AWS Weird Ones

114 Questions | Total Attempts: 507

SettingsSettingsSettings
Please wait...
AWS Weird Ones

This example quiz shows that you may upload a certificate with your own branding, logo, signature, design and even custom text.


Questions and Answers
  • 1. 
    An application stack includes an Elastic Load Balancer in a public subnet, a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS MySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure. How should a Solutions Architect perform this task?
    • A. 

      Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

    • B. 

      Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

    • C. 

      Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

    • D. 

      Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

  • 2. 
    A legacy application needs to interact with local storage using iSCSI. A team needs to design a reliable storage solution to provision all new storage on AWS. Which storage solution meets the legacy application requirements?
    • A. 

      AWS Snowball storage for the legacy application until the application can be re-architected.

    • B. 

      AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3.

    • C. 

      AWS Storage Gateway in stored mode for the legacy application storage to write data to Amazon S3.

    • D. 

      An Amazon S3 volume mounted on the legacy application server locally using the File Gateway service

  • 3. 
    A company is launching an application that it expects to be very popular. The company needs a database that can scale with the rest of the application. The schema will change frequently. The application cannot afford any downtime for database changes. Which AWS service allows the company to achieve these objectives?
    • A. 

      Amazon Redshift

    • B. 

      Amazon DynamoDB

    • C. 

      Amazon RDS MySQL

    • D. 

      Amazon Aurora

  • 4. 
    A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3. What could be the problem, given that the application logic is otherwise correct?
    • A. 

      The application is reading parts of objects from Amazon S3 using a range header.

    • B. 

      The application is reading objects from Amazon S3 using parallel object requests.

    • C. 

      The application is updating records by writing new objects with unique keys.

    • D. 

      The application is updating records by overwriting existing objects with the same keys.

  • 5. 
    A Lambda function must execute a query against an Amazon RDS database in a private subnet. Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)
    • A. 

      Create a VPC Endpoint for Amazon RDS.

    • B. 

      Create the Lambda function within the Amazon RDS VPC.

    • C. 

      Change the ingress rules of Lambda security group, allowing the Amazon RDS security group.

    • D. 

      Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.

    • E. 

      Add an Internet Gateway (IGW) to the VPC, route the private subnet to the IGW.

  • 6. 
    A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region. Which approach can the Architect take to address this requirement?
    • A. 

      Modify the Redshift cluster and configure cross-region snapshots to the other region.

    • B. 

      Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region.

    • C. 

      Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region.

    • D. 

      Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.

  • 7. 
    A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available. What should an administrator do to improve performance?
    • A. 

      Convert the database to Amazon Redshift.

    • B. 

      Create a CloudFront distribution.

    • C. 

      Convert the database to use EBS Provisioned IOPS.

    • D. 

      Create one or more read replicas.

  • 8. 
    A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.)
    • A. 

      Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.

    • B. 

      Store all static files in a multi-AZ Amazon Aurora database.

    • C. 

      Create an CloudFront distribution pointing to static content in Amazon S3.

    • D. 

      Use Amazon Route 53 to route traffic to the correct region.

    • E. 

      Use Amazon S3 multi-part uploads to improve upload times.

  • 9. 
    A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet the requirements?
    • A. 

      Configure the database security group to allow database traffic from the application server IP addresses.

    • B. 

      Configure the database security group to allow database traffic from the application server security group.

    • C. 

      Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.

    • D. 

      Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.

  • 10. 
    A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solution Architect determines that a large percentage of the call center staff starts work at 9:00 AM, so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix the problem?
    • A. 

      Change the Auto Scaling groups scale out event to scale based on network utilization.

    • B. 

      Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30 AM every morning.

    • C. 

      Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.

    • D. 

      Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources, but leverage Spot Instances.

  • 11. 
    An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week after the product is launched. Which is the MOST efficient way for management to ensure that capacity requirements are met?
    • A. 

      Add a Step Scaling policy.

    • B. 

      Add a Dynamic Scaling policy.

    • C. 

      Add a Scheduled Scaling action.

    • D. 

      Add Amazon EC2 Spot Instances.

  • 12. 
    A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance. Which changes to the architecture will provide high availability at the LOWEST cost?
    • A. 

      Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an Application Load Balancer to balance the traffic.

    • B. 

      Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.

    • C. 

      Create an Auto Scaling group with a maximum of two instances, then use an Application Load Balancer to balance the traffic.

    • D. 

      Recreate the API using Amazon API Gateway and integrate the new API with the existing backend service.

  • 13. 
    A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors. What can a Solutions Architect do to address these issues?
    • A. 

      Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.

    • B. 

      Cache the web content with Amazon CloudFront and use all Edge locations for content delivery

    • C. 

      Replicate the bucket in eu-west-1 and use an Amazon Route 53 failover routing policy to determine which bucket it should serve the request to.

    • D. 

      Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute the GET request between CloudFront and the Amazon S3 bucket directly.

  • 14. 
    A company's development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance of Amazon S3. Which naming scheme should the company use?
    • A. 

      Add a date as the prefix.

    • B. 

      Add a sequential id as the suffix.

    • C. 

      Add a hexadecimal hash as the suffix.

    • D. 

      Add a hexadecimal hash as the prefix.

  • 15. 
    A company has a legacy application using a proprietary file system and plans to migrate the application to AWS. Which storage service should the company use?
    • A. 

      Amazon DynamoDB

    • B. 

      Amazon S3

    • C. 

      Amazon EBS

    • D. 

      Amazon EFS

  • 16. 
    A company plans to use AWS for all new batch processing workloads. The company's developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7. How should a Solutions Architect design this architecture in a cost-efficient manner?
    • A. 

      Purchase Reserved Instances to run all containers. Use Auto Scaling groups to schedule jobs.

