SAA-C02 Part 3
Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 3 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take the AWS Solutions Architect Associate SAA-C02 Actual Exam Version because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
121. A Security team reviewed their company’s VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company’s goal is to eliminate internet access and allow the application to continue to function. What change should be made in the VPC before updating the route table?
- Create a NAT gateway for Amazon S3 access
- Create a VPC endpoint for Amazon S3 access
- Create a VPC endpoint for Amazon EC2 access
- Create a NAT gateway for Amazon EC2 access
122. A Solutions Architect is designing a system that will store Personally Identifiable Information (PII) in an Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and un-encrypted data should never be sent to AWS. What Amazon S3 encryption technique should the Architect choose?
- Amazon S3 client-side encryption with an AWS KMS-managed customer master key (CMK)
- Amazon S3 server-side encryption with an AWS KMS-managed key
- Amazon S3 client-side encryption with a client-side master key
- Amazon S3 server-side encryption with a customer-provided key
123. An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance. The ratio of read requests to write requests is about 2 to 1. Recent increases in traffic are causing very high latency. How can this problem be corrected?
- Create a similar RDS PostgreSQL instance and direct all traffic to it.
- Use the secondary instance of the Multiple Availability Zone for read traffic only.
- Create a read replica and send half of all traffic to it.
- Create a read replica and send all read traffic to it.
124. A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS gp2 volume. The application stores temporary data in a small database (less than 30 GB) located on the EBS root volume. The application is struggling to process the data fast enough, and a Solutions Architect has determined that the I/O speed of the temporary database is the bottleneck. What is the MOST cost-efficient way to improve the database response times?
- Enable EBS optimization on the instance and keep the temporary files on the existing volume.
- Put the temporary database on a new 50-GB EBS gp2 volume.
- Move the temporary database onto instance storage.
- Put the temporary database on a new 50-GB EBS io1 volume with a 3-K IOPS provision.
125. An application launched on Amazon EC2 instances needs to publish personally identifiable information (PII) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region?
- Use an internet gateway.
- Use AWS Private Link.
- Use a NAT gateway.
- Use a proxy instance
126. A company is migrating on-premises databases to AWS. The company’s backend application produces a large amount of database queries for reporting purposes, and the company wants to offload some of those reads to Read Replica, allowing the primary database to continue performing efficiently. Which AWS database platforms will accomplish this? (Select TWO.)
- Amazon RDS for Oracle
- Amazon RDS for PostgreSQL
- Amazon RDS for MariaDB
- Amazon DynamoDB
- Amazon RDS for Microsoft SQL Server
127. A Solutions Architect is designing a highly available web application on AWS. The data served on the website is dynamic and is pulled from Amazon DynamoDB. All users are geographically close to one another. How can the Solutions Architect make the application highly available?
- Host the website data on Amazon S3 and set permissions to enable public read-only access for users.
- Host the web server data on Amazon CloudFront and update the objects in the Cloudfront distribution when they change.
- Host the application on EC2 instances across multiple Availability Zones. Use an Auto Scaling group coupled with an Application Load Balancer.
- Host the application on EC2 instances in a single Availability Zone. Replicate the EC2 instances to a separate region, and use an Application Load Balancer for high availability.
128. A company is creating a web application that allows customers to view photos in their web browsers. The website is hosted in us-east-1 on Amazon EC2 instances behind an Application Load Balancer. Users will be located in many places around the world. Which solution should provide all users with the fastest photo viewing experience?
- Implement an AWS Auto Scaling group for the web server instances behind the Application Load Balancer.
- Enable Amazon CloudFront for the website and specify the Application Load Balancer as the origin.
- Move the photos into an Amazon S3 bucket and enable static website hosting.
- Enable Amazon ElastiCache in the web server subnet.
129. A company is creating a web application that will run on an Amazon EC2 instance. The application on the instance needs access to an Amazon DynamoDB table for storage. What should be done to meet these requirements?
- Create another AWS account root user with permissions to the DynamoDB table.
- Create an IAM role and assign the role to the EC2 instance with permissions to the DynamoDB table.
- Create an identity provider and assign the identity provider to the EC2 instance with permissions to the DynamoDB table.
- Create identity federation with permissions to the DynamoDB table.
130. A customer is running a critical payroll system in a production environment in one data center and a disaster recovery (DR) environment in another. The application includes load-balanced web servers and failover for the MySQL database. The customer’s DR process is manual and errorphone. For this reason, management has asked IT to migrate the application to AWS and make it highly available so that IT no longer has to manually fail over the environment. How should a Solutions Architect migrate the system to AWS?
