An application relies on messages being sent and received in order. The volume will never exceed more than 300 transactions each second.
Which service should be used? Amazon ECS AWS STS Amazon SNS Amazon SQS.
A customer owns a simple API for their website that receives about 1,000 requests each day and has an average response time of 50ms. It is currently hosted on one c4.1arge instance.
Which changes to the architecture will provide high availability at the LOWEST cost? ReAPI with the existing baxkend service Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an Application Load Balancer to balance the traffic Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend. Create an Auto Scaling group with a maximum of two instances, then use the application Load Balancer to balance the traffic.
An application is running on Amazon EC2 inAuto Sclaing group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operations is fault -tolerant up to the loss of one Availability Zone.
Which is the MOST cost-efficient way to meet these requirements? Deploy four instances in each of two Availability Zones. Deploy one instance in each of three Availability Zones. Deploy two instances in each of three Availability Zones. Deploy two instances in each of two Availability Zones.
A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for the web requests to the application.
Based on the requirementes, what security group rules should be put on the Amazon EC2 instances? An inbound rule allowing traffic from the network ACLs attached to the ALB An outbound rule allowing traffic to the security group attached to the ALB An inbound rule allowing traffic from the security group attached to the ALB An outbound rule blocking all traffic to the internet.
A Solutions Architect is designing an application that is expected to have millions of users. The architect needs options to store session data.
Which option is the MOST performant? Amazon S3 Amazon EFS Amazon RDS Amazon ElastiCache.
A Solution Architect is designing a solution that will include a database in Amazon RDS. Corporate security policy mandates that the database, its logs, and its backups are all encrypted.
Which is the MOST efficient option to fulfill the security policy using Amazon RDS? Launch an Amazon RDS instance. Enable encryption for backups. Encryptlogs with a database-engine feature Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and backups. Launch an Amazon RDS instance with encryption enabled Logs and backups. are automatically encrypted Launch an Amazon RDS instance. Enabled encryption for database, logs and backups.
A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate report s on data in the database, and will do joins across multiple tables.
The databasemust automatically scale as the amount of data grows.
Which AWS service should be used to run the database? Amazon Aurora AmazonS3 Amazon DynamoDB Amazon Redshift.
An application publishes Amazon SNS messages in response to several events. An AWS Lambda function subscribes to these messages. Occasionally the function will fail while processing a message, so the original event message must be preserved for root cause analysis.
What architecture will meet these requirements without changing the workflow? Configure a Dead Letter Queue for the Amazon SNS topic Configure the Amazon SNS topic to invoke the Lambda function from the queue Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from the queue Configure Lambda to write failures to an SQS Dead Letter Queue .
A manufactoring company captures data from machines running at customer sites. Currently, thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed.
What is the SIMPLEST method to store this streaming data al scale? Create an Auto Scaling group of Amazon EC2 servers behind ELBs to write the data into Amazon RDS Create an Amazon SQS queue, and have the machines write to the queue Create an Amazon EC2 server farm behind an ELB to store the data in Amazon EBS Cold HDD volumes. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.
A Solution Architect is desinging a multicontainer-based web application. Parts of the web application, /orders and / sale-event, must scale independtly while maintaining a single Fully Qualified Domain Name.
Which AWS services will help the Architect build this platform? (Select Two) Amazon SQS Amazon EC2 Container Service Amazon ELB Classic Load Balancer Amazon DynamoDB Amazon ELB Application Load Balancer.
One company wants to share the contents their Amazon S3 bucket with another company. Security requirements mandate that only the other company´s AWS accounts have access to the contents of the Amazon S3 bucket.
Which Amazon S3 feature will allow secure access to the Amazon S3 bucket? Bucket policy CORS configuration Lifecycle policy Object tagging.
A Solution Architect in designing a two-tier application for maximum security, with a web tier running on EC2 instances and the data stored in an RDS DB instance. The web tier should accept user access only through HTTPS connections (port 443) from the internet, and the data must be encrypted in transit to and from the database.
