AWS Architect Solutions

A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa-east-1 region. which has three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable?. Deploy six Amazon EC2 instances in sa-east-la, six Amazon EC2 instances in sa-east-1b, and six Amazon EC2 instances in sa-east-1c. Deploy six Amazon EC2 instances in sa-east-la, four Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b, and three Amazon EC2 instances in sa-east-1c. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EC2 instances in sa-east-1b, and two Amazon EC2 instances in sa-east-1c.

As part of securing an API layer built on Amazon API gateway, a Solutions Architect has to authorize users who are currently authenticated by an existing identity provider. The users must be denied access for a period of one hour after three unsuccessful attempts. How can the Solutions Architect meet these requirements?. Use AWS IAM authorization and add least-privileged permissions to each respective IAM role. Use an API Gateway custom authorizer to invoke an AWS Lambda function to validate each users identity. Use Amazon Cognito user pools to provide built-in user management. Use Amazon Cognito user pools to integrate with external identity providers.

A Solutions Architect must select the storage type for a big data application that requires very high sequential I/O.The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?. An Amazon EC2 instance store local SSD volume. An Amazon EBS provisioned lOPS SSD volume. An Amazon EBS throughput optimized HDD volume. . An Amazon EBS general purpose SSD volume.

A company has thousands of files stored in an Amazon S3 bucket that has a well-defined access pattern. The files are accessed by an application multiple times a day for the first 30 days. Files are rarely accessed within the next 90 days. After that, the files are never accessed again. During the first 120 days. accessing these files should never take more than a few seconds. Which lifecycle policy should be used for the S3 objects to minimize costs based on the access pattern?. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage for the first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. Use Amazon S3 Standard storage for the first 30 days. Then move the files to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the next 90 days. Allow the data to expire after that. Use Amazon S3 Standard storage for first 30 days. Then move the files to the GLACIER storage class for the next 90 days. Allow the data to expire after that. Use Amazon S3 Standard-Infrequent Access (S3 Standard-IA) for the first 30 days. After that, move the data to the GLACIER storage class. where is will be deleted automatically.

A company wants to improve the performance of their web application after receiving customer complaints. An analysis concluded that the same complex database queries were causing increased latency. What should a Solutions Architect recommend to improve the application's performance?. Migrate the database to MySQL. Use Amazon RedShift to analyze the queries. Integrate Amazon ElastiCache into the application. Use a Lambda-triggered request to the backend database.

Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent. Which Amazon EBS storage option will achieve the MOST consistent performance to help maintain application performance?. Provisioned lOPS SSD. General Purpose SSD. Cold HDD. Throughput Optimized HDD.

A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime. What could a Solutions Architect recommend to the company in order to keep track of customers' current session data?. Amazon EC2. Amazon RDS. AWS CloudTrail. Amazon DynamoDB.

A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators. Which of the following options should the Architect recommend? (Choose two.). Create a bastion host in a public subnet. and use the bastion host to connect to the database. Log in to the web servers in the public subnet to connect to the database. Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database. Attach an Elastic IP address to the database.

A company creates business-critical 3D images every night. The images are batch-processed every Friday and require an uninterrupted 48 hours to complete. What is the MOST cost-effective Amazon EC2 pricing model for this scenario?. On-Demand Instances. Scheduled Reserved Instances. Reserved Instances. Spot Instances.

A retail company runs hourly flash sales and has a performance issue on its Amazon RDS for PostgreSQL database. The Database Administrators have identified that the issue with performance happens when finance and marketing employees refresh sales dashboards that are used for reporting real-time sales data. What should be done to resolve the issue without impacting performance?. Create a Read Replica of the RDS PostgreSQL database and point the dashboards at the Read Replica. Move data from the RDS PostgreSQL database to Amazon Redshift nightly and point the dashboards at Amazon Redshift. Monitor the database with Amazon CloudWatch and increase the instance size, as necessary. Make no changes to the dashboards. Take an hourly snapshot of the RDS PostgreSQL database, and load the hourly snapshots to another database to which the dashboards are pointed.

A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort. What will allow the EC2 instances to access the endpoint while meeting these requirements?. NAT gateway. Elastic IP address. AWS Direct Connect. Virtual private gateway.