- Migrate the production and DR environments to different Availability Zones within the same region. Let AWS manage failover between the environments.
- Migrate the production and DR environments to different regions. Let AWS manage failover between the environments.
- Migrate the production environment to a single Availability Zone, and set up instance recovery for Amazon EC2. Decommission the DR environment because it is no longer needed.
- Migrate the production environment to span multiple Availability Zones, using Elastic Load Balancing and Multi-AZ Amazon RDS. Decommission the DR environment because it is no longer needed.
131. A company is moving to AWS. Management has identified a set of approved AWS services that meet all deployment requirements. The company would like to restrict access to all other unapproved services to which employees would have access. Which solution meets these requirements with the LEAST amount of operational overhead?
- Configure the AWS Trusted Advisor service utilization compliance report. Subscribe to Amazon SNS notifications from Trusted Advisor. Create a custom AWS Lambda function that can automatically remediate the use of unauthorized services.
- Use AWS Config to evaluate the configuration settings of AWS resources. Subscribe to Amazon SNS notifications from AWS Config. Create a custom AWS Lambda function that can automatically remediate the use of unauthorized services.
- Configure AWS Organizations. Create an organizational unit (OU) and place all AWS accounts into the OU. Apply a service control policy (SCP) to the OU that denies the use of certain services.
- Create a custom AWS IAM policy. Deploy the policy to each account using AWS CloudFormation StackSets. Include deny statements in the policy to restrict the use of certain services. Attach the policies to all IAM users in each account.
132. A company wants to run a static website served through Amazon CloudFront. What is an advantage of storing the website content in an S3 bucket instead of an EBS volume?
- S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within a region.
- S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin.
- S3 buckets can be encrypted, allowing for secure storage of the web files. EBS volumes cannot be encrypted.
- S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object-level throttling.
133. A web server will be provisioned on two Amazon EC2 instances with an Application Load Balancer. Which of the following configurations will allow traffic on HTTP and HTTPS when configuring a security group to apply to each of these servers?
- Allow all inbound traffic, with explicit denies on non-HTTP and non-HTTPS ports.
- Allow incoming traffic to HTTP and HTTPS ports.
- Allow incoming traffic to HTTP and HTTPS ports, with explicit denies to all other ports.
- Deny all traffic to non-HTTP and non-HTTPS ports
134. A Solutions Architect has designed a VPC that meets all necessary security requirements for their organization. Any applications deployed in the organization must use this VPC design. How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?
- Deploy an AWS CloudFormation template that defines components of the VPC.
- Run a script that uses the AWS Command Line Interface to deploy the VPC.
- Clone the existing authorized VPC for each new project.
- Use AWS Elastic Beanstalk to deploy both the VPC and the application.
135. A company has a web application running in a Docker container that connects to a MySQL server in an on-premises data center. The deployment and maintenance of this application are becoming time-consuming and slowing down new feature releases. The company wants to migrate the application to AWS and use services that helps facilitate infrastructure management and deployment. Which architectures should the company consider on AWS? (Choose two.)
- Amazon ECS for the web application, and an Amazon RDS for MySQL for the database.
- AWS Elastic Beanstalk Docker Multi-container either for the web application or database.
- AWS Elastic Beanstalk Docker Single Container for the web application, and an Amazon RDS for MySQL for the database.
- AWS CloudFormation with Lambda Custom Resources without VPC for the web application, and an Amazon RDS for MySQL database.
- AWS CloudFormation with Lambda Custom Resources running in a VPC for the web application, and an Amazon RDS for MySQL database.
136. A Solutions Architect must select the most cost-efficient architecture for a service that responds to web requests. These web requests are small and query a DynamoDB table. The request rate ranges from zero to several hundred each second, without any predictable patterns. What is the MOST cost-efficient architecture for this service?
- Network Load Balancer/Amazon EC2
- Application Load Balancer/Amazon ECS
- API Gateway/AWS Lambda
- AWS Elastic Beanstalk/AWS Lambda
137. An application uses an Amazon SQS queue as a transport mechanism to deliver data to a group of EC2 instances for processing. The application owner wants to add a mechanism to archive the incoming data without modifying application code on the EC2 instances. How can this application be re-architected to archive the data without modifying the processing instances?
- Trigger a Lambda function by using Amazon CloudWatch Events to retrieve messages from the SQS queue and archive to Amazon S3.
- Use an Amazon SNS topic to fan out the data to the SQS queue in addition to a Lambda function that records the data to an S3 bucket.
