SOLUTIONS ARCHITECT ASSOCIATE - 16

A Solutions Architect is working for a multinational telecommunications company. The IT Manager wants to consolidate their log streams including the access, application, and security logs in one single system. Once consolidated, the company will analyze these logs in real-time based on heuristics. There will be some time in the future where the company will need to validate heuristics, which requires going back to data samples extracted from the last 12 hours. What is the best approach to meet this requirement?. First, send all of the log events to Amazon Kinesis then afterwards, develop a client process to apply heuristics on the logs. First, configure Amazon CloudTrail to receive custom logs and then use EMR to apply heuristics on the logs. First, send all the log events to Amazon SQS then set up an Auto Scaling group of EC2 servers to consume the logs and finally, apply the heuristics. First, set up an Auto Scaling group of EC2 servers then store the logs on Amazon S3 then finally, use EMR to apply heuristics on the logs.

A data analytics company keeps a massive volume of data that they store in their on-premises data center. To scale their storage systems, they are looking for cloud-backed storage volumes that they can mount using Internet Small Computer System Interface (iSCSI) devices from their on-premises application servers. They have an on-site data analytics application that frequently accesses the latest data subsets locally while the older data are rarely accessed. You are required to minimize the need to scale the on-premises storage infrastructure while still providing their web application with low-latency access to the data. Which type of AWS Storage Gateway service will you use to meet the above requirements?. Volume Gateway in cached mode. Volume Gateway in stored mode. Tape Gateway. File Gatewayq.

A company plans to migrate a MySQL database from an on-premises data center to the AWS Cloud. This database will be used by a legacy batch application that has steady-state workloads in the morning but has its peak load at night for the end-of-day processing. You need to choose an EBS volume that can handle a maximum of 450 GB of data and can also be used as the system boot volume for your EC2 instance. Which of the following is the most cost-effective storage type to use in this scenario?. Amazon EBS Provisioned IOPS SSD (io1). Amazon EBS Throughput Optimized HDD (st1). Amazon EBS Cold HDD (sc1). Amazon EBS General Purpose SSD (gp2).

A web application is hosted on an EC2 instance that processes sensitive financial information which is launched in a private subnet. All of the data are stored in an Amazon S3 bucket. Financial information is accessed by users over the Internet. The security team of the company is concerned that the Internet connectivity to Amazon S3 is a security risk. In this scenario, what will you do to resolve this security vulnerability in the most cost-effective manner?. Change the web architecture to access the financial data through a Gateway VPC Endpoint. Changing the web architecture to access the financial data in your S3 bucket through a VPN connection. Changing the web architecture to access the financial data hosted in your S3 bucket by creating a custom VPC endpoint service. Changing the web architecture to access the financial data in S3 through an interface VPC endpoint, which is powered by AWS PrivateLink.

A company has a web application hosted in their on-premises infrastructure that they want to migrate to AWS cloud. Your manager has instructed you to ensure that there is no downtime while the migration process is on-going. In order to achieve this, your team decided to divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Once the migration is over and the application works with no issues, a full diversion to AWS will be implemented. The company's VPC is connected to its on-premises network via an AWS Direct Connect connection. Which of the following are the possible solutions that you can implement to satisfy the above requirement? (Select TWO.). Use an Application Elastic Load balancer with Weighted Target Groups to divert and proportion the traffic between the on-premises and AWS-hosted application. Divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Use Route 53 with Weighted routing policy to divert the traffic between the on-premises and AWS-hosted application. Divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Use a Network Load balancer with Weighted Target Groups to divert the traffic between the on-premises and AWS-hosted application. Divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Use Route 53 with Failover routing policy to divert and proportion the traffic between the on-premises and AWS-hosted application. Divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Use AWS Global Accelerator to divert and proportion the HTTP and HTTPS traffic between the on-premises and AWS-hosted application. Ensure that the on-premises network has an AnyCast static IP address and is connected to your VPC via a Direct Connect Gateway.

A company has several microservices that send messages to an Amazon SQS queue and a backend application that poll the queue to process the messages. The company also has a Service Level Agreement (SLA) which defines the acceptable amount of time that can elapse from the point when the messages are received until a response is sent. The backend operations are I/O-intensive as the number of messages is constantly growing, causing the company to miss its SLA. The Solutions Architect must implement a new architecture that improves the application's processing time and load management. Which of the following is the MOST effective solution that can satisfy the given requirement?. Create an AMI of the backend application's EC2 instance. Use the image to set up an Auto Scaling Group and configure a target tracking scaling policy based on the ApproximateAgeOfOldestMessage metric. Create an AMI of the backend application's EC2 instance. Use the image to set up an Auto Scaling Group and configure a target tracking scaling policy based on the CPUUtilization metric with a target value of 80%. Create an AMI of the backend application's EC2 instance and replace it with a larger instance size. Create an AMI of the backend application's EC2 instance and launch it to a cluster placement group.

A data analytics startup is collecting clickstream data and stores them in an S3 bucket. You need to launch an AWS Lambda function to trigger the ETL jobs to run as soon as new data becomes available in Amazon S3. Which of the following services can you use as an extract, transform, and load (ETL) service in this scenario?. AWS Glue. AWS Step Functions. S3 Select. Redshift Spectrum.

A company is running a batch job on an EC2 instance inside a private subnet. The instance gathers input data from an S3 bucket in the same region through a NAT Gateway. The company is looking for a solution that will reduce costs without imposing risks on redundancy or availability. Which solution will accomplish this?. Remove the NAT Gateway and use a Gateway VPC endpoint to access the S3 bucket from the instance. Replace the NAT Gateway with a NAT instance hosted on burstable instance type. Deploy a Transit Gateway to peer connection between the instance and the S3 bucket. Re-assign the NAT Gateway to a lower EC2 instance type.

A web application hosted in an Auto Scaling group of EC2 instances in AWS. The application receives a burst of traffic every morning, and a lot of users are complaining about request timeouts. The EC2 instance takes 1 minute to boot up before it can respond to user requests. The cloud architecture must be redesigned to better respond to the changing traffic of the application. How should the Solutions Architect redesign the architecture?. Create a step scaling policy and configure an instance warm-up time condition. Create a Network Load Balancer with slow start mode. Create a new launch template and upgrade the size of the instance. Create a CloudFront distribution and set the EC2 instance as the origin.

A Solutions Architect needs to ensure that all of the AWS resources in Amazon VPC don’t go beyond their respective service limits. The Architect should prepare a system that provides real-time guidance in provisioning resources that adheres to the AWS best practices. Which of the following is the MOST appropriate service to use to satisfy this task?. AWS Cost Explorer. AWS Budgets. AWS Trusted Advisor. Amazon Inspector.

A local bank has an in-house application that handles sensitive financial data in a private subnet. After the data is processed by the EC2 worker instances, they will be delivered to S3 for ingestion by other services. How should you design this solution so that the data does not pass through the public Internet?. Configure a VPC Endpoint along with a corresponding route entry that directs the data to S3. Create an Internet gateway in the public subnet with a corresponding route entry that directs the data to S3. Configure a Transit gateway along with a corresponding route entry that directs the data to S3. Provision a NAT gateway in the private subnet with a corresponding route entry that directs the data to S3.

A company has a web-based ticketing service that utilizes Amazon SQS and a fleet of EC2 instances. The EC2 instances that consume messages from the SQS queue are configured to poll the queue as often as possible to keep end-to-end throughput as high as possible. The Solutions Architect noticed that polling the queue in tight loops is using unnecessary CPU cycles, resulting in increased operational costs due to empty responses. In this scenario, what should the Solutions Architect do to make the system more cost-effective?. Configuring Amazon SQS to use long polling by setting the ReceiveMessageWaitTimeSeconds to a number greater than zero. Configuring Amazon SQS to use short polling by setting the ReceiveMessageWaitTimeSeconds to zero. Configuring Amazon SQS to use short polling by setting the ReceiveMessageWaitTimeSeconds for a number greater than zero. Configuring Amazon SQS to use long polling by setting the ReceiveMessageWaitTimeSeconds to zero.

A company has a running m5ad.large EC2 instance with a default attached 75 GB SSD instance-store backed volume. You shut it down and then start the instance. You noticed that the data which you have saved earlier on the attached volume is no longer available. What might be the cause of this?. The EC2 instance was using EBS backed root volumes, which are ephemeral and only live for the life of the instance. The volume of the instance was not big enough to handle all of the processing data. The instance was hit by a virus that wipes out all data. The EC2 instance was using instance store volumes, which are ephemeral and only live for the life of the instance.

A leading media company has recently adopted a hybrid cloud architecture which requires them to migrate their application servers and databases in AWS. One of their applications requires a heterogeneous database migration in which you need to transform your on-premises Oracle database to PostgreSQL in AWS. This entails a schema and code transformation before the proper data migration starts. Which of the following options is the most suitable approach to migrate the database in AWS?. Configure a Launch Template that automatically converts the source schema and code to match that of the target database. Then, use the AWS Database Migration Service to migrate data from the source database to the target database. Use Amazon Neptune to convert the source schema and code to match that of the target database in RDS. Use the AWS Batch to effectively migrate the data from the source database to the target database in a batch process. Heterogeneous database migration is not supported in AWS. You have to transform your database first to PostgreSQL and then migrate it to RDS. First, use the AWS Schema Conversion Tool to convert the source schema and application code to match that of the target database, and then use the AWS Database Migration Service to migrate data from the source database to the target database.

An investment bank has a distributed batch processing application which is hosted in an Auto Scaling group of Spot EC2 instances with an SQS queue. You configured your components to use client-side buffering so that the calls made from the client will be buffered first and then sent as a batch request to SQS. What is a period of time during which the SQS queue prevents other consuming components from receiving and processing a message?. Processing timeout. Receiving timeout. Component timeout. Visibility timeout.