A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case?. Amazon S3. Amazon RDS. Amazon RedShift. AWS Storage Gateway.

A Solutions Architect is designing a new application that needs to access data in a different AWS account located within the same region. The data must not be accessed over the Internet. Which solution will meet these requirements with the LOWEST cost?. Add rules to the security groups in each account. Establish a VPC Peering connection between accounts. Configure Direct Connect in each account. Add a NAT Gateway to the data account.

A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost. This can be accomplished with: An egress-only internet gateway. A NAT gateway. A custom NAT instance. A VPC endpoint.

An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions. How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy?. Add an IAM policy for IAM database access to the Lambda execution role. Store a one-way hash of the password in the Lambda function. Have the Lambda function use the AWS Systems Manager Parameter Store. Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.

A Solutions Architect is designing network architecture for an application that has compliance requirements. The application Will be hosted on Amazon EC2 instances in a private subnet and Will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the public Internet. What is the MOST secure way to satisfy this requirement?. Use a NAT Instance. Use a NAT Gateway. Use a VPC endpoint. Use a Virtual Private Gateway.

A Solutions Architect is building a new feature using a Lambda to create metadata when a user uploads a picture to Amazon S3. All metadata must be indexed. Which AWS sewice should the Architect use to store this metadata?. Amazon S3. Amazon DynamoDB. Amazon Kinesis. Amazon EFS.

A legacy application needs to interact With local storage using iSCSI. A team needs to design a reliable storage solution to provision all new storage on AWS. Which storage solution meets the legacy application requirements?. AWS Snowball storage for the legacy application until the application can be re-architected. AWS Storage Gateway in cached mode for the legacy application storage to write data to Amazon S3. AWS Storage Gateway In stored mode for the legacy application storage to write data to Amazon S3. An Amazon S3 volume mounted on the legacy application server locally using the File Gateway semce.

A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints. Which of the following should the Architect recommend?. Create a crontab job script in each instance to push the logs regularly to Amazon S3. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 Instances. Enable Amazon CloudWatch Events in the AWS Management Console. Enable AWS CloudTrall to map all API calls invoked by the applications.

A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request. Which implementation can satisfy' all requirements?. Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups. Configure an Application Load Balancer With host-based routing based on the domain field in the HTTP header. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used. Configure an Application Load Balancer With listeners for appropriate path patterns for the target group.

A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralized document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamically, and be able to serve up to 100 concurrent EC2 instances. Which solution meets these requirements?. Create an Amazon S3 bucket and store all of the documents in this bucket. Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s). Use Amazon Glacier to store all of the documents. Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.

A customer has written an application that uses Amazon S3 exclusively as a data store. The application works well until the customer increases the rate at which the application is updating information. The customer now reports that outdated data occasionally appears when the application accesses objects in Amazon S3. What could be the problem, given that the application logs is otherwise correct?. The application is reading parts of objects from Amazon S3 using a range header. The application is reading objects from Amazon S3 using parallel object requests. The application is updating records by writing new objects with unique keys. The application is updating records by overwriting existing objects with the same keys.

A gaming application is heavily dependent on caching and uses Amazon ElastiCache for Redis_ The application performance was recently degraded due to failure of the cache node. What should a Solutions Architect recommend to minimize performance degradation in the future?. Migrate from ElastiCache to Amazon RDS. Configure automatic backup to save cache data. Configure ElastiCache Multi-AZ With automatic failover. Use Auto Scaling to provision cache nodes based on CPU usage.

During a review of business applications, a Solutions Architect identifies a critical application With a relational database that was built by a business user and is running on the users desktop. To reduce the risk of a business interruption, the Solutions Architect wants to migrate the application to a highly available, multi-tiered solution in AWS. What should the Solutions Architect do to accomplish this with the LEAST amount of disruption to the business?. Create an import package of the application code for upload to AWS Lambda, and include a function to create another Lambda function to migrate data into an Amazon RDS database. Create an mage of the user's desktop, migrate it to Amazon EC2 using VM Import, and place the EC2 instance in an Auto Scaling group. Pre-stage new Amazon EC2 instances running the application code on AWS behind an Application Load Balancer and an Amazon RDS Multi-AZ DB instance. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB instance. Migrate the application code to AWS Elastic Beanstalk.