    • B. 

      Host a container management service on Spot Instances. Use Reserved Instances to run Docker containers.

    • C. 

      Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances.

    • D. 

      Use Amazon ECS to manage container orchestration. Purchase Reserved Instances to run all batch workloads at the same time.

  • 17. 
    A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case?
    • A. 

      Amazon S3

    • B. 

      Amazon RDS

    • C. 

      Amazon RedShift

    • D. 

      AWS Storage Gateway

  • 18. 
    A company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective solution? (Choose two.)
    • A. 

      Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint.

    • B. 

      Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.

    • C. 

      Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.

    • D. 

      Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.

    • E. 

      Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.

  • 19. 
    A manufacturing company captures data from machines running at customer sites. Currently, thousands of machines send data every 5 minutes, and this is expected to grow to hundreds of thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed. What is the SIMPLEST method to store this streaming data at scale?
    • A. 

      Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.

    • B. 

      Create an Auto Scaling group of Amazon EC2 servers behind ELBs to write the data into Amazon RDS.

    • C. 

      Create an Amazon SQS queue, and have the machines write to the queue.

    • D. 

      Create an Amazon EC2 server farm behind an ELB to store the data in Amazon EBS Cold HDD volumes.

  • 20. 
    A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading images through the web server will create too much traffic. What is the MOST efficient method to store images from a mobile application on Amazon S3?
    • A. 

      Upload directly to S3 using a pre-signed URL.

    • B. 

      Upload to a second bucket, and have a Lambda event copy the image to the primary bucket.

    • C. 

      Upload to a separate Auto Scaling group of servers behind an ELB Classic Load Balancer, and have them write to the Amazon S3 bucket.

    • D. 

      Expand the web server fleet with Spot Instances to provide the resources to handle the images.

  • 21. 
    A Solutions Architect has a multi-layer application running in Amazon VPC. The application has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon EC2-based reverse proxy that performs content-based routing to two backend Amazon EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth and is concerned that the reverse proxy and current backend set up will be insufficient. Which actions should the Architect take to achieve a cost-effective solution that ensures the application automatically scales to meet traffic demand? (Select two.)
    • A. 

      Replace the Amazon EC2 reverse proxy with an ELB internal Classic Load Balancer.

    • B. 

      Add Auto Scaling to the Amazon EC2 backend fleet.

    • C. 

      Add Auto Scaling to the Amazon EC2 reverse proxy layer.

    • D. 

      Use t2 burstable instance types for the backend fleet.

    • E. 

      Replace both the frontend and reverse proxy layers with an ELB Application Load Balancer.

  • 22. 
    A Solutions Architect is designing a solution to store a large quantity of event data in Amazon S3. The Architect anticipates that the workload will consistently exceed 100 requests each second. What should the Architect do in Amazon S3 to optimize performance?
    • A. 

      Randomize a key name prefix.

    • B. 

      Store the event data in separate buckets.

    • C. 

      Randomize the key name suffix.

    • D. 

      Use Amazon S3 Transfer Acceleration.

  • 23. 
    An application stack includes an Elastic Load Balancer in a public subnet, a fleet of Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS MySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure. How should a Solutions Architect perform this task?
    • A. 

      Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

    • B. 

      Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

    • C. 

      Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster.

    • D. 

      Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster.

  • 24. 
    A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the Architect meet this requirement?
    • A. 

      Create an IAM role that allows access from the corporate network to Amazon S3.

    • B. 

      Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.

    • C. 

      Use Amazon API Gateway to do IP whitelisting

    • D. 

      Configure IP whitelisting on the customer’s gateway

  • 25. 
    A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances. How should the request be authorized?
    • A. 

      Create an IAM access and secret key, and store it in the Lambda function.

    • B. 

      Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances.

    • C. 

      Create an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.

    • D. 

      Create an IAM access and secret key, and store it in an encrypted RDS database.

  • 26. 
    Which one do you like?
    • A. 

      Option 1

    • B. 

      Option 2

    • C. 

      Option 3

    • D. 

      Option 4

  • 27. 
    An interactive, dynamic website runs on Amazon EC2 instances in a single subnet behind an ELB Classic Load Balancer. Which design changes will make the site more highly available?
    • A. 

      Move some Amazon EC2 instances to a subnet in a different AZ"

    • B. 

      Move the website to Amazon S3.

    • C. 

      Change the ELB to an Application Load Balancer.

    • D. 

      Move some Amazon EC2 instances to a subnet in the same Availability Zone.

  • 28. 
    A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table. What combination of steps does AWS recommend to achieve secure authorization? (Select two.)
    • A. 

      Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table.

    • B. 

      Attach an IAM user to the Amazon EC2 instance.

    • C. 

      Create an IAM role with permissions to write to the DynamoDB table.

    • D. 

      Attach an IAM role to the Amazon EC2 instance.

    • E. 

      Attach an IAM policy to the Amazon EC2 instance.

  • 29. 
    A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements: 1 They get an alert when the requests per second go over 50,000 2 They get an alert when latency goes over 5 seconds 3 They can validate how many times a day users call the API requesting highly-sensitive data Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.)
    • A. 

      Ensure that CloudTrail is enabled.

    • B. 

      Create a custom CloudWatch metric to monitor the API for data access.

    • C. 

      Configure CloudWatch alarms for any metrics the support team requires.

    • D. 

      Ensure that detailed monitoring for the EC2 instances is enabled.

    • E. 

      Create an application to export and save CloudWatch metrics for longer term trending analysis.

  • 30. 
    A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation. What is the MOST efficient way to fulfill this requirement?
    • A. 

      Use Amazon CloudWatch to monitor utilization.

    • B. 

