SOLUTIONS ARCHITECT ASSOCIATE - 17

A multinational company has been building its new data analytics platform with high-performance computing workloads (HPC) which requires a scalable, POSIX-compliant storage service. The data need to be stored redundantly across multiple AZs and allows concurrent connections from thousands of EC2 instances hosted on multiple Availability Zones. Which of the following AWS storage service is the most suitable one to use in this scenario?. Amazon S3. Amazon ElastiCache. Amazon EBS Volumes. Amazon Elastic File System.

A large Philippine-based Business Process Outsourcing company is building a two-tier web application in their VPC to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database but for the web tier, they are still deciding what service they will use. What AWS services should you leverage to build an elastic and scalable web tier?. Elastic Load Balancing, Amazon EC2, and Auto Scaling. Elastic Load Balancing, Amazon RDS with Multi-AZ, and Amazon S3. Amazon RDS with Multi-AZ and Auto Scaling. Amazon EC2, Amazon DynamoDB, and Amazon S3.

A Solutions Architect is trying to enable Cross-Region Replication to an S3 bucket but this option is disabled. Which of the following options is a valid reason for this?. The Cross-Region Replication feature is only available for Amazon S3 - One Zone-IA. The Cross-Region Replication feature is only available for Amazon S3 - Infrequent Access. This is a premium feature which is only for AWS Enterprise accounts. In order to use the Cross-Region Replication feature in S3, you need to first enable versioning on the bucket.

A company plans to launch an application that tracks the GPS coordinates of delivery trucks in the country. The coordinates are transmitted from each delivery truck every five seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. The aggregated data will be analyzed in a separate reporting application. Which AWS service should you use for this scenario?. Amazon Kinesis. Amazon Simple Queue Service. Amazon AppStream. AWS Data Pipeline.

An intelligence agency is currently hosting a learning and training portal in AWS. Your manager instructed you to launch a large EC2 instance with an attached EBS Volume and enable Enhanced Networking. What are the valid case scenarios in using Enhanced Networking? (Select TWO.). When you need a low packet-per-second performance. When you need high latency networking. When you need a dedicated connection to your on-premises data center. When you need a higher packet per second (PPS) performance. When you need a consistently lower inter-instance latencies.

A disaster recovery team is planning to back up on-premises records to a local file server share through SMB protocol. To meet the company’s business continuity plan, the team must ensure that a copy of data from 48 hours ago is available for immediate access. Accessing older records with delay is tolerable. Which should the DR team implement to meet the objective with the LEAST amount of configuration effort?. Use an AWS Storage File gateway with enough storage to keep data from the last 48 hours. Send the backups to an SMB share mounted as a local disk. Create an SMB file share in Amazon FSx for Windows File Server that has enough storage to store all backups. Access the file share from on-premises. Mount an Amazon EFS file system on the on-premises client and copy all backups to an NFS share. Create an AWS Backup plan to copy data backups to a local SMB share every 48 hours.

A Solutions Architect is developing a three-tier cryptocurrency web application for a FinTech startup. The Architect has been instructed to restrict access to the database tier to only accept traffic from the application-tier and deny traffic from other sources. The application-tier is composed of application servers hosted in an Auto Scaling group of EC2 instances. Which of the following options is the MOST suitable solution to implement in this scenario?. Set up the security group of the database tier to allow database traffic from the security group of the application servers. Setting up the security group of the database tier to allow database traffic from a specified list of application server IP addresses. Setting up the Network ACL of the database subnet to deny all inbound non-database traffic from the subnet of the application-tier. Setting up the Network ACL of the database subnet to allow inbound database traffic from the subnet of the application-tier.

A software development company needs to connect its on-premises infrastructure to the AWS cloud. Which of the following AWS services can you use to accomplish this? (Select TWO.). NAT Gateway. Amazon Connect. IPsec VPN connection. AWS Direct Connect. VPC Peering.

A multinational corporate and investment bank is regularly processing steady workloads of accruals, loan interests, and other critical financial calculations every night from 10 PM to 3 AM on their on-premises data center for their corporate clients. Once the process is done, the results are then uploaded to the Oracle General Ledger which means that the processing should not be delayed or interrupted. The CTO has decided to move its IT infrastructure to AWS to save costs. The company needs to reserve compute capacity in a specific Availability Zone to properly run their workloads. As the Senior Solutions Architect, how can you implement a cost-effective architecture in AWS for their financial system?. Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule. Using On-Demand EC2 instances which allows you to pay for the instances that you launch and use by the second. Reserve compute capacity in a specific Availability Zone to avoid any interruption. Using Regional Reserved Instances to reserve capacity on a specific Availability Zone and lower down the operating cost through its billing discounts. Using Dedicated Hosts which provide a physical host that is fully dedicated to running your instances, and bringing your existing per-socket, per-core, or per-VM software licenses to reduce costs.

A company has an application that uses multiple EC2 instances located in various AWS regions such as US East (Ohio), US West (N. California), and EU (Ireland). The manager instructed the Solutions Architect to set up a latency-based routing to route incoming traffic for www.tutorialsdojo.com to all the EC2 instances across all AWS regions. Which of the following options can satisfy the given requirement?. Using Route 53 to distribute the load to the multiple EC2 instances across all AWS Regions. Using a Network Load Balancer to distribute the load to the multiple EC2 instances across all AWS Regions. Using an Application Load Balancer to distribute the load to the multiple EC2 instances across all AWS Regions. Using AWS DataSync to distribute the load to the multiple EC2 instances across all AWS Regions.