A Solutions Architect is designing a multi-tier application consisting of an Application Load Balancer, an Amazon RDS database instance, and an Auto Scaling group on Amazon EC2 instances. Each tier IS in a separate subnet. There are some EC2 instances in the subnet that belong to another application. The RDS database instance should accept traffic only from the EC2 instances in the Auto Scaling group. What should be done to meet these requirements?. Configure the inbound network ACLs on the database subnet to accept traffic from the IP addresses of the EC2 instances only. Configure the inbound rules on the security group associated with the RDS database instance. Set the source to the security group associated with instances in the Auto Scaling group. Configure the outbound rules on the security group associated with the Auto Scaling group. Set the destination to the security group associated With the RDS database instance. Configure the inbound network ACLs on the database subnet to accept traffic only from the CIDR range of the subnet used by the Auto Scaling group.

A company wants to durably store data in 8 KB chunks. The company Will access the data once every few months. However, when the company does access the data, it must be done With as little latency as possible. Which AWS semce should a Solutions Architect recommend If cost is NOT a factor?. Amazon DynamoDB. Amazon EBS Throughput Optimized HDD Volumes. Amazon EBS Cold HDD Volumes. Amazon ElastiCache.

A media company has deployed a multi-tier architecture on AWS. Web servers are deployed in two Availability Zones using an Auto Scaling group with a default Auto Scaling termination policy. The web servers' Auto Scaling group currently has 16 instances running. Which instance will be terminated first during a scale-in operation?. The instance with the oldest launch configuration. The instance in the Availability Zone that has most instances. The instance closest to the next billing hour. The oldest instance in the group.

A Solutions Architect is designing an application on AWS that Will connect to the on-premise data center through a VPN connection. The solution must be able to log network traffic over the VPN. Which service logs this network traffic?. AWSCloudTrall logs. Amazon VPC flow logs. Amazon S3 bucket logs. Amazon CloudWatch Logs.

A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of photos, and thumbnails are easily re-created from the originals if they are accidentally deleted. How should the thumbnail images be stored to ensure the LOWEST cost?. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication. Amazon S3. Amazon Glacier. Amazon S3 with cross-region replication.

A Solutions Architect is creating a new relational database. The Compliance team Will use the database, and mandates that data content must be stored across three different Availability Zones. Which of the following options should the Architect Use?. Amazon Aurora. Amazon RDS MySQL With Multi-AZ enabled. Amazon DynamoDB. Amazon ElastiCache.

A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content. Which step should the Solutions Architect take to ensure that new content is displayed?. Perform a cache refresh on the CloudFront distribution that is serving the content. Perform an invalidation on the CloudFront distribution that is sewing the content. Create a new cache behavior path With the updated content. Change the TTL value for removing the old objects.

A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region. How should the Architect meet this requirement?. Create EBS snapshots directly from one region to another. Move the data to an Amazon S3 bucket and enable cross-region replication. Create EBS snapshots and then copy them to the desired region. Use a script to copy data from the current Amazon EBS volume to the destination Amazon EBS volume.

A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements?. Amazon Athena. Amazon Redshift Spectrum. Amazon RDS for PostgreSQL. Amazon Aurora.

An application tier currently hosts two web services on the same set of instances, listening on different ports. Which AWS service should a Solutions Architect use to route traffic to the service based on the incoming request path?. AWS Application Load Balancer. Amazon CloudFront. AWS Classic Load Balancer. Amazon Route 53.

As part of a migration strategy a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration?. Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. Use a third-party solution for managing identities, and migrate the application to run on Amazon S3. EC2 Spot Instances, and Amazon EC2. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.

A client has set up an Auto Scaling group associated with a load balancer. The client has noticed that instances launched by the Auto Scaling group are reported unhealthy as the result of an Elastic Load Balancing (ELB) health check, but these unhealthy instances are not being terminated. What can a Solutions Architect do to ensure that the instances marked unhealthy will be terminated and replaced?. Increase the value for the health check interval set on the ELB load balancer. Change the thresholds set on the Auto Scaling group health check. Change the health check type to ELB for the Auto Scaling group. Change the health check set on the ELB load balancer to use TCP rather than HTTP checks.

An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region?. Use an internet gateway. Use AWS PrivateLink. Use a NAT gateway. Use a proxy instance.

