SOLUTIONS ARCHITECT ASSOCIATE - 23

An application running on Amazon ECS processes data and then writes objects to an Amazon S3 bucket. The application requires permissions to make the S3 API calls. How can a Solutions Architect ensure the application has the required permissions?. Create an IAM role that has read/write permissions to the bucket and update the task definition to specify the role as the taskRoleArn. Update the S3 policy in IAM to allow read/write access from Amazon ECS, and then relaunch the container. Create a set of Access Keys with read/write permissions to the bucket and update the task credential ID. Attach an IAM policy with read/write permissions to the bucket to an IAM group and add the container instances to the group.

A company has acquired another business and needs to migrate their 50TB of data into AWS within 1 month. They also require a secure, reliable and private connection to the AWS cloud. How are these requirements best accomplished?. Migrate data using AWS Snowball. Provision an AWS VPN initially and order a Direct Connect link. Provision an AWS Direct Connect connection and migrate the data over the link. Launch a Virtual Private Gateway (VPG) and migrate the data over the AWS VPN. Provision an AWS VPN CloudHub connection and migrate the data over redundant links.

A Solutions Architect must select the most appropriate database service for two use cases. A team of data scientists perform complex queries on a data warehouse that take several hours to complete. Another team of scientists need to run fast, repeat queries and update dashboards for customer support staff. Which solution delivers these requirements MOST cost-effectively?. RedShift for both use cases. RDS for both use cases. RedShift for the analytics use case and ElastiCache in front of RedShift for the customer support dashboard. RedShift for the analytics use case and RDS for the customer support dashboard.

A web application is being deployed on an Amazon ECS cluster using the Fargate launch type. The application is expected to receive a large volume of traffic initially. The company wishes to ensure that performance is good for the launch and that costs reduce as demand decreases What should a solutions architect recommend?. Use Amazon ECS Service Auto Scaling with target tracking policies to scale when an Amazon CloudWatch alarm is breached. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when an Amazon CloudWatch alarm is breached. Use Amazon EC2 Auto Scaling to scale out on a schedule and back in once the load decreases. Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm.

A company is planning to upload a large quantity of sensitive data to Amazon S3. The company’s security department require that the data is encrypted before it is uploaded. Which option meets these requirements?. Use client-side encryption with a master key stored in AWS KMS. Use client-side encryption with Amazon S3 managed encryption keys. Use server-side encryption with customer-provided encryption keys. Use server-side encryption with keys stored in KMS.

A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database (less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck. What is the MOST cost-efficient way to improve the database response times?. Move the temporary database onto instance storage. Put the temporary database on a new 50-GB EBS io1 volume with a 3000 IOPS allocation. Put the temporary database on a new 50-GB EBS gp2 volume. Enable EBS optimization on the instance and keep the temporary files on the existing volume.

A web application that allows users to upload and share documents is running on a single Amazon EC2 instance with an Amazon EBS volume. To increase availability the architecture has been updated to use an Auto Scaling group of several instances across Availability Zones behind an Application Load Balancer. After the change users can only see a subset of the documents. What is the BEST method for a solutions architect to modify the solution so users can see all documents?. Copy the data from all EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS. Run a script to synchronize the data between Amazon EBS volumes. Use Sticky Sessions with the ALB to ensure users are directed to the same EC2 instance in a session. Configure the Application Load Balancer to send the request to all servers. Return each document from the correct server.

An application stores transactional data in an Amazon S3 bucket. The data is analyzed for the first week and then must remain immediately available for occasional analysis. What is the MOST cost-effective storage solution that meets the requirements?. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 7 days.

A solutions architect has been tasked with designing a highly resilient hybrid cloud architecture connecting an on-premises data center and AWS. The network should include AWS Direct Connect (DX). Which DX configuration offers the HIGHEST resiliency?. Configure DX connections at multiple DX locations. Configure a DX connection with an encrypted VPN on top of it. Configure multiple public VIFs on top of a DX connection. Configure multiple private VIFs on top of a DX connection.

A Solutions Architect is designing a web application that runs on Amazon EC2 instances behind an Elastic Load Balancer. All data in transit must be encrypted. Which solution options meet the encryption requirement? (choose 2). Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the ALB and EC2 instances. Use an Application Load Balancer (ALB) in passthrough mode, then terminate SSL on EC2 instances. Use a Network Load Balancer (NLB) with an HTTPS listener, then install SSL certificates on the NLB and EC2 instances. Use an Application Load Balancer (ALB) with a TCP listener, then terminate SSL on EC2 instances.

An application has been deployed on Amazon EC2 instances behind an Application Load Balancer (ALB). A Solutions Architect must improve the security posture of the application and minimize the impact of a DDoS attack on resources. Which of the following solutions is MOST effective?. Configure an AWS WAF ACL with rate-based rules. Enable the WAF ACL on the Application Load Balancer. Create a custom AWS Lambda function that monitors for suspicious traffic and modifies a network ACL when a potential DDoS attack is identified. Enable VPC Flow Logs and store them in Amazon S3. Use Amazon Athena to parse the logs and identify and block potential DDoS attacks. Enable access logs on the Application Load Balancer and configure Amazon CloudWatch to monitor the access logs and trigger a Lambda function when potential attacks are identified. Configure the Lambda function to modify the ALBs security group and block the attack.

