3. X-Tinction Agenda

100問 • 1年前

問題一覧

A company runs a legacy application on an Amazon EC2 Linux instance. The application code cannot be modified, and the system cannot run on more than one instance. A Solutions Architect must design a resilient solution that can improve the recovery time for the system. What should the Solutions Architect recommend to meet these requirements?

Launch the EC2 instance with two Amazon EBS volumes and configure RAID 1.

A dynamic website runs on Amazon EC2 instances behind an Application Load Balancer (ALB). Users are distributed around the world, and many are reporting poor website performance. The company uses Amazon Route 53 for DNS. Which set of actions will improve website performance while minimizing cost?

Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.

A large accounting company needs to store all its accounting records in Amazon S3. The records must be accessible for 1 year with immediate notice, and then must be archived for a further 9 years due to compliance requirements. No one at the company, under any circumstances, should be able to delete the records over the entire 10-year period. The records must be stored with maximum resiliency to prevent data loss. Which solution will most elegantly meet these requirements?

Use an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year. Use S3 Object Lock in compliance mode for a period of 10 years.

A company is migrating a decoupled application to AWS. The application uses a message broker based on the MQTT protocol. The application will be migrated to Amazon EC2 instances and the solution for the message broker must not require rewriting application code. Which AWS service can be used for the migrated message broker?

Amazon MQ

A web application hosts static and dynamic content. The application runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The database tier runs on an Amazon Aurora database. A Solutions Architect needs to make the application more resilient to periodic increases in request rates. Which architecture should the Solutions Architect implement? (Select TWO.)

Add an Amazon CloudFront distribution., Add Aurora Replicas.

An application runs across a fleet of Amazon EC2 instances and uses a shared file system hosted on Amazon EFS. The file system is used for storing many files that are generated by the application. The files are only accessed for the first few days after creation but must be retained. How can a Solutions Architect optimize storage costs for the application?

Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days.

Three Amazon VPCs are used by a company in the same region. The company has two AWS Direct Connect connections to two separate company offices and wishes to share these with all three VPCs. A Solutions Architect has created an AWS Direct Connect gateway. How can the required connectivity be configured?

Associate the Direct Connect gateway to a transit gateway

A large customer services company is planning to build a highly scalable and durable application designed to aggregate data across their support communications, and extract sentiment on how successfully they are helping their customers. These communications are generated across chat, social media, emails and more. They need a solution which stores output from these communication channels, which then processes the text for sentiment analysis. The outputs must then be stored in a data warehouse for future use. Which series of AWS services will provide the functionality the company is looking for?

Use an Amazon S3 Data Lake as the original date store for the output from the support communications. Use Amazon Comprehend to process the text for sentiment analysis. Then store the outputs in Amazon RedShift.

A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The application uses a MongoDB Database to store data. The application will be migrated to AWS, but no code changes or deployment method changes are possible at this time due to a constraint in time and resources. Operational efficiency is critical. Which solution meets these requirements?

Use Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute and Amazon DocumentDB (with MongoDB compatibility) for data storage.

A financial institution with many departments wants to migrate to the AWS Cloud from their data center. Each department should have their own established AWS accounts with preconfigured, Limited access to authorized services, based on each team's needs, by the principle of least privilege. What actions should be taken to ensure compliance with these security requirements?

Deploy a Landing Zone within AWS Control Tower. Allow department administrators to use the Landing Zone to create new member accounts and networking. Grant the department's AWS power user permissions on the created accounts.

As part of a company’s shift to the AWS cloud, they need to gain an insight into their total on-premises footprint. They have discovered that they are currently struggling with managing their software licenses. They would like to maintain a hybrid cloud setup, with some of their licenses stored in the cloud with some stored on-premises. What actions should be taken to ensure they are managing the licenses appropriately going forward?

Use AWS License Manager to manage the software licenses

An application is being monitored using Amazon GuardDuty. A Solutions Architect needs to be notified by email of medium to high severity events. How can this be achieved?

Create an Amazon CloudWatch events rule that triggers an Amazon SNS topic

A telecommunications company is looking to expand its 5G coverage nationwide, and as a result needs to provision and build their own private cellular network with the help of AWS. Which solution does AWS provide to help with this?

AWS Private 5G

Over 500 TB of data must be analyzed using standard SQL business intelligence tools. The dataset consists of a combination of structured data and unstructured data. The unstructured data is small and stored on Amazon S3. Which AWS services are most suitable for performing analytics on the data?

Amazon Redshift with Amazon Redshift Spectrum

A Solutions Architect needs to select a low-cost, short-term option for adding resilience to an AWS Direct Connect connection. What is the MOST cost-effective solution to provide a backup for the Direct Connect connection?