What combination of step will MOST securely meet the stated requirements? (Chosse two) Create a network ACL that allows inbound traffic only over port 443. Enforce Transparent Data ENcryption (DE) on the RDS database Create a customer master key in AWS KMS and apply it to encrypt the RDS instance Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances. Create a security group for the web tier instances that allows inbound traffic only over port 443.
A company plans to use Amazon GuardDuty to detect unexpected and potenctially malicious activity.The company wants to use Amazon CloudWatch to ensure that when findings occur, remediation takes place automatically.
Which CloudWatch feature should be used to trigger an AWS Lambda function to perform the remediation? Alarms Metrics Events Dashboards.
A team is launching a marketing campaign and the peak database read activity in Amazon Aurora for MySQL is expected to increase. A Solutions Architect decides to add two Read Replicas to the Cluster.
How should the Solutions Architect ensure that the connections for read activities are load balanced? Cluster endpoint for Amazon Aurora Reader endpoint for Amazon Aurora Primary DB instance endpoint for Amazon Aurora Replica DB instances endpoint for Aurora.
A company requires that the source, destination, and protocol of all IP packets be recorded when traversing a private subnet.
What is the MOST secure and reliable method of accomplishing this goal. Create VPC flow logs on the subnet Create an Amazon CloudWatch log to capture packet information Enable source destination check on private Amazon EC2 instances Enable AWS CloudTrail logging and specify an Amazon S3 bucket for storing log files.
A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL.
Which service should the Architect choose to distribute the workload? ELB Aplication Load Balancer ELB Classic Load Balancer Amazon Route 53 DNS Amazon CloudFront.
An organization is currently hosting a large amount of frequently accessed data consisting of key-value pairs and semi-structure documents in their data center. They are planning to mmove this data to AWS.
Which of one of the following services MOST efectively meets their needs? Amazon Aurora Amazon Redshift Amazon RDS Amazon DynamoDB.
A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and is discarded after 30 days.
Which service will be MOST cost-effective in meeting these requirements? Import the logs into an RDS MySQL instance. Import the logs to an Amazon Redshift cluster Use AWS Data Pipeline to import the logs into a DynamoDB table Write the files to an S3 bucket and use Amazon Athena to query the data.
A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accesible from the internet. The proposed design must be highly available and distributed over two Availability Zone.
What would be the MOST appropiate VPC design for this specific use case? Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS Two public subnets for the elastic load balancer, two private subnets for the web servers, and two public subnets for RDS One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS. One public subnet for the elastic load balancer,one public subnets for the web servers, and one private subnets for the database.
A Solutions Architect is designing a Lambda funtion that calls an API to list all runnning Amazon RDS instances. How should request be authorized? Create an IAM access and secret key, and store it in an encrypted RDS database Create an IAM role to the Lambda function with permissions to list all Amazon RDS instances Create an IAM access and secret key, and store it in the Lambda function Create an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.
AN application runs in a VPC on Amazon EC2 instances behind an Application Load Balancer. Traffic to the Amazon EC2 instances must be limited to traffic from the Application Load Balancer.
Based on these requirements, the security group configuration should only allow traffic from: the IP range of the Application Load Balancer subnets the security group attached to the Application Load Balancer the public Ips of the Application Load Balancer nodes the VPC CIDR.
A company has a website runnig on Amazon EC2. The application DNS name pot¿ints to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address.
Which tool or service should a Solution Architect recommend to block the IP address? AWS WAF Security groups Network ACL AWS Shield.
A Solutions Architect needs to allow developers to have SSH connectivity to web servers. The requirements are as follows:
-Limit access to users origination from the corporate network
-Web servers cannot have SSH access directly from the Internet
-Web servers reside in a private subnet.
Which combination of steps must the Architect complete to meet these requirements? (Choose two) Create a bastion host with security group rules that only allow traffic from the corporate network. Deny all SSH traffic from the corporate network in the inbound network ACL Configure the web servers security group to allow SSH traffic from a bastion host Create a bastion host that authenticates users against the corporate directory Attach an IAM role to the bastion host with relevant pormissions.