      Use Amazon API Gateway to monitor availability.

    • C. 

      Use an Amazon Elastic Load Balancer.

    • D. 

      Use Amazon Route 53 health checks.

  • 31. 
    A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers. How should the Architect design a solution to meet the requirements without impacting running applications?
    • A. 

      Create a network ACL on the web server’s subnet, and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet.

    • B. 

      Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.

    • C. 

      Create a network ACL on the web server’s subnet, and allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic.

    • D. 

      Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.

  • 32. 
    An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames. Which AWS service will decouple the users from specific Amazon EC2 instances?
    • A. 

      Amazon SQS

    • B. 

      Auto Scaling group

    • C. 

      Amazon EC2 security group

    • D. 

      Amazon ELB

  • 33. 
    A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency. Which data storage method fulfills the above requirements?
    • A. 

      Store data in a filesystem backed by Amazon Elastic File System (EFS).

    • B. 

      Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a filesystem to the database server.

    • C. 

      Store data in Amazon Dynamo DB and emulate relational database semantics.

    • D. 

      Stripe data across multiple Amazon EBS volumes using RAID 0

  • 34. 
    A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost. This can be accomplished with:
    • A. 

      An egress-only internet gateway

    • B. 

      A NAT gateway

    • C. 

      A custom NAT instance

    • D. 

      A VPC endpoint

  • 35. 
    A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application. How can the report be created without affecting the performance of the application?
    • A. 

      Create a read replica of the database.

    • B. 

      Provision a new RDS instance as a secondary master.

    • C. 

      Configure the database to be in multiple regions.

    • D. 

      Increase the number of provisioned storage IOPS.

  • 36. 
    A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required. What is the MOST cost-effective way to purchase compute for this platform?
    • A. 

      Scheduled Reserved Instances

    • B. 

      Convertible Reserved Instances

    • C. 

      Standard Reserved Instances

    • D. 

      Spot Instances

  • 37. 
    A Solution Architect has a two-tier application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone. Which additional services will improve the availability of the application? (Choose two.)
    • A. 

      Auto Scaling group

    • B. 

      AWS CloudTrail

    • C. 

      ELB Classic Load Balancer

    • D. 

      Amazon DynamoDB

    • E. 

      Amazon ElastiCache

  • 38. 
    A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system. What security measure would satisfy these requirements?
    • A. 

      Store the AWS Access Key ID/Secret Access Key combination in software comments

    • B. 

      Assign an IAM user to the Amazon EC2 instance.

    • C. 

      Assign an IAM role to the Amazon EC2 instance.

    • D. 

      Enable multi-factor authentication for the AWS root account.

  • 39. 
    An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time. What solution should be implemented to improve database performance using persistent storage?
    • A. 

      Migrate the data on the Amazon EBS volume to an SSD-backed volume.

    • B. 

      Change the EC2 instance type to one with EC2 instance store volumes.

    • C. 

      Migrate the data on the EBS volume to provisioned IOPS SSD (io1).

    • D. 

      Change the EC2 instance type to one with burstable performance.

  • 40. 
    A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6 TB of data and will grow exponentially. Which solution should a Solutions Architect recommend?
    • A. 

      Amazon Aurora

    • B. 

      Amazon Redshift

    • C. 

      Amazon DynamoDB

    • D. 

      Amazon RDS MySQL

  • 41. 
    A company hosts a two-tier application that consists of a publicly accessible web server that communicates with a private database. Only HTTPS port 443 traffic to the web server must be allowed from the Internet. Which of the following options will achieve these requirements? (Choose two.)
    • A. 

      Security group rule that allows inbound Internet traffic for port 443.

    • B. 

      Security group rule that denies all inbound Internet traffic except port 443.

    • C. 

      Network ACL rule that allows port 443 inbound and all ports outbound for Internet traffic.

    • D. 

      Security group rule that allows Internet traffic for port 443 in both inbound and outbound.

    • E. 

      Network ACL rule that allows port 443 for both inbound and outbound for all Internet traffic.

  • 42. 
    A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have private connectivity to Amazon DynamoDB in the same AWS Region. The design should route DynamoDB traffic through:
    • A. 

      VPC peering connection.

    • B. 

      NAT gateway

    • C. 

      VPC endpoint

    • D. 

      AWS Direct Connect

  • 43. 
    A Solutions Architect is architecting a workload that requires a performant object-based storage system that must be shared with multiple Amazon EC2 instances. Which AWS service meets this requirement?
    • A. 

      Amazon EFS

    • B. 

      Amazon S3

    • C. 

      Amazon EBS

    • D. 

      Amazon ElastiCache

  • 44. 
    A company runs a legacy application with a single-tier architecture on an Amazon EC2 instance. Disk I/O is low, with occasional small spikes during business hours. The company requires the instance to be stopped from 8 PM to 8 AM daily. Which storage option is MOST appropriate for this workload?
    • A. 

      Amazon EC2 instance storage

    • B. 

      Amazon EBS General Purpose SSD (gp2) storage

    • C. 

      Amazon S3

    • D. 

      Amazon EBS Provision IOPS SSD (io1) storage

  • 45. 
    As part of securing an API layer built on Amazon API gateway, a Solutions Architect has to authorize users who are currently authenticated by an existing identity provider. The users must be denied access for a period of one hour after three unsuccessful attempts. How can the Solutions Architect meet these requirements?
    • A. 

      Use AWS IAM authorization and add least-privileged permissions to each respective IAM role.

    • B. 

      Use an API Gateway custom authorizer to invoke an AWS Lambda function to validate each users identity.

    • C. 

      Use Amazon Cognito user pools to provide built-in user management.

    • D. 

      Use Amazon Cognito user pools to integrate with external identity providers.