Implement an IPSec VPN connection and use the same BGP prefix

A company is using Amazon Aurora as the database for an online retail application. Data analysts run reports every fortnight that take a long time to process and cause performance degradation for the database. A Solutions Architect has reviewed performance metrics in Amazon CloudWatch and noticed that the ReadIOPS and CPUUtilization metrics are spiking when the reports run. What is the MOST cost-effective solution to resolve the performance issues?

Migrate the fortnightly reporting to an Aurora Replica.

A storage company creates and emails PDF statements to their customers at the end of each month. Customers must be able to download their statements from the company website for up to 30 days from when the statements were generated. When customers close their accounts, they are emailed a ZIP file that contains all the statements. What is the MOST cost-effective storage solution for this situation?

Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.

A Solutions Architect is tasked with designing a fully Serverless, Microservices based web application which requires the use of a GraphQL API to provide a single entry point to the application. Which AWS managed service could the Solutions Architect use?

AWS AppSync

A Solutions Architect is designing an application that will run on an Amazon EC2 instance. The application must asynchronously invoke an AWS Lambda function to analyze thousands of .CSV files. The services should be decoupled. Which service can be used to decouple the compute services?

Amazon SNS

A Solutions Architect is rearchitecting an application with decoupling. The application will send batches of up to 1000 messages per second that must be received in the correct order by the consumers. Which action should the Solutions Architect take?

Create an Amazon SQS FIFO queue

A company are finalizing their disaster recovery plan. A limited set of core services will be replicated to the DR site ready to seamlessly take over the in the event of a disaster. All other services will be switched off. Which DR strategy is the company using?

Pilot light

A large financial services company currently has an SMB file server in its on-premises environment. After a large file is created, it is accessed frequently by the file server for the first few days. It is rare for the files to be accessed after 30 days. Data sizes are increasing and are approaching the company's storage capacity. Increasing a company's storage space without sacrificing access to recent files is the task of the solutions architect. The solutions architect must also provide file lifecycle management to avoid future storage issues from recurring. Which solution will meet these requirements?

Create an Amazon S3 File Gateway, extending the company's storage space into the cloud. Create an S3 Lifecycle policy to transition the data to S3 Glacier Deep Archive after 30 days.

A large online retail company manages and runs an online e-commerce web application on AWS. This application serves hundreds of thousands of concurrent users during their peak operating hours, and as a result the company needs a highly scalable, near-real-time solution to share the order details with several other internal applications for order processing. Some additional processing to remove sensitive data also needs to occur before being stored in a document database for low-latency retrieval. What should a solutions architect recommend to meet these requirements?

Stream the transactions data into Amazon Kinesis Data Streams. Use AWS Lambda integration to remove sensitive data from every transaction and then store the transactions data in Amazon DynamoDB. Other applications can consume the transactions data off the Kinesis data stream.

A company runs a streaming application on AWS that ingests data in near real-time and then processes the data. The data processing takes 30 minutes to complete. As the volume of data being ingested by the application has increased, high latency has occurred. A Solutions Architect needs to design a scalable and serverless solution to improve performance. Which combination of steps should the Solutions Architect take? (Select TWO.)

Use Amazon Kinesis Data Firehose to ingest the data., Use containers running on AWS Fargate to process the data.

A social media company has a Microsoft .NET application that currently runs on an on-premises Windows Server. The application uses an Oracle Database Standard Edition server for its database layer. The company is planning to migrate this application to AWS and wants to minimize development changes while moving the application, due to limited staff resources. The AWS application environment should however not compromise on being highly available. Which two actions should the company take to meet these requirements? (Select TWO.)

Redeploy the application in Elastic Beanstalk with the .NET platform provisioned in a Multi-AZ configuration., Migrate from Oracle to Oracle on Amazon RDS using the AWS Database Migration Service (AWS DMS).

An application in a private subnet needs to query data in an Amazon DynamoDB table. Use of the DynamoDB public endpoints must be avoided. What is the most EFFICIENT and secure method of enabling access to the table?

Create a gateway VPC endpoint and add an entry to the route table

A company has 200 TB of video files stored in an on-premises data center that must be moved to the AWS Cloud within the next four weeks. The company has around 50 Mbps of available bandwidth on an Internet connection for performing the transfer. What is the MOST cost-effective solution for moving the data within the required timeframe?

Order multiple AWS Snowball devices to migrate the data to AWS.

A company is testing a new web application that runs on Amazon EC2 instances. A Solutions Architect is performing load testing and must be able to analyze the performance of the web application with a granularity of 1 minute. What should the Solutions Architect do to meet this requirement?

Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to perform the analysis.

A Solutions Architect needs to design a solution for providing a shared file system for company users in the AWS Cloud. The solution must be fault tolerant and should integrate with the company’s Microsoft Active Directory for access control. Which storage solution meets these requirements?

