SOLUTIONS ARCHITECT ASSOCIATE - 30

An Amazon VPC has been deployed with private and public subnets. A MySQL database server running on an Amazon EC2 instance will soon be launched. According to AWS best practice, which subnet should the database server be launched into?. The private subnet. It doesn’t matter. The public subnet. The subnet that is mapped to the primary AZ in the region.

A Solutions Architect needs to design a solution for providing a shared file system for company users in the AWS Cloud. The solution must be fault tolerant and should integrate with the company’s Microsoft Active Directory for access control. Which storage solution meets these requirements?. Create a file system with Amazon FSx for Windows File Server and enable Multi-AZ. Join Amazon FSx to Active Directory. Create an Amazon EFS file system and configure AWS Single Sign-On with Active Directory. Use an Amazon EC2 Windows instance to create a file share. Attach Amazon EBS volumes in different Availability Zones. Use Amazon S3 for storing the data and configure AWS Cognito to connect S3 to Active Directory for access control.

A company is migrating an eCommerce application into the AWS Cloud. The application uses an SQL database, and the database will be migrated to Amazon RDS. A Solutions Architect has been asked to recommend a method to attain sub-millisecond responses to common read requests. What should the solutions architect recommend?. Deploy a database cache using Amazon ElastiCache. Deploy a database cache using Amazon DynamoDB Accelerator. Deploy Amazon RDS read replicas. Use Amazon EBS Provisioned IOPS volumes.

A Solutions Architect works for a systems integrator running a platform that stores medical records. The government security policy mandates that patient data that contains personally identifiable information (PII) must be encrypted at all times, both at rest and in transit. Amazon S3 is used to back up data into the AWS cloud. How can the Solutions Architect ensure the medical records are properly secured? (choose 2). Before uploading the data to S3 over HTTPS, encrypt the data locally using your own encryption keys. Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-256. Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-128. Attach an encrypted EBS volume to an EC2 instance. Upload the data using CloudFront with an EC2 origin.

An application will gather data from a website hosted on an EC2 instance and write the data to an S3 bucket. The application will use API calls to interact with the EC2 instance and S3 bucket. Which Amazon S3 access control method will be the MOST operationally efficient? (choose 2). Grant programmatic access. Create an IAM policy. Create a bucket policy. Use key pairs. Grant AWS Management Console access.

An organization has a data lake on Amazon S3 and needs to find a solution for performing in-place queries of the data assets in the data lake. The requirement is to perform both data discovery and SQL querying, and complex queries from a large number of concurrent users using BI tools. What is the BEST combination of AWS services to use in this situation? (choose 2). RedShift Spectrum for the complex queries. Amazon Athena for the ad hoc SQL querying. AWS Glue for the ad hoc SQL querying. AWS Lambda for the complex queries. Amazon Kinesis for the complex queries.

A Solutions Architect would like to implement a method of automating the creation, retention, and deletion of backups for the Amazon EBS volumes in an Amazon VPC. What is the easiest way to automate these tasks using AWS tools?. Use the EBS Data Lifecycle Manager (DLM) to manage snapshots of the volumes. Configure EBS volume replication to create a backup on S3. Create a scheduled job and run the AWS CLI command “create-backup” to take backups of the EBS volumes. Create a scheduled job and run the AWS CLI command “create-snapshot” to take backups of the EBS volumes.

An application is being monitored using Amazon GuardDuty. A Solutions Architect needs to be notified by email of medium to high severity events. How can this be achieved?. Create an Amazon CloudWatch events rule that triggers an Amazon SNS topic. Configure an Amazon CloudWatch alarm that triggers based on a GuardDuty metric. Create an Amazon CloudWatch Logs rule that triggers an AWS Lambda function. Configure an Amazon CloudTrail alarm the triggers based on GuardDuty API activity.

A company runs a streaming application on AWS that ingests data in near real-time and then processes the data. The data processing takes 30 minutes to complete. As the volume of data being ingested by the application has increased, high latency has occurred. A Solutions Architect needs to design a scalable and serverless solution to improve performance. Which combination of steps should the Solutions Architect take? (Select TWO.). Use Amazon Kinesis Data Firehose to ingest the data. Use containers running on AWS Fargate to process the data. Use AWS Lambda with AWS Step Functions to process the data. Use Amazon Simple Queue Service (SQS) to ingest the data. Use Amazon EC2 instances in a placement group to process the data.

An application in a private subnet needs to query data in an Amazon DynamoDB table. Use of the DynamoDB public endpoints must be avoided. What is the most EFFICIENT and secure method of enabling access to the table?. Create a gateway VPC endpoint and add an entry to the route table. Create an interface VPC endpoint in the VPC with an Elastic Network Interface (ENI). Create a private Amazon DynamoDB endpoint and connect to it using an AWS VPN. Create a software VPN between DynamoDB and the application in the private subnet.