- Set up an Amazon Kinesis Data Stream so that multiple instances can receive data. Add a separate EC2 instance that is configured to archive all data it receives.
- Write the data to an S3 bucket, and use an SQS queue for S3 event notifications to tell the instances where to retrieve the data.
138. An application has a web tier that runs on EC2 instances in a public subnet. The application tier instances run in private subnets across two Availability Zones. All traffic is IPv4 only, and each subnet has its own custom route table. A new feature requires that application tier instances can call an external service over the Internet; however, they must still not be accessible to Internet traffic. What should be done to allow the application servers to connect to the Internet, maintain high availability, and minimize administrative overhead?
- Add an Amazon egress-only internet gateway to each private subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the egress-only internal gateway in the same Availability Zone.
- Add an Amazon NAT Gateway to each public subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the NAT Gateway in the same Availability Zone.
- Add an Amazon NAT instance to one of the public subnets Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the Internet gateway in the VPC.
- Add an Amazon NAT Gateway to each private subnet. Alter each private subnet’s route table to include a route from 0.0.0.0/0 to the NAT Gateway in the other Availability Zone
139. A company requires operating system permission on a relational database server. What should a Solutions Architect suggest as a configuration for a highly available database architecture?
- Multiple EC2 instances in a database replication configuration that uses two Availability Zones.
- A standalone Amazon EC2 instance with a selected database installed.
- Amazon RDS in a Multi-AZ configuration with Provisioned IOPS.
- Multiple EC2 instances in a replication configuration that uses two placement groups.
140. A Solutions Architect is designing a shared file system for a company. Multiple users will be accessing it at any given time. Different teams will have their own directories, and the company wants to secure files so that users can access only files owned by their team. How should the Solutions Architect design this?
- Use Amazon EFS and control permissions by using file-level permissions.
- Use Amazon S3 and control permissions by using ACLs.
- Use Amazon EFS and control permissions by using security groups.
- Use AWS Storage Gateway and control permissions by using AWS Identity and Access Management (IAM)
141. A Solutions Architect is working on a PCI-compliant architecture that needs to call an external service provider’s API. The external provider requires IP whitelisting to verify the calling party. How should the Solutions Architect provide the external party with the IP addresses for whitelisting?
- Use an API Gateway in proxy mode, and provide the API Gateway’s IP address to the external service provider.
- Associate a public elastic network interface to a published stage/endpoint in API Gateway, exposing the AWS Lambda function, and provide the IP address for the public network interface to the external party to whitelist.
- Deploy the Lambda function in private subnets and route outbound traffic through a NAT gateway. Provide the NAT gateway Elastic IP address to the external service provider.
- Provide the external party the allocated AWS IP address range for Lambda functions, and send change notifications by using a subscription to the Amazon IpSpace Changed SNS topic.
142. A company uses AWS Elastic Beanstalk to deploy a web application running on c4.large instances. Users are reporting high latency and failed requests. Further investigation reveals that the EC2 instances are running at or near 100% CPU utilization. What should a Solutions Architect do to address the performance issues?
- Use time-based scaling to scale the number of instances based on periods of high load.
- Modify the scaling triggers in Elastic Beanstalk to use the CPU Utilization metric.
- Swap the c4.large instances with the m4.large instance type.
- Create an additional Auto Scaling group, and configure Amazon EBS to use both Auto Scaling groups to increase the scaling capacity.
143. A Solutions Architect is designing the architecture for a web application that will be hosted on AWS. Internet users will access the application using HTTP and HTTPS. How should the Architect design the traffic control requirements?
- A. Use a network ACL to allow outbound ports for HTTP and HTTPS. Deny other traffic for inbound and outbound.
- B. Use a network ACL to allow inbound ports for HTTP and HTTPS. Deny other traffic for inbound and outbound.
- C. Allow inbound ports for HTTP and HTTPS in the security group used by the web servers.
- D. Allow outbound ports for HTTP and HTTPS in the security group used by the web servers.
144. A company is launching a new static website on Amazon S3 and Amazon CloudFront. The company wants to ensure that all web requests go through only CloudFront. How can a Solutions Architect meet this requirement?
- Configure the S3 bucket policy to allow only CloudFront IP addresses to read objects.
- Create IAM users in a group that has read access to the S3 bucket. Configure CloudFront to pass credentials to the S3 bucket.
- Create a CloudFront origin access identity (OAI), then update the S3 bucket policy to allow the OAI read access.
- Convert the S3 bucket to an EC2 instance, then give CloudFront access to the instance by using security groups.