Create a file system with Amazon FSx for Windows File Server and enable Multi-AZ. Join Amazon FSx to Active Directory.

Several workloads are being run in one AWS region by a rapidly growing retail company. A solutions architect must create disaster recovery plans that include different AWS regions. In the DR Region, the company needs its database to be kept up to date with the lowest latency possible. Infrastructure in the DR Region must run at reduced capacity and be capable of handling traffic immediately. Which solution will meet these requirements with the LOWEST possible recovery time objective (RTO)?

Use an Amazon Aurora global database with a warm standby disaster recovery strategy.

A company is migrating an eCommerce application into the AWS Cloud. The application uses an SQL database, and the database will be migrated to Amazon RDS. A Solutions Architect has been asked to recommend a method to attain sub-millisecond responses to common read requests. What should the solutions architect recommend?

Deploy a database cache using Amazon ElastiCache.

A company is migrating an application that comprises a web tier and a MySQL database into the AWS Cloud. The web tier will run on EC2 instances, and the database tier will run on an Amazon RDS for MySQL DB instance. Customers access the application via the Internet using dynamic IP addresses. How should the Solutions Architect configure the security groups to enable connectivity to the application?

Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the DB tier to allow inbound traffic on port 3306 from the web tier security group.

A DevOps team uses an Amazon RDS MySQL database running for running resource-intensive tests each month. The instance has Performance Insights enabled and is only used once a month for up to 48 hours. As part of an effort to reduce AWS spend, the team wants to reduce the cost of running the tests without reducing the memory and compute attributes of the DB instance. Which solution meets these requirements MOST cost-effectively?

Create a snapshot of the database when the tests are completed. Terminate the DB instance. Create a new DB instance from the snapshot when required.

A large financial services organization has a workflow for ingesting data. It currently consists of an Amazon Simple Notification Service (Amazon SNS) topic for receiving notifications about new deliveries of data, and an AWS Lambda function to process the data and record metadata. Network connectivity issues occasionally cause the ingestion workflow to fail. When such a failure occurs, the Lambda function does not ingest the corresponding data and the team must manually re-run the Lambda function. Which combination of actions should a solutions architect take to ensure that the data is ingested even if there is a network outage. (Select TWO.)

Set up an Amazon SQS queue and subscribe it to the SNS topic., Modify the Lambda function so it reads from an Amazon SQS queue.

A company has over 200 TB of log files in an Amazon S3 bucket. The company must process the files using a Linux-based software application that will extract and summarize data from the log files and store the output in a separate Amazon S3 bucket. The company needs to minimize data transfer charges associated with the processing of this data. How can a Solutions Architect meet these requirements?

Launch an Amazon EC2 instance in the same Region as the S3 bucket. Process the log files and upload the output to another S3 bucket in the same Region.

A company runs a legacy application that uses an Amazon RDS MySQL database without encryption. The security team has instructed a Solutions Architect to encrypt the database due to new compliance requirements. How can the Solutions Architect encrypt all existing and new data in the database?

Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Create a new RDS instance from the encrypted snapshot.

A Solutions Architect has placed an Amazon CloudFront distribution in front of their web server, which is serving up a highly accessed website, serving content globally. The Solutions Architect needs to dynamically route the user to a new URL depending on where the user is accessing from, through running a particular script. This dynamic routing will happen on every request, and as a result requires the code to run at extremely low latency, and low cost. What solution will best achieve this goal?

At the Edge Location, run your code with CloudFront Functions.

The log files of a proprietary application must be analyzed. The log files are stored in an Amazon S3 bucket in JSON format. Query execution will be on-demand and simple. It is essential for a solutions architect to perform the analysis with minimal changes to the existing architecture. How can a solutions architect meet these requirements with the LOWEST amount of operational overhead?

Use Amazon Athena to query and analyze the data in Amazon S3 using standard SQL queries on demand.

A company needs to transfer data from an Amazon EC2 instance to an Amazon S3 bucket. The company must prevent API calls and data from being routed over the public internet and must use a private connection. Only the single EC2 instance can have access to upload data to the S3 bucket. Which solution will meet these requirements?

Create an Amazon S3 interface VPC endpoint in the subnet where the EC2 instance is located. Add a resource policy to the S3 bucket to allow only the EC2 instance's IAM role access.

A company is planning to use an Amazon S3 bucket to store a large volume of customer transaction data. The data will be structured into a hierarchy of objects, and they require a solution for running complex queries as quickly as possible. The solution must minimize operational overhead. Which solution meets these requirements?

Use Amazon Athena on Amazon S3 to perform the queries.