A Solutions Architect is designing a web-facing application. The application will run on Amazon EC2 instances behind Elastic Load Balancers in multiple regions in an active/passive configuration. The website address the application runs on is example.com. AWS Route 53 will be used to perform DNS resolution for the application. How should the Solutions Architect configure AWS Route 53 in this scenario based on AWS best practices? (choose 2). Use a Failover Routing Policy. Connect the ELBs using Alias records. Set Evaluate Target Health to “No” for the primary. Use a Weighted Routing Policy. Connect the ELBs using CNAME records.

A HR application stores employment records on Amazon S3. Regulations mandate the records are retained for seven years. Once created the records are accessed infrequently for the first three months and then must be available within 10 minutes if required thereafter. Which lifecycle action meets the requirements whilst MINIMIZING cost?. Store the data in S3 Standard-IA for 3 months, then transition to S3 Glacier. Store the data in S3 Standard for 3 months, then transition to S3 Glacier. Store the data in S3 Standard for 3 months, then transition to S3 Standard-IA. Store the data in S3 Intelligent Tiering for 3 months, then transition to S3 Standard-IA.

A company is testing a new web application that runs on Amazon EC2 instances. A Solutions Architect is performing load testing and must be able to analyze the performance of the web application with a granularity of 1 minute. What should the Solutions Architect do to meet this requirement?. Enable detailed monitoring on all EC2 instances. Use Amazon CloudWatch metrics to perform the analysis. Send Amazon CloudWatch logs to Amazon S3. Use Amazon Athena to perform the analysis. Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs. Use Amazon CloudWatch metrics to perform the analysis. Create an AWS CloudTrail trail and log data events. Use Amazon Athena to query the CloudTrail logs.

An application is deployed using Amazon EC2 instances behind an Application Load Balancer running in an Auto Scaling group. The EC2 instances connect to an Amazon RDS database. When running performance testing on the application latency was experienced when performing queries on the database. The Amazon CloudWatch metrics for the EC2 instances do not show any performance issues. How can a Solutions Architect resolve the application latency issues?. Add read replicas for the RDS database and direct read traffic to the replicas. Replace the EC2 instances with AWS Lambda functions. Replace the Application Load Balancer with a Network Load Balancer. Enable Multi-AZ for the RDS database and direct read traffic to the standby.

An eCommerce company has a very popular web application that receives a large amount of traffic. The application must store customer profile data and shopping cart information in a database. A Solutions Architect must design the database solution to support peak loads of several million requests per second and millisecond response times. Operational overhead must be minimized, and scaling should not cause downtime. Which database solution should the Solutions Architect recommend?. Amazon DynamoDB. Amazon Aurora. Amazon RDS. Amazon Athena.

A mobile app uploads usage information to a database. Amazon Cognito is being used for authentication, authorization and user management and users sign-in with Facebook IDs. In order to securely store data in DynamoDB, the design should use temporary AWS credentials. What feature of Amazon Cognito is used to obtain temporary credentials to access AWS services?. Identity Pools. User Pools. Key Pairs. SAML Identity Providers.

An application running AWS uses an Elastic Load Balancer (ELB) to distribute connections between EC2 instances. A Solutions Architect needs to record information on the requester, IP, and request type for connections made to the ELB. Additionally, the Architect will also need to perform some analysis on the log files. Which AWS services and configuration options can be used to collect and then analyze the logs? (choose 2). Use EMR for analyzing the log files. Enable Access Logs on the ELB and store the log files on S3. Update the application to use DynamoDB for storing log files. Use Elastic Transcoder to analyze the log files. Enable Access Logs on the EC2 instances and store the log files on S3.

A web application hosts static and dynamic content. The application runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The database tier runs on an Amazon Aurora database. A Solutions Architect needs to make the application more resilient to periodic increases in request rates. Which architecture should the Solutions Architect implement? (Select TWO.). Add Aurora Replicas. Add an Amazon CloudFront distribution. Add an AWS Transit Gateway. Add an AWS Direct Connect link. Add an AWS Global Accelerator.

An Amazon S3 bucket is going to be used by a company to store sensitive data. A Solutions Architect needs to ensure that all objects uploaded to an Amazon S3 bucket are encrypted. How can this be achieved?. Create a bucket policy that denies Put requests that do not have an x-amz-server-side-encryption header set. Create a bucket policy that denies Put requests that do not have an s3:x-amz-acl header set. Create a bucket policy that denies Put requests that do not have an s3:x-amz-acl header set to private. Create a bucket policy that denies Put requests that do not have an aws:Secure Transport header set to true.

An application runs on Amazon EC2 instances. The application reads data from Amazon S3, performs processing on the data, and then writes the results to an Amazon DynamoDB table. The application writes many temporary files during the data processing. The application requires a high-performance storage solution for the temporary files. What would be the fastest storage option for this solution?. Multiple instance store volumes with software RAID 0. Multiple Amazon EBS volumes with Provisioned IOPS. Multiple Amazon EFS volumes in Max I/O performance mode. Multiple Amazon S3 buckets with Transfer Acceleration.