SOLUTIONS ARCHITECT ASSOCIATE - 24

An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region?. Use AWS PrivateLink. Use an Internet Gateway. Use a proxy instance. Use a NAT gateway.

An organization plans to deploy a higher performance computing (HPC) workload on AWS using Linux. The HPC workload will use many Amazon EC2 instances and will generate a large quantity of small output files that must be stored in persistent storage for future use. A Solutions Architect must design a solution that will enable the EC2 instances to access data using native file system interfaces and to store output files in cost-effective long-term storage. Which combination of AWS services meets these requirements?. Amazon FSx for Lustre with Amazon S3. Amazon FSx for Windows File Server with Amazon S3. Amazon EBS volumes with Amazon S3 Glacier. AWS DataSync with Amazon S3 Intelligent tiering.

A group of business analysts perform read-only SQL queries on an Amazon RDS database. The queries have become quite numerous and the database has experienced some performance degradation. The queries must be run against the latest data. A Solutions Architect must solve the performance problems with minimal changes to the existing web application. What should the Solutions Architect recommend?. Create a read replica of the primary database and instruct the business analysts to direct queries to the replica. Export the data to Amazon S3 and instruct the business analysts to run their queries using Amazon Athena. Load the data into an Amazon Redshift cluster and instruct the business analysts to run their queries against the cluster. Load the data into Amazon ElastiCache and instruct the business analysts to run their queries against the ElastiCache endpoint.

An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 2000GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time. What should be implemented to improve database performance using persistent storage?. Migrate the data on the EBS volume to provisioned IOPS SSD (io1). Change the EC2 instance type to one with burstable performance. Change the EC2 instance type to one with EC2 instance store volumes. Migrate the data on the Amazon EBS volume to an SSD-backed volume.

A solutions architect is optimizing a website for real-time streaming and on-demand videos. The website’s users are located around the world and the solutions architect needs to optimize the performance for both the real-time and on-demand streaming. Which service should the solutions architect choose?. Amazon CloudFront. AWS Global Accelerator. Amazon Route 53. Amazon S3 Transfer Acceleration.

A multi-tier application runs with eight front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer. A solutions architect needs to modify the infrastructure to be highly available without modifying the application. Which architecture should the solutions architect choose that provides high availability?. Modify the Auto Scaling group to use four instances across each of two Availability Zones. Create an Auto Scaling group that uses four instances across each of two Regions. Create an Auto Scaling template that can be used to quickly create more instances in another Region. Create an Auto Scaling group that uses four instances across each of two subnets.

A company have 500 TB of data in an on-premises file share that needs to be moved to Amazon S3 Glacier. The migration must not saturate the company’s low-bandwidth internet connection and the migration must be completed within a few weeks. What is the MOST cost-effective solution?. Order 7 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier. Order 7 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint. Create an AWS Direct Connect connection and migrate the data straight into Amazon Glacier. Use AWS Global Accelerator to accelerate upload and optimize usage of the available bandwidth.

An application uses Amazon EC2 instances and an Amazon RDS MySQL database. The database is not currently encrypted. A solutions architect needs to apply encryption to the database for all new and existing data. How should this be accomplished?. Take a snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot. Create an Amazon ElastiCache cluster and encrypt data using the cache nodes. Enable encryption for the database using the API. Take a full snapshot of the database. Delete old snapshots. Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and switch the application over to the new master. Delete the old RDS instance.

A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies. How should a solutions architect address this issue?. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy. Create an Amazon SNS topic to send an alert every time a developer creates a new policy. Use service control policies to disable IAM activity across all accounts in the organizational unit. Prevent the developers from attaching any policies and assign all IAM duties to the security operations team.

A company is deploying a new web application that will run on Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones. The application requires a shared storage solution that offers strong consistency as the content will be regularly updated. Which solution requires the LEAST amount of effort?. Create an Amazon Elastic File System (Amazon EFS) file system and mount it on the individual Amazon EC2 instances. Create an Amazon S3 bucket to store the web content and use Amazon CloudFront to deliver the content. Create a shared Amazon Block Store (Amazon EBS) volume and mount it on the individual Amazon EC2 instances. Create a volume gateway using AWS Storage Gateway to host the data and mount it to the Auto Scaling group.

A company requires a solution to allow customers to customize images that are stored in an online catalog. The image customization parameters will be sent in requests to Amazon API Gateway. The customized image will then be generated on-demand and can be accessed online. The solutions architect requires a highly available solution. Which solution will be MOST cost-effective?. Use AWS Lambda to manipulate the original images to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin. Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances. Use AWS Lambda to manipulate the original images to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances. Use Amazon EC2 instances to manipulate the original images into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

A large media site has multiple applications running on Amazon ECS. A Solutions Architect needs to use content metadata to route traffic to specific services. What is the MOST efficient method to fulfil this requirement?. Use an AWS Application Load Balancer with a path-based routing rule to route traffic to the correct service. Use an AWS Classic Load Balancer with a host-based routing rule to route traffic to the correct service. Use the AWS CLI to update an Amazon Route 53 hosted zone to route traffic as services get updated. Use Amazon CloudFront to manage and route traffic to the correct service.

A highly sensitive application runs on Amazon EC2 instances using EBS volumes. The application stores data temporarily on Amazon EBS volumes during processing before saving results to an Amazon RDS database. The company’s security team mandate that the sensitive data must be encrypted at rest. Which solution should a Solutions Srchitect recommend to meet this requirement?. Configure encryption for the Amazon EBS volumes and Amazon RDS database with AWS KMS keys. Use AWS Certificate Manager to generate certificates that can be used to encrypt the connections between the EC2 instances and RDS. Use Amazon Data Lifecycle Manager to encrypt all data as it is stored to the EBS volumes and RDS database. Configure SSL/TLS encryption using AWS KMS customer master keys (CMKs) to encrypt database volumes.

A company's web application is using multiple Amazon EC2 Linux instances and storing data on Amazon EBS volumes. The company is looking for a solution to increase the resiliency of the application in case of a failure. What should a solutions architect do to meet these requirements?. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance. Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).

An application is running on Amazon EC2 behind an Elastic Load Balancer (ELB). Content is being published using Amazon CloudFront and you need to restrict the ability for users to circumvent CloudFront and access the content directly through the ELB. How can you configure this solution?. Create a VPC Security Group for the ELB and use AWS Lambda to automatically update the CloudFront internal service IP addresses when they change. Create a VPC Security Group for the ELB and use AWS Lambda to automatically update the CloudFront internal service IP addresses when they change. Use signed URLs or signed cookies to limit access to the content. Use a Network ACL to restrict access to the ELB.

A company has refactored a legacy application to run as two microservices using Amazon ECS. The application processes data in two parts and the second part of the process takes longer than the first. How can a solutions architect integrate the microservices and allow them to scale independently?. Implement code in microservice 1 to send data to an Amazon SQS queue. Implement code in microservice 2 to process messages from the queue. Implement code in microservice 1 to send data to an Amazon S3 bucket. Use S3 event notifications to invoke microservice 2. Implement code in microservice 1 to publish data to an Amazon SNS topic. Implement code in microservice 2 to subscribe to this topic. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehose. Implement code in microservice 2 to read from Kinesis Data Firehose.