1. X-Cutioner's Song

100問 • 1年前

問題一覧

A company has deployed sensors in its factories to continuously monitor environmental factors such as temperature and lighting. The company seeks an AWS solution to stream this data for real-time analysis and to alert the factory management team immediately if any readings exceed predefined thresholds. What AWS setup would best achieve this goal?

Stream the environmental data to Amazon Kinesis Data Streams, analyze it using an AWS Lambda function, and configure Amazon SNS to send immediate alerts to the management team if anomalies are detected.

A company has deployed an application that uses an Amazon DynamoDB table and the user base has increased significantly. Users have reported poor response times during busy periods but no error pages have been generated. The application uses Amazon DynamoDB in read-only mode. The operations team has determined that the issue relates to ProvisionedThroughputExceeded exceptions in the application logs when doing Scan and read operations. A Solutions Architect has been tasked with improving application performance. Which solutions will meet these requirements whilst MINIMIZING changes to the application? (Select TWO.)

Enable DynamoDB Auto Scaling to manage the throughput capacity as table traffic increases. Set the upper and lower limits to control costs and set a target utilization based on the peak usage., Provision a DynamoDB Accelerator (DAX) cluster with the correct number and type of nodes. Tune the item and query cache configuration for an optimal user experience.

A company is testing an application that collects data from sensors fitted to vehicles. The application collects usage statistics data every 4 minutes. The data is sent to Amazon API Gateway, it is then processed by an AWS Lambda function and the results are stored in an Amazon DynamoDB table. As the sensors have been fitted to more vehicles, and as more metrics have been configured for collection, the Lambda function execution time has increased from a few seconds to over 2 minutes. There are also many TooManyRequestsException errors being generated by Lambda. Which combination of changes will resolve these issues? (Select TWO.)

Stream the data into an Amazon Kinesis data stream from API Gateway and process the data in batches., Increase the memory available to the Lambda functions.

A company is designing an application that will requires cross-Region disaster recovery with an RTO of less than 5 minutes and an RPO of less than 1 minute. The application tier DR solution has already been designed and a Solutions Architect must design the data recovery solution for the MySQL database tier. How should the database tier be configured to meet the data recovery requirements?

Use an Amazon Aurora global database with the primary in the active Region and the secondary in the failover Region.

A company includes several business units that each use a separate AWS account and a parent company AWS account. The company requires a single AWS bill across all AWS accounts with costs broken out for each business unit. The company also requires that services and features be restricted in the business unit accounts and this must be governed centrally. Which combination of steps should a Solutions Architect take to meet these requirements? (Select TWO.)

Use AWS Organizations to create a single organization in the parent account with all features enabled. Then, invite each business unit’s AWS account to join the organization., Create an SCP that allows only approved services and features, then apply the policy to the business unit AWS accounts.

A company runs hundreds of applications across several data centers and office locations. The applications include Windows and Linux operating systems, physical installations as well as virtualized servers, and MySQL and Oracle databases. There is no central configuration management database (CMDB) and existing documentation is incomplete and outdated. A Solutions Architect needs to understand the current environment and estimate the cloud resource costs after the migration. Which tools or services should the Solutions Architect use to plan the cloud migration (Select THREE.)

AWS Application Discovery Service, AWS Cloud Adoption Readiness Tool (CART), AWS Migration Hub

A financial services company receives a data feed from a credit card service provider. The feed consists of approximately 2,500 records that are sent every 10 minutes in plaintext and delivered over HTTPS to an encrypted S3 bucket. The data includes credit card data that must be automatically masked before sending the data to another S3 bucket for additional internal processing. There is also a requirement to remove and merge specific fields, and then transform the record into JSON format. Which solutions will meet these requirements?

Create an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match. Trigger an AWS Lambda function on file delivery to start an AWS Glue ETL job to transform the entire record according to the processing and transformation requirements. Define the output format as JSON. Once complete, have the ETL job send the results to another S3 bucket for internal processing.

A company has deployed an eCommerce application that is used by thousands of customers to place online orders. The application runs on Amazon ECS tasks behind an Application Load Balancer (ALB) and data is stored in an Amazon DynamoDB table. The application has recently experienced attacks that caused application slowdowns and outages. The company must prevent attacks and ensure business continuity with minimal service interruptions. Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

Deploy an AWS WAF web ACL that includes a rule group that blocks the attack traffic. Associate the web ACL with the Amazon CloudFront distribution., Create an Amazon CloudFront distribution with the ALB as the origin and configure a custom header and secret value. Configure the ALB to conditionally forward traffic only if the header and value match.

A media company streams live events and records viewership metrics in real-time. The data is ingested through Amazon Kinesis Data Streams and then stored in Amazon S3. The company uses Amazon Athena to analyze viewership trends from the stored data. Initially, the Athena queries performed well, but as the data volume has grown over several months, query performance has degraded. The solutions architect needs to optimize the query performance while keeping operational overhead low. Which solution will effectively address the performance issue?

Configure the Kinesis Data Firehose delivery stream to partition the data in Amazon S3 by date and event type. Redefine the Athena table to include these partitions and modify the queries to specifically target relevant partitions.

A company is using multiple AWS accounts. The company’s DNS records are stored in a private Amazon Route 53 hosted zone in the management account and their applications are running in a production account. A Solutions Architect is attempting to deploy an application into the production account. The application must resolve a CNAME record set for an Amazon RDS endpoint. The CNAME record set was created in a private hosted zone in the management account. The deployment failed to start and the Solutions Architect has discovered that the CNAME record is not resolvable on the application EC2 instance despite being correctly created in Route 53. Which combination of steps should the Solutions Architect take to resolve this issue? (Select TWO.)

Create an authorization to associate the private hosted zone in the management account with the new VPC in the production account., Associate a new VPC in the production account with a hosted zone in the management account. Delete the association authorization in the management account.

A company uses AWS Organizations. The company recently acquired a new business unit and invited the new unit’s existing account to the company’s organization. The organization uses a deny list SCP in the root of the organization and all accounts are members of a single OU named Production. The administrators of the new business unit discovered that they are unable to access AWS Database Migration Service (DMS) to complete an in-progress migration. Which option will temporarily allow administrators to access AWS DMS and complete the migration project?

Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the organization's deny list SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS DMS are complete.

A company has a requirement to store documents that will be accessed by a serverless application. The documents will be accessed frequently for the first 3 months, and rarely after that. The documents must be retained for 7 years. What is the MOST cost-effective solution to meet these requirements?

Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier, then expire the documents from Amazon S3 Glacier that are more than 7 years old.

An application stores user comment data in multiple Amazon DynamoDB tables. A solutions architect must use a serverless architecture to make the data accessible publicly through a simple and cost-effective API over HTTPS. The solution must scale automatically in response to demand. Which solutions meet these requirements?