145. An online retailer has a series of flash sales occurring every Friday. Sales traffic will increase during the sales only and the platform will handle the increased load. The platform is a three-tier application. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. Amazon CloudFront is used to reduce web server load, but many requests for dynamic content must go to the web servers. What should be done to the web tier to reduce costs without impacting performance or reliability?
- Use T-series instances
- Purchase scheduled Reserved Instances.
- Implement Amazon ElastiCache.
- Use Spot Instances.
146. A company’s new web application running on Amazon EC2 across multiple Availability Zones (AZs) will be heavily accessed during regular business hours. After business hours, usage will be minimal. What fleet-scaling approach should be used to size the EC2 fleet to handle the traffic demands?
- Manual scaling across all AZs
- Provisioning for peak traffic
- Scheduled scaling
- Programmatic termination of all instances in one AZ during off-peak hours
147. An application provides a feature that allows users to securely download private and personal files. The web server is currently overwhelmed with serving files for download. A Solutions Architect must find a more effective solution to reduce web server load and costs, and must allow users to download only their own files. Which solution meets all requirements?
- Store the files securely on Amazon S3 and have the application generate an Amazon S3 presigned URL for the user to download.
- Store the files in an encrypted Amazon EBS volume, and use a separate set of servers to serve the downloads.
- Have the application encrypt the files and store them in the local Amazon EC2 Instance Store prior to serving them up for download.
- Create an Amazon CloudFront distribution to distribute and cache the files.
148. An application calls a service run by a vendor. The vendor charges based on the number of calls. The finance department needs to know the number of calls that are made to the service to validate the billing statements. How can a Solutions Architect design a system to durably store the number of calls without requiring changes to the application?
- Call the service through an internet gateway.
- Decouple the application from the service with an Amazon SQS queue.
- Publish a custom Amazon CloudWatch metric that counts calls to the service.
- Call the service through a VPC peering connection.
149. An application runs in a VPC on Amazon EC2 instances behind an Application Load Balancer. Traffic to the Amazon EC2 instances must be limited to traffic from the Application Load Balancer. Based on these requirements, the security group configuration should only allow traffic from:
- the public IPs of the Application Load Balancer nodes.
- the IP range of the Application Load Balancer subnets.
- the security group attached to the Application Load Balancer.
- the VPC CIDR
150. A Solutions Architect is reviewing an application that writes data to an Amazon DynamoDB table on a daily basis. Random table reads occur many times per second. The company needs to allow thousands of low-latency reads and avoid any negative impact to the rest of the application. What should the Solutions Architect do to meet the company’s goals?
- Use DynamoDB Accelerator to cache reads.
- Increase DynamoDB write capacity units.
- Add Amazon SQS to decouple requests.
- Implement Amazon Kinesis to decouple requests.
151. An environment has an Auto Scaling group across two Availability Zones referred to as AZ-a and AZ-b and a default termination policy. AZ-a has four Amazon EC2 instances, and AZ-b has three EC2 instances. None of the instances is protected from a scale-in. How will Auto Scaling proceed if there is a scale-in event?
- Auto Scaling selects an instance to terminate randomly.
- Auto Scaling terminates the instance with the oldest launch configuration of all instances.
- Auto Scaling selects the Availability Zone with four EC2 instances and then continues to evaluate.
- Auto Scaling terminates the instance with the closest next billing hour of all instances.
152. A Solutions Architect is designing a new web application on Amazon EC2. The system must make application-specific metrics, such as application security events, available to the SysOps teams. How should the Solutions Architect enable this in the design?
- Install AWS SDK on the application instances. Design the application to use the AWS SDK to log events directly to an Amazon S3 bucket.
- Install the Amazon Inspector agent on the application instances. Design the application to store events in application log files.
- Install the Amazon CloudWatch Logs agent on the application instances. Design the application to store events in application log files.
- Install AWS SDK on the application instances. Design the application to use AWS SDK to log sensitive events directly to AWS CloudTrail.
153. A Solutions Architect needs to convert potential single points of failure to a highly-available configuration. The current architecture contains Amazon EC2 instances with databases running in one Availability Zone. Web-tier resources have not been given public addresses, but still require Internet access. Which solution should the Architect use to maintain high availability?
- Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy a NAT gateway in one Availability Zone.
- Use ELB Classic Load Balancer with the web tier. Deploy EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy NAT gateways in both Availability Zones.
- Use ELB Classic Load Balancer with the database tier. Deploy Amazon EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy NAT gateways in both Availability Zones.
