SOLUTIONS ARCHITECT ASSOCIATE - 14

The start-up company that you are working for has a batch job application that is currently hosted on an EC2 instance. It is set to process messages from a queue created in SQS with default settings. You configured the application to process the messages once a week. After 2 weeks, you noticed that not all messages are being processed by the application. What is the root cause of this issue?. Amazon SQS has automatically deleted the messages that have been in a queue form more than the maximum message retention period. The SQS queue is set to short-polling. The batch job application is configured to long polling. Missing permissions in SQS.

A company plans to use Route 53 instead of an ELB to load balance the incoming request to the web application. The system is deployed to two EC2 instances to which the traffic needs to be distributed. You want to set a specific percentage of traffic to go to each instance. Which routing policy would you use?. Weighted. Latency. Geolocation. Failover.

A startup launched a fleet of on-demand EC2 instances to host a massively multiplayer online role-playing game (MMORPG). The EC2 instances are configured with Auto Scaling and AWS Systems Manager. What can be used to configure the EC2 instances without having to establish an RDP or SSH connection to each instance?. Run command. AWS CodePipeline. AWS Config. EC2Config.

A startup launched a fleet of on-demand EC2 instances to host a massively multiplayer online role-playing game (MMORPG). The EC2 instances are configured with Auto Scaling and AWS Systems Manager. What can be used to configure the EC2 instances without having to establish an RDP or SSH connection to each instance?. Both the outbound security group and outbound network ACL need to be modified to allow outbound traffic. No action needed. It can already be accessed from any IP address using SSH. The outbound security group needs to be modified to allow outbound traffic. The network ACL needs to be modified to allow outbound traffic.

A top IT Consultancy has a VPC with two On-Demand EC2 instances with Elastic IP addresses. You were notified that the EC2 instances are currently under SSH brute force attacks over the Internet. The IT Security team has identified the IP addresses where these attacks originated. You have to immediately implement a temporary fix to stop these attacks while the team is setting up AWS WAF, GuardDuty, and AWS Shield Advanced to permanently fix the security vulnerability. Which of the following provides the quickest way to stop the attacks to the instances?. Blocking the IP addresses in the Network Access Control List. Placing the EC2 instances into private subnets. Removing the Internet Gateway from the VPC. Assigning a static Anycast IP address to each EC2 instance.

An e-commerce application is using a fanout messaging pattern for its order management system. For every order, it sends an Amazon SNS message to an SNS topic, and the message is replicated and pushed to multiple Amazon SQS queues for parallel asynchronous processing. A Spot EC2 instance retrieves the message from each SQS queue and processes the message. There was an incident that while an EC2 instance is currently processing a message, the instance was abruptly terminated, and the processing was not completed in time. In this scenario, what happens to the SQS message?. The message will automatically be assigned to the same EC2 instance when it comes back online within or after the visibility timeout. The message is deleted and becomes duplicated in the SQS when the EC2 instance comes online. The message will be sent to a Dead Letter Queue in AWS DataSync. When the message visibility timeout expires, the message becomes available for processing by other EC2 instances.

A multimedia company needs to deploy web services to an AWS region that they have never used before. The company currently has an IAM role for its Amazon EC2 instance that permits the instance to access Amazon DynamoDB. They want their EC2 instances in the new region to have the exact same privileges. What should be done to accomplish this?. In the new Region, create a new IAM role and associated policies then assign it to the new instance. Duplicating the IAM role and associated policies to the new region and attaching it to the instances. Creating an Amazon Machine Image (AMI) of the instance and copying it to the new region. Assign the existing IAM role to instances in the new region.

A company has an On-Demand EC2 instance with an attached EBS volume. There is a scheduled job that creates a snapshot of this EBS volume every midnight at 12 AM when the instance is not used. One night, there has been a production incident where you need to perform a change on both the instance and on the EBS volume at the same time when the snapshot is currently taking place. Which of the following scenario is true when it comes to the usage of an EBS volume while the snapshot is in progress?. The EBS volume can be used in read-only mode shile the snapshot is in progress. The EBS volume cannot be detached or attached to an EC2 instance until the snapshot completes. The EBS volume cannot be used until the snapshot completes. The EBS volume can be used shile the snapshot is in progress.