  • 46. 
    A development team is building an application with front-end and backend application tiers. Each tier consists of Amazon EC2 instances behind an ELB Classic Load Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale. What should the VPC subnet design be in each Availability Zone?
    • A. 

      One public subnet for the load balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier.

    • B. 

      One shared public subnet for all tiers of the application.

    • C. 

      One public subnet for the load balancer tier and one shared private subnet for the application tiers.

    • D. 

      One shared private subnet for all tiers of the application.

  • 47. 
    A Solutions Architect must select the storage type for a big data application that requires very high sequential I/O. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?
    • A. 

      An Amazon EC2 instance store local SSD volume.

    • B. 

      An Amazon EBS provisioned IOPS SSD volume.

    • C. 

      An Amazon EBS throughput optimized HDD volume

    • D. 

      An Amazon EBS general purpose SSD volume.

  • 48. 
    Two Auto Scaling applications, Application A and Application B, currently run within a shared set of subnets. A Solutions Architect wants to make sure that Application A can make requests to Application B, but Application B should be denied from making requests to Application A. Which is the SIMPLEST solution to achieve this policy?
    • A. 

      Using security groups that reference the security groups of the other application

    • B. 

      Using security groups that reference the application servers IP addresses

    • C. 

      Using Network Access Control Lists to allow/deny traffic based on application IP addresses

    • D. 

      Migrating the applications to separate subnets from each other

  • 49. 
    A Solutions Architect needs to design an architecture for a new, mission-critical batch processing billing application. The application is required to run Monday, Wednesday, and Friday from 5 AM to 11 AM. Which is the MOST cost-effective Amazon EC2 pricing model?
    • A. 

      Amazon EC2 Spot Instances

    • B. 

      On-Demand Amazon EC2 Instances

    • C. 

      Scheduled Reserved Instances

    • D. 

      Dedicated Amazon EC2 Instances

  • 50. 
    An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet. How can these requirements be met?
    • A. 

      Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the NAT gateway.

    • B. 

      Configure a gateway VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.

    • C. 

      Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.

    • D. 

      Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.

  • 51. 
    Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.
    • A. 

      Amazon S3

    • B. 

      Amazon Glacier

    • C. 

      Amazon EFS

    • D. 

      AWS Storage Gateway

  • 52. 
    A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications will save objects. How can the Architect ensure that when an application uploads an object to the Amazon S3 bucket, the object is encrypted?
    • A. 

      Set a CORS configuration.

    • B. 

      Set a bucket policy to encrypt all Amazon S3 objects.

    • C. 

      Enable default encryption on the bucket.

    • D. 

      Set permission for users.

  • 53. 
    A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows: ✑ Limit access to users origination from the corporate network. ✑ Web servers cannot have SSH access directly from the Internet. ✑ Web servers reside in a private subnet. Which combination of steps must the Architect complete to meet these requirements? (Choose two.)
    • A. 

      Create a bastion host that authenticates users against the corporate directory.

    • B. 

      Create a bastion host with security group rules that only allow traffic from the corporate network.

    • C. 

      Attach an IAM role to the bastion host with relevant permissions.

    • D. 

      Configure the web servers security group to allow SSH traffic from a bastion host.

    • E. 

      Deny all SSH traffic from the corporate network in the inbound network ACL.

  • 54. 
    A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premises datacenter. Which solution allows rapid provision of working, fully-scaled production environment?
    • A. 

      Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary.

    • B. 

      Continuously replicate the production database server to Amazon RDS. Create one application load balancer and register on-premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down

    • C. 

      Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy.

    • D. 

      Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.

  • 55. 
    A Solutions Architect is designing a solution that can monitor memory and disk space utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution meets this requirement?  
    • A. 

      Default Amazon CloudWatch metrics.

    • B. 

      Custom Amazon CloudWatch metrics.

    • C. 

      Amazon Inspector resource monitoring.

    • D. 

      Default monitoring of Amazon EC2 instances.

  • 56. 
    A Solutions Architect is creating a new relational database. The Compliance team will use the database, and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect Use?
    • A. 

      Amazon Aurora

    • B. 

      Amazon RDS MySQL with Multi-AZ enabled

    • C. 

      Amazon DynamoDB

    • D. 

      Amazon ElastiCache

  • 57. 
    An organization has a long-running image processing application that runs on Spot Instances that will be terminated when interrupted. A highly available workload must be designed to respond to Spot Instance interruption notices. The solution must include a two-minute warning when there is not enough capacity. How can these requirements be met?
    • A. 

      Use Amazon CloudWatch Events to invoke an AWS Lambda function that can launch On-Demand Instances.

    • B. 

      Regularly store data from the application on Amazon DynamoDB. Increase the maximum number of instances in the AWS Auto Scaling group.

    • C. 

      Manually place a bid for additional Spot Instances at a higher price in the same AWS Region and Availability Zone.

    • D. 

      Ensure that the Amazon Machine Image associated with the application has the latest configurations for the launch configuration.

  • 58. 
    A company has an Amazon RDS-managed online transaction processing system that has very heavy read and write. The Solutions Architect notices throughput issues with the system. How can the responsiveness of the primary database be improved?
    • A. 

      Use asynchronous replication for standby to maximize throughput during peak demand.

    • B. 

      Offload SELECT queries that can tolerate stale data to READ replica.

    • C. 

      Offload SELECT and UPDATE queries to READ replica.

    • D. 

      Offload SELECT query that needs the most current data to READ replica.

  • 59. 
    A Solutions Architect is developing a new web application on AWS. The Architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances. What solution is appropriate?
    • A. 

      Amazon API Gateway and AWS Lambda

    • B. 

      Elastic Load Balancing with Auto Scaling groups and Amazon EC2

    • C. 

