SOLUTIONS ARCHITECT ASSOCIATE - 29

A company are finalizing their disaster recovery plan. A limited set of core services will be replicated to the DR site ready to seamlessly take over the in the event of a disaster. All other services will be switched off. Which DR strategy is the company using?. Pilot light. Backup and restore. Warm standby. Multi-site.

The disk configuration for an Amazon EC2 instance must be finalized. The instance will be running an application that requires heavy read/write IOPS. A single volume is required that is 500 GiB in size and needs to support 20,000 IOPS. What EBS volume type should be selected?. EBS Provisioned IOPS SSD. EBS General Purpose SSD. EBS General Purpose SSD in a RAID 1 configuration. EBS Throughput Optimized HDD.

When using throttling controls with API Gateway what happens when request submissions exceed the steady-state request rate and burst limits?. API Gateway fails the limit-exceeding requests and returns “429 Too Many Requests. The requests will be buffered in a cache until the load reduces. API Gateway drops the requests and does not return a response to the client. API Gateway fails the limit-exceeding requests and returns “500 Internal Server Error.

A Solutions Architect is rearchitecting an application with decoupling. The application will send batches of up to 1000 messages per second that must be received in the correct order by the consumers. Which action should the Solutions Architect take?. Create an Amazon SQS FIFO queue. Create an Amazon SQS Standard queue. Create an Amazon SNS topic. Create an AWS Step Functions state machine.

A Solutions Architect has been assigned the task of moving some sensitive documents into the AWS cloud. The security of the documents must be maintained. Which AWS features can help ensure that the sensitive documents cannot be read even if they are compromised? (choose 2). Amazon S3 Server-Side Encryption. Amazon EBS encryption with Customer Managed Keys. AWS IAM Access Policy. Amazon EBS snapshots. Amazon S3 cross region replication.

A financial services company provides users with downloadable reports in PDF format. The company requires a solution that can seamlessly scale to meet the demands of a growing, global user base. The solution must be cost-effective and minimize operational overhead. Which combination of services should a Solutions Architect recommend to meet these requirements?. Amazon CloudFront and Amazon S3. AWS Lambda and Amazon DynamoDB. Application Load Balancer with AWS Auto Scaling. Amazon Route 53 with Network Load Balancers.

An application runs across a fleet of Amazon EC2 instances and uses a shared file system hosted on Amazon EFS. The file system is used for storing many files that are generated by the application. The files are only accessed for the first few days after creation but must be retained. How can a Solutions Architect optimize storage costs for the application?. Configure a lifecycle policy to move the files to the EFS Infrequent Access (IA) storage class after 7 days. Implement AWS Storage Gateway and transition files to Amazon S3 after 7 days. Move the files to an instance store on each Amazon EC2 instance after 7 days. Configure a lifecycle policy to move the files to the S3 Standard-IA storage class after 7 days.

A large MongoDB database running on-premises must be migrated to Amazon DynamoDB within the next few weeks. The database is too large to migrate over the company’s limited internet bandwidth so an alternative solution must be used. What should a Solutions Architect recommend?. Use the Schema Conversion Tool (SCT) to extract and load the data to an AWS Snowball Edge device. Use the AWS Database Migration Service (DMS) to migrate the data to Amazon DynamoDB. Setup an AWS Direct Connect and migrate the database to Amazon DynamoDB using the AWS Database Migration Service (DMS). Enable compression on the MongoDB database and use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon DynamoDB. Use the AWS Database Migration Service (DMS) to extract and load the data to an AWS Snowball Edge device. Complete the migration to Amazon DynamoDB using AWS DMS in the AWS Cloud.

A team of scientists are collecting environmental data to assess the impact of pollution in a small regional town. The scientists collect data from various sensors and cameras. The data must be immediately processed to validate its accuracy, but the scientists have limited local storage space on their laptops and intermittent and unreliable connectivity to their Amazon EC2 instances and S3 buckets. What should a Solutions Architect recommend?. Use AWS Snowball Edge devices to process the data locally. Upload the data to Amazon SQS in batches and process the messages using Amazon EC2 instances. Configure Amazon Kinesis Data Firehose to load data directly to a Snowball device and process locally with Lambda@Edge. Use AWS DataSync on the scientists’ laptops to synchronize the data to Amazon S3. Process the data with Amazon EC2 instances.

An application that runs a computational fluid dynamics workload uses a tightly-coupled HPC architecture that uses the MPI protocol and runs across many nodes. A service-managed deployment is required to minimize operational overhead. Which deployment option is MOST suitable for provisioning and managing the resources required for this use case?. Use AWS Batch to deploy a multi-node parallel job. Use Amazon EC2 Auto Scaling to deploy instances in multiple subnets. Use AWS CloudFormation to deploy a Cluster Placement Group on EC2. Use AWS Elastic Beanstalk to provision and manage the EC2 instances.

A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 Instances running behind an Elastic Load Balancer. The security team requires that all web servers must be accessible only through the Elastic Load Balancer and that none of the web servers are directly accessible from the Internet. How should the Architect meet these requirements?. Configure the web tier security group to allow only traffic from the Elastic Load Balancer. Create an Amazon CloudFront distribution in front of the Elastic Load Balancer. Configure the web servers' security group to deny traffic from the Internet. Install a Load Balancer on an Amazon EC2 instance.

