket Queries will be simple and will run on-demand A solutions architect needs to perform the analysis with minimal changes to the existing architecture

What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

A.  Use Amazon Redshift to load all the content into one place and run the SQL queries as needed

B.  Use Amazon CloudWatch Logs to store the logs Run SQL queries as needed from the Amazon CloudWatch console

C.  Use Amazon Athena directly with Amazon S3 to run the queries as needed

D.  Use AWS Glue to catalog the logs Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed

Answer: C

Explanation:

Amazon Athena can be used to query JSON in S3

NEW QUESTION 48

-  (Exam Topic 1)

A development team runs monthly resource-intensive tests on its general purpose Amazon RDS for MySQL DB instance with Performance Insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance.

Which solution meets these requirements MOST cost-effectively?

A.  Stop the DB instance when tests are complete

B.  Restart the DB instance when required.

C.  Use an Auto Scaling policy with the DB instance to automatically scale when tests are completed.

D.  Create a snapshot when tests are complete

E.  Terminate the DB instance and restore the snapshot when required.

F.  Modify the DB instance to a low-capacity instance when tests are complete

G.  Modify the DB instance again when required.

Answer: A

NEW QUESTION 49

-  (Exam Topic 1)

A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.

Which solution will meet these requirements with the LEAST operational overhead?

A.  Create an Auto Scaling group so that EC2 instances can scale ou

B.  Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

C.  Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket.Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

D.  Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat

E.  Configure the S3 bucket as the rule's targe

F.  Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet

G.  Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.

H.  Create a Docker container to use instead of an EC2 instanc

I.  Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Answer: B

Explanation:

Amazon AppFlow is a fully managed integration service that enables you to securely transfer data between Software-as-a-Service (SaaS) applications like Salesforce, SAP, Zendesk, Slack, and ServiceNow, and AWS services like Amazon S3 and Amazon Redshift, in just a few clicks. https://aws.amazon.com/appflow/

NEW QUESTION 52

-  (Exam Topic 1)

A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS A custom application in the company's data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible.

The data center does not have any available network bandwidth for additional workloads A solutions architect must transfer the data and must configure the transformation job to continue to run in the AWS Cloud

Which solution will meet these requirements with the LEAST operational overhead?

A.  Use AWS DataSync to move the data Create a custom transformation job by using AWS Glue

B.  Order an AWS Snowcone device to move the data Deploy the transformation application to the device

C.  Order an AWS Snowball Edge Storage Optimized devic

D.  Copy the data to the devic

E.  Create a custom transformation job by using AWS Glue

F.  Order an AWS

G.  Snowball Edge Storage Optimized device that includes Amazon EC2 compute Copy the data to the device Create a new EC2 instance on AWS to run the transformation application

Answer: C

NEW QUESTION 54

-  (Exam Topic 1)

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.

What should the solutions architect do to meet this requirement?

A.  Create an IAM role that grants access to the S3 bucke

B.  Attach the role to the EC2 instances.

C.  Create an IAM policy that grants access to the S3 bucke

D.  Attach the policy to the EC2 instances.

E.  Create an IAM group that grants access to the S3 bucke

F.  Attach the group to the EC2 instances.

G.  Create an IAM user that grants access to the S3 bucke

H.  Attach the user account to the EC2 instances.

Answer: A

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/ec2-instance-access-s3-bucket/

NEW QUESTION 56

-  (Exam Topic 1)

A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.

What should the solutions architect do to enable Internet access for the private subnets?

A.  Create three NAT gateways, one for each public subnet in each A

B.  Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.

C.  Create three NAT instances, one for each private subnet in each A

D.  Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.

E.  Create a second internet gateway on one of the private subnet

F.  Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.

G.  Create an egress-only internet gateway on one of the public subnet

H.  Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.

Answer: A

Explanation:

https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-amazon-vpc-nat-gateway-in-the-aws-govclo https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

NEW QUESTION 59

-  (Exam Topic 1)

A company has an Amazon S3 bucket that contains critical data. The company must protect the data from accidental deletion. Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A.  Enable versioning on the S3 bucket.

B.  Enable MFA Delete on the S3 bucket.

C.  Create a bucket policy on the S3 bucket.

D.  Enable default encryption on the S3 bucket.

E.  Create a lifecycle policy for the objects in the S3 bucket.

Answer: AB

NEW QUESTION 60

-  (Exam Topic 1)

A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access.