- Use ELB Classic Load Balancer with the database tier. Deploy Amazon EC2 instances in two Availability Zones and enable Multi-AZ RDS. Deploy a NAT gateway in one Availability Zone.
154. An organization hosts 10 microservices, each in an Auto Scaling group behind individual Classic Load Balancers. Each EC2 instance is running at optimal load. Which of the following actions would allow the organization to reduce costs without impacting performance?
- Reduce the number of EC2 instances behind each Classic Load Balancer.
- Change instance types in the Auto Scaling group launch configuration.
- Change the maximum size but leave the desired capacity of the Auto Scaling groups.
- Replace the Classic Load Balancers with a single Application Load Balancer.
155. A Solutions Architect is designing a ride-sharing application. The application needs consistent and single-digit millisecond latency. In addition, the application must integrate with a highly scalable and fully managed database service to track GPS coordinates and user data for all rides. Which database service should the Solutions Architect use to meet these performance requirements?
- Amazon RDS
- Amazon Redshift
- Amazon DynamoDB
- Amazon Aurora
156. An application has components running in a public subnet and a private subnet. The components within the private subnet must connect to the internet to receive updates. How should this be accomplished without moving the components into a public subnet?
- Add an internet gateway to the private subnet and update the private subnet route table.
- Add a NAT gateway to the public subnet and update the public subnet route table.
- Add an internet gateway to the VPC and update the private subnet route table.
- Add a NAT gateway to the public subnet and update the private subnet route table
157. A Solutions Architect is designing a multi container-based web application. Parts of the web application, /orders and /sale-event, must scale independently while maintaining a single Fully Qualified Domain Name. Which AWS services will help the Architect build this platform? (Select TWO.)
- Amazon ELB Application Load Balancer
- Amazon ELB Classic Load Balancer
- Amazon EC2 Container Service
- Amazon DynamoDB
- Amazon SQS
158. A company will host a static website within an Amazon S3 bucket. The website will serve millions of users globally, and the company wants to minimize data transfer costs. What should the Solutions Architect do to ensure costs are kept to a minimum?
- Implement an AWS Auto Scaling group for the website to ensure it grows with use.
- Use cross-region replication to copy the website to an additional S3 bucket in a different region.
- Create an Amazon CloudFront distribution, with the S3 bucket as the origin server.
- Move the website to large compute-optimized Amazon EC2 instances.
159. A company has a web application that makes requests to a backend API service. The API service is behind an Elastic Load Balancer running on Amazon EC2 instances. Most backend API service endpoint calls finish very quickly, but one endpoint that makes calls to create objects in an external service takes a long time to complete. These long-running calls are causing client timeouts and increasing overall system latency. What should be done to minimize the system throughput impact of the slow-running endpoint?
- Change the EC2 instance size to increase memory and compute capacity.
- Use Amazon SQS to offload the long-running requests for asynchronous processing by separate workers.
- Increase the load balancer idle time-out to allow the long-running requests to complete.
- Use Amazon ElastiCache for Redis to cache responses from the external service.
160. A company will run different data analytics jobs on large petabyte-scale datasets, using standard SQL and existing business intelligence tools. The data is mostly structured, but part of the data is unstructured and resides in Amazon S3. What technology should be used to support this use case?
- An Amazon Aurora database cluster with 15 replicas distributed across Availability Zones.
- Amazon Redshift with Amazon Redshift Spectrum.
- Amazon DynamoDB with Amazon DynamoDB Accelerator (DAX).
- Amazon ElastiCache for Redis with cluster mode enabled.
161. A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2. The batch job downloads an image from an Amazon S3 bucket, adds copyright information, and uploads it back to Amazon S3. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel, recover from the instance failures, and continue the processing from where it left off. What is the MOST cost-effective purchasing option the Solutions Architect can recommend?
- Standard Reserved Instances
- Scheduled Reserved Instances
- Spot Instances
- On-Demand Instances
162. A team has developed a new web application in an AWS Region that has three Availability Zones: AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and needs at least six Amazon EC2 instances running at all times. The application must tolerate the loss of connectivity to any single Availability Zone so that the application can continue to run. Which configurations will meet these requirements? (Select TWO.)
- AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2 instances.
- AZ-a with four EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances.
- AZ-a with two EC2 instances, AZ-b with two EC2 instances, and AZ-c with two EC2 instances.
- AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with no EC2 instances.
- AZ-a with three EC2 instances, AZ-b with three EC2 instances, and AZ-c with three EC2 instances.