A critical web application that runs on a fleet of Amazon EC2 Linux instances has experienced issues due to failing EC2 instances. The operations team have investigated and determined that insufficient swap space is a likely cause. The operations team require a method of monitoring the swap space on the EC2 instances. What should a Solutions Architect recommend?. Install and configure the unified CloudWatch agent on the EC2 instances. Monitor Swap Utilization metrics in CloudWatch. Create a custom metric in Amazon CloudWatch that monitors Swap Usage. Monitor Swap Usage metrics in CloudWatch. Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom metrics. Monitor Swap Usage metrics in CloudWatch. Enable detailed monitoring in the EC2 console. Create an Amazon CloudWatch SwapUtilization custom metric and monitor the metric in CloudWatch.

A Solutions Architect is designing an application that consists of AWS Lambda and Amazon RDS Aurora MySQL. The Lambda function must use database credentials to authenticate to MySQL and security policy mandates that these credentials must not be stored in the function code. How can the Solutions Architect securely store the database credentials and make them available to the function?. Store the credentials in Systems Manager Parameter Store and update the function code and execution role. Store the credentials in AWS Key Management Service and use environment variables in the function code pointing to KMS. Use the AWSAuthenticationPlugin and associate an IAM user account in the MySQL database. Create an IAM policy and store the credentials in the policy. Attach the policy to the Lambda function execution role.

To increase performance and redundancy for an application a company has decided to run multiple implementations in different AWS Regions behind network load balancers. The company currently advertise the application using two public IP addresses from separate /24 address ranges and would prefer not to change these. Users should be directed to the closest available application endpoint. Which actions should a solutions architect take? (Select TWO.). Create an AWS Global Accelerator and attach endpoints in each AWS Region. Migrate both public IP addresses to the AWS Global Accelerator. Create an Amazon Route 53 geolocation based routing policy. Assign new static anycast IP addresses and modify any existing pointers. Create PTR records to map existing public IP addresses to an Alias.

A Solutions Architect is creating a URL that lets users who sign in to the organization’s network securely access the AWS Management Console. The URL will include a sign-in token that authenticates the user to AWS. Microsoft Active Directory Federation Services is being used as the identity provider (IdP). Which of the steps below will the Solutions Architect need to include when developing the custom identity broker? (choose 2). Call the AWS federation endpoint and supply the temporary security credentials to request a sign-in token. Call the AWS Security Token Service (AWS STS) AssumeRole or GetFederationToken API operations to obtain temporary security credentials for the user. Assume an IAM Role through the console or programmatically with the AWS CLI, Tools for Windows PowerShell or API. Assume an IAM Role through the console or programmatically with the AWS CLI, Tools for Windows PowerShell or API. Delegate access to the IdP through the "Configure Provider" wizard in the IAM console.

An application stores encrypted data in Amazon S3 buckets. A Solutions Architect needs to be able to query the encrypted data using SQL queries and write the encrypted results back the S3 bucket. As the data is sensitive fine-grained control must be implemented over access to the S3 bucket. What combination of services represent the BEST options support these requirements? (choose 2). Use IAM policies to restrict access to the bucket. Use Athena for querying the data and writing the results back to the bucket. Use AWS Glue to extract the data, analyze it, and load it back to the S3 bucket. Use bucket ACLs to restrict access to the bucket. Use the AWS KMS API to query the encrypted data, and the S3 API for writing the results.

A Solutions Architect would like to store a backup of an Amazon EBS volume on Amazon S3. What is the easiest way of achieving this?. Create a snapshot of the volume. Use SWF to automatically create a backup of your EBS volumes and then upload them to an S3 bucket. You don’t need to do anything, EBS volumes are automatically backed up by default. Write a custom script to automatically copy your data to an S3 bucket.

A company has 200 TB of video files stored in an on-premises data center that must be moved to the AWS Cloud within the next four weeks. The company has around 50 Mbps of available bandwidth on an Internet connection for performing the transfer. What is the MOST cost-effective solution for moving the data within the required timeframe?. Order multiple AWS Snowball devices to migrate the data to AWS. Use Amazon S3 Transfer Acceleration to securely upload the data. Create a virtual private gateway and connect a VPN to upload the data. Use AWS Snowmobile to migrate the data to AWS.

A company has over 200 TB of log files in an Amazon S3 bucket. The company must process the files using a Linux-based software application that will extract and summarize data from the log files and store the output in a separate Amazon S3 bucket. The company needs to minimize data transfer charges associated with the processing of this data. How can a Solutions Architect meet these requirements?. Launch an Amazon EC2 instance in the same Region as the S3 bucket. Process the log files and upload the output to another S3 bucket in the same Region. Use an on-premises virtual machine for processing the data. Retrieve the log files from the S3 bucket and upload the output to another S3 bucket in the same Region. Launch an Amazon EC2 instance in the same Region as the S3 bucket. Process the log files and upload the output to another S3 bucket in a different Region. Connect an AWS Lambda function to the S3 bucket via a VPC endpoint. Process the log files and store the output to another S3 bucket in the same Region.

A company has two accounts in an AWS Organization. The accounts are: Prod1 and Prod2. An Amazon RDS database runs in the Prod1 account. Amazon EC2 instances run in the Prod2 account. The EC2 instances in the Prod2 account must access the RDS database. How can a Solutions Architect meet this requirement MOST cost-effectively?. Set up VPC sharing with the Prod1 account as the owner and the Prod2 account as the participant to transfer the data. Create an AWS Lambda function in the Prod1 account to transfer data to the Amazon EC2 instances in the Prod2 account. Create a cross-Region Replica of the Amazon RD database in the Prod2 account. Point the EC2 instances to the Replica endpoint. Take a snapshot of the Amazon RDS database and share it with the Prod2 account. In the Prod2 account, restore the cluster using the shared snapshot.