A company has an Amazon RDS database backing its production website. The sales team needs to run queries against the database to track training program effectiveness. Queries against the production database cannot impact performance, and the solution must be easy to maintain.
How can these requirements be met? Use an Amazon REdshift database. Copy the product database into Redshift and allow the team to query it. Use multiple Amazon EC2 instances running replicas of the production database, plased behind a load balancer Use an Amazon DynamoDB table to store a copy of the data Use an Amazon RDS read replica of the production database and allow the team to query against it.
A large media site has multiple application in Amazon ECS. A SOlutions Architect needs to use content metadata and route traffic to specific services.
What is the MOST efficient method to perform this task Use an AWS Application Load balancer with hos-based routing option to route traffic to the correct service Use Amazon CloudFront to manage and route traffic to the correct service Use an Amazon Classic Load Balancer with a host-based routing option to route traffic to the correct service. Use the AWS CLI to update Amazon Route 53 hosted zone to reoute traffic as services get updated.
A company is launching a new static website on Amazon S3 and Amazon CLoudFront. The company wants to ensure that all web request to through only CLoudFront.
How can a Solution Architect meet this Requirement? Create a CloudFront origin access identify (OIA), then update the S3 bucket policy to allow the OIA read access. Convert the S3 bucket to an EC2 instance, then give CloudFront access to the instance by using security groups Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects Create IAM users in a group that has read access to the S3 bucket. Configure CloudFront to pass credentials to the S3 bucket .
A company has gigabytes of web log files stored in an Amazon S3 bucket. A Solutions Architect wants to copy those files into Amazon Redshift for analysis. The the security ´s security policy mandate that data i encrypted at rest both in the Amazon Redshift cluster and the Amazon S3 bucket.
Which process will fulfill the security requirements? Launch an encrypted Amazon Redshift cluster. Copy the data from the Amazon S3 bucket into the Amazon Redshift cluster. Copy data back to the Amazon S3 bucket in encrypted form. Enable server-side encryption on the Amazon S3 bucket. Launch an unencrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster. Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster. Enable server-side encryption on the Amazon S3 bucket. Copy data from the Amazon S3 bucket into an unencrypted Redshift cluster. Enable encription on the cluster.
A Solutions Architect is designing an application in AWS. The architect must not expose the application or database tier over the internetfor security reasons. The application must be low-cost and hace a scalable front end. The databases and application tier must have only one-way internet access to download software and patch updates.
Which solution helps to meet these requirements?
>>>>Which solution helps to meet Use a NAT Gateway as the front and for the application tier and to enable the private resources to have Internet access. Use an Amazon EC2 based proxy server as the front end for the application tier, and a NAT Gateway to allow internet access for private resources. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet acces for private resources. Use an ELB Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow internet access for private resources. .
A solutions Architect must design an Amazon DynamoDB table to store data about customer activities. The data is used to analyze recent customer behaviour, so data that is less than a week old is heavely accessed and older data is accessed infrequently. Data that is more than one month old never needs to be referenced by an application, but needs to be archived for year-end analytics.
What is the MOST cost-efficient way to meet these requirements? (Choose two) Provision a higher write capacity unit to minimize the number or partitions. Use DynamoDB time-to-live settings to expire items after a certain time period Pre-process data to consolidate multiple records to minimize write operations. Export the old table data from DynamoDB to Amazon S3 using AWS Data Pipeline, and delete the old table Create separate tables for each week´s data with higher throughput for the current week.
A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.
How can the report be created without affecting the performance of the application? Configure the database to be in multiple regions Provision a new RDS instance as a secondar Increase the number of provisioned storage IOPS Create a read replica of the database.
A workload consists of downloading an image from an Amazon S3 bicket, processing the image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a scheduled task every hour to perform the operation.
How should a Solutions Architect redesign the process so that it is highly available? Trigger a Lambda function when a new object is uploaded Launch a second Amazon EC2 instance to monitor the health of the first Initially copy the images to an attached Amazon EBS volume Change the Amazon EC2 instance to compute optimized.
An application is scanning an Amazon DynamoDB table that was created with default settings. The application occasionally reads stale data when it queries the table.