163. A retail company runs hourly flash sales and has a performance issue on its Amazon RDS for PostgreSQL database. The Database Administrators have identified that the issue with performance happens when finance and marketing employees refresh sales dashboards that are used for reporting real-time sales data. What should be done to resolve the issue without impacting performance?
- Create a Read Replica of the RDS PostgreSQL database and point the dashboards at the Read Replica.
- Move data from the RDS PostgreSQL database to Amazon Redshift nightly and point the dashboards at Amazon Redshift.
- Monitor the database with Amazon CloudWatch and increase the instance size, as necessary. Make no changes to the dashboards.
- Take an hourly snapshot of the RDS PostgreSQL database, and load the hourly snapshots to another database to which the dashboards are pointed.
164. A Solutions Architect is designing a high-performance computing job that runs on Amazon EC2 instances in private subnets. To allow the application to download patches, the infrastructure must be altered to allow the instances to access external endpoints. Any changes to the infrastructure must involve minimal ongoing systems management effort. What will allow the EC2 instances to access the endpoint while meeting these requirements?
- NAT gateway
- Elastic IP address
- AWS Direct Connect
- Virtual private gateway
165. An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behind an Application Load Balancer. The load balancer is in public subnets; the EC2 instances are in private subnets and must not be accessible from the internet. The EC2 instances must call external services on the internet. If one AZ becomes unavailable, the remaining EC2 instances must still be able to call the external services. How should these requirements be met?
- Create a NAT gateway attached to the VPC. Add a route to the gateway to each private subnet route table
- Configure an internet gateway. Add a route to the gateway to each private subnet route table.
- Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance.
- Create a NAT gateway in each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway.
166. An application running on Amazon EC2 has been experiencing performance issues when accessing an Amazon RDS for Oracle database. The database has been provisioned correctly for average workloads, but there are several usage spikes each day that have saturated the database, causing the application to time out. The application is write-heavy, updating information more often than reading information. A Solutions Architect has been asked to review the application design. What should the Solutions Architect recommend to improve performance?
- Put an Amazon ElastiCache cluster in front of the database and use lazy loading to limit database access during peak periods.
- Put an Amazon Elasticsearch domain in front of the database and use a Write-Through cache to reduce database access during peak periods.
- Configure an Amazon RDS Auto Scaling group to automatically scale the RDS instance during load spikes.
- Change the Amazon RDS instance storage type from General Purpose SSD to provisioned IOPS SSD.
167. A Solutions Architect must design an Amazon DynamoDB table to store data about customer activities. The data is used to analyze recent customer behavior, so data that is less than a week old is heavily accessed and older data is accessed infrequently. Data that is more than one month old never needs to be referenced by the application, but needs to be archived for year-end analytics. What is the MOST cost-efficient way to meet these requirements? (Choose two.)
- Use DynamoDB time-to-live settings to expire items after a certain time period.
- Provision a higher write capacity unit to minimize the number of partitions.
- Create separate tables for each week’s data with higher throughput for the current week.
- Pre-process data to consolidate multiple records to minimize write operations.
- Export the old table data from DynamoDB to Amazon S3 using AWS Data Pipeline, and delete the old table.
168. A Solutions Architect must build a secure document –storage platform that allows clients to access data stored on Amazon S3. Documents must be readily available for the first 15 days. After that, documents need not be readily available, and storage costs should be reduced as much as possible. Which of the following approaches will satisfy these requirements?
- Create a lifecycle rule to transition the documents from the STANDARD storage class to the STANDARD_IA storage class after 15 days, and then to the GLACIER storage class after an additional 15 days.
- Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 30 days.
- Create a lifecycle rule to transition documents from the STANDARD storage class to the STANDARD_IA storage class after 30 days and then to the GLACIER storage class after an additional 30 days.
- Create a lifecycle rule to transition the documents from the STANDARD storage class to the GLACIER storage class after 15 days.
169. A Solutions Architect needs to configure scaling policies based on Amazon CloudWatch metrics for an Auto Scaling group. The application running on the instances is memory intensive. How can the Architect meet this requirement?
- Enable detailed monitoring on the Amazon EC2 instances.
- Publish custom metrics to CloudWatch from the application.
- Configure lifecycle policies for the Amazon EC2 instances.
- Set up high-resolution alarms for the Auto Scaling group
170. A company plans to use Amazon Guard Duty to detect unexpected and potentially malicious activity. The company wants to use Amazon CloudWatch to ensure that when findings occur, remediation takes place automatically. Which CloudWatch feature should be used to trigger an AWS Lambda function to perform the remediation?
171. A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora MySQL databases is securely managed with short-lived connection credentials. How can the Solutions Architect meet these requirements?