A company launched a cryptocurrency mining server on a Reserved EC2 instance in us-east-1 region's private subnet that uses IPv6. Due to the financial data that the server contains, the system should be secured to prevent any unauthorized access and to meet the regulatory compliance requirements. In this scenario, which VPC feature allows the EC2 instance to communicate to the Internet but prevents inbound traffic?. NAT Gateway. NAT instances. Egress-only Internet gateway. Internet Gateway.

A company requires corporate IT governance and cost oversight of all of its AWS resources across its divisions around the world. Their corporate divisions want to maintain administrative control of the discrete AWS resources they consume and ensure that those resources are separate from other divisions. Which of the following options will support the autonomy of each corporate division while enabling the corporate IT to maintain governance and cost oversight? (Select TWO.). Enable IAM cross-account access for all corporate IT administrators in each child account. Use AWS Consolidated Billing by creating AWS Organizations to link the divisions’ accounts to a parent corporate account. Using AWS Trusted Advisor and AWS Resource Groups Tag Editor. Creating separate VPCs for each division within the corporate IT AWS account. Launch an AWS Transit Gateway with equal-cost multipath routing (ECMP) and VPN tunnels for intra-VPC communication. Creating separate Availability Zones for each division within the corporate IT AWS account. Improve communication between the two AZs using the AWS Global Accelerator.

A commercial bank has designed its next-generation online banking platform to use a distributed system architecture. As their Software Architect, you have to ensure that their architecture is highly scalable, yet still cost-effective. Which of the following will provide the most suitable solution for this scenario?. Launch multiple EC2 instances behind an Application Load Balancer to host your application services and SNS which will act as a highly-scalable buffer that stores messages as they travel between distributed applications. Launch multiple EC2 instances behind an Application Load Balancer to host your application services and SWF which will act as a highly-scalable buffer that stores messages as they travel between distributed applications. Launch an Auto-Scaling group of EC2 instances to host your application services and an SQS queue. Include an Auto Scaling trigger to watch the SQS queue size which will either scale in or scale out the number of EC2 instances based on the queue. Launch multiple On-Demand EC2 instances to host your application services and an SQS queue which will act as a highly-scalable buffer that stores messages as they travel between distributed applications.

A company has an application architecture that stores both the access key ID and the secret access key in a plain text file on a custom Amazon Machine Image (AMI). The EC2 instances, which are created by using this AMI, are using the stored access keys to connect to a DynamoDB table. What should the Solutions Architect do to make the current architecture more secure?. Putting the access keys in Amazon Glacier instead. Do nothing. The architecture is already secure because the access keys are already in the Amazon Machine Image. Remove the stored access keys in the AMI. Create a new AMI role with permissions to access the DynamoDB table and assign it to the EC2 instances. Putting the access keys in an Amazon S3 bucket instead.

A Solutions Architect needs to set up the required compute resources for the application which have workloads that require high, sequential read and write access to very large data sets on local storage. Which of the following instance type is the most suitable one to use in this scenario?. Memory Optimized Instances. Compute Optimized Instances. General Purpose Instances. Storage Optimized Instances.

A Solutions Architect designed a real-time data analytics system based on Kinesis Data Stream and Lambda. A week after the system has been deployed, the users noticed that it performed slowly as the data rate increases. The Architect identified that the performance of the Kinesis Data Streams is causing this problem. Which of the following should the Architect do to improve performance?. Increase the number of shards of the Kinesis stream by using the UpdateShardCount command. Replacing the data stream with Amazon Kinesis Data Firehose instead. Improving the performance of the stream by decreasing the number of its shards using the MergeShard command. Implementing Step Scaling to the Kinesis Data Stream.

A Solutions Architect needs to launch a web application that will be served globally using Amazon CloudFront. The application is hosted in an Amazon EC2 instance which will be configured as the origin server to process and serve dynamic content to its customers. Which of the following options provides high availability for the application?. Provision two EC2 instances deployed in different Availability Zones and configure them to be part of an origin group. Use Amazon S3 to serve the dynamic content of your web application and configure the S3 bucket to be part of an origin group. Launch an Auto Scaling group of EC2 instances and configure it to be part of an origin group. Use Lambda@Edge to improve the performance of your web application and ensure high availability. Set the Lambda@Edge functions to be part of an origin group.

There is a technical requirement by a financial firm that does online credit card processing to have a secure application environment on AWS. They are trying to decide on whether to use KMS or CloudHSM. Which of the following statements is right when it comes to CloudHSM and KMS?. You should consider using AWS CloudHSM over AWS KMS if you require your keys stored in dedicated, third-party validated hardware security modules under your exclusive control. No major difference. They both do the same thing. f you want a managed service for creating and controlling your encryption keys, but you don't want or need to operate your own HSM, consider using AWS CloudHSM. AWS CloudHSM should always be used for any payment transactions.

A global news network created a CloudFront distribution for their web application. However, you noticed that the application's origin server is being hit for each request instead of the AWS Edge locations, which serve the cached objects. The issue occurs even for the commonly requested objects. What could be a possible cause of this issue?. The Cache-Control max-age directive is set to zero. An object is only cached by CloudFront once a successful request has been made hence, the objects were not requested before, which is why the request is still directed to the origin server. The file sizes of the cached objects are too large for CloudFront to handle. There are two primary origins configured in your Amazon CloudFront Origin Group.

A company has a fleet of running Spot EC2 instances behind an Application Load Balancer. The incoming traffic comes from various users across multiple AWS regions and you would like to have the user's session shared among the fleet of instances. You are required to set up a distributed session management layer that will provide a scalable and shared data storage for the user sessions. Which of the following would be the best choice to meet the requirement while still providing sub-millisecond latency for the users?. ELB sticky sessions. Multi-master DynamoDB. Multi-AZ RDS. ElastiCache in-memory caching.