      Amazon API Gateway and Amazon EC2

    • D. 

      Amazon CloudFront and AWS Lambda

  • 60. 
    A Solutions Architect is deploying a new production MySQL database on AWS. It is critical that the database is highly available. What should the Architect do to achieve this goal with Amazon RDS?
    • A. 

      Create a read replica of the primary database and deploy it in a different AWS Region.

    • B. 

      Enable multi-AZ to create a standby database in a different Availability Zone.

    • C. 

      Enable multi-AZ to create a standby database in a different AWS Region.

    • D. 

      Create a read replica of the primary database and deploy it in a different Availability Zone.

  • 61. 
    An organization designs a mobile application for their customers to upload photos to a site. The application needs a secure login with MFA. The organization wants to limit the initial build time and maintenance of the solution. Which solution should a Solutions Architect recommend to meet the requirements?
    • A. 

      Use Amazon Cognito Identity with SMS-based MFA.

    • B. 

      Edit AWS IAM policies to require MFA for all users.

    • C. 

      Federate IAM against corporate AD that requires MFA.

    • D. 

      Use Amazon API Gateway and require SSE for photos.

  • 62. 
    A company hosts a website on premises. The website has a mix of static and dynamic content, but users experience latency when loading static files. Which AWS service can help reduce latency?
    • A. 

      Amazon CloudFront with on-premises servers as the origin

    • B. 

      ELB Application Load Balancer

    • C. 

      Amazon Route 53 latency-based routing

    • D. 

      Amazon EFS to store and server static files

  • 63. 
    A company wants to analyze all of its sales information aggregated over the last 12 months. The company expects there to be over 10TB of data from multiple sources. What service should be used?
    • A. 

      Amazon DynamoDB

    • B. 

      Amazon Aurora MySQL

    • C. 

      Amazon RDS MySQL

    • D. 

      Amazon Redshift

  • 64. 
    A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy. The web servers Auto Scaling group currently has 15 instances running. Which instance will be terminated first during a scale-in operation?
    • A. 

      The instance with the oldest launch configuration.

    • B. 

      The instance in the Availability Zone that has most instances.

    • C. 

      The instance closest to the next billing hour.

    • D. 

      The oldest instance in the group.

  • 65. 
    A retail company has sensors placed in its physical retail stores. The sensors send messages over HTTP when customers interact with in-store product displays. A Solutions Architect needs to implement a system for processing those sensor messages; the results must be available for the Data Analysis team. Which architecture should be used to meet these requirements?
    • A. 

      Implement an Amazon API Gateway to server as the HTTP endpoint. Have the API Gateway trigger an AWS Lambda function to process the messages, and save the results to an Amazon DynamoDB table.

    • B. 

      Create an Amazon EC2 instance to server as the HTTP endpoint and to process the messages. Save the results to Amazon S3 for the Data Analysis team to download.

    • C. 

      Use Amazon Route 53 to direct incoming sensor messages to a Lambda function to process the message and save the results to a Amazon DynamoDB table.

    • D. 

      Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written directly to a DynamoDB table where it can be accessed by the Data Analysis team.

  • 66. 
    A company has an Amazon RDS database backing its production website. The Sales team needs to run queries against the database to track training program effectiveness. Queries against the production database cannot impact performance, and the solution must be easy to maintain. How can these requirements be met?
    • A. 

      Use an Amazon Redshift database. Copy the product database into Redshift and allow the team to query it.

    • B. 

      Use an Amazon RDS read replica of the production database and allow the team to query against it.

    • C. 

      Use multiple Amazon EC2 instances running replicas of the production database, placed behind a load balancer.

    • D. 

      Use an Amazon DynamoDB table to store a copy of the data.

  • 67. 
    A company must collect temperature data from thousands of remote weather devices. The company must also store this data in a data warehouse to run aggregations and visualizations. Which services will meet these requirements? (Choose two.)
    • A. 

      Amazon Kinesis Data Firehouse

    • B. 

      Amazon SQS

    • C. 

      Amazon Redshift

    • D. 

      Amazon SNS

    • E. 

      Amazon DynamoDB

  • 68. 
    Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stop rather than terminate when its Spot Instance is interrupted? (Choose two.)
    • A. 

      The Spot Instance request type must be one-time.

    • B. 

      The Spot Instance request type must be persistent.

    • C. 

      The root volume must be an Amazon EBS volume.

    • D. 

      The root volume must be an instance store volume.

    • E. 

      The launch configuration is changed.

  • 69. 
    An application hosted on AWS uses object storage for storing internal reports that are accessed daily by the CFO. Currently, these reports are publicly available. How should a Solutions Architect re-design this architecture to prevent unauthorized access to these reports?
    • A. 

      Encrypt the files on the client side and store the files on Amazon Glacier, then decrypt the reports on the client side.

    • B. 

      Move the files to Amazon ElastiCache and provide a username and password for downloading the reports.

    • C. 

      Specify the use of AWS KMS server-side encryption at the time of an object creation on Amazon S3.

    • D. 

      Store the files on Amazon S3 and use the application to generate S3 pre-signed URLs to users.

  • 70. 
    A company wants to durably store data in 8 KB chunks. The company will access the data once every few months. However, when the company does access the data, it must be done with as little latency as possible. Which AWS service should a Solutions Architect recommend if cost is NOT a factor?
    • A. 

      Amazon DynamoDB

    • B. 

      Amazon EBS Throughput Optimized HDD Volumes

    • C. 

      Amazon EBS Cold HDD Volumes

    • D. 

      Amazon ElastiCache

  • 71. 
    A media company has more than 100TB of data to be stored and retrieved infrequently. However, the company occasionally receives requests for data within an hour. The company needs a low-cost retrieval method to handle the requests. Which service meets this requirement?
    • A. 