An Amazon RDS PostgreSQL database is configured as Multi-AZ. A solutions architect needs to scale read performance and the solution must be configured for high availability. What is the most cost-effective solution?. Create a read replica as a Multi-AZ DB instance. Deploy a read replica in a different AZ to the master DB instance. Deploy a read replica using Amazon ElastiCache. Deploy a read replica in the same AZ as the master DB instance.

A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises. Which solution should the Architect use to meet the security requirements?. SSE-C: Server-side encryption with customer-provided encryption keys. SSE-S3: Server-side encryption with Amazon-managed master key. SSE-KMS: Server-side encryption with AWS KMS managed keys. AWS CloudHSM.

A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure. All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow. Which of the following will provide the MOST cost-effective solution?. Amazon CloudFront with an Amazon S3 bucket origin. Amazon S3 with a static website. AWS Lambda function with Amazon API Gateway. Amazon EC2 instance with Amazon EBS.

A company has a file share on a Microsoft Windows Server in an on-premises data center. The server uses a local network attached storage (NAS) device to store several terabytes of files. The management team require a reduction in the data center footprint and to minimize storage costs by moving on-premises storage to AWS. What should a Solutions Architect do to meet these requirements?. Configure an AWS Storage Gateway file gateway. Configure an AWS Storage Gateway as a volume gateway. Create an Amazon EFS volume and use an IPSec VPN. Create an Amazon S3 bucket and an S3 gateway endpoint.

A company’s Amazon EC2 instances were terminated or stopped, resulting in a loss of important data that was stored on attached EC2 instance stores. They want to avoid this happening in the future and need a solution that can scale as data volumes increase with the LEAST amount of management and configuration. Which storage is most appropriate?. Amazon EFS. Amazon S3. Amazon EBS. Amazon RDS.

A website runs on a Microsoft Windows server in an on-premises data center. The web server is being migrated to Amazon EC2 Windows instances in multiple Availability Zones on AWS. The web server currently uses data stored in an on-premises network-attached storage (NAS) device. Which replacement to the NAS file share is MOST resilient and durable?. Migrate the file share to Amazon FSx for Windows File Server. Migrate the file share to Amazon Elastic File System (Amazon EFS). Migrate the file share to Amazon EBS. Migrate the file share to AWS Storage Gateway.

A company is planning a migration for a high performance computing (HPC) application and associated data from an on-premises data center to the AWS Cloud. The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running. Which combination of solutions should a solutions architect recommend to support the storage needs of the application? (Select TWO.). Amazon S3 for cold data storage. Amazon FSx for Lustre for high-performance parallel storage. Amazon EFS for cold data storage. Amazon S3 for high-performance parallel storage. Amazon FSx for Windows for high-performance parallel storage.

A company has divested a single business unit and needs to move the AWS account owned by the business unit to another AWS Organization. How can this be achieved?. Migrate the account using the AWS Organizations console. Create a new account in the destination AWS Organization and migrate resources. Create a new account in the destination AWS Organization and share the original resources using AWS Resource Access Manager. Migrate the account using AWS CloudFormation.

You have created a file system using Amazon Elastic File System (EFS) which will hold home directories for users. What else needs to be done to enable users to save files to the EFS file system?. Create a subdirectory for each user and grant read-write-execute permissions to the users. Then mount the subdirectory to the users’ home directory. Create a separate EFS file system for each user and grant read-write-execute permissions on the root directory to the respective user. Then mount the file system to the users’ home directory. Modify permissions on the root directory to grant read-write-execute permissions to the users. Then create a subdirectory and mount it to the users’ home directory. Instruct the users to create a subdirectory on the file system and mount the subdirectory to their home directory.

An application running video-editing software is using significant memory on an Amazon EC2 instance. How can a user track memory usage on the Amazon EC2 instance?. Install the CloudWatch agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric. Use an instance type that supports memory usage reporting to a metric by default. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric.

A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by midmorning How should the scaling be changed to address the staff complaints and keep costs to a minimum?. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens. Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.

A company runs an application on Amazon EC2 instances which requires access to sensitive data in an Amazon S3 bucket. All traffic between the EC2 instances and the S3 bucket must not traverse the internet and must use private IP addresses. Additionally, the bucket must only allow access from services in the VPC. Which combination of actions should a Solutions Architect take to meet these requirements? (Select TWO.). Create a VPC endpoint for Amazon S3. Apply a bucket policy to restrict access to the S3 endpoint. Enable default encryption on the bucket. Create a peering connection to the S3 bucket VPC. Apply an IAM policy to a VPC peering connection.

A company wants to migrate a legacy web application from an on-premises data center to AWS. The web application consists of a web tier, an application tier, and a MySQL database. The company does not want to manage instances or clusters. Which combination of services should a solutions architect include in the overall architecture? (Select TWO.). AWS Fargate. Amazon RDS for MySQL. Amazon DynamoDB. Amazon EC2 Spot Instances. Amazon Kinesis Data Streams.