A company runs hundreds of applications across several data centers and office locations.
The applications include Windows and Linux operating systems, physical installations as well as virtualized servers, and MySQL and Oracle databases.
There is no central configuration management database (CMDB) and existing documentation is incomplete and outdated.
A Solutions Architect needs to understand the current environment and estimate the cloud resource costs after the migration.
Which tools or services should the Solutions Architect use to plan the cloud migration (Select THREE.) "AWS Application Discovery Service" "AWS Cloud Adoption Readiness Tool (CART)" "AWS Migration Hub" "AWS Server Migration Service" "AWS Config" "AWS CloudWatch Logs".
A company is testing an application that collects data from sensors fitted to vehicles.
The application collects usage statistics data every 4 minutes.
The data is sent to Amazon API Gateway, it is then processed by an AWS Lambda function and the results are stored in an Amazon DynamoDB table.
As the sensors have been fitted to more vehicles, and as more metrics have been configured for collection, the Lambda function execution time has increased from a few seconds to over 2 minutes.
There are also many TooManyRequestsException errors being generated by Lambda.
Which combination of changes will resolve these issues? (Select TWO.) "Increase the memory available to the Lambda functions" "Stream the data into an Amazon Kinesis data stream from API Gateway and process the data in batches" "Use Amazon EC2 instead of Lambda to process the data" "Increase the CPU units assigned to the Lambda functions" "Collect data in an Amazon SQS FIFO queue, which triggers a Lambda function to process each message".
A company is using multiple AWS accounts.
The company’s DNS records are stored in a private Amazon Route 53 hosted zone in the management account and their applications are running in a production account.
A Solutions Architect is attempting to deploy an application into the production account.
The application must resolve a CNAME record set for an Amazon RDS endpoint.
The CNAME record set was created in a private hosted zone in the management account.
The deployment failed to start and the Solutions Architect has discovered that the CNAME record is not resolvable on the application EC2 instance despite being correctly created in Route 53.
Which combination of steps should the Solutions Architect take to resolve this issue? (Select TWO.) "Create an authorization to associate the private hosted zone in the management account with the new VPC in the production account" "Associate a new VPC in the production account with a hosted zone in the management account. Delete the association authorization in the management account" "Deploy the database on a separate EC2 instance in the new VPC. Create a record set for the instance's private IP in the private hosted zone" "Hardcode the DNS name and IP address of the RDS database instance into the /etc/resolv.conf file on the application server" "Create a private hosted zone for the record set in the production account. Configure Route 53 replication between AWS accounts".
A company uses AWS Organizations.
The company recently acquired a new business unit and invited the new unit’s existing account to the company’s organization.
The organization uses a deny list SCP in the root of the organization and all accounts are members of a single OU named Production.
The administrators of the new business unit discovered that they are unable to access AWS Database Migration Service (DMS) to complete an in-progress migration.
Which option will temporarily allow administrators to access AWS DMS and complete the migration project? "Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the organization's deny list SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS DMS are complete" "Remove the organization's root SCPs that limit access to AWS DMS. Create an SCP that allows AWS DMS actions and apply the SCP to the Production OU" "Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the new account to the Production OU when the migration project is complete" "Convert the organization's root SCPs from deny list SCPs to allow list SCPs to allow the required services only. Temporarily apply an SCP to the organization's root that allows AWS DMS actions for principals only in the new account".
A company includes several business units that each use a separate AWS account and a parent company AWS account.
The company requires a single AWS bill across all AWS accounts with costs broken out for each business unit.
The company also requires that services and features be restricted in the business unit accounts and this must be governed centrally.
Which combination of steps should a Solutions Architect take to meet these requirements? (Select TWO. "Use AWS Organizations to create a single organization in the parent account with all features enabled. Then, invite each business unit’s AWS account to join the organization" "Create an SCP that allows only approved services and features, then apply the policy to the business unit AWS accounts" "Use AWS Organizations to create a separate organization for each AWS account with all features enabled. Then, create trust relationships between the AWS organizations" "Use permissions boundaries applied to each business unit’s AWS account to define the maximum permissions available for services and features" "Enable consolidated billing in the parent account's billing console and link the business unit AWS accounts".
A company has a requirement to store documents that will be accessed by a serverless application.
The documents will be accessed frequently for the first 3 months, and rarely after that.
The documents must be retained for 7 years.
What is the MOST cost-effective solution to meet these requirements? "Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier, then expire the documents from Amazon S3 Glacier that are more than 7 years old" "Store the documents in an encrypted EBS volume and create a cron job to delete the documents after 7 years" "Store the documents in Amazon EFS. Create a cron job to move the documents that are older than 3 months to Amazon S3 Glacier. Create an AWS Lambda function to delete the documents in S3 Glacier that are older than 7 years" "Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier. Create an AWS Lambda function to delete the documents in S3 Glacier that are older than 7 years".