      Amazon S3 Standard

    • B. 

      Amazon Glacier standard retrievals

    • C. 

      Amazon Glacier bulk retrievals

    • D. 

      Amazon S3 Standard Infrequent Access

  • 72. 
    An on-premises database is experiencing significant performance problems when running SQL queries. With 10 users, the lookups are performing as expected. As the number of users increases, the lookups take three times longer than expected to return values to an application.   Which action should a Solutions Architect take to maintain performance as the user count increases?
    • A. 

      Use Amazon SQS.

    • B. 

      Deploy Multi-AZ RDS MySQL

    • C. 

      Configure Amazon RDS with additional read replicas.

    • D. 

      Migrate from MySQL to RDS Microsoft SQL Server.

  • 73. 
    A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger a Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability?
    • A. 

      Enable cross-region replication in the Amazon S3 bucket.

    • B. 

      Create a Lambda function for each Availability Zone the application is deployed in.

    • C. 

      Enable multi-AZ on the RDS PostgreSQL database.

    • D. 

      Create a DynamoDB stream for the DynamoDB table.

  • 74. 
    A company wants to improve the performance of their web application after receiving customer complaints. An analysis concluded that the same complex database queries were causing increased latency. What should a Solutions Architect recommend to improve the application’s performance?
    • A. 

      Migrate the database to MySQL.

    • B. 

      Use Amazon RedShift to analyze the queries.

    • C. 

      Integrate Amazon ElastiCache into the application.

    • D. 

      Use a Lambda-triggered request to the backend database.

  • 75. 
    A Solutions Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted. Which is the MOST efficient option to fulfill the security policy using Amazon RDS?
    • A. 

      Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and backups.

    • B. 

      Launch an Amazon RDS instance. Enable encryption for database, logs and backups.

    • C. 

      Launch an Amazon RDS instance with encryption enabled. Logs and backups are automatically encrypted.

    • D. 

      Launch an Amazon RDS instance. Enable encryption for backups. Encrypt logs with a database-engine feature.

  • 76. 
    Which one do you like?
    • A. 

      Option 1

    • B. 

      Option 2

    • C. 

      Option 3

    • D. 

      Option 4

  • 77. 
    An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are terminated, the Systems Operations team cannot determine the route cause, because the logs reside on the terminated instances and are lost. How can the root cause be determined?
    • A. 

      Use ephemeral volumes to store the log files.

    • B. 

      Use a scheduled Amazon CloudWatch Event to take regular Amazon EBS snapshots.

    • C. 

      Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs.

    • D. 

      Use AWS CloudTrail to pull the logs from the Amazon EC2 instances.

  • 78. 
    Employees from several companies use an application once a year during a specific 30-day period. The periods are different for each company. Traffic to the application spikes during these 30-day periods. How can the application be designed to handle these traffic spikes?
    • A. 

      Use an Amazon Route 53 latency routing policy to route traffic to an Amazon EC2 instance with the least lag time.

    • B. 

      Use Amazon S3 to cache static elements of the website requests.

    • C. 

      Use an Auto Scaling group to scale the number of EC2 instances to match the site traffic.

    • D. 

      Use Amazon Cloud Front to serve static assets to decrease the load on the EC2 instances.

  • 79. 
    A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free. What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list?
    • A. 

      Amazon SNS

    • B. 

      AWS Lambda with sequential dispatch

    • C. 

      A FIFO queue in Amazon SQS

    • D. 

      A standard queue in Amazon SQS

  • 80. 
    A Solutions Architect is designing a solution for a dynamic website, example.com, that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to example.com. Which service should the Architect use to achieve this goal with the LEAST administrative effort?
    • A. 

      Amazon CloudFront with geolocation routing

    • B. 

      Amazon Route 53

    • C. 

      Application Load Balancer

    • D. 

      Network Load Balancer deployed across multiple regions

  • 81. 
    A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud. Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?
    • A. 

      Amazon EC2 and an Application Load Balancer

    • B. 

      Amazon S3 and Amazon CloudFront

    • C. 

      Amazon EC2 and Amazon Elastic Transcoder

    • D. 

      AWS Lambda and Amazon API Gateway

  • 82. 
    An application uses an Amazon RDS MySQL cluster for the database layer. Database growth requires periodic resizing of the instance. Currently, administrators check the available disk space manually once a week. How can this process be improved?
    • A. 

      Use the largest instance type for the database.

    • B. 

      Use AWS CloudTrail to monitor storage capacity.

    • C. 

      Use Amazon CloudWatch to monitor storage capacity.

    • D. 

      Use Auto Scaling to increase storage size.

  • 83. 
    A customer owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it rarely changed. Clients only access one record at a time. Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems. Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?
    • A. 

      Amazon RDS

    • B. 

      Amazon DynamoDB

    • C. 

      Amazon Redshift

    • D. 

      AWS Data Pipeline

  • 84. 
    A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints. Which of the following should the Architect recommend?
    • A. 

      Create a crontab job script in each instance to push the logs regularly to Amazon S3.

    • B. 

      Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.

    • C. 

      Enable Amazon CloudWatch Events in the AWS Management Console.

    • D. 

      Enable AWS CloudTrail to map all API calls invoked by the applications.

  • 85. 
    A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued. Which of the following answers this question?
    • A. 

      The user needs to place a PUT request to decrypt the object.

    • B. 

      The user needs to decrypt the object using a private key.

    • C. 

      Amazon S3 manages encryption and decryption automatically.

    • D. 

      Amazon S3 provides a server-side key for decrypting the object.

  • 86. 
    An application is running on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault-tolerant up to the loss of one Availability Zone. Which is the MOST cost-efficient way to meet these requirements?
    • A. 

      Deploy two instances in each of three Availability Zones.

    • B. 

      Deploy two instances in each of two Availability Zones.

    • C. 

      Deploy four instances in each of two Availability Zones.

    • D. 

      Deploy one instance in each of three Availability Zones.

  • 87. 
    A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators. Which of the following options should the Architect recommend? (Choose two.)
    • A. 

      Create a bastion host in a public subnet, and use the bastion host to connect to the database.

    • B. 

      Log in to the web servers in the public subnet to connect to the database.

    • C. 

      Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet.

    • D. 

      Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database.

    • E. 

      Attach an Elastic IP address to the database.

  • 88. 
    A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours. What is the MOST cost-effective way to provide enough compute?
    • A. 

      Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.

    • B. 

      Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.

    • C. 

      Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM.

    • D. 

      Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM

  • 89. 
    A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two Availability Zones. What would be the MOST appropriate VPC design for this specific use case?
    • A. 

      Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS.

    • B. 

      One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS.

    • C. 

      One public subnet for the elastic load balancer, one public subnet for the web servers, and one private subnet for the database.

    • D. 

      Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.

  • 90. 
    A workload in an Amazon VPC consists of a single web server launched from a custom AMI. Session state is stored in a database. How should the Solutions Architect modify this workload to be both highly available and scalable?
    • A. 

      Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones. Create an Auto Scaling group with the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group.

    • B. 

      Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group.

    • C. 

      Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group.

    • D. 

      Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use Amazon Route 53 weighted routing to balance traffic across the Auto Scaling group.

  • 91. 
    A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task?
    • A. 

      EC2 Reserved Instances

    • B. 

      EC2 Spot Instances

    • C. 

      EC2 Dedicated Hosts

    • D. 

      EC2 Placement Groups

  • 92. 
    A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10,000 records daily as they arrive in the Kinesis stream. The MOST scalable way to design the microservice is:
    • A. 

      As an AWS Lambda function.

    • B. 

      As a process on an Amazon EC2 instance.

    • C. 

      As a Docker container running on Amazon ECS.

    • D. 

      As a Docker container on an EC2 instance.

  • 93. 
    A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU is greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each Monday, and 80% of students, attempt to access their unique result within the first 30 minutes. Despite Auto Scaling being enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. on Monday. Which recommendation should a Solutions Architect make to improve performance in a cost-effective manner?
    • A. 

      Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load.

    • B. 

      Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units.

    • C. 

      Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30 a.m.

    • D. 

      Use Amazon CloudFront to cache web request and reduce the load on EC2 and DynamoDB.

  • 94. 
    As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration?
    • A. 

      Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.

    • B. 

      Use a third-party solution for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.

    • C. 

      Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.

    • D. 

      Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.

  • 95. 
    A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application. How can a Solutions Architect meet this requirement?
    • A. 

      Enable AWS CloudTrail for the Application Load Balancer.

    • B. 

      Enable Access Logs on the Application Load Balancer.

    • C. 

      Install CloudWatch Agent on the Application Load Balancer.

    • D. 

      Enable CloudWatch metrics on the Application Load Balancer.

  • 96. 
    An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances. What should the Solutions Architect recommend to optimize the cost of the environment after business hours?
    • A. 

      Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost.

    • B. 

      Replace all On-Demand Instances with Spot Instances in the Auto Scaling group.

    • C. 

      Purchase Reserved Instances for the minimum number of Auto Scaling instances.

    • D. 

      Reduce the number of minimum instances to 0. New requests to the Application Load Balancer create new instances.

  • 97. 
    A Solutions Architect is designing a web application for document sharing. The users will upload documents that are then made available to other users. There will be tens of thousands of these documents. What is the MOST cost-effective storage solution?
    • A. 

      Amazon EFS

    • B. 

      Amazon S3

    • C. 

      Amazon Glacier

    • D. 

      Amazon EBS

  • 98. 
    A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices. What should the Architect do to implement security best practices in an efficient manner?
    • A. 

      Use VPC peering to enforce network consistency

    • B. 

      Restrict users from deploying an AWS CloudFormation template

    • C. 

      Provide the teams a nested AWS CloudFormation template that builds the VPC correctly

    • D. 

      Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards

  • 99. 
    An application currently stores objects in Amazon S3-Standard. The application accesses new objects frequently for one week. After one week, they are accessed occasionally for analysis batch jobs. A Solutions Architect has been asked to reduce storage costs for the application while allowing immediate access for batch jobs. How can costs be reduced without reducing data durability?
    • A. 

      Create a lifecycle policy that moves Amazon S3 data to Amazon S3 One Zone-Infrequent Access storage after 7 days. After 30 days, move the data to Amazon Glacier.

    • B. 

      Keep the data on Amazon S3, and create a lifecycle policy to move S3 data to Amazon Glacier after 7 days.

    • C. 

      Move all Amazon S3 data to S3 Standard-Infrequent Access storage, and create a lifecycle policy to move the data to Amazon Glacier after 7 days.

    • D. 

      Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3 Standard-Infrequent Access storage after 7 days.

  • 100. 
    An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions. How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy?
    • A. 

      Add an IAM policy for IAM database access to the Lambda execution role.

    • B. 

      Store a one-way hash of the password in the Lambda function.

    • C. 

      Have the Lambda function use the AWS Systems Manager Parameter Store.

    • D. 

      Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.

  • 101. 
    A company has two different types of reporting needs on their 200-GB data warehouse: ✑ Data scientists run a small number of concurrent ad hoc SQL queries that can take several minutes each to run. ✑ Display screens throughout the company run many fast SQL queries to populate dashboards. Which design would meet these requirements with the LEAST cost?
    • A. 