- Create a database user to run the GRANT statement with a short-lived token.
- Create the user account to use the AWS-provided AWSAuthenticationPlugin with IAM.
- Use AWS Systems Manager to securely save the connection secrets, and use the secrets while connecting.
- Use AWS KMS to securely save the connection secrets, and use the secrets while connecting.
172. A customer has a legacy application with a large amount of data. The files accessed by the application are approximately 10 GB each, but are rarely accessed. However, when files are accessed, they are retrieved sequentially. The customer is migrating the application to AWS and would like to use Amazon EC2 and Amazon EBS. What is the Least expensive EBS volume type for this use case?
- Cold HDD (sc1)
- Provisioned IOPS SSD (io1)
- General Purpose SSD (gp2)
- Throughput Optimized HDD (st1)
173. A company is migrating an on-premises application to AWS. The application currently uses their corporate message broker, passing messages between layers by using the MQTT protocol. Because of time and budget constraints, the company cannot rewrite the application and cannot manage a new message broker on the EC2 instances. Which service should a Solutions Architect use to allow the customer to migrate the application to AWS?
- Amazon SNS
- Amazon SQS
- Amazon MQ
- Amazon SWF
174. A customer is deploying a production portal application on AWS. The database tier has structured data. The company requires a solution that is easily manageable and highly available. How can these requirements be met?
- Deploy the database on multiple Amazon EC2 instances backed by Amazon EBS across multiple Availability Zones.
- Use Amazon RDS with a multiple Availability Zone option.
- Use RDS with a single Available Zone option and schedule periodic database snapshots.
- Use Amazon DynamoDB.
175. A Solutions Architect is designing a disaster recovery (DR) environment in a separate AWS region from an application’s primary workload. The application uses a multi-tier architecture, and only the RDS instance will have frequent changes. The application installation process takes 60 minutes on average. The disaster recovery plan must have an RPO of less than 90 minutes and an RTO of less than 30 minutes. Which of the following would enable the Solutions Architect to meet these requirements? (Choose two.)
- An Aurora instance as the primary database with a read replica in the DR region.
- Inter-region VPC peering between the primary workload VPC and the DR VPC
- A cross-region Amazon EC2 Amazon Machine Image (AMI) copy
- Amazon S3 cross-region replication of application-tier installers
- Amazon CloudWatch Events in the primary region that trigger the failover to the DR region
176. A website keeps a record of user actions using a globally unique identifier (GIUD) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company’s Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance?
- Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes.
- Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve GUID from ElastiCache when required.
- Encrypt the GUID using Base64 and store it in the user’s session cookie. Decrypt the GUID when an audit record is needed.
- Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database.
177. Application servers currently deployed in a private subnet require the ability to integrate with a third-party service accessible through the Internet. Which changes are required to provide outbound Internet connectivity in the VPC without providing inbound Internet connectivity to the application servers?
- Create a NAT Gateway without attaching an Internet Gateway to the VPC.
- Create a NAT Gateway and attach an Internet Gateway to the VPC.
- Attach an Internet Gateway to the VPC without creating a NAT Gateway.
- Attach an Internet Gateway to the VPC and create a NAT Gateway
178. A Solutions Architect is creating a multi-tiered architecture for an application that includes a public facing web tier. Security requirements state that the Amazon EC2 instances running in the application tier must not be accessible directly from the internet. What should be done to accomplish this?
- Create a multi-VPC peering mesh with network access rules limiting communications to specific ports. Implement an internet gateway on each VPC for external connectivity.
- Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication conduit. Configure a NAT gateway for external communications.
- Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC peer connection to the instances hosted in the private VPC.
- Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet. Install an internet gateway and use security groups to control communications between the layers.
179. A company uses Amazon S3 for storing a variety of files. A Solutions Architect needs to design a feature that will allow users to instantly restore any deleted files within 30 days of deletion. Which is the MOST cost-efficient solution?
- Create lifecycle policies that move the objects to Amazon Glacier and delete them after 30 days.
- Enable cross-region replication. Empty the replica bucket every 30 days using an AWS Lambda function.
- Enable versioning and create a lifecycle policy to remove expired versions after 30 days.
- Enable versioning and MFA Delete. Using a Lambda function, remove MFA delete from objects more than 30 days old
180. A Solutions Architect is designing a solution to send Amazon CloudWatch Alarm notifications to a group of users on a smartphone mobile application. What are the key steps to this solution? (Choose two.)
- Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic whenever there is an alarm.
- Configure the CloudWatch Alarm to send the notification to a mobile phone number whenever there is an alarm.
