SAA-C02 Part 4
Notes: Hi all, We’re sharing AWS Solutions Architect Associate (SAA-C02) Practice Exam Part 4 will familiarize you with types of questions you may encounter on the certification exam and help you determine your readiness or if you need more preparation and/or experience. Successful completion of the practice exam does not guarantee you will pass the certification exam as the actual exam is longer and covers a wider range of topics. We highly recommend you should take the AWS Solutions Architect Associate SAA-C02 Actual Exam Version because it include actual exam questions and highlighted answers are collected in our exam. It will help you pass exam in easier way.
181. An organization is deploying Amazon ElastiCache for Redis and requires password protection to improve their data security posture. Which solution should a Solutions Architect recommend?
- A. Redis Auth
- B. AWS Single Sign-On
- C. IAM database authentication
- D. VPC security group for Redis
182. A Solutions Architect must review an application deployed on EC2 instances that currently stores multiple 5-GB files on attached instance store volumes. The company recently experienced a significant data loss after stopping and starting their instances and wants to prevent the data loss from happening again. The solution should minimize performance impact and the number of code changes required.What should the Solutions Architect recommend?
- A. Store the application data in Amazon S3
- B. Store the application data in an EBS volume
- C. Store the application data in Amazon ElastiCache
- D. Store the application data in Amazon DynamoDB
183. A client has set up an Auto Scaling group associated with a load balancer. The client has noticed that instances launched by the Auto Scaling group are reported unhealthy as the result of an Elastic Load Balancing (ELB) health check, but these unhealthy instances are not being terminated. What can a Solutions Architect do to ensure that the instances marked unhealthy will be terminated and replaced?
- A. Increase the value for the health check interval set on the ELB load balancer.
- B. Change the thresholds set on the Auto Scaling group health check.
- C. Change the health check type to ELB for the Auto Scaling group.
- D. Change the health check set on the ELB load balancer to use TCP rather than HTTP checks.
184. A gaming application is heavily dependent on caching and uses Amazon ElastiCache for Redis. The application performance was recently degraded due to failure of the cache node. What should a Solutions Architect recommend to minimize performance degradation in the future?
- A. Migrate from ElastiCache to Amazon RDS
- B. Configure automatic backup to save cache data
- C. Configure ElastiCache Multi-AZ with automatic failover
- D. Use Auto Scaling to provision cache nodes based on CPU usage
185. A Solutions Architect has a three-tier web application that serves customers worldwide. Analysis reveals that product images take more time to load than expected. Which action will improve the image load time?
- A. Store product images on Amazon EBS-optimized storage volumes
- B. Store product images in an Amazon S3 bucket
- C. Use an Amazon CloudFront distribution for product images
- D. Use an Auto Scaling group to add instances for product images
186. A Solutions Architect is trying to bring a data warehouse workload to an Amazon EC2 instance. The data will reside in Amazon EBS volumes and full table scans will be executed frequently. What type of Amazon EBS volume would be most suitable in this scenario?
- A. Throughput Optimized HDD (st1)
- B. Provisioned IOPS SSD (io1)
- C. General Purpose SSD (gp2)
- D. Cold HDD (sc1)
187. A Solution Architect is designing a two-tier application for maximum security, with a web tier running on EC2 instances and the data stored in an RDS DB instance. The web tier should accept user access only through HTTPS connections (port 443) from the Internet, and the data must be encrypted in transit to and from the database. What combination of steps will MOST securely meet the stated requirements? (Choose two.)
- A. Create a security group for the web tier instances that allows inbound traffic only over port 443.
- B. Enforce Transparent Data Encryption (TDE) on the RDS database.
- C. Create a network ACL that allows inbound traffic only over port 443.
- D. Configure the web servers to communicate with RDS by using SSL, and issue certificates to the web tier EC2 instances.
- E. Create a customer master key in AWS KMS and apply it to encrypt the RDS instance.
188. A Solutions Architect is helping a customer migrate an application to AWS. The application is composed of a fleet of Linux servers that currently use a shared file system to read and write data. One of the goals of moving this application to AWS is to increase the reliability of the storage tier. What solution would increase reliability while minimizing the operational overhead of managing this infrastructure?
- A. Create an EBS volume and mount it to all the servers.
- B. Create an EFS file system and mount it to all the servers.
- C. Create an S3 bucket that can be accessed through an S3 VPC Endpoint.
- D. Create two EC2 instances in separate Availability Zones that act as file servers.
189. A customer is looking for a storage archival solution for 1,000 TB of data. The customer requires that the solution be durable and data be available within a few hours of requesting it, but not exceeding a day. The solution should be as cost-effective as possible. To meet security compliance policies, data must be encrypted at rest. The customer expects they will need to fetch the data two times in a year. Which storage solution should a Solutions Architect recommend to meet these requirements?