Create an Amazon API Gateway HTTP API. Configure this API with integrations to AWS Lambda functions that return data from the DynamoDB tables.

A company is migrating an order processing application to the AWS Cloud. The usage patterns vary significantly but the application must be available at all times. Orders must be processed immediately and in the order that they are received. Which actions should a Solutions Architect take to meet these requirements?

Use Amazon SQS with FIFO to queue messages in the correct order. Use Reserved Instances in multiple Availability Zones for processing.

A Solutions Architect is designing a web application that will serve static content in an Amazon S3 bucket and dynamic content hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The application will use Amazon CloudFront and the solution should require that the content is available through CloudFront only. Which combination of steps should the Solutions Architect take to restrict direct content access to CloudFront? (Select THREE.)

Configure CloudFront to add a custom header to requests that it sends to the origin., Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the ALB., Create a CloudFront Origin Access Identity (OAI) and add it to the CloudFront distribution. Update the S3 bucket policy to allow access to the OAI only.

An eCommerce company are running a promotional campaign and expect a large volume of user sign-ups on a web page that collects user information and preferences. The website runs on Amazon EC2 instances and uses an Amazon RDS for PostgreSQL DB instance. The volume of traffic is expected to be high and may be unpredictable with several spikes in activity. The traffic will result in a large number of database writes. A solutions architect needs to build a solution that does not change the underlying data model and ensures that submissions are not dropped before they are committed to the database. Which solution meets these requirements?

Create an Amazon SQS queue and decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database.

A company is developing an application on AWS, where the application's logs are sent to an Amazon OpenSearch Service cluster within a VPC for analysis. The development team, which includes remote workers and staff at three different office locations, needs to access the OpenSearch Service for log analysis directly from their local development machines. What is the most effective solution to enable this access while adhering to the requirement that all data must be stored within a VPC?

Set up an AWS Client VPN endpoint, associate it with a subnet in the VPC, and configure a Client VPN self-service portal. Instruct the developers to connect using the Client VPN client.

A global enterprise utilizes AWS Control Tower for streamlined account management within its AWS Organizations structure. The enterprise has established a policy across its various organizational units (OUs) to ensure enhanced security and compliance. The policy strictly prohibits Amazon EC2 instances in any of these OUs from being assigned public IP addresses. Which is the most effective solution to enforce this policy across the enterprise's AWS environment while using AWS Control Tower?

Configure Service Control Policies (SCPs) within AWS Control Tower to disallow assigning public IP addresses to EC2 instances across all OUs.

A company runs a data processing application on-premises and plans to move it to the AWS Cloud. Files are uploaded by users to a web application which then stores the files on an NFS-based storage system and places a message on a queue. The files are then processed from the queue and the results are returned to the user (and stored in long-term storage). This process can take up to 30 minutes. The processing times vary significantly and can be much higher during business hours. What is the MOST cost-effective migration recommendation?

Create a queue using Amazon SQS. Run the web application on Amazon EC2 and configure it to publish to the new queue. Use Amazon EC2 instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SQS queue length. Store the processed files in an Amazon S3 bucket.

A new application that provides fitness and training advice has become extremely popular with thousands of new users from around the world. The web application is hosted on a fleet of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The content consists of static media files and different resources must be loaded depending on the client operating system. Users have reported increasing latency for loading web pages and Amazon CloudWatch is showing high utilization of the EC2 instances. Which set actions should a solutions architect take to improve response times?

Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use Lambda@Edge to load different resources based on the User-Agent HTTP header.

A company has deployed a SAML 2.0 federated identity solution with their on-premises identity provider (IdP) to authenticate users' access to the AWS environment. A Solutions Architect ran authentication tests through the federated identity web portal and access to the AWS environment was granted. When a test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment. Which items should the solutions architect check to ensure identity federation is properly configured? (Select THREE.)

The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal., The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP., The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions.

A company has created several development accounts in an AWS Organizations organization. The company has defined a fixed budget for each development account and needs to ensure that developers cannot launch expensive services or exceed the fixed monthly budget. Which combination of steps should a solutions architect take? (Select THREE.)

Create an AWS Budgets alert action to send an Amazon SNS notification when the budgeted amount is reached. Invoke an AWS Lambda function to terminate all services., Use the AWS Budgets service to define a fixed monthly budget for each development account., Create an SCP that denies access to expensive services. Apply the SCP to an OU containing the development accounts.

A global enterprise company is in the process of creating an infrastructure services platform for its users. The company has the following requirements: · Centrally manage the creation of infrastructure services using a central AWS account. · Distribute infrastructure services to multiple accounts in AWS Organizations. · Follow the principle of least privilege to limit end users’ permissions for launching and managing applications. Which combination of actions using AWS services will meet these requirements? (Select TWO.)

Define the infrastructure services in AWS CloudFormation templates. Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account. Share these portfolios with the AWS Organizations structure created for the company., Allow IAM users to have AWSServiceCatalogEndUserReadOnlyAccess permissions only. Assign the policy to a group called Endusers, add all users to the group. Apply launch constraints.

A company has a mobile application that uses Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. The application is write intensive and costs have recently increased significantly. The biggest increase in cost has been for the AWS Lambda functions. Application utilization is unpredictable but has been increasing steadily each month. A Solutions Architect has noticed that the Lambda function execution time averages over 4 minutes. This is due to wait time for a high-latency network call to an on-premises MySQL database. A VPN is used to connect to the VPC. How can the Solutions Architect reduce the cost of the current architecture?

- Migrate the MySQL database server into a Multi-AZ Amazon RDS for MySQL. - Enable API caching on API Gateway to reduce the number of Lambda function invocations. - Enable Auto Scaling in DynamoDB.

A database for an eCommerce website was deployed on an Amazon RDS for MySQL DB instance with General Purpose SSD storage. The database was running performantly for several weeks until a peak shopping period when customers experienced slow performance and timeouts. Amazon CloudWatch metrics indicate that reads and writes to the DB instance were experiencing long response times. Metrics show that CPU utilization is <50%, plenty of available memory, and sufficient free storage space. There is no evidence of database connectivity issues in the application server logs. What could be the root cause of database performance issues?

A large number of reads and writes exhausted the I/O credit balance due to provisioning low disk storage during the setup phase.

A company requires multi-Region availability for an application that runs on Amazon EC2 instances with an Amazon RDS for MySQL database. The solution must offer the highest availability. Which solution should a solutions architect recommend?

Enable a cross-Region read replica for the RDS database. In the case of an outage, promote the replica to be a standalone DB instance. Point applications to the new DB endpoint and create a read replica to maintain high availability.

A Solutions Architect is developing a mechanism to gain security approval for Amazon EC2 images (AMIs) so that they can be used by developers. The AMIs must go through an automated assessment process (CVE assessment) and be marked as approved before developers can use them. The approved images must be scanned every 30 days to ensure compliance. Which combination of steps should the Solutions Architect take to meet these requirements while following best practices? (Select TWO.)

Use Amazon Inspector to run the CVE assessment package on the EC2 instances launched from the approved AMIs., Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use Amazon EventBridge to trigger an AWS Systems Manager Automation document on all EC2 instances every 30 days.

A company has established a 10 Gbps AWS Direct Connect (DX) connection to a single VPC in an AWS Region. A single private VIF has been created for the existing DX connection. The company requires redundancy for the existing DX connection and needs to connect to an additional VPC in a second Region. Which solution meets these requirements?

Create a new DX connection to the same Region. Provision a Direct Connect gateway and establish new private VIFs to a virtual private gateway in the VPCs in each Region.

A company requires that only the master account in AWS Organizations is able to purchase Amazon EC2 Reserved Instances. Current and future member accounts should be blocked from purchasing Reserved Instances. Which solution will meet these requirements?

Create an SCP with the Deny effect on the ec2:PurchaseReservedInstancesOffering action. Attach the SCP to the root of the organization.

A solution is required for updating user metadata and will be initiated by a fleet of front-end web servers. The solution must be capable of scaling rapidly from hundreds to tens of thousands of jobs in less than a minute. The solution must be asynchronous and minimize costs. Which solution should a Solutions Architect use to meet these requirements?

Create an AWS Lambda function that will update user metadata. Create an Amazon SQS queue and configure it as an event source for the Lambda function. Update the web application to send jobs to the queue.

A new AWS Lambda function has been created to replicate objects that are received in an Amazon S3 bucket to several other S3 buckets in various AWS accounts. The Lambda function is triggered when an object create event occurs in the main S3 bucket. A Solutions Architect is concerned that the function may impact other critical functions due to Lambda's regional concurrency limit. How can the solutions architect ensure the new Lambda function will not impact other critical Lambda functions?

Configure the reserved concurrency limit for the new Lambda function. Monitor existing critical Lambda functions with Amazon CloudWatch alarms for the Throttles Lambda metric.

A company is migrating its on-premises systems to AWS. The computers consist of a combination of Windows and Linux virtual machines on VMware and physical servers. The company wants to be able to identify dependencies between on-premises systems and group systems together into applications to build migration plans. The company also needs to understand the performance requirements for systems so they can be right-sized. How can these requirements be met?

Install the AWS Application Discovery Service Discovery Connector in VMware vCenter. Install the AWS Application Discovery Service Discovery Agent on the physical on-premises servers. Allow the Discovery Agent to collect data for a period of time.

An application consists of three tiers within a single Region. A Solutions Architect is designing a disaster recovery strategy that includes an RTO of 30 minutes and an RPO of 5 minutes for the data tier. Application tiers use Amazon EC2 instances and are stateless. The data tier consists of a 30TB Amazon Aurora database. Which combination of steps satisfies the RTO and RPO requirements while optimizing costs? (Select TWO.)

Deploy a hot standby of the application tiers to another Region., Create a cross-Region Aurora MySQL Replica of the database.

A company is building a web application hosted on Amazon EC2 instances within an Auto Scaling group, fronted by a public-facing Application Load Balancer (ALB). The application should be accessible only to users from a designated country, and the company wants to log any access attempts that are blocked. The desired solution should be low maintenance. What approach should be taken to meet these requirements?

Create an AWS WAF web ACL with a geo-match rule to block requests from outside the specified country. Associate this rule with the web ACL, and then attach the web ACL to the ALB.

A company wants to run an application on AWS. The company plans to provision its application in Docker containers running in an Amazon ECS cluster. The application requires a MySQL database and the company plans to use Amazon RDS. What is the MOST cost-effective solution to meet these requirements?

Create an ECS cluster using a fleet of Spot Instances, with Spot Instance draining enabled. Provision the database using Reserved Instances.

A company is deploying a web service that will provide read and write access to structured data. The company expects there to be variable usage patterns with some short but significant spikes. The service must dynamically scale and must be fault tolerant across multiple AWS Regions. Which actions should a Solutions Architect take to meet these requirements?

Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. Run the web service in both Regions as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record and a latency-based routing policy with health checks to distribute traffic between the two ALBs.

A company has an NFS file server on-premises with 50 TB of data that is being migrated to Amazon S3. The data is made up of many millions of small and files and a Snowball Edge device is being used for the migration. A shell script is being used to copy data using the file interface of the Snowball Edge device. Data transfer times are very slow and the Solutions Architect suspects this may be related to the overhead of encrypting all the small files and copying them over the network. What change should be made to improve data transfer times?

Perform multiple copy operations at one time by running each command from a separate terminal window, in separate instances of the Snowball client.

A company operates a mobile application that enables users to upload images for processing. The app experiences a surge in usage, with thousands of uploads per minute, primarily between 8 AM and 5 PM on weekdays, and minimal activity at other times. Users receive notifications when their image processing is complete. To effectively manage this variable load and ensure scalable image processing, which three steps should a solutions architect implement? (Select THREE.)

Implement an AWS Lambda function that initiates image processing in response to messages in the SQS queue., Configure the mobile app to send image uploads directly to Amazon S3. Configure S3 to trigger an Amazon Simple Queue Service (Amazon SQS) standard queue message upon each upload., Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to the mobile app once the image processing is finished.

A solutions architect developed a web application that includes an AWS Lambda function that queries an Amazon Aurora MySQL database. The database is configured with three read replicas. During periods of high demand, the application does not meet performance requirements. A solutions architect noticed that the application opens many database connections, and this causes latency in the application Which actions should the solutions architect take to improve the performance? (Select TWO.)

Connect an RDS Proxy connection pool to the reader endpoint of the Aurora database., Move Lambda function code for opening the database connection outside of the event handler.

A company has a large photo library stored on Amazon S3. They use AWS Lambda to extract metadata from the files according to various processing rules for different categories of photo. The output is then stored in an Amazon DynamoDB table. The extraction process is performed whenever customer requests are submitted and can take up to 60 minutes to complete. The company wants to reduce the time taken to extract the metadata and has split the single Lambda function into separate Lambda functions for each category of photo. Which additional steps should the Solutions Architect take to meet the requirements?

Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of files and write each item to an Amazon SQS queue. Configure a Lambda function to retrieve messages from the SQS queue and call the StartExecution API.

A company has created a service that they would like a customer to access. The service runs in the company’s AWS account and the customer has a separate AWS account. The company would like to enable the customer to establish least privilege security access using an API or command line tool to the customer account. What is the MOST secure way to enable the customer to access the service?

The company should create an IAM role and assign the required permissions to the IAM role. The customer should then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks.

A company operates a large-scale workload with numerous Amazon EC2 instances within a VPC, which includes both public and private subnets. The public subnets are currently configured with a route to an internet gateway for IPv4 traffic (0.0.0.0/0), while the private subnets route IPv4 traffic (0.0.0.0/0) to a NAT gateway. The company now plans to transition its EC2 instances to IPv6, ensuring that instances in private subnets remain inaccessible from the public internet. To achieve this IPv6 migration while adhering to the specified network accessibility requirements, what actions should the solutions architect take?

Modify the existing VPC to include an Amazon-provided IPv6 CIDR block for the VPC and its subnets. For the public subnets, update the route tables to route IPv6 traffic (::/0) to the internet gateway. For the private subnets, update the route tables to route IPv6 traffic (::/0) to an egress-only internet gateway.

A company is updating their operating system patching processes. The company manages both on-premises servers and Amazon EC2 instances using multiple toolsets. A solutions architect wants to utilize a single tool for all servers and instances that can deploy patches and report on patch status. Which set of actions should the solutions architect take to meet these requirements?

Use AWS Systems Manager Patch Manager to deploy patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports.

A company is running a custom Java application on-premises and plans to migrate the application to the AWS Cloud. The application uses a MySQL database and the application servers maintain users’ sessions locally. Which combination of architecture changes will be required to create a highly available solution on AWS? (Select THREE.)

Migrate the database to Amazon RDS for MySQL. Configure the RDS instance to use a Multi-AZ deployment., Configure the application to store the user's session in Amazon ElastiCache. Use Application Load Balancers to distribute the load between application instances., Put the application instances in an Amazon EC2 Auto Scaling group. Configure the Auto Scaling group to create new instances if an instance becomes unhealthy.

A company utilizing Amazon Connect for their contact center is encountering a surge in automated calls, affecting both operational costs and agent productivity. They need a system where agents can easily mark a call as spam, subsequently preventing such numbers from being routed to agents in the future. What is the most effective and operationally efficient solution for this scenario?

Add a custom 'flag as spam' button to the Contact Control Panel (CCP) in Amazon Connect. This button triggers an AWS Lambda function to update call attributes and log the number in an Amazon DynamoDB table. Adapt the contact flows to reference these attributes and interact with the DynamoDB table for future call filtering.

A company is planning to build a high-performance computing (HPC) solution in the AWS Cloud. The solution will include a 10-node cluster running Linux. High speed and low latency inter-instance connectivity is required to optimize the performance of the cluster. Which combination of steps will meet these requirements? (Choose two.)

Deploy Amazon EC2 instances in a cluster placement group., Use Amazon EC2 instance types and AMIs that support EFA.

A company uses Amazon RedShift for analytics. Several teams deploy and manage their own RedShift clusters and management has requested that the costs for these clusters is better managed. The management team has set budgets and once the budgetary thresholds have been reached a notification should be sent to a distribution list for managers. Teams should be able to view their RedShift cluster’s expenses to date. A Solutions Architect needs to create a solution that ensures the policy is centrally enforced in a multi-account environment. Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

Create an AWS Service Catalog portfolio for each team. Add each team's Amazon RedShift cluster as an AWS CloudFormation template to their Service Catalog portfolio as a Product., Update the AWS CloudFormation template to include the AWS::Budgets::Budget::resource with the NotificationsWithSubscribers property.

A company runs applications on Microsoft Windows servers in an on-premises data center. The servers access a file system shared from one of the Windows servers. Several gigabytes of new data are produced daily. The company is migrating to the cloud and requires the data to be accessible on a file system in the AWS cloud. Which data migration strategy should the company use?

Use AWS DataSync to schedule a daily task that replicates data between the on-premises file share and Amazon FSX.

A company recently noticed an increase in costs associated with Amazon EC2 instances and Amazon RDS databases. The company needs to be able to track the costs. The company uses AWS Organizations for all of their accounts. AWS CloudFormation is used for deploying infrastructure and all resources are tagged. The management team has requested that cost center numbers and project ID numbers are added to all future EC2 instances and RDS databases. What is the MOST efficient strategy a Solutions Architect should follow to meet these requirements?

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID. Use SCPs to restrict the creation of resources that do not have the cost center and project ID tags specified.

A company has deployed a new application into an Amazon VPC that does not have Internet access. The company has connected an AWS Direct Connection (DX) private VIF to the VPC and all communications will be over the DX connection. A new requirement states that all data in transit must be encrypted between users and the VPC. Which strategy should a Solutions Architect use to maintain consistent network performance while meeting this new requirement?

Create a new public virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX public virtual interface.

A healthcare company with several AWS accounts is looking to enhance its data security posture. A recent internal review highlighted numerous Amazon S3 buckets containing sensitive patient data that are not encrypted. The company needs a systematic approach to encrypt these existing S3 buckets and ensure future compliance across all AWS accounts. The company also seeks a centralized management solution for its AWS accounts with a focus on security and regulatory compliance. Which two actions should the solutions architect take to address these requirements? (Select TWO.)

Create an AWS Lambda function triggered by Amazon EventBridge to monitor and automatically apply encryption to any newly created or existing unencrypted S3 buckets., Establish an AWS Organizations structure, implement AWS Control Tower, and activate the necessary security guardrails. Consolidate all AWS accounts under this organization and organize them into Organizational Units (OUs) based on their function.

A serverless application is using AWS Lambda and Amazon DynamoDB and developers have finalized an update to the Lambda function code. AWS CodeDeploy will be used to deploy new versions of the function. Updates to the Lambda function should be delivered to a subset of users before deploying the changes to all users. The update process should also be easy to abort and rollback if necessary. Which CodeDeploy configuration should the solutions architect use?

A canary deployment

An application runs on an Amazon EC2 instance with an attached Amazon EBS Provisioned IOPS (PIOPS) volume. The volume is configured at 200-GB in size and has 3,000 IOPS provisioned. The application requires low latency and random access to the data. A Solutions Architect has been asked to consider options for lowering the cost of the storage without impacting performance and durability. What should the Solutions Architect recommend?

Change the PIOPS volume for a 1-TB EBS General Purpose SSD (gp2) volume.

A financial services company is implementing AWS Lambda functions to connect to an Amazon Aurora MySQL database cluster. These Lambda functions will be utilized in both a development environment for testing and a live production environment. The company's priority is to ensure that database credentials are not hardcoded within the Lambda functions and that there's a system in place for the automated rotation of passwords. Which solution will fulfill these requirements?

Configure AWS Secrets Manager for managing the database credentials, creating separate secret keys for the development and production environments. Enable automatic secret rotation. Pass the Secrets Manager secret ARNs to the Lambda functions through environment variables. Assign appropriate IAM roles to the Lambda functions for accessing the secrets.

A company runs an application that generates user activity reports and stores them in an Amazon S3 bucket. Users are able to download the reports using the application which generates a signed URL. A user recently reported that the reports of other users can be accessed directly from the S3 bucket. A Solutions Architect reviewed the bucket permissions and discovered that public access is currently enabled. How can the documents be protected from unauthorized access without modifying the application workflow?

Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on the bucket.

A Solutions Architect is migrating an application to AWS Fargate. The task runs in a private subnet and does not have direct connectivity to the internet. When the Fargate task is launched, it fails with the following error: CannotPullContainerError: API error (500): Get https://111122223333.dkr.ecr.us-east-1.amazonaws.com/v2/: net/http: request canceled while waiting for connection" What should the Solutions Architect do to correct the error?

Specify DISABLED for Auto-assign public IP when launching the task and configure a NAT gateway in a public subnet to route requests to the internet.

A company is using AWS CloudFormation templates for infrastructure provisioning. The templates are hosted in the company’s private GitHub repository. The company has experienced several issues with updates to the templates that have caused errors when executing the updates and creating the environment. A Solutions Architect must resolve these issues and implement automated testing of the CloudFormation template updates. How can the Solutions Architect accomplish these requirements?

Use AWS CodePipeline to a create a change set when updates are made to the CloudFormation templates in GitHub. Include a CodePipeline action to test the deployment with testing scripts run using AWS CodeBuild. Upon successful testing, configure CodePipeline to execute the change set and deploy to production.

A company has deployed two Microsoft Active Directory Domain Controllers into an Amazon VPC with a default configuration. The DHCP options set associated with the VPC has been configured to assign the IP addresses of the Domain Controllers as DNS servers. A VPC interface endpoint has been created but EC2 instances within the VPC are unable to resolve the private endpoint addresses. Which strategies could a Solutions Architect use to resolve the issue? (Select TWO.)

Define an outbound Amazon Route 53 Resolver. Set a conditional forwarding rule for the Active Directory domain to the Active Directory servers. Configure the DNS settings in the VPC DHCP options set to use the AmazonProvidedDNS servers., Update the DNS service on the Active Directory servers to forward all non-authoritative queries to the VPC Resolver.

A company is planning to migrate an application from an on-premises data center to the AWS Cloud. The application consists of a stateful servers and a separate MySQL database. The application is expected to receive significant traffic and must scale seamlessly. The solution design on AWS includes an Amazon Aurora MySQL database, Amazon EC2 Auto Scaling and Elastic Load Balancing. A Solutions Architect needs to finalize the design for the solution. Which of the following configurations will ensure a consistent user experience and seamless scalability for both the application and database tiers?

Add Aurora Replicas and define a scaling policy. Use an Application Load Balancer and set the load balancing algorithm type to round_robin.

A company currently manages a fleet of Amazon EC2 instances running Windows and Linux in public and private subnets. The operations team currently connects over the Internet to manage the instances as there is no connection to the corporate network. Security groups have been updated to allow the RDP and SSH protocols from any source IPv4 address. There have been reports of malicious attempts to access the resources as the company wishes to implement the most secure solution for managing the instances. Which strategy should a Solutions Architect recommend?

Deploy the AWS Systems Manager Agent on the EC2 instances. Access the EC2 instances using Session Manager restricting access to users with permission to manage the instances.

A developer is attempting to access an Amazon S3 bucket in a member account in AWS Organizations. The developer is logged in to the account with user credentials and has received an access denied error with no bucket listed. The developer should have read-only access to all buckets in the account. A Solutions Architect has reviewed the permissions and found that the developer's IAM user has been granted read-only access to all S3 buckets in the account. Which additional steps should the Solutions Architect take to troubleshoot the issue? (Select TWO.)

Check for the permissions boundaries set for the IAM user., Check the SCPs set at the organizational units (OUs).

A Solutions Architect has deployed an application on Amazon EC2 instances in a private subnet behind a Network Load Balancer (NLB) in a public subnet. Customers have attempted to connect from their office location and are unable to access the application. The targets were registered by instance-id and are all healthy in the associated target group. What step should the Solutions Architect take to resolve the issue and enable access for the customers?

Check the security group for the EC2 instances to ensure it allows ingress from the customer office.

A Solution Architect used the AWS Application Discovery Service to gather information about some on-premises database servers. The tool discovered an Oracle data warehouse and several MySQL databases. The company plans to migrate to AWS and the Solutions Architect must determine the best migration pattern for each database. Which combination of migration patterns will reduce licensing costs and operational overhead? (Select TWO.)

Migrate the MySQL databases to Amazon RDS for MySQL using AWS DMS., Migrate the Oracle data warehouse to Amazon Redshift using AWS SCT and AWS DMS.

A company uses multiple AWS accounts. There are separate accounts for development, staging, and production environments. Some new requirements have been issued to control costs and improve the overall governance of the AWS accounts. The company must be able to calculate costs associated with each project and each environment. Commonly deployed IT services must be centrally managed and business units should be restricted to deploying pre-approved IT services only. Which combination of actions should be taken to meet these requirements? (Select TWO.)

Create an AWS Service Catalog portfolio for each business unit and add products to the portfolios using AWS CloudFormation templates., Apply environment, cost center, and application name tags to all resources that accept tags.

A company plans to build a gaming application in the AWS Cloud that will be used by Internet-based users. The application will run on a single instance and connections from users will be made over the UDP protocol. The company has requested that the service is implemented with a high level of security. A Solutions Architect has been asked to design a solution for the application on AWS. Which combination of steps should the Solutions Architect take to meet these requirements? (Select THREE.)

Use a Network Load Balancer (NLB) in front of the application instance. Use a friendly DNS entry in Amazon Route 53 pointing to the NLB's Elastic IP address., Enable AWS Shield Advanced on all public-facing resources., Configure a network ACL rule to block all non-UDP traffic. Associate the network ACL with the subnets that hold the load balancer instances.

A Solutions Architect needs to design the architecture for an application that requires high availability within and across AWS Regions. The design must support failover to the second Region within 1 minute and must minimize the impact on the user experience. The application will include three tiers, the web tier, application tier and NoSQL data tier. Which combination of steps will meet these requirements? (Select THREE.)

Run the web and application tiers in both Regions in an active/passive configuration. Use Auto Scaling groups for the web and application layers across multiple Availability Zones in the Regions. Use zonal Reserved Instances for the minimum number of servers and On-Demand Instances for any additional resources., Use an Amazon Route 53 failover routing policy for failover from the primary Region to the disaster recovery Region. Set Time to Live (TTL) to 30 seconds., Use Amazon DynamoDB with a global table across both Regions so reads and writes can occur in either location.