A company has a UAT and production EC2 instances running on AWS. They want to ensure that employees who are responsible for the UAT instances don’t have the access to work on the production instances to minimize security risks. Which of the following would be the best way to achieve this?. Define the tags on the UAT and production servers and add a condition to the IAM policy which allows access to specific tags. Launch the UAT and production EC2 instances in separate VPC's connected by VPC peering. Provide permissions to the users via the AWS Resource Access Manager (RAM) service to only access EC2 instances that are used for production or development. Launch the UAT and production instances in different Availability Zones and use Multi Factor Authentication.

A company has an infrastructure that allows EC2 instances from a private subnet to fetch objects from Amazon S3 via a NAT Instance. The company’s Solutions Architect was instructed to lower down the cost incurred by the current solution. How should the Solutions Architect redesign the architecture in the most cost-efficient manner?. Remove the NAT instance and create an S3 gateway endpoint to access S3 objects. Replace the NAT instance with NAT Gateway to access S3 objects. Use a smaller instance type for the NAT instance. Remove the NAT instance and create an S3 interface endpoint to access S3 objects.

A news company is planning to use a Hardware Security Module (CloudHSM) in AWS for secure key storage of their web applications. You have launched the CloudHSM cluster but after just a few hours, a support staff mistakenly attempted to log in as the administrator three times using an invalid password in the Hardware Security Module. This has caused the HSM to be zeroized, which means that the encryption keys on it have been wiped. Unfortunately, you did not have a copy of the keys stored anywhere else. How can you obtain a new copy of the keys that you have stored on Hardware Security Module?. Contact AWS Support and they will provide you a copy of the keys. Restore a snapshot of the Hardware Security Module. Use the Amazon CLI to get a copy of the keys. The keys are lost permanently if you did not have a copy.

A client is hosting their company website on a cluster of web servers that are behind a public-facing load balancer. The client also uses Amazon Route 53 to manage their public DNS. How should the client configure the DNS zone apex record to point to the load balancer?. Creating an A record pointing to the IP address of the load balancer. Creating a CNAME record pointing to the load balancer DNS name. Creating an alias for CNAME record to the load balancer DNS name. Creating an A record aliased to the load balancer DNS name.

An application is hosted in an On-Demand EC2 instance and is using Amazon SDK to communicate to other AWS services such as S3, DynamoDB, and many others. As part of the upcoming IT audit, you need to ensure that all API calls to your AWS resources are logged and durably stored. Which is the most suitable service that you should use to meet this requirement?. Amazon CloudWatch. AWS X-Ray. Amazon API Gateway. AWS CloudTrail.

A loan processing application is hosted in a single On-Demand EC2 instance in your VPC. To improve the scalability of your application, you have to use Auto Scaling to automatically add new EC2 instances to handle a surge of incoming requests. Which of the following items should be done in order to add an existing EC2 instance to an Auto Scaling group? (Select TWO.). You have to ensure that the AMI used to launch the instance still exists. You have to ensure that the instance is launched in one of the Availability Zones defined in your Auto Scaling group. You must stop the instance first. You have to ensure that the AMI used to launch the instance no longer exists. You have to ensure that the instance is in a different Availability Zone as the Auto Scaling group.

A company deployed a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. The Solutions Architect expects the S3 bucket to immediately receive over 2000 PUT requests and 3500 GET requests per second at peak hour. What should the Solutions Architect do to ensure optimal performance?. Using Byte-Range Fetches to retrieve multiple ranges of an object data per GET request. Adding a random prefix to the key names. Using a predictable naming scheme in the key names such as sequential numbers or date time sequences. Do nothing, Amazon S3 will automatically manage performance at this scale.

A company needs to use Amazon S3 to store irreproducible financial documents. For their quarterly reporting, the files are required to be retrieved after a period of 3 months. There will be some occasions when a surprise audit will be held, which requires access to the archived data that they need to present immediately. What will you do to satisfy this requirement in a cost-effective way?. Using Amazon S3 Standard. Using Amazon S3 -Intelligent Tiering. Using Amazon Glacier Deep Archive. Using Amazon S3 Standard - Infrequent Access.

A health organization is using a large Dedicated EC2 instance with multiple EBS volumes to host its health records web application. The EBS volumes must be encrypted due to the confidentiality of the data that they are handling and also to comply with the HIPAA (Health Insurance Portability and Accountability Act) standard. In EBS encryption, what service does AWS use to secure the volume's data at rest? (Select TWO.). Using your own keys in AWS Key Management Service (KMS). Using Amazon-managed keys in AWS Key Management Service (KMS). Using S3 Server-Side Encryption. Using S3 Client-Side Encryption. Using the SSL certificates provided by the AWS Certificate Manager (ACM).

A Solutions Architect is migrating several Windows-based applications to AWS that require a scalable file system storage for high-performance computing (HPC). The storage service must have full support for the SMB protocol and Windows NTFS, Active Directory (AD) integration, and Distributed File System (DFS). Which of the following is the MOST suitable storage service that the Architect should use to fulfill this scenario?. Amazon FSx for Windows File Server. Amazon S3 Glacier Deep Archive. AWS DataSync. Amazon FSx for Lustre.