How can this issue be corrected? Re-create the DynamoDB table with eventual consistency disabled Update the application to use strongly consistent reads. Increase the provisioned read capacity of the table Enable AutoScaling on the DynamoDB table.
An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data onto Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet.
How can these requirements be met? Configure a NAT gateway in a public lsubnet and route all traffic to Amazon Kinesis through the NAT gateway. Configure an interface VPC endpoint for kinesis and route all traffic to Kinesis through the gateway VPC endpoint Configure an AWS Direct connect private virtual interface for kinesis and route all traffic to Kinesis through the virtual interface Configure a gateway VPC endpoint for kinesis and route all traffic to kinesis through the gateway VPC endpint.
A company must collect temperature data from thousands of remote weather devices. The company must also store this data in a data warehouse to run aggregation and visualizations.
Which services will meet these requirements? Amazon SNS Amazon DynamoDB Amazon SQS Amazon Kinesis Data Firehouse Amazon Redshift.
A SOlution Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. THis is a security sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system.
What security measure would satisfy these requirements? Assign an IAM role to the AMazon EC2 instance Store the AWS Access Key ID/Secret
Accessed keyconbination in software comments. Enable multi-factor autentication for the AWS root account Assign an IAM user to the Amazon Ec2 instance.
A Solutions Architect plan to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing. The architect decides to use Elastic Load Balancing Application Load Balancers.
What is the MOST efficient method for achieving secure communicacion? Create a SNI certificate and upload ot to the Application Load Balancer Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer Create a wildcard certificate and upload it to the Application Load Balancer Let a third-party Certificate Manager manage certificates required to all domains ans uploaad them to the application Load Balancer.
A company is migrating an on-premises applicatios to AWS. The application currently uses thir corporate message broker, passing messages between layers by using the MATT protocol.
Because of time and budget constraints, the company cannot rewrite the application and cannot manage a new message broker on the EC2 instances.
Which service should a Solutions Archotect use to allow the customer to migrate the application to AWS? Amazon MQ Amazon SNS Amazon SWF Amazon SQS.
A SOlutions Architect is building an application on AWS that will require 20.000 IOPS on a particular volume to support a media event. Once the event ends the IOPS need is no longer required. The marketing team asks the Architect to build the platform to optimized storage without incurring downtime.
How should the Architect design the platform to meet these requirements? Stop the Amazon EC2 instance and provision IOPS for the EBS volume Change the Amazon EC2 instant types Enable an API Gateway to change the endpoints for the Amazon EC2 instances Change the EBS volume type to Provisioned IOPS.
A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises.
Which solution should the architect use to meet the security requirements? SSE-S3: Server-side encryptio with Amazon - managed master key SSE-C: Server-side encryption with customer-provided encryption keys. AWS CLoudHMS SSe-KMS: Server-Side encryption with AWS KMS managed keys.
A customer owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it is rarely changed. Clients only access one record at a time. Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited scalability for the future? Amazon Redshift Amazon RDS Amazon DynamoDB AWS Data Pipeline.
Which tool analyzes account resources and provides a detailed inventory of changes over time? AWS Config AWS Service catalag AWS CloudFormation Amazon.
A customer has a service based out of Oregon, U.S and Paris, France. The application is storing data in an S3 bucket located in Oregon, and that data is updated frequently. The Paris office is experiencing slow response times when retrieving objects.
What should a Solutions Architect do to resolve the slow response time for the Paris office? Create an application Load Balancer that load balances data retrieval between the Oragon S3 bucket and a new Paris S3 bucket. Set up an S3 bucket based in Paris, and enable a lifecycle managment tule to trasition data from the Oregon bcket to the Paris bucket. Create an Amazon CloudFront distribution with the bucket located in Oregon as the origin and set the Maximum Time to Live (TTL) for cache behavior to 0 Set up an S3 bucket based in Paris, and enable cross-region replication from the Oregon bucket to the Paris bucket.
A company is looking for a fully-managed solution to store its players´ state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which can scale according to the incoming traffic. The request can be routed to any of the nodes, therefore, the state information must be storedin a centralized database. The players´ state information needs to be read with strong consistency and needs conditional updates for any changes.
Which service would be MOST cost-effective, and scaled seamlessly? Amazon Redshift Amazon RDS Amazon DynamoDB AmazonS3.
A Solution Architect is designing a thre-tier web application. The architect wants to restrict access to the database tier to accept from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.
How should the Architect configure the database servers to meet the requirements? Configure the database subnet network ACL to deny all inbound non-database traffic from the application -tier subnet Configure the database security group to allow database traffic from the application server security group Configure the database subnet network ACL to allow inbound database traffic from the application -tier subnet Configure the database security group to allow database traffic from the application server IP addresses .
AN application running in a private subnet accesses an Amazon DynamoDB table. There is a security requirement that the data never leave the AWS network.
How should this requirement be met? Enable DynamoDB encryption at rest using an AWS KMS key Add NAT gateway and configure the route table on the private subnet. COnfigure a network ACL on DynamoDB to limit traffic to the private subnet Create a VPC endpoint for DynamoDB and configure the endpoint policy.
A Solutions Architect is deploying a new production MySQL database on AWS it is critical that the database is highly available.
What should hte Architect do to achieve this goal with Amazon RDS? Enable multi-AZ to create a standby database in a different Availability Zone Create a read replica of the primary database and deploy it in a different AWS Region Create a read replica of the primary database and deploy it in a different Availability Zone Enable multi-AZ to create a standby database in a different AWS Region.
A Solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table.
What is the MOST secure means of granting the Lambda function access to the DynamoDB table? Create a DynamoDB user name and password and give them to the Developer to use in the Lambda function Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, ans addign the role to the Lambda function. Create an identity and access management (IAM) role allowing access from AWS Lambda and assign the role to the DynamoDB table. Create an identity and access management (IAM) user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynamoDB table. Have the developer use these keys to access the resources .
A Solutions Architect has five web servers serving requests for a domain.
Which of the following Amazon Route 53 routing policies can distribute traffic randomly among all healthy web servers? Simple Failover Weighted Multivalue Answer.
A client notices that their engineers often make mistakes when creating Amazon SQS queues for their Backend system.
Which action should a Solution Architect recommend to improve this process? Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues Use the AWS CLI to create queues using AWS IAM Access Keys. Write a script to create the Amazon SQS queue using AWS Lambda Use AWS CLoudFormation Templates to manage the Amazon SQS queue creation.
A company is implementing a data lake solution on Amazon S3. Its security policy mandates that the data stored in Amazon S3 should be encrypted at rest.
Which options can achieve this? (Choose two) Use S3 server-side encryption with customer-provided keys (SSE-C) Use S3 bucket policies to restrict access to the data at rest Use client - side encryption before ingesting the data to Amazon S3 using wncryption keys Use SSL to encrypt the data while in transit to Amazon S3 Use S3 server-side encryption with an Amazon EC2 key pair.
A company is using Amazon S3 for backups from an on-premises environment. Regulatory requirements state that data must be retained for at least 7 years. The data is infrequently accessed for 35 days, but needs to be instantly available. After 35 days, the data is rarely accessed.
Which combination of actions will providethe MOST cost-effective solution? (Choose two) Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after 35days Change the backup so the data goes to Amazon Glacier directly Create an S3 lifecycle policy that moves the data to the GLACIER storage class after 7 years Create an S3 lifecycle policy that moves the data to Amazon S3 Standard Infrequent Access (S3 Standar-IA) after 35 days Change the backup so the data goes to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) directly.
Which requirements must be met in order for a Solutions Architect to specify that an Amazon EC2 instance should stp rather than terminate when its Spot Instance is interrupted? (Choose two) The root volume must be an Amazon EBS volume The Spot Instance request type must be one-time The Spot Instance request type must be persistent The root volume must be an instance store volume The launch configuration is changed.
Application servers currently deployed in a private subnet require the ability to integrate with a third-party service accessible through the internet.