A company needs secure access to its Amazon RDS for MySQL database that is used by multiple applications. Each IAM user must use a short-lived authentication token to connect to the database. Which of the following is the most suitable solution in this scenario?. Use IAM DB Authentication and create database accounts using the AWS-provided AWSAuthenticationPlugin plugin in MySQL. Use AWS SSO to access the RDS database. Use AWS Secrets Manager to generate and store short-lived authentication tokens. Use an MFA token to access and connect to a database.

A company troubleshoots the operational issues of their cloud architecture by logging the AWS API call history of all AWS resources. The Solutions Architect must implement a solution to quickly identify the most recent changes made to resources in their environment, including creation, modification, and deletion of AWS resources. One of the requirements is that the generated log files should be encrypted to avoid any security issues. Which of the following is the most suitable approach to implement the encryption?. Using CloudTrail and configuring the destination Amazon Glacier archive to use Server-Side Encryption (SSE). Using CloudTrail and configuring the destination S3 bucket to use Server-Side Encryption (SSE). Use CloudTrail and configure the destination S3 bucket to use Server Side Encryption (SSE) with AES-128 encryption algorithm. Use Cloudtraiil with its default settings.

A company plans to deploy a Docker-based batch application in AWS. The application will be used to process both mission-critical data as well as non-essential batch jobs. Which of the following is the most cost-effective option to use in implementing this architecture?. Use ECS as the container management service then set up a combination of Reserved and Spot EC2 Instances for processing mission-critical and non-essential batch jobs respectively. Using ECS as the container management service then setting up Reserved EC2 Instances for processing both mission-critical and non-essential batch jobs. Using ECS as the container management service then setting up On-Demand EC2 Instances for processing both mission-critical and non-essential batch jobs. Using ECS as the container management service then setting up Spot EC2 Instances for processing both mission-critical and non-essential batch jobs.

A company has recently adopted a hybrid cloud architecture and is planning to migrate a database hosted on-premises to AWS. The database currently has over 50 TB of consumer data, handles highly transactional (OLTP) workloads, and is expected to grow. The Solutions Architect should ensure that the database is ACID-compliant and can handle complex queries of the application. Which type of database service should the Architect use?. Amazon RDS. Amazon Redshift. Amazon DynamoDB. Amazon Aurora.

An application is hosted in an Auto Scaling group of EC2 instances. To improve the monitoring process, you have to configure the current capacity to increase or decrease based on a set of scaling adjustments. This should be done by specifying the scaling metrics and threshold values for the CloudWatch alarms that trigger the scaling process. Which of the following is the most suitable type of scaling policy that you should use?. Target tracking scaling. Step scaling. Scheduled scaling. Simple scaling.

A company plans to implement a hybrid architecture. They need to create a dedicated connection from their Amazon Virtual Private Cloud (VPC) to their on-premises network. The connection must provide high bandwidth throughput and a more consistent network experience than Internet-based solutions. Which of the following can be used to create a private connection between the VPC and the company's on-premises network?. AWS Direct Connect. Transit VPC. Transit Gateway with equal-cost multipath routing (ECMP. AWS Site-to-Site VPN.

A startup needs to use a shared file system for its .NET web application running on an Amazon EC2 Windows instance. The file system must provide a high level of throughput and IOPS that can also be integrated with Microsoft Active Directory. Which is the MOST suitable service that you should use to achieve this requirement?. Amazon FSx for Windows File Server. Amazon EBS Provisioned IOPS SSD volumes. Amazon Elastic File System. AWS Storage Gateway - File Gateway.