- Configure the CloudWatch Alarm to send the notification to the email addresses whenever there is an alarm.
- Create the platform endpoints for mobile devices and subscribe the SNS topic with platform endpoints.
- Subscribe the SNS topic with an Amazon SQS queue, and poll the messages continuously from the queue. Use each mobile platform’s libraries to send the message to the mobile application
181. A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely to be used again, the raw data needs to be preserved for compliance and auditing purposes. What is the MOST cost-effective way to store the data in AWS?
- Amazon EBS Cold HDD (sc1)
- Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
- Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
- Amazon Glacier
182. A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows access from the customer’s Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances. How should the Architect design the infrastructure?
- Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.
- Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway.
- Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway.
- Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway
183. A company is setting up a new website for online sales. The company will have a web tier and a database tier. The web tier consists of load-balanced, auto-scaled Amazon EC2 instances in multiple Availability Zones (AZs). The database tier is an Amazon RDS Multi-AZ deployment. The EC2 instances must connect securely to the database. How should the resources be launched?
A. EC2 instances: public subnet
- RDS database instances: public subnet
- Load balancer: public subnet
B. EC2 instances: public subnet
- RDS database instances: private subnet
- Load balancer: private subnet
C.EC2 instances: private subnet
- RDS database instances: public subnet
- Load balancer: public subnet
D.EC2 instances: private subnet
- RDS database instances: private subnet
- Load balancer: public subnet
184. An application is scanning an Amazon DynamoDB table that was created with default settings. The application occasionally reads stale data when it queries the table. How can this issue be corrected?
- Increase the provisioned read capacity of the table.
- Enable AutoScaling on the DynamoDB table.
- Update the application to use strongly consistent reads.
- Re-create the DynamoDB table with eventual consistency disabled.
185. A company wants to expand its web services from us-east-1 into ap-southeast-1. The company stores a large amount of static content on its website, and recently received complaints about slow loading speeds and the website timing out. What should be done to meet the expansion goal while also addressing the latency and timeout issues?
- Store the static content in Amazon S3 and enable S3 Transfer Acceleration.
- Store the static content in an Amazon EBS volume in the ap-southeast-1 region and provision larger Amazon EC2 instances for the website.
- Use an Amazon Route 53 simple routing policy to distribute cached content across three regions.
- Use Amazon S3 to store the static content and configure an Amazon CloudFront distribution.
186. A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policies require that data on the attached Amazon EBS volume must be retained. Which actions will meet this requirement without impacting performance?
- Enable Termination Protection on the Amazon EC2 instances.
- Disable DeleteOnTermination for the Amazon EBS volumes.
- Use Amazon EC2 user data to set up a synchronization job for root volume data.
- Change the auto scaling Health Check to point to a source on the root volume.
187. A customer is migrating to AWS and requires applications to access Network File System shares without code changes. Data is critical and accessed frequently. Which storage solution should a Solutions Architect recommend to maximize availability and durability?
- Amazon EBS
- Amazon S3
- AWS Storage Gateway for files
- Amazon EFS
188. An e-commerce application places orders in an Amazon SQS queue. When a message is received, Amazon EC2 worker instances process the request. The EC2 instances are in an Auto Scaling group. How should the architecture be designed to scale up and down with the LEAST amount of operational overhead?
- Use an Amazon CloudWatch alarm on the EC2 CPU to scale the Auto Scaling group up and down.
- Use an EC2 Auto Scaling health check for messages processed on the EC2 instances to scale up and down.
- Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down.
- Use an Amazon CloudWatch alarm based on the CPU to scale the Auto Scaling group up or down.
189. A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon EC2. This application serves as a blog for an international internet security company. The application must be geographically redundant and scalable. It must separate the public Amazon EC2 web servers from the private Amazon RDS database, it must be highly available, and it must support dynamic port routing. Which combination of AWS services or capabilities will meet these requirements?
- AWS Auto Scaling with a Classic Load Balancer, and AWS CloudTrail
- Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront
- A VPC, a NAT gateway and Auto Scaling with a Network Load Balancer
- CloudFront, Route 53, and Auto Scaling with a Classic Load Balancer
190. A company is deploying a reporting application on Amazon EC2. The application is expected to generate 1,000 documents every hour and each document will be 800 MB. The company is concerned about strong data consistency and file locking, as various applications hosted on other EC2 instances will process the report documents in parallel when they become available. What storage solution will meet these requirements with the LEAST amount of administrative overhead?
- Amazon EFS
- Amazon S3
- Amazon ElastiCache
- Amazon EBS