      Replicate relevant data between Amazon Redshift and Amazon DynamoDB. Data scientists use Redshift. Dashboards use DynamoDB.

    • B. 

      Configure auto-replication between Amazon Redshift and Amazon RDS. Data scientists use Redshift. Dashboards use RDS.

    • C. 

      Use Amazon Redshift for both requirements, with separate query queues configured in workload management.

    • D. 

      Use Amazon Redshift for Data Scientists. Run automated dashboard queries against Redshift and store the results in Amazon ElastiCache. Dashboards query ElastiCache.

  • 102. 
    A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed?
    • A. 

      Perform a cache refresh on the CloudFront distribution that is serving the content.

    • B. 

      Perform an invalidation on the CloudFront distribution that is serving the content.

    • C. 

      Create a new cache behavior path with the updated content.

    • D. 

      Change the TTL value for removing the old objects.

  • 103. 
    A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices. Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.)
    • A. 

      Move static files from ECS to Amazon S3

    • B. 

      Use an Amazon Route 53 geolocation routing policy

    • C. 

      Scale the environment based on real-time AWS CloudTrail logs

    • D. 

      Create a dedicated Elastic Load Balancer for each microservice

    • E. 

      Create RDS read replicas and change the application to use these replicas

  • 104. 
    A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime. What could a Solutions Architect recommend to the company in order to keep track of customers current session data?
    • A. 

      Amazon EC2

    • B. 

      Amazon RDS

    • C. 

      AWS CloudTrail

    • D. 

      Amazon DynamoDB

  • 105. 
    A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic. Which of the following architectures would meet these requirements?
    • A. 

      Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. Use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required.

    • B. 

      Re-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. Use an Application Load Balancer to forward incoming requests to web and application servers running on-premises.

    • C. 

      Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier.

    • D. 

      Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. Use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.

  • 106. 
    A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request. Which implementation can satisfy all requirements?
    • A. 

      Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups.

    • B. 

      Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header.

    • C. 

      Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used.

    • D. 

      Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.

  • 107. 
    A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places 1-MB images is an S3 bucket. The application then uses a single t2.large instance to transform the image to include a watermark with the companys brand before writing the image back to the S3 bucket. What should the Solutions Architect recommend to increase the fault tolerance of the solution?
    • A. 

      Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events.

    • B. 

      Increase the instance size to m4.xlarge and configure Enhanced Networking.

    • C. 

      Convert the code to a Lambda function triggered by Amazon S3 events.

    • D. 

      Create an Amazon SQS queue to send the images to the t2.large instance.

  • 108. 
    A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers. Use of which AWS service will satisfy these requirements?
    • A. 

      Amazon EC2

    • B. 

      Amazon API Gateway

    • C. 

      AWS Elastic Beanstalk

    • D. 

      Amazon EC2 Container Service

  • 109. 
    A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address. Which tool or service should a Solutions Architect recommend to block the IP address?
    • A. 

      Security groups

    • B. 

      Network ACL

    • C. 

      AWS WAF

    • D. 

      AWS Shield

  • 110. 
    A customer is looking for a storage archival solution for 1,000 TB of data. The customer requires that the solution be durable and data be available within a few hours of requesting it, but not exceeding a day. The solution should be as cost-effective as possible. To meet security compliance policies, data must be encrypted at rest. The customer expects they will need to fetch the data two times in a year. Which storage solution should a Solutions Architect recommend to meet these requirements?
    • A. 

      Copy data to Amazon S3 buckets by using server-side encryption. Move data to Amazon S3 to reduce redundancy storage (RRS).

    • B. 

      Copy data to encrypted Amazon EBS volumes, then store data into Amazon S3.

    • C. 

      Copy each object into a separate Amazon Glacier vault, and let Amazon Glacier take care of encryption.

    • D. 

      Copy data to Amazon S3 with server-side encryption. Configure lifecycle management policies to move data to Amazon Glacier after 0 days.

  • 111. 
    A web application runs on 10 EC2 instances launched from a single customer Amazon Machine Image (AMI). The EC2 instances are behind an Internet Application Load Balancer. Amazon Route 53 provides DNS for the application. How should a Solutions Architect automate recovery when a web server instance stops replying to request?
    • A. 

      Launch the instances in an Auto Scaling group with an Elastic Load Balancing health check.

    • B. 

      Launch instances in multiple Availability Zones and set the load balancer to Multi-AZ.

    • C. 

      Add CloudWatch alarm actions for each instance to restart if the Status Check (Any) fails.

    • D. 

      Add Route 53 records for each instance with an instance health check.

  • 112. 
    A company has a Node.js application running on Amazon EC2 that currently retrieves data for customers from a DynamoDB table. The company is seeing many repeat queries for the same items, and the number of queries is continuing to increase as the application gains popularity. What solution will reduce the number of read capacity units (RCUs) required while minimizing the amount of refactoring that must be done to the application?
    • A. 

      Use Amazon ElastiCache to provide a caching layer

    • B. 

      Use Amazon ElastiCache to provide a caching layer

    • C. 

      Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer

    • D. 

      Obtain Reserved Capacity for Amazon DynamoDB to manage the increased number of queries

  • 113. 
    A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the cluster. How should the Solutions Architect ensure that the connections for read activities are load balanced?
    • A. 

      Reader endpoint for Amazon Aurora

    • B. 

      Cluster endpoint for Amazon Aurora

    • C. 

      Primary DB instance endpoint for Amazon Aurora

    • D. 

      Replica DB instances endpoint for Aurora

  • 114. 
    Which one do you like?
    • A. 

      Option 1

    • B. 

      Option 2

    • C. 

      Option 3

    • D. 

      Option 4