A financial services company receives a data feed from a credit card service provider.
The feed consists of approximately 2,500 records that are sent every 10 minutes in plaintext and delivered over HTTPS to an encrypted S3 bucket.
The data includes credit card data that must be automatically masked before sending the data to another S3 bucket for additional internal processing.
There is also a requirement to remove and merge specific fields, and then transform the record into JSON format.
Which solutions will meet these requirements? "Create an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match. Trigger an AWS Lambda function on file delivery to start an AWS Glue ETL job to transform the entire record according to the processing and transformation requirements. Define the output format as JSON. Once complete, have the ETL job send the results to another S3 bucket for internal processing" "Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue. Trigger another Lambda function when new messages arrive in the SQS queue to process the records, writing the results to a temporary location in Amazon S3. Trigger a final Lambda function once the SQS queue is empty to transform the records into JSON format and send the results to another S3 bucket for internal processing" "Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue. Configure an AWS Fargate container application to automatically scale to a single instance when the SQS queue contains messages. Have the application process each record and transform the record into JSON format. When the queue is empty, send the results to another S3 bucket for internal processing and scale down the AWS Fargate task" "Create an AWS Glue crawler and custom classifier based upon the data feed formats and build a table definition to match. Perform an Amazon Athena query on file delivery to start an Amazon EMR ETL job to transform the entire record according to the processing and transformation requirements. Define the output format as JSON. Once complete, send the results to another S3 bucket for internal processing and scale down the EMR cluster".
A Solutions Architect is developing a mechanism to gain security approval for Amazon EC2 images (AMIs) so that they can be used by developers.
The AMIs must go through an automated assessment process (CVE assessment) and be marked as approved before developers can use them.
The approved images must be scanned every 30 days to ensure compliance.
Which combination of steps should the Solutions Architect take to meet these requirements while following best practices? (Select TWO.) "Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use Amazon EventBridge to trigger an AWS Systems Manager Automation document on all EC2 instances every 30 days" "Use Amazon Inspector to run the CVE assessment package on the EC2 instances launched from the approved AMIs" "Use the AWS Systems Manager EC2 agent to run the CVE assessment on the EC2 instances launched from the approved AMIs" "Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use a managed AWS Config rule for continuous scanning on all EC2 instances and use AWS Systems Manager Automation documents for remediation" "Use AWS GuardDuty to run the CVE assessment package on the EC2 instances launched from the approved AMIs".
An eCommerce company are running a promotional campaign and expect a large volume of user sign-ups on a web page that collects user information and preferences.
The website runs on Amazon EC2 instances and uses an Amazon RDS for PostgreSQL DB instance.
The volume of traffic is expected to be high and may be unpredictable with several spikes in activity. The traffic will result in a large number of database writes.
A solutions architect needs to build a solution that does not change the underlying data model and ensures that submissions are not dropped before they are committed to the database.
Which solution meets these requirements? "Create an Amazon SQS queue and decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database" "Use scheduled scaling to scale up the existing DB instance immediately before the event and then automatically scale down afterwards" "Migrate to Amazon DynamoDB and manage throughput capacity with automatic scaling" "Create an Amazon ElastiCache for Memcached cluster in front of the existing database instance to increase write performance".
A serverless application is using AWS Lambda and Amazon DynamoDB and developers have finalized an update to the Lambda function code.
AWS CodeDeploy will be used to deploy new versions of the function.
Updates to the Lambda function should be delivered to a subset of users before deploying the changes to all users.
The update process should also be easy to abort and rollback if necessary.
Which CodeDeploy configuration should the solutions architect use? "A canary deployment" "A blue/green deployment" "A linear deployment" "An all-at-once deployment".
A Solutions Architect needs to design the architecture for an application that requires high availability within and across AWS Regions.
The design must support failover to the second Region within 1 minute and must minimize the impact on the user experience. The application will include three tiers, the web tier, application tier and NoSQL data tier.
Which combination of steps will meet these requirements? (Select THREE.) "Use an Amazon Route 53 failover routing policy for failover from the primary Region to the disaster recovery Region. Set Time to Live (TTL) to 30 seconds" "Use Amazon DynamoDB with a global table across both Regions so reads and writes can occur in either location" "Run the web and application tiers in both Regions in an active/passive configuration. Use Auto Scaling groups for the web and application layers across multiple Availability Zones in the Regions. Use zonal Reserved Instances for the minimum number of servers and On-Demand Instances for any additional resources" "Use an Amazon Route 53 weighted routing policy set to 100/0 across the two selected Regions. Set Time to Live (TTL) to 30 minutes" "Use an Amazon Aurora global database across both Regions so reads and writes can occur either location" "Run the web and application tiers in both Regions in an active/active configuration. Use Auto Scaling groups for the web and application layers across multiple Availability Zones in the Regions. Use Spot Instances for the required resources".