A company has deployed an application on Amazon EC2 instances behind an internet-facing Application Load Balancer (ALB). The ALB is configured as the origin in an Amazon CloudFront distribution. The company requires that the solution is secured against web-based attacks. An AWS WAF web ACL has been created and associated with the CloudFront distribution. The company must prevent anyone from circumventing the CloudFront distribution and connecting directly to the ALB. Which solution will meet these requirements with the LEAST operational overhead?

Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only.

A company provides a service that allows users to upload high-resolution product images using an app on their phones for a price matching service. The service currently uses Amazon S3 in the us-west-1 Region. The company has expanded to Europe and users in European countries are experiencing significant delays when uploading images. Which combination of changes can a Solutions Architect make to improve the upload times for the images? (Select TWO.)

Configure the S3 bucket to use S3 Transfer Acceleration., Redeploy the application to use Amazon S3 multipart upload.

A company has hundreds of accounts in AWS Organizations. There are several OUs for development teams that each contain multiple accounts. A manager requires that a report showing usage costs is generated for each development OU that shows all costs accrued by accounts within the OU. Which solution meets these requirements?

Create an AWS Cost and Usage Report (CUR) from the AWS Organizations management account. Allow each team to visualize the CUR through an Amazon QuickSight dashboard.

A company is moving their IT infrastructure to the AWS Cloud and will have several Amazon VPCs within an AWS Region. The company requires centralized and controlled egress-only internet access. The solution must be highly available and horizontally scalable. The company is expecting to grow the number of VPCs to more than fifty. A Solutions Architect is designing the network for the new cloud deployment. Which design pattern will meet the stated requirements?

Attach each VPC to a shared transit gateway. Use an egress VPC with firewall appliances in two AZs and connect the transit gateway using IPSec VPNs with BGP.

A Solutions Architect is helping to standardize a company’s method of deploying applications to AWS using AWS CodePipeline and AWS CloudFormation. A group of developers create applications using JavaScript and TypeScript and they are concerned about needing to learn new domain-specific languages. They are also reluctant to lose access to features of the existing languages such as looping. How can the Solutions Architect address the developers concerns and quickly bring the applications up to deployment standards?

Define the AWS resources using JavaScript or TypeScript. Use the AWS Cloud Development Kit (AWS CDK) to create CloudFormation templates from the developers' code and use the AWS CDK to create CloudFormation stacks. Incorporate the AWS CDK as a CodeBuild job in CodePipeline.

An agricultural company is rolling out thousands of devices that will send environmental data to a data platform. The platform will process and analyze the data and provide information back to researchers. The devices will send 8 KB of data every second and the solution must support near real-time analytics, provide durability for the data, and deliver results to a data warehouse. Which strategy should a solutions architect use to meet these requirements?

Use Amazon Kinesis Data Streams to collect the inbound data, analyze the data with Kinesis clients, and save the results to an Amazon Redshift cluster using Amazon EMR.

A Solutions Architect has been asked to implement a disaster recovery (DR) site for an eCommerce platform that is growing at an increasing rate. The platform runs on Amazon EC2 web servers behind Elastic Load Balancers, images stored in Amazon S3 and Amazon DynamoDB tables that store product and customer data. The DR site should be located in a separate AWS Region. Which combinations of actions should the Solutions Architect take to implement the DR site? (Select THREE.)

Enable Amazon Route 53 health checks to determine if the primary site is down, and route traffic to the disaster recovery site if there is an issue., Enable Amazon S3 cross-Region replication on the buckets that contain images., Enable DynamoDB global tables to achieve multi-Region table replication.

A company runs an application in an on-premises data center that uses an IBM Db2 database. The web application calls an API that runs stored procedures on the database to retrieve read-only data. The dataset is constantly updated. Users have reported significant latency when attempting to retrieve data. The company are concerned about Db2 CPU licensing costs and the performance of the database. Which approach should a Solutions Architect take to migrate to AWS and resolve these concerns?

Use AWS DMS to migrate data to Amazon DynamoDB using a continuous replication task. Refactor the API to use the DynamoDB data. Implement the refactored API in Amazon API Gateway and enable API caching.

A university is running computational algorithms that require large amounts of compute power. The algorithms are being run using a high-performance compute cluster on Amazon EC2 Spot instances. Each time an instance launches a DNS record must be created in an Amazon Route 53 private hosted zone. When the instance is terminated the DNS record must be deleted. The current configuration uses an Amazon CloudWatch Events rule that triggers an AWS Lambda function to create the DNS record. When scaling the solution to thousands of instances the university has experienced “HTTP 400 error (Bad request)” errors in the Lambda logs. The response header also includes a status code element with a value of "Throttling" and a status message element with a value of "Rate exceeded". Which combination of steps should the Solutions Architect take to resolve these issues? (Select THREE.)

Update the CloudWatch Events rule to trigger on Amazon EC2 "Instance Launch Successful" and "Instance Terminate Successful" events for the Auto Scaling group used by the cluster., Configure an Amazon SQS standard queue and configure the existing CloudWatch Events rule to use this queue as a target. Remove the Lambda target from the CloudWatch Events rule., Configure a Lambda function to retrieve messages from an Amazon SQS queue. Modify the Lambda function to retrieve a maximum of 10 messages then batch the messages by Amazon Route 53 API call type and submit. Delete the messages from the SQS queue after successful API calls.

A company has deployed a high performance computing (HPC) cluster in an Amazon VPC. The cluster runs a tightly coupled workload that generates a large number of shared files that are stored in an Amazon EFS file system. The cluster has grown to over 800 instances and the performance has degraded to a problematic level. A Solutions Architect needs to make some changes to the design to improve the overall performance. Which of the following changes should the Solutions Architect make? (Select THREE.)

Replace Amazon EFS with Amazon FSx for Lustre., Enable an Elastic Fabric Adapter (EFA) on a supported EC2 instance type., Ensure the HPC cluster is launched within a single Availability Zone.

A healthcare company's AWS-hosted SaaS application includes an HTTPS endpoint served by Amazon API Gateway and uses AWS Lambda for processing, with data stored in an Amazon Aurora Serverless v1 database. The application, deployed using AWS Serverless Application Model (AWS SAM), operates across several Availability Zones but lacks a comprehensive disaster recovery (DR) strategy. The company seeks a DR plan capable of restoring services in an alternate AWS Region, targeting a recovery time objective (RTO) of 10 minutes and a recovery point objective (RPO) of 2 minutes. What measures should the solutions architect implement to fulfill these DR requirements?

Convert the Aurora Serverless v1 database to a multi-Region Aurora MySQL database, ensuring continuous data replication across the primary and a secondary Region. Use AWS SAM to script the application deployment in the secondary Region for rapid recovery.