Which solution will meet these requirements?

A.  Create an analysis in Amazon QuickSigh

B.  Connect all the data sources and create new dataset

C.  Publish dashboards to visualize the dat

D.  Share the dashboards with the appropriate IAM roles.

E.  Create an analysis in Amazon OuickSigh

F.  Connect all the data sources and create new dataset

G.  Publish dashboards to visualize the dat

H.  Share the dashboards with the appropriate users and groups.

I.  Create an AWS Glue table and crawler for the data in Amazon S3. Create an AWS Glue extract, transform, and load (ETL) job to produce report

J.  Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

K.  Create an AWS Glue table and crawler for the data in Amazon S3. Use Amazon Athena Federated Query to access data within Amazon RDS for PoslgreSQ

L.  Generate reports by using Amazon Athen

M.  Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

Answer: A

NEW QUESTION 64

-  (Exam Topic 1)

A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.

The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads.

Which combination of actions should the solutions architect take to meet these requirements? (Choose two.)

A.  Configure the application to upload images to S3 Glacier.

B.  Configure the web server to upload the original images to Amazon S3.

C.  Configure the application to upload images directly from each user's browser to Amazon S3 through the use of a presigned URL.

D.  Configure S3 Event Notifications to invoke an AWS Lambda function when an image is uploade

E.  Use the function to resize the image

F.  Create an Amazon EventBridge (Amazon CloudWatch Events) rule that invokes an AWS Lambda function on a schedule to resize uploaded images.

Answer: BD

NEW QUESTION 67

-  (Exam Topic 1)

A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours The company wants to use these data points in its existing analytics platform A solutions architect must determine the most viable multi-tier option to support this architecture The data points must be accessible from the REST API.

Which action meets these requirements for storing and retrieving location data?

A.  Use Amazon Athena with Amazon S3

B.  Use Amazon API Gateway with AWS Lambda

C.  Use Amazon QuickSight with Amazon Redshift.

D.  Use Amazon API Gateway with Amazon Kinesis Data Analytics

Answer: D

Explanation:

https://aws.amazon.com/solutions/implementations/aws-streaming-data-solution-for-amazon-kinesis/

NEW QUESTION 72

-  (Exam Topic 1)

A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.

Which solution will meet these requirements?

A.  Create stage variables in API Gateway with Name="Endpoint-URL" and Value="Company Domain Name" to overwrite the default UR

B.  Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM).

C.  Create Route 53 DNS records with the company's domain nam

D.  Point the alias record to the Regional API Gateway stage endpoin

E.  Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the us-east-1 Region.

F.  Create a Regional API Gateway endpoin

G.  Associate the API Gateway endpoint with the company's domain nam

H.  Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the same Regio

I.  Attach the certificate to the API Gateway endpoin

J.  Configure Route 53 to route traffic to the API Gateway endpoint.

K.  Create a Regional API Gateway endpoin

L.  Associate the API Gateway endpoint with the company's domain nam

M.  Import the public certificate associated with the company's domain name into AWS Certificate Manager (ACM) in the us-east-1 Regio

N.  Attach the certificate to the API Gateway APIs.Create Route 53 DNS records with the company's domain nam

O.  Point an A record to the company's domain name.

Answer: D

NEW QUESTION 75

-  (Exam Topic 1)

A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.

What should a solutions architect do to meet this requirement?

A.  Update the ALB's network ACL to accept only HTTPS traffic

B.  Create a rule that replaces the HTTP in the URL with HTTPS.

C.  Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.

D.  Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).

Answer: C

Explanation:

https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/

How can I redirect HTTP requests to HTTPS using an Application Load Balancer? Last updated: 2020-10-30 I want to redirect HTTP requests to HTTPS using Application Load Balancer listener rules. How can I do this? Resolution Reference:

https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/

NEW QUESTION 80

-  (Exam Topic 1)

A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's elasticity and availability

The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The development team is unable to use the staging environment until the procedure completes

A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the development team the ability to continue using the staging environment without delay

Which solution meets these requirements?

A.  Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for productio

B.  Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

C.  Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand

D.  Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.

E.  Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for productio

F.  Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

Answer: B

Explanation:

https://aws.amazon.com/blogs/aws/amazon-aurora-fast-database-cloning/

NEW QUESTION 84

-  (Exam Topic 1)

A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.

Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A.  Configure the application to send the data to Amazon Kinesis Data Firehose.

B.  Use Amazon Simple Email Service (Amazon SES) to format the data and to send the report by email.

C.  Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Glue job to query the application's API for the data.

D.  Create an Amazon EventBridge (Amazon CloudWatch Events) scheduled event that invokes an AWS Lambda function to query the application's API for the data.

E.  Store the application data in Amazon S3. Create an Amazon Simple Notification Service (Amazon SNS) topic as an S3 event destination to send the report by

Answer: DE

NEW QUESTION 85

-  (Exam Topic 1)

A company has a data ingestion workflow that consists the following:

An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries An AWS Lambda function to process the data and record metadata

The company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.

Which combination of actions should a solutions architect take to ensure that the Lambda function ingests all data in the future? (Select TWO.)

A.  Configure the Lambda function In multiple Availability Zones.

B.  Create an Amazon Simple Queue Service (Amazon SQS) queue, and subscribe It to me SNS topic.

C.  Increase the CPU and memory that are allocated to the Lambda function.

D.  Increase provisioned throughput for the Lambda function.

E.  Modify the Lambda function to read from an Amazon Simple Queue Service (Amazon SQS) queue

Answer: BE

NEW QUESTION 90

-  (Exam Topic 1)

A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be

deleted Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days

Which storage solution is MOST cost-effective?

A.  Create an S3 bucket lifecycle policy to move Mm from S3 Standard to S3 Glacier 30 days from object creation Delete the Tiles 4 years after object creation

B.  Create an S3 bucket lifecycle policy to move tiles from S3 Standard to S3 One Zone-infrequent Access (S3 One Zone-IA] 30 days from object creatio

C.  Delete the fees 4 years after object creation

D.  Create an S3 bucket lifecycle policy to move files from S3 Standard-infrequent Access (S3 Standard-lA) 30 from object creatio

E.  Delete the ties 4 years after object creation

F.  Create an S3 bucket Lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation Move the files to S3 Glacier 4 years after object carton.

Answer: B

Explanation:

https://aws.amazon.com/s3/storage-classes/?trk=66264cd8-3b73-416c-9693-ea7cf4fe846a&sc_channel=ps&s_k

NEW QUESTION 93

-  (Exam Topic 1)

A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.

What should a solutions architect do to meet these requirements?

A.  Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat

B.  Apply the certificate to the AL

C.  Use the managed renewal feature to automatically rotate the certificate.

D.  Use AWS Certificate Manager (ACM) to issue an SSL/TLS certificat

E.  Import the key material from the certificat

F.  Apply the certificate to the AL

G.  Use the managed renewal feature to automatically rotate the certificate.

H.  Use AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root C

I.  Apply the certificate to the AL

J.  Use the managed renewal feature to automatically rotate the certificate.

K.  Use AWS Certificate Manager (ACM) to import an SSL/TLS certificat

L.  Apply the certificate to the AL

M.  Use Amazon EventBridge (Amazon CloudWatch Events) to send a notification when the certificate is nearing expiratio

N.  Rotate the certificate manually.

Answer: D

NEW QUESTION 94

-  (Exam Topic 1)

A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes The application data must be stored in a standard file system structure The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.

Which solution will meet these requirements?

A.  Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage

B.  Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage

C.  Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou

D.  Use Amazon Elastic File System (Amazon EFS) for storage.

E.  Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou

F.  Use Amazon Elastic Block Store (Amazon EBS) for storage.

Answer: C

Explanation:

EFS is a standard file system, it scales automatically and is highly available.

NEW QUESTION 96

-  (Exam Topic 1)

A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect

needs to implement a solution to ingest and store the alerts for future analysis.

The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Ad ditionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days.

What is the MOST operationally efficient solution that meets these requirements?

A.  Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days

B.  Launch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts Create a script on the EC2 instances that will store tne alerts m an Amazon S3 bucket Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days

C.  Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon Elasticsearch Service (Amazon ES) duster Set up the Amazon ES cluster to take manual snapshots every day and delete data from the duster that is older than 14 days

D.  Create an Amazon Simple Queue Service (Amazon SQS i standard queue to ingest the alerts and set the message retention period to 14 days Configure consumers to poll the SQS queue check the age of the message and analyze the message data as needed If the message is 14 days old the consumer should copy the message to an Amazon S3 bucket and delete the message from the SQS queue