A Solutions Architect is building an application that stores object data Compliance requirements state that the data stored is immutable. Which service meets these requirements?. Amazon S3. Amazon Glacier. Amazon EFS. AWS Storage Gateway.

A Solutions Architect is designing a public-facing web application for employees to upload images to their social media account. The application consists of multiple Amazon EC2 instances behind an elastic load balancer, an amazon S3 bucket where uploaded images are stored, and an Amazon DynamoDB table for storing image metadata. Which AWS service can the Architect use to automate the process of updating metadata in the DynamoDB table upon image upload?. Amazon CloudWatch. AWS CloudFormation. AWS Lambda. Amazon SQS.

A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database. an ELB Application Load Balancer. and Amazon ECS to host the website and its microservices. Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.). Move static files from ECS to Amazon S3. Use an Amazon Route 53 geolocation routing policy. Scale the environment based on real-time AWS CloudTrail logs. Create a dedicated Elastic Load Balancer for each microservice. Create RDS read replicas and change the application to use these replicas.

A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task?. EC2 Reserved Instances. EC2 Spot Instances. EC2 Dedicated Hosts. EC2 Placement Groups.

A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud. Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?. Amazon EC2 and an Application Load Balancer. Amazon S3 and Amazon CloudFront. Amazon EC2 and Amazon Elastic Transcoder. AWS Lambda and Amazon API Gateway.

A Solutions Architect is designing an application that will encrypt all data in an Amazon Redshift cluster. Which action will encrypt the data at rest?. Place the Redshift cluster in a private subnet. Use the AWS KMS Default Customer master key. Encrypt the Amazon EBS volumes. Encrypt the data using SS/TLS.

A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance. and requires long-term persistence. Which storage solution BEST meets these requirements?. An Amazon EBS Provisioned lOPS volume. An Amazon EBS General Purpose volume. An Amazon EBS Magnetic volume. An Amazon EC2 Instance Store.

A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company's Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance?. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required. Encrypt the GUID using Base64 and store it in the users session cookie. Decrypt the GUID when an audit record is needed. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database.

A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required. What is the MOST cost-effective way to purchase compute for this platform?. Scheduled Reserved Instances. Convertible Reserved Instances. Standard Reserved Instances. Spot Instances.

A company is launching a dynamic website, and the Operations team expects up to 10 times the traffic on the launch date. This website is hosted on Amazon EC2 instances and traffic is distributed by Amazon Route 53. A Solutions Architect must ensure that there is enough backend capacity to meet user demands. The Operations team wants to scale down as quickly as possible after the launch. What is the MOST cost-effective and fault-tolerant solution that Will meet the company's customer demands? (Choose two.). Set up an Application Load Balancer to distribute traffic to multiple EC2 instances. Set up an Auto Scaling group across multiple Availability Zones for the website, and create scale-out and scale-in policies. Create an Amazon CloudWatch alarm to send an email through Amazon SNS when EC2 instances experience higher loads. Create an AWS Lambda function to monitor website load time, run it every 6 minutes, and use the AWS SDK to create a new instance If website load time is longer than 2 seconds. Use Amazon CloudFront to cache the website content during launch and set a TTL for cache content to expire after the launch date.

An Internet-facing multi-tier web application must be highly available. An ELB Classic Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web application tier are deployed evenly across two Availability Zones. The database is deployed using RDS Multi-AZ. A NAT instance is launched for Amazon EC2 instances and database resources to access the Internet. These instances are not assigned with public IP addresses. Which component poses a potential single point of failure in this architecture?. Amazon EC2. NAT instance. ELB Classic Load Balancer. Amazon RDS.

A Solutions Architect is developing a new web application on AWS. The Architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances. What solution is appropriate?. Amazon API Gateway and AWS Lambda. Elastic Load Balancing With Auto Scaling groups and Amazon EC2. Amazon API Gateway and Amazon EC2. Amazon CloudFront and AWS Lambda.

A company is using Amazon S3 as its local repository for weakly analysis reports. One of the company-wide requirements IS to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued. Which of the following answers this question?. The user needs to place a PUT request to decrypt the object. The user needs to decrypt the object using a private key. Amazon S3 manages encryption and decryption automatically. Amazon S3 provides a server-side key for decrypting the object.