A company has experienced issues updating an AWS Lambda function that is deployed using an AWS CloudFormation stack. The issues have resulted in outages that affected large numbers of customers. A Solutions Architect must adjust the deployment process to support a canary release strategy. Invocation traffic should be routed based on specified weights. Which solution will meet these requirements?

Create an alias for new versions of the Lambda function. Use the AWS CLI update-alias command with the routing-config parameter to distribute the load.

A fintech company runs an on-premises environment that ingests data feeds from financial services companies, transforms the data, and then sends it to an on-premises Apache Kafka cluster. The company plans to use AWS services to build a scalable, near real-time solution that offers consistent network performance to provide the data feeds to a web application. Which steps should a Solutions Architect take to build the solution? (Select THREE.)

Establish an AWS Direct Connect connection from the on-premises data center to AWS., Create an Amazon EC2 Auto Scaling group to pull the messages from the on-premises Kafka cluster and use the Amazon Kinesis Producer Library to put the data into a Kinesis data stream., Create a WebSocket API in Amazon API Gateway, create an AWS Lambda function to process an Amazon Kinesis data stream, and use the @connections command to send callback messages to connected clients.

A company uses Amazon DynamoDB as the backend for the development environment of a new serverless application. While benchmarking the load, they have configured the RCU and WCU for DynamoDB based on the maximum anticipated load for peak usage. Peak usage runs over several hours each weekend and is twice the usual load across the week. Within this duration, write operations are significant and take up most of the traffic. The company must optimize the cost of running the application before releasing to production. Which solution will meet these requirements?

Configure on-demand capacity mode for the table to enable pay-per-request pricing for read and write requests.

A company has deployed a web application in an Amazon VPC. A CloudFront distribution is used for both scalability and performance. The operations team has noticed that the cache hit ratio has been dropping over time leading to a gradual degradation of the performance for the web application. The cache metrics report indicates that query strings on some URLs are inconsistently ordered and are specified in a mixture of mixed-case letters. Which actions can a Solutions Architect take to increase the cache hit ratio and resolve the performance issues on the web application?

Create a Lambda@Edge function to sort parameters by name and force them to be lowercase. Select the CloudFront viewer request trigger to invoke the function.

A retail company is transitioning its sales data processing system to AWS. The system must handle fluctuating sales data inputs, especially during seasonal peaks. The data processing involves receiving sales transactions, processing them for analytics, and storing the results in an Amazon RDS instance. The system should be able to handle variable loads without manual intervention for scaling. Which architecture would BEST meet these requirements?

Implement an Amazon Kinesis Data Firehose for ingesting sales transactions and process them using AWS Lambda functions before storing in an Amazon RDS instance.

A company plans to migrate a content management system (CMS) to AWS. The CMS will use Amazon CloudFront to ensure optimum performance for users from around the world. The CMS includes both static and dynamic content and has been placed behind an Application Load Balancer (ALB) which is the default origin for the CloudFront distribution. The static assets are served from an Amazon S3 bucket. When users attempt to access the static assets HTTP status code 404 errors are generated. Which actions should a Solutions Architect take to resolve the issue? (Select TWO.)

Add a behavior to the CloudFront distribution for the path pattern and the origin of the static assets., Add another origin to the CloudFront distribution for the static assets.

A company runs a traffic sensor related IoT platform on AWS. Applications are hosted on EC2 instances and receive sensor data containing traffic information in real time. Applications are written in Node.js and have an Application Load Balancer in front. The backend includes an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume. The company want to deploy the application to a much larger number of sensors. During initial testing the API servers were consistently overloaded and RDS metrics showed high write latency. Which of the following steps together will resolve the issues permanently and enable growth as new sensors are provisioned, while keeping this platform cost-efficient? (Select TWO.)

Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance., Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data.

An application uses Amazon EC2 instances in an Auto Scaling group and an Amazon RDS MySQL database. The web application has occasional spikes of traffic during the day. The operations team have determined the most appropriate instances sizes for both the EC2 instances and the DB instance. All instances use On-Demand pricing. What of the following steps can be taken to gain the most cost savings without impacting the reliability of the application?

Reserve capacity for the RDS database and the minimum number of EC2 instances that are constantly running.

A company requires federated access to AWS for users of a mobile application. The security team has mandated that the application must use a custom-built solution for authenticating users and use IAM roles for authorization. Which of the following actions would enable authentication and authorization and satisfy the requirements? (Select TWO.)

Use a custom-built OpenID Connect-compatible solution for authentication and use Amazon Cognito for authorization., Use a custom-built SAML-compatible solution that uses LDAP for authentication and uses a SAML assertion to perform authorization to the IAM identity provider.

A company offers a photo sharing application to its users through a social networking app. To ensure images can be displayed with consistency, a single Amazon EC2 instance running JavaScript code processes the photos and stores the processed images in an Amazon S3 bucket. A front-end application runs from a static website in another S3 bucket and loads the processed images for display in the app. The company has asked a Solutions Architect to make some recommendations for a cost-effective solution that offers massive scalability for a global user base. Which combination of changes should the Solutions Architect recommend? (Select TWO.)

Create an Amazon CloudFront distribution in front of the processed images bucket., Replace the EC2 instance with AWS Lambda to run the image processing tasks.

A financial services company runs an application that allows traders to perform online simulations of market conditions. The backend runs on a fleet of virtual machines in an on-premises data center and the business logic is exposed using a REST API with multiple functions. The trader’s session data is stored in a NAS file system in the on-premises data center. During busy periods of the day the server capacity is insufficient and latency issues have occurred when fetching the session data for a simulation. A Solutions Architect must create a design for moving the application to AWS. The design must use the same API model but should be capable of scaling for the variable load and ensure access to session data is provided with low-latency. Which solutions meets these requirements?

Implement the REST API using Amazon API Gateway. Run the business logic in AWS Lambda. Store trader session data in Amazon DynamoDB with on-demand capacity.

A web application allows users to upload video clips of celebrities. The website consists of Amazon EC2 instances and static content. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for facial analysis. The image processing jobs are picked up from an Amazon SQS queue by an Auto Scaling layer of EC2 instances. A Solutions Architect has been asked to re-architect the application to reduce operational overhead using AWS managed services where possible. Which of the following recommendations should the Solutions Architect make?

Use an Amazon S3 static website for the web application. Store uploaded videos in an S3 bucket. Use S3 event notification to publish events to the SQS queue. Process the queue with an AWS Lambda functions that calls the Amazon Rekognition API to perform facial analysis.

A security team uses a ticketing system to capture suspicious events that require investigation. The security team has created a system where events are captured using CloudTrail Logs and saved to Amazon S3. A scheduled AWS Lambda function then uses Amazon Athena to query the logs for any API actions performed by the root user. The results are then submitted to the ticketing system by the Lambda function. The ticketing system has a monthly 4-hour maintenance window when the system is offline and cannot log new tickets and an audit revealed that several tickets were not created due to the ticketing system being unavailable. Which combination of steps should a solutions architect take to ensure that the incidents are reported to the ticketing system even during planned maintenance? (Select TWO.)