A company is running a custom Java application on-premises and plans to migrate the application to the AWS Cloud. The application uses a MySQL database and the application servers maintain users’ sessions locally. Which combination of architecture changes will be required to create a highly available solution on AWS? (Select THREE.) "Configure the application to store the user's session in Amazon ElastiCache. Use Application Load Balancers to distribute the load between application instances" "Migrate the database to Amazon RDS for MySQL. Configure the RDS instance to use a Multi-AZ deployment" "Put the application instances in an Amazon EC2 Auto Scaling group. Configure the Auto Scaling group to create new instances if an instance becomes unhealthy" "Migrate the database to Amazon EC2 instances in multiple Availability Zones. Configure Multi-AZ to synchronize the changes" "Move the Java content to an Amazon S3 bucket configured for static website hosting. Configure cross-Region replication for the S3 bucket contents" "Configure the application to run in multiple Regions. Use an Application Load Balancer to distribute the load between application instances".
A developer is attempting to access an Amazon S3 bucket in a member account in AWS Organizations.
The developer is logged in to the account with user credentials and has received an access denied error with no bucket listed. The developer should have read-only access to all buckets in the account.
A Solutions Architect has reviewed the permissions and found that the developer's IAM user has been granted read-only access to all S3 buckets in the account.
Which additional steps should the Solutions Architect take to troubleshoot the issue? (Select TWO.) "Check the SCPs set at the organizational units (OUs)" "Check for the permissions boundaries set for the IAM user" "Check if an appropriate IAM role is attached to the IAM user" "Check the bucket policies for all S3 buckets" "Check the ACLs for all S3 buckets".
A company has deployed two Microsoft Active Directory Domain Controllers into an Amazon VPC with a default configuration.
The DHCP options set associated with the VPC has been configured to assign the IP addresses of the Domain Controllers as DNS servers.
A VPC interface endpoint has been created but EC2 instances within the VPC are unable to resolve the private endpoint addresses.
Which strategies could a Solutions Architect use to resolve the issue? (Select TWO.) "Update the DNS service on the Active Directory servers to forward all non-authoritative queries to the VPC Resolver" "Define an outbound Amazon Route 53 Resolver. Set a conditional forwarding rule for the Active Directory domain to the Active Directory servers. Configure the DNS settings in the VPC DHCP options set to use the AmazonProvidedDNS servers" "Define an inbound Amazon Route 53 Resolver. Set a conditional forwarding rule for the Active Directory domain to the Active Directory servers. Configure the DNS settings in the VPC DHCP options set to use the AmazonProvidedDNS servers" "Configure the DNS service on the EC2 instances in the VPC to use the VPC resolver server as the secondary DNS server" "Update the DNS service on the Active Directory servers to forward all queries to the VPC Resolver".
A company is deploying a web service that will provide read and write access to structured data.
The company expects there to be variable usage patterns with some short but significant spikes.
The service must dynamically scale and must be fault tolerant across multiple AWS Regions.
Which actions should a Solutions Architect take to meet these requirements? "Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. Run the web service in both Regions as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record and a latency-based routing policy with health checks to distribute traffic between the two ALBs" "Store the data in Amazon Aurora global databases. Add Auto Scaling replicas to both Regions. Run the web service on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer in each Region. In Amazon Route 53, configure an alias record and a multi-value routing policy" "Store the data in Amazon DocumentDB in two Regions. Use AWS DMS to synchronize data between databases. Run the web service on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer in each Region. In Amazon Route 53, configure an alias record and a failover routing policy" "Store the data in Amazon S3 buckets in two Regions and configure cross-Region replication. Create an Amazon CloudFront distribution that points to multiple origins. Use Amazon API Gateway and AWS Lambda for the web frontend and configure Amazon Route 53 with an alias record pointing to the REST API".
A company has created a service that they would like a customer to access.
The service runs in the company’s AWS account and the customer has a separate AWS account.
The company would like to enable the customer to establish least privilege security access using an API or command line tool to the customer account.
What is the MOST secure way to enable the customer to access the service? "The company should create an IAM role and assign the required permissions to the IAM role. The customer should then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks" "The company should create an IAM role and assign the required permissions to the IAM role. The customer should then use the IAM role's Amazon Resource Name (ARN) when requesting access to perform the required tasks" "The company should provide the customer with their AWS account access keys to log in and perform the required tasks" "The company should create an IAM user and assign the required permissions to the IAM user. The company should then provide the credentials to the customer to log in and perform the required tasks".
|