A company has an application hosted in an Auto Scaling group of Amazon EC2 instances across multiple Availability Zones behind an Application Load Balancer. There are several occasions where some instances are automatically terminated after failing the HTTPS health checks in the ALB and then purges all the ephemeral logs stored in the instance. A Solutions Architect must implement a solution that collects all of the application and server logs effectively. She should be able to perform a root cause analysis based on the logs, even if the Auto Scaling group immediately terminated the instance. What is the EASIEST way for the Architect to automate the log collection from the Amazon EC2 instances?. Add a lifecycle hook to your Auto Scaling group to move instances in the Terminating state to the Terminating:Wait state to delay the termination of unhealthy Amazon EC2 instances. Configure a CloudWatch Events rule for the EC2 Instance-terminate Lifecycle Action Auto Scaling Event with an associated Lambda function. Trigger the CloudWatch agent to push the application logs and then resume the instance termination once all the logs are sent to CloudWatch Logs. Add a lifecycle hook to your Auto Scaling group to move instances in the Terminating state to the Pending:Wait state to delay the termination of the unhealthy Amazon EC2 instances. Configure a CloudWatch Events rule for the EC2 Instance-terminate Lifecycle Action Auto Scaling Event with an associated Lambda function. Set up an AWS Systems Manager Automation script that collects and uploads the application logs from the instance to a CloudWatch Logs group. Configure the solution to only resume the instance termination once all the logs were successfully sent. Add a lifecycle hook to your Auto Scaling group to move instances in the Terminating state to the Terminating:Wait state to delay the termination of the unhealthy Amazon EC2 instances. Set up AWS Step Functions to collect the application logs and send them to a CloudWatch Log group. Configure the solution to resume the instance termination as soon as all the logs were successfully sent to CloudWatch Logs. Add a lifecycle hook to your Auto Scaling group to move instances in the Terminating state to the Terminating:Wait state to delay the termination of the unhealthy Amazon EC2 instances. Configure a CloudWatch Events rule for the EC2 Instance Terminate Successful Auto Scaling Event with an associated Lambda function. Set up the AWS Systems Manager Run Command service to run a script that collects and uploads the application logs from the instance to a CloudWatch Logs group. Resume the instance termination once all the logs are sent.

A financial analytics application that collects, processes and analyzes stock data in real-time is using Kinesis Data Streams. The producers continually push data to Kinesis Data Streams while the consumers process the data in real time. In Amazon Kinesis, where can the consumers store their results? (Select TWO.). Amazon S3. Amazon Athena. Amazon Redshift. Glacier Select. AWS Glue.

A company plans to design a highly available architecture in AWS. They have two target groups with three EC2 instances each, which are added to an Application Load Balancer. In the security group of the EC2 instance, you have verified that port 80 for HTTP is allowed. However, the instances are still showing out of service from the load balancer. What could be the root cause of this issue?. The health check configuration is not properly defined. The wrong instance type was used for the Ec2 instance. The instances are using the wrong AMI. The wrong subnet was used in your VPC.

A company has 10 TB of infrequently accessed financial data files that would need to be stored in AWS. These data would be accessed infrequently during specific weeks when they are retrieved for auditing purposes. The retrieval time is not strict as long as it does not exceed 24 hours. Which of the following would be a secure, durable, and cost-effective solution for this scenario?. Upload the data to S3 and set a lifecycle policy to transition data to Glacier after 0 days. Uploading the data to S3 then using a lifecycle policy to transfer data to S3-IA. Uploading the data to Amazon FSx for Windows File Server using the Server Message Block (SMB) protocol. Uploading the data to S3 then using a lifecycle policy to transfer data to S3 One Zone-IA.

A company has multiple AWS Site-to-Site VPN connections placed between their VPCs and their remote network. During peak hours, many employees are experiencing slow connectivity issues, which limits their productivity. The company has asked a solutions architect to scale the throughput of the VPN connections. Which solution should the architect carry out?. Associate the VPCs to an Equal Cost Multipath Routing (ECMR)-enabled transit gateway and attach additional VPN tunnels. Add more virtual private gateways to a VPC and enable Equal Cost Multipath Routing (ECMR) to get higher VPN bandwidth. Modify the VPN configuration by increasing the number of tunnels to scale the throughput. Re-route some of the VPN connections to a secondary customer gateway device on the remote network’s end.