A Solutions Architect is designing an application that consists of AWS Lambda and Amazon RDS Aurora MySQL. The Lambda function must use database credentials to authenticate to MySQL and security policy mandates that these credentials must not be stored in the function code. How can the Solutions Architect securely store the database credentials and make them available to the function?

Store the credentials in Systems Manager Parameter Store and update the function code and execution role

A Solutions Architect has been tasked with building an application which stores images to be used for a website. The website will be accessed by thousands of customers. The images within the application need to be able to be transformed and processed as they are being retrieved. The solutions architect would prefer to use managed services to achieve this, and the solution should be highly available and scalable, and be able to serve users from around the world with low latency. Which scenario represents the easiest solution for this task?

Store the images in Amazon S3, behind a CloudFront distribution. Use S3 Object Lambda to transform and process the images whenever a GET request is initiated on an object.

Every time an item in an Amazon DynamoDB table is modified a record must be retained for compliance reasons. What is the most efficient solution to recording this information?

Enable DynamoDB Streams. Configure an AWS Lambda function to poll the stream and record the modified item data to an Amazon S3 bucket

A company plans to provide developers with individual AWS accounts. The company will use AWS Organizations to provision the accounts. A Solutions Architect must implement secure auditing using AWS CloudTrail so that all events from all AWS accounts are logged. The developers must not be able to use root-level permissions to alter the AWS CloudTrail configuration in any way or access the log files in the S3 bucket. The auditing solution and security controls must automatically apply to all new developer accounts that are created. Which action should the Solutions Architect take?

Create a new trail in CloudTrail from within the management account with the organization trails option enabled.

A Solutions Architect is migrating a distributed application from their on-premises environment into AWS. This application consists of an Apache Cassandra NoSQL database, with a containerized SUSE Linux compute layer with an additional storage layer made up of multiple Microsoft SQL Server databases. Once in the cloud the company wants to have as little operational overhead as possible, with no schema conversion during the migration and the company wants to host the architecture in a highly available and durable way. Which of the following groups of services will provide the solutions architect with the best solution ?

Run the NoSQL database on Amazon Keyspaces, and the compute layer on Amazon ECS on Fargate. Use Amazon RDS for Microsoft SQL Server to host the second storage layer.

An application that runs a computational fluid dynamics workload uses a tightly-coupled HPC architecture that uses the MPI protocol and runs across many nodes. A service-managed deployment is required to minimize operational overhead. Which deployment option is MOST suitable for provisioning and managing the resources required for this use case?

Use AWS Batch to deploy a multi-node parallel job

A critical web application that runs on a fleet of Amazon EC2 Linux instances has experienced issues due to failing EC2 instances. The operations team have investigated and determined that insufficient swap space is a likely cause. The operations team require a method of monitoring the swap space on the EC2 instances. What should a Solutions Architect recommend?

Install and configure the unified CloudWatch agent on the EC2 instances. Monitor Swap Utilization metrics in CloudWatch.

A HR application stores employment records on Amazon S3. Regulations mandate the records are retained for seven years. Once created the records are accessed infrequently for the first three months and then must be available within 10 minutes if required thereafter. Which lifecycle action meets the requirements whilst MINIMIZING cost?

Store the data in S3 Standard-IA for 3 months, then transition to S3 Glacier

A retail organization sends coupons out twice a week and this results in a predictable surge in sales traffic. The application runs on Amazon EC2 instances behind an Elastic Load Balancer. The organization is looking for ways lower costs while ensuring they meet the demands of their customers. How can they achieve this goal?

Use capacity reservations with savings plans

A large MongoDB database running on-premises must be migrated to Amazon DynamoDB within the next few weeks. The database is too large to migrate over the company’s limited internet bandwidth so an alternative solution must be used. What should a Solutions Architect recommend?

Use the Schema Conversion Tool (SCT) to extract and load the data to an AWS Snowball Edge device. Use the AWS Database Migration Service (DMS) to migrate the data to Amazon DynamoDB

A highly elastic application consists of three tiers. The application tier runs in an Auto Scaling group and processes data and writes it to an Amazon RDS MySQL database. The Solutions Architect wants to restrict access to the database tier to only accept traffic from the instances in the application tier. However, instances in the application tier are being constantly launched and terminated. How can the Solutions Architect configure secure access to the database tier?

Configure the database security group to allow traffic only from the application security group

A company requires that IAM users must rotate their access keys every 60 days. If an access key is found to older it must be removed. A Solutions Architect must create an automated solution that checks the age of access keys and removes any keys that exceed the maximum age defined. Which solution meets these requirements?

Create an AWS Config rule to check for the key age. Define an Amazon EventBridge rule to execute an AWS Lambda function that removes the key.

The Chief Financial Officer of a large corporation is looking for an AWS native tool which will help reduce their cloud spend. After receiving a budget alarm, the company has decided that they need to reduce their spend across their different areas of compute and need insights into their spend to decide where they can reduce cost. What is the easiest way to achieve this goal?

AWS Compute Optimizer

A large manufacturing company needs to store data in Amazon S3 and prevent the data from being modified. The company requires that all new objects uploaded to Amazon S3 should remain unchangeable for an unspecified period until the company decides to modify the objects. Only specific users within the company's AWS account should have the ability to delete the objects. What should a solutions architect do to meet these requirements?

Create an S3 bucket with S3 Object Lock enabled. Enable versioning. Add a legal hold to the objects. Add the s3:PutObjectLegalHold permission to the IAM policies of users who need to delete the objects.

To increase performance and redundancy for an application a company has decided to run multiple implementations in different AWS Regions behind network load balancers. The company currently advertise the application using two public IP addresses from separate /24 address ranges and would prefer not to change these. Users should be directed to the closest available application endpoint. Which actions should a solutions architect take? (Select TWO.)

Migrate both public IP addresses to the AWS Global Accelerator, Create an AWS Global Accelerator and attach endpoints in each AWS Region

A team of scientists are collecting environmental data to assess the impact of pollution in a small regional town. The scientists collect data from various sensors and cameras. The data must be immediately processed to validate its accuracy, but the scientists have limited local storage space on their laptops and intermittent and unreliable connectivity to their Amazon EC2 instances and S3 buckets. What should a Solutions Architect recommend?

Use AWS Snowball Edge devices to process the data locally.

A Solutions Architect for a large banking company is configuring access control within the organization for an Amazon S3 bucket containing thousands of financial records. There are 20 different teams which need to have access to this bucket, however they all need different permissions. These 20 teams correspond to 20 accounts within the banking company who are currently using AWS Organizations. What is the simplest way to achieve this, whilst adhering to the principle of least privilege?

Use S3 Access points to administer different access policies to each team, and control access points using Service Control Policies within AWS Organizations.

An Amazon S3 bucket is going to be used by a company to store sensitive data. A Solutions Architect needs to ensure that all objects uploaded to an Amazon S3 bucket are encrypted. How can this be achieved?

Create a bucket policy that denies Put requests that do not have an x-amz-server-side-encryption header set.

A financial services company provides users with downloadable reports in PDF format. The company requires a solution that can seamlessly scale to meet the demands of a growing, global user base. The solution must be cost-effective and minimize operational overhead. Which combination of services should a Solutions Architect recommend to meet these requirements?

Amazon CloudFront and Amazon S3.

A company is deploying an Amazon ElastiCache for Redis cluster. To enhance security a password should be required to access the database. What should the solutions architect use?

Redis AUTH command

A data analytics company is hosting a data lake which consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization for the latest dataset and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access. Which solution will meet these requirements?

Create an AWS Glue table and crawler for the data in Amazon S3. Use Amazon Athena Federated Query to access data within Amazon RDS for PostgreSQL. Generate reports by using Amazon Athena. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

A financial firm is aiming to leverage AWS Cloud for augmenting its on-premises disaster recovery (DR) architecture. The firm's main application, running on PostgreSQL, is housed on a virtual machine (VM) on-premises. The DR solution needs to align with the application's recovery point objective (RPO) of less than a minute and a recovery time objective (RTO) of within two hours, all while keeping costs to a minimum. Which solution will meet these requirements?

Set up a warm standby Amazon RDS for PostgreSQL database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC).

A company has an on-premises server that uses a MySQL database to process and store customer information. The company wants to migrate to an AWS database service to achieve higher availability and to improve application performance. Additionally, the company wants to offload reporting workloads from its primary database to ensure it remains performant. Which solution will meet these requirements in the MOST operationally efficient way?

Use Amazon Aurora with MySQL compatibility. Direct the reporting functions to use one of the Aurora Replicas.

An international logistics company has web applications running on AWS in the us-west-2 Region and database servers in the eu-central-1 Region. The applications running in a VPC in us-west-2 need to communicate securely with the databases running in a VPC in eu-central-1. Which network design will meet these requirements?

Configure a VPC peering connection between the us-west-2 VPC and the eu-central-1 VPC. Update the subnet route tables accordingly. Create an inbound rule in the eu-central-1 database security group that allows traffic from the us-west-2 application server IP addresses.

A finance organization wants to deploy end of day processing applications to a fleet of Amazon EC2 instances with a focus on reducing cost. These applications are stateless and can be re-triggered in case of failure. The company needs a solution that minimizes cost and operational overhead. What should a solutions architect do to meet these requirements?

Use Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group.

A Solutions Architect is attempting to clean up unused EBS volumes and snapshots to save some space and cost. How many of the most recent snapshots of an EBS volume need to be maintained to guarantee that you can recreate the full EBS volume from the snapshot?

Only the most recent snapshot. Snapshots are incremental, but the deletion process will ensure that no data is lost

A health tech company runs a multi-tier medical records application in the AWS Cloud, which operates across three Availability Zones. The application architecture includes an Application Load Balancer, a cluster of Amazon EC2 instances that handle user session states, and a PostgreSQL database running on an EC2 instance. The company anticipates a sharp surge in application traffic due to a new partnership. The company needs to scale to accommodate future application capacity demands and ensure high availability across all three Availability Zones. Which solution will meet these requirements?

Migrate the PostgreSQL database to Amazon RDS for PostgreSQL with a Multi-AZ DB instance deployment. Use Amazon ElastiCache for Redis with a replication group to manage session data and cache reads. Migrate the application server to an Auto Scaling group across three Availability Zones.

A financial services company is currently using 500 Amazon EC2 instances to run batch-processing workloads to analyze financial information on a periodic basis. The organization needs to install a third-party tool on all these instances as quickly and as efficiently as possible and will have to carry out similar tasks on an ongoing basis going forward. The solution also needs to scale for the addition of future EC2 instances. What should a solutions architect do to meet these requirements in the easiest way possible?

Use AWS Systems Manager Run Command to run a custom command that installs the tool on all the EC2 instances.

A law firm has recently productionized a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from the AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets. A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server. Which solution will meet these requirements with the LEAST operational overhead?

Deploy a Gateway Load Balancer in the inspection VPC. Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance.

A digital marketing agency manages numerous client websites and apps on AWS. Each AWS resource is supposed to be tagged by the account for tracking and backup purposes. The agency wants to ensure that all AWS resources, including untagged ones, are backed up properly to minimize data loss risks. Which solution will meet these requirements with the LEAST operational overhead?

Use AWS Config to identify all untagged resources and tag them programmatically. Then, use AWS Backup to automate the backup of all AWS resources based on tags.

A traffic law enforcement company is building a solution that has thousands of edge devices that collectively generate 1 TB of status alerts each day. These devices provide vehicle information and number plate data whenever alerts detecting red light jumps are detected. Each entry is around 2Kb in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis. The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than 14 days. What is the MOST operationally efficient solution that meets these requirements?

Create an Amazon Kinesis Data Firehose delivery stream to ingest the alerts. Configure the Kinesis Data Firehose stream to deliver the alerts to an Amazon S3 bucket. Set up an S3 Lifecycle configuration to transition data to Amazon S3 Glacier after 14 days.

A global logistics company collects shipment tracking information, which updates every few seconds. The company wishes to perform real-time analysis on these data updates to monitor shipment progress and predict delays, after which they want the data to be ingested into their Amazon S3-based data lake. Which solution will fulfill these requirements with the MOST operational efficiency?

Use Amazon Kinesis Data Firehose for data ingestion and Amazon Kinesis Data Analytics for real-time analysis.

A company observed an increase in Amazon EC2 costs in its most recent bill. The billing team noticed unwanted vertical scaling of instance types for a couple of EC2 instances. A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling. How should the solutions architect generate the information with the LEAST operational overhead?

Use Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types.

A financial services company has a large, multi-Region footprint on AWS. A recent security audit highlighted some issues that must be addressed. The company must track all configuration changes affecting AWS resources and have detailed records of who has accessed the AWS environment. The data should include information such as which user has logged in and which API calls they made What actions should a Solutions Architect take to meet these requirements?

Use AWS Config to track configuration changes and AWS CloudTrail to record API calls and track access patterns in the AWS Cloud.

A healthcare company maintains patient records in Amazon S3. To comply with HIPAA regulations, the stored data must not contain any protected health information (PHI). The company recently found out that some objects in the S3 buckets contain PHI. The company needs to automate the detection of PHI in the S3 buckets and notify its compliance team when such data is detected. Which solution will meet these requirements?

Use Amazon Macie. Create an AWS Lambda function to filter the ‘SensitiveData:S3Object/Personal’ event type from Macie findings and trigger an Amazon Simple Notification Service (Amazon SNS) notification to the compliance team.

An application analyzes images of people that are uploaded to an Amazon S3 bucket. The application determines demographic data which is then saved to a .CSV file in another S3 bucket. The data must be encrypted at rest and then queried using SQL. The solution should be fully serverless. Which actions should a Solutions Architect take to encrypt and query the data?

Use AWS KMS encryption keys for the S3 bucket and use Amazon Athena to query the data

An online game platform company is launching a new game feature that involves a significant update to their existing API hosted on Amazon API Gateway. The company wants to minimize the impact on their existing users, and they need a deployment strategy that allows them to gradually roll out the changes while monitoring for any potential issues. What should the company do to achieve this?

Use an API Gateway canary release deployment. Initially direct a small percentage of user traffic to the new API version. After API verification, promote the canary stage to the production stage.

A company runs an application using many Amazon EC2 instances for its application servers. The application using Amazon DynamoDB for its data store. The size of this table continuously grows, but the application only requires data from the most recent 30 days. The company needs a solution that minimizes cost and effort. Which solution meets these requirements?

Add an attribute to each new item created in the table that has a value of the current timestamp plus 30 days. Configure this attribute as the TTL attribute.

A multinational enterprise plans to transition from numerous independent AWS accounts to a structured, multi-account AWS setup. The enterprise anticipates creating multiple AWS accounts to cater to various departments. The enterprise seeks to authenticate access to these AWS accounts using a centralized corporate directory service. What combination of steps should a solutions architect suggest to meet these needs? (Select TWO.)

Deploy AWS Directory Service and integrate it with the corporate directory service. Set up AWS Identity Center for authentication across accounts., Create a new AWS Organizations entity with all features enabled. Create the new AWS accounts within the organization.

A company uses several Windows Servers as the operating system of choice for all their application servers hosted in their data center. The company wants to move some file servers into the cloud, and keep some in their data center, mounted to the same File System. The company also wants to maintain extremely low latency access to their on-premises data center, across a private network. The company has an AWS Direct Connect connection set up into the us-east-1 Region. What should a solutions architect do to meet these requirements?

Install an SMB client on to the on-premises servers and mount an Amazon FSx file system to the servers. Mount the same file system to the EC2 instances within the Amazon VPC. Use the existing Direct Connect connection to connect the on-premises data center to the Amazon VPC.

A company has multiple Windows workloads which are .NET application servers and Microsoft SQL Server databases running on Amazon EC2 instances with Windows Server 2016. The company requires a shared file system which is highly available, durable and provides high levels of throughput and IOPS. What is the best way to meet this requirement?

Extend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration. Migrate all the data to FSx for Windows File Server.

A music streaming company needs to incorporate a third-party song feed. The song feed sends a webhook to notify an external service when new songs are ready for consumption. A developer has written an AWS Lambda function to retrieve songs when the company receives a webhook callback. The developer must expose the Lambda function for the third party to invoke. Which solution will meet these requirements with the LEAST operational complexity?

Generate an API Gateway endpoint for the Lambda function. Provide the API Gateway endpoint to the third party for the webhook.

A telemarketing company has developed customer call center functionality on AWS. The company plans to enhance the current application by enabling support for multiple speaker recognition and transcript generation. They also want to query the transcript files to analyze business patterns. Which solution will meet these requirements?

Use Amazon Transcribe for multiple speaker recognition. Use Amazon Athena for transcript file analysis.

A media company has grown significantly in the past few months and the management team are concerned about compliance, governance, auditing, and security. The management team requires that configuration changes are tracked a history of API calls is recorded. What should a solutions architect do to meet these requirements?

Use AWS Config to track configuration changes and AWS CloudTrail to record API calls.

An e-commerce website uses Amazon EC2 instance stores for storing session data. The company want to make sure that this data is highly available, and that the information is stored durably. What should a solutions architect do to meet these requirements?

Store the session data in an Amazon DynamoDB table.

An organization is planning their disaster recovery solution. They plan to run a scaled down version of a fully functional environment. In a DR situation the recovery time must be minimized. Which DR strategy should a Solutions Architect recommend?

Warm standby

A company has several AWS accounts each with multiple Amazon VPCs. The company must establish routing between all private subnets. The architecture should be simple and allow transitive routing to occur. How should the network connectivity be configured?

Create an AWS Transit Gateway and share it with each account using AWS Resource Access Manager

A Solutions Architect is designing an application for processing and extracting data from log files. The log files are generated by an application and the number and frequency of updates varies. The files are up to 1 GB in size and processing will take around 40 seconds for each file. Which solution is the most cost-effective?

Write the log files to an Amazon S3 bucket. Create an event notification to invoke an AWS Lambda function that will process the files

A company wants to improve its ability to clone large amounts of production data into a test environment in the same AWS Region. The data is stored in Amazon EC2 instances on Amazon Elastic Block Store (Amazon EBS) volumes. Modifications to the cloned data must not affect the production environment. The software that accesses this data requires consistently high I/O performance. A solutions architect needs to minimize the time that is required to clone the production data into the test environment. Which solution will meet these requirements?

Take EBS snapshots of the production EBS volumes. Turn on the EBS fast snapshot restore feature on the EBS snapshots. Restore the snapshots into new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment.