Which changes are required to provide outbound internet connectivity in the VPC without providing inbound internet connectivity to the application servers? Create a NAT Gateway and attach an Internet Gateway to the VPC Attach an Internet gateway to the VPC and create a NAT Gateway Create a NAT gateway without attaching an Internet Gateway to the VPC Attach an Internet Gateway to the VPC without creating a NAT Gateway.
A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. User report that every morning at 9:00AM the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage of the call center staff starts work at 9:00AM, so Auto Scaling does not have enough time to scale out to meet demand.
How can the architect fix the problem? Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30AM every morning Change the Auto Scaling group´s scale out event to scale based on network utilization Permanently keep a steady state of instances that is needed at 9:00AM guarantee available resources, but leverage Spot Instances. Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale -up events.
A company is storing application data in Amazon S3 buckets across multiple AWS regions. Company policy requires that encryption keys be generated at the company headquarters, but the encryption keys may be stored in AWS after generation. The solution Architect plans to configure cross-region replication.
Which solution will encrypt the data whole requiring the LEAST amont of operational overhead? Configure S3 buckets to encrypt using AES-256 Configure S3 buckets to use Server-SIde Encryption with AWS KMS-Managed Keys (SSE -KMS) with imported key material in both regions Configure S3 object encryption using AWS CLI with Server -Side Encryption with AWS KMS -Managed Keys (SSE-KMS) Configure the applications to write to an S3 bucket using client -side encryption.
A customer has an application that is used by enterprise customers outside of AWS. Some of these customers use legacy firewalls that cannot whitelist by DNS name, but whitelist based only on IP address. The application is currently deployed in two Availability Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants to whitelist only two IP addresses, but the two existing EC2 Instances cannot sustain the amount of traffic.
What can a Solutions Architect do to support the customer and allow for more capacity? (Choose two) Create a Network Load Balancer with an interface in each subnet, and assign a static IP address to each subnet. Add additional EC2 instances with Elastic IP addresses, and register them with Amazon Route 53 Switch the two existing EC2 instances for an Auto Scaling group, and register them with the network Load Balancer Create additional EC2 instances and put them on standby. Remap an Elastic IP addresses to a standby instance in the event of failure Use Amazon Route 53 with a weighted, round robin routing policy across the Elastic IP addresses to resolve one at a time.
A data analytics startup company asks a Solution s Architect to recommend an AWS data store options for indexed data. The data processing engine will generate and input more than 64TB of processed data every day. with item sizes reaching up to 300KB. The startup is flexible with data storage and is more interested in a database that requires minimal effort to scale with a growing dataset size.
Which AWS data store service should the Architect recommend? Amazon Redshift Amazon S3 Amazon DynamoDB Amazon RDS.
A company has a legal requirement to store point-in-time copies of its Amazon RDS PostgreSQL database instance in facilities that are at least 200 miles apart.
Use of which of the followig provides the easiest way to comply wtith requirement? Multiple Availability Zone snapshot copy Multiple Availability Zone read replica Cross-region read replica Cross-region snapshot copy.
A Solution Architect needs to build a resilient data warehouse using Amazon Redshift. The architect needs to rebuild the Redshift cluster in another region.
Which approach can the architect take to address this requirement? Modify the redshift cluster to use AWS Snowball in export mode with data delivered to the other region Modify the redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region Modify the redshift cluster and configure cross region snapshots to the other region Modify the redshift clusterto take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region .
A Solutions Architect is building an online shopping application where users will be able to browse items, add items to a cart, and purchase the items. Images of items will be stored in Amazon S3 buckets organized by item category. When an item is no longer available for purchase, the item will be deleted from the S3 bucket. Ocassionally, during testing, itemimages deleted from S3 bucket are still visible to some users.
What is a flaw in this design approach? Using Amazon S3 for persistence exposes the application to a single point of failure. Amazon S3 DELETE requests apply a lock to the S3 bucket during the operation, causind other users to be blocked Amazon S3 DELETE requests are eventually consistent, which may cause other users to view items that have already been purchased. Defining S3 buckets by item may cause partition distribution errors, which will impact performance.
|