Create an Amazon EventBridge rule with a pattern that looks for AWS CloudTrail events where the API calls involve the root user account. Configure an Amazon SQS queue as a target for the rule., Update the Lambda function to poll the Amazon SQS queue for messages and to return successfully when the ticketing system API has processed the request.

A media advertising company currently has resources hosted in two AWS accounts: Management and Production. DNS records are stored in a private hosted zone using Amazon Route 53 in the Management account. The Production account is used for applications and databases. The company has deployed a two-tier application in a new VPC. To simplify the configuration, the database.company.com CNAME record set for the Amazon RDS endpoint was created in a private hosted zone for Amazon Route 53. While deploying, the application failed to start. Troubleshooting revealed that database.company.com is not resolvable within the Amazon EC2 instance. The solutions architect confirmed that the record set was created correctly in Route 53. Which combination of steps should the solutions architect take to resolve this issue? (Select TWO.)

Create an authorization to associate the private hosted zone in the Management account with the new VPC in the Production account., Associate a new VPC in the Production account with a hosted zone in the Management account. Delete the association authorization in the Management account.

A financial company processes transactions using on-premises application servers which save output to an Amazon DynamoDB table. The company’s data center is connected to AWS using an AWS Direct Connect (DX) connection. Company managed has mandated that the solution should be available across multiple Regions. Consistent network performance must be maintained at all times. What changes should the company make to meet these requirements?

Create a DX connection to a second AWS Region. Use DynamoDB global tables to replicate data to the second Region. Modify the application to fail over to the second Region.

A company runs Docker containers on Amazon ECS. A containerized application uses a custom tool that must be manually updated each time the container code is updated. The updated container image can then be used for new tasks. A Solutions Architect has been tasked with automating this process to eliminate the manual work and ensure a new container image is generated each time the tool code is updated. Which combination of actions should the Solutions Architect take to meet these requirements? (Select THREE.)

Create an AWS CodePipeline pipeline that sources the tool code from the AWS CodeCommit repository and initiates an AWS CodeBuild build., Create an AWS CodeBuild project that pulls the latest container image from Amazon ECR, updates the container with code from the source AWS CodeCommit repository, and pushes the updated container image to Amazon ECR., Create an Amazon ECR repository for the image. Create an AWS CodeCommit repository containing code for the tool being deployed to the container image in Amazon ECR.

A pharmaceutical company has deployed an application on their private Amazon VPC. They need to use a third-party software-as-a-service (SaaS) application which is hosted in another AWS account inside an Amazon VPC. They need to connect applications to the third-party SaaS from private subnets in the company VPC. The company’s security team has mandated policies that private network needs to be used without internet propagation. No resources that run in the company VPC are allowed to be accessed from outside the company's VPC. All permissions must conform to the principles of least privilege. Which solution meets these requirements?

Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint and associate the security group with the endpoint.

A corporation needs to quickly enable 350 staff members to work remotely in the event of an emergency. Their current setup includes a mix of Windows and Linux desktops with various applications installed, such as office suites and communication tools. The solution must integrate with the company's existing on-premises Active Directory, allowing staff to use their current login credentials. Additionally, it should support multifactor authentication (MFA) and closely replicate the user interface of their existing desktop environments. Which AWS solution would best meet these criteria?

Use Amazon WorkSpaces for providing cloud desktops. Connect it to the on-premises network via VPN, integrate with the on-premises Active Directory using an AD Connector, and set up a RADIUS server to enable MFA.

An eCommerce company runs a successful website with a growing base of customers. The website is becoming popular internationally and demand is increasing quickly. The website is currently hosted in an on-premises data center with web servers and a MySQL database. The company plans to migrate the workloads to AWS. A Solutions Architect has been asked to create a solution that: - Improves security - Improves reliability - Improves availability - Reduces latency - Reduces maintenance Which combination of steps should the Solutions Architect take to meet these requirements? (Select THREE.)

Host static website content in Amazon S3. Use Amazon CloudFront to reduce latency while serving webpages. Use AWS WAF to improve website security., Create an Auto Scaling group of Amazon EC2 instances in two Availability Zones and attach an Application Load Balancer., Migrate the database to an Amazon Aurora MySQL DB cluster configured for Multi-AZ.

A growing e-commerce company uses a legacy CRM system hosted in an on-premises server. The sales team frequently accesses this system for customer data, leading to high server load during peak hours. The company wants to leverage AWS to improve system availability, enhance data processing speed, and manage increasing data volumes with minimal operational overhead. Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

Migrate the CRM system to Amazon EC2 instances., Implement Amazon RDS to host the CRM's database.

A financial services company is looking to enhance its web application deployment process to ensure rapid and safe updates. The application, which handles sensitive financial transactions, is hosted on a cluster of Amazon EC2 instances behind an Application Load Balancer (ALB). The source code is maintained in a Bitbucket repository, and they use AWS CodeBuild for building the application. The company plans to integrate AWS CodePipeline for automating the deployment process from Bitbucket commits. The key requirements are to minimize downtime during updates and provide a mechanism for quick rollback in case the new version introduces bugs or security vulnerabilities. Which CI/CD setup would best fulfill these requirements?

Configure CodePipeline with a deployment stage using AWS CodeDeploy for blue/green deployments. After deploying the new version, monitor its performance and security, and use CodeDeploy's rollback feature in case of any issues.

A company runs its IT services from an on-premises data center and is moving to AWS. The company wants to move their development and deployment processes to use managed services where possible. They would like to leverage their existing Chef tools and experience. The application must be deployed to a staging environment and then to production. The ability to roll back quickly must be available in case issues occur following a production deployment. Which AWS service and deployment strategy should a Solutions Architect use to meet the company’s requirements?

Use AWS OpsWorks and deploy the application using a blue/green deployment strategy.

100

A data hosting company has developed a new application which works on a custom TCP port. The service must use fixed address assignments so other companies can whitelist the addresses in their firewalls. The application will be hosted on the publicly accessible DNS domain name cloud.myservice.com. The solution must offer high availability and redundancy across Availability Zones in a single AWS Region. Which solution will meet these requirements?

Create Amazon EC2 instances for the service. Create one Elastic IP address for each Availability Zone. Create a Network Load Balancer (NLB) and expose the assigned TCP port. Assign the Elastic IP addresses to the NLB for each Availability Zone. Create a target group and register the EC2 instances with the NLB. Create a new A (alias) record set named cloud.myservice.com and assign the NLB DNS name to the record set.

xj9 - 19628 - a

critical flaw · 98問 · 2年前

xj9 - 19628 - a