A media company is designing a disaster recovery (DR) solution for a business-critical application. The recovery time objective (RTO) should be 4 hours or less. The application is running on Amazon EC2 instances using the fewest possible AWS resources during normal operations. Which of the following is recommended to implement the DR solution across regions cost-effectively?

Create Amazon Machine Images (AMIs) to back up the EC2 instances. Copy the AMIs to a secondary AWS Region. Automate infrastructure deployment in the secondary Region by using AWS CloudFormation.

To trace a recent production incident a product manager needs to view logs in the Amazon CloudWatch logs. These logs are linked to events over the course of a week and may be needed in the future if incidents occur again. The product manager doesn’t have administrative access to the AWS account as it is managed by a third-party management company. According to principal of least privilege, which option out of the below will fulfill the requirement to provide the necessary access for the product manager?

Share the dashboard from the CloudWatch console. Enter the client’s email address and complete the sharing steps. Provide a shareable link for the dashboard to the product manager.

A software firm is developing a microservices-based application to be deployed on Amazon ECS. This application needs to interact with a resilient, shared filesystem capable of restoring data to a different AWS Region with a Recovery Point Objective (RPO) of 2 hours. The filesystem is also expected to provide a mount target in each Availability Zone (AZ) within a Region. The solutions architect intends to employ AWS Backup to oversee the cross-Region data replication. Which option will meet these requirements?

Amazon Elastic File System (Amazon EFS) with the Standard storage class.

An e-commerce company has developed a new application which has been successfully deployed on AWS. For an upcoming sale, the company is expecting a huge rise in traffic and while testing for the event they have encountered performance issues in the application when many requests are sent to the application. The current application stack is Amazon Aurora PostgreSQL database with an AWS Lambda compute layer fronted by API Gateway. A solutions architect must recommend improvements scalability whilst minimizing the configuration effort. Which solution will meet these requirements?

Set up two Lambda functions. Configure one function to receive the information. Configure the other function to load the information into the database. Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon SQS) queue.

An e-commerce company operates a containerized microservices application on a fleet of Amazon EC2 instances. As part of their infrastructure improvement efforts, the company plans to migrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) for enhanced scalability and management. As part of the security protocol, the company has configured the Amazon EKS control plane with endpoint private access enabled and public access disabled. The data plane resides within private subnets. However, the company faces an issue where nodes fail to join the cluster. What can be done to allow the nodes to join the EKS cluster?

Set up VPC endpoints for Amazon EKS and ECR to enable nodes to communicate with the control plane.

An e-commerce company wants to ensure all its resources used to host its various Web Applications are tagged using the appropriate application name to allow the company to easily differentiate and group resources. The company wants to minimize effort involved and automate this task. What should a solutions architect do to accomplish this with the LEAST operational overhead?

Use AWS Config to detect resources that are not properly tagged. Create a Systems Manager automation document for remediation.

A Solutions Architect needs to create a file system that can be concurrently accessed by multiple Amazon EC2 instances across multiple availability zones. The file system needs to support high throughput and the ability to burst. As the data that will be stored on the file system will be sensitive, it must be encrypted at rest and in transit. Which storage solution should the Solutions Architect use for the shared file system?

Use the Elastic File System (EFS) and mount the file system using NFS

A large quantity of data is stored on a NAS device on-premises and accessed using the SMB protocol. The company require a managed service for hosting the filesystem and a tool to automate the migration. Which actions should a Solutions Architect take?

Migrate the data to Amazon FSx for Windows File Server using AWS DataSync

A finance organization has bootstrapped a golden image for their in-house application and the resultant AMI is to be shared across various AWS accounts as a base image. This image is to be used across many applications. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company's account. Which solution will meet these requirements with the LEAST operational overhead?

Create an Amazon EventBridge rule for the CreateImage API call. Configure the target as an Amazon SNS topic to send an alert when a Createlmage API call is detected.

A retail organization is building an ecommerce application on AWS. The application sends information about new orders to a REST API hosted on Amazon API Gateway to process. The company needs the orders to be processed in the order that they are received. Which solution will meet these requirements?

When an order is received, use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue. For processing, configure the SQS FIFO queue to invoke an AWS Lambda function.

100

As a security measure, a finance-based organization want to introduce additional security measures for an existing application deployed in AWS. The application is serverless and has an Amazon API Gateway in front which is deployed in the us-east-1 Region and the eu-west-1 Region. The company requires the accounts to be secured against SQL injection and cross-site scripting attacks. Which solution will meet these requirements with the LEAST amount of administrative effort?

Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.

M#5 Section and Title v2

ユーザ名非公開 · 32問 · 13日前

M#5 Section and Title v2