- A. Copy data to Amazon S3 buckets by using server-side encryption. Move data to Amazon S3 to reduce redundancy storage (RRS).
- B. Copy data to encrypted Amazon EBS volumes, then store data into Amazon S3.
- C. Copy each object into a separate Amazon Glacier vault, and let Amazon Glacier take care of encryption.
- D. Copy data to Amazon S3 with server-side encryption. Configure lifecycle management policies to move data to Amazon Glacier after 0 days.
190. A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address. Which tool or service should a Solutions Architect recommend to block the IP address?
- A. Security groups
- B. Network ACL
- C. AWS WAF
- D. AWS Shield
191. A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places 1-MB images is an S3 bucket. The application then uses a single t2.large instance to transform the image to include a watermark with the company’s brand before writing the image back to the S3 bucket. What should the Solutions Architect recommend to increase the fault tolerance of the solution?
- A. Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events.
- B. Increase the instance size to m4.xlarge and configure Enhanced Networking.
- C. Convert the code to a Lambda function triggered by Amazon S3 events.
- D. Create an Amazon SQS queue to send the images to the t2.large instance.
192. A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request. Which implementation can satisfy all requirements?
- A. Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups.
- B. Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header.
- C. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used.
- D. Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.
193. A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic. Which of the following architectures would meet these requirements?
- A. Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. Use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required.
- B. Re-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. Use an Application Load Balancer to forward incoming requests to web and application servers running on-premises.
- C. Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier.
- D. Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. Use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.
194. A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for web requests to the application. Based on these requirements, what security group rules should be put on the Amazon EC2 instances?
- A. An inbound rule allowing traffic from the security group attached to the ALB
- B. An inbound rule allowing traffic from the network ACLs attached to the ALB
- C. An outbound rule allowing traffic to the security group attached to the ALB
- D. An outbound rule blocking all traffic to the Internet
195. A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime. What could a Solutions Architect recommend to the company in order to keep track of customers’ current session data?
- A. Amazon EC2
- B. Amazon RDS
- C. AWS CloudTrail
- D. Amazon DynamoDB
196. A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices. Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.)
- A. Move static files from ECS to Amazon S3
- B. Use an Amazon Route 53 geolocation routing policy
- C. Scale the environment based on real-time AWS CloudTrail logs
- D. Create a dedicated Elastic Load Balancer for each microservice
- E. Create RDS read replicas and change the application to use these replicas
197. An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions. How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy?
- A. Add an IAM policy for IAM database access to the Lambda execution role.
- B. Store a one-way hash of the password in the Lambda function.
- C. Have the Lambda function use the AWS Systems Manager Parameter Store.
- D. Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.
198. A company is building a critical ingestion service on AWS that will receive 1,000 incoming events per second. The events must be processed in order, and no events may be lost. Multiple applications will need to process each event. The company will expose the service as RESTful calls through an API Gateway. What should a Solutions Architect use to receive the events based on these requirements?
- A. Amazon Kinesis Data Stream
- B. Amazon DynamoDB
- C. Amazon SQS
- D. Amazon SNS
199. An application currently stores objects in Amazon S3-Standard. The application accesses new objects frequently for one week. After one week, they are accessed occasionally for analysis batch jobs. A Solutions Architect has been asked to reduce storage costs for the application while allowing immediate access for batch jobs. How can costs be reduced without reducing data durability?
- A. Create a lifecycle policy that moves Amazon S3 data to Amazon S3 One Zone-Infrequent Access storage after 7 days. After 30 days, move the data to Amazon Glacier.
- B. Keep the data on Amazon S3, and create a lifecycle policy to move S3 data to Amazon Glacier after 7 days.
- C. Move all Amazon S3 data to S3 Standard-Infrequent Access storage, and create a lifecycle policy to move the data to Amazon Glacier after 7 days.
- D. Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3 Standard Infrequent Access storage after 7 days
- A Solutions Architect has been given the following requirements for a company’s VPC:
– The solution is a two-tiered application with a web tier and a database tier.
– All web traffic to the environment must be directed from the Internet to an Application Load Balancer. The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet.
Because of security requirements, databases may not share a route table or subnet with any other service. The environment must be highly available within the same VPC for all services. What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices?
- B. 3
- C. 4
- D. 6
201. A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices. What should the Architect do to implement security best practices in an efficient manner?
- A. Use VPC peering to enforce network consistency
- B. Restrict users from deploying an AWS CloudFormation template
- C. Provide the teams a nested AWS CloudFormation template that builds the VPC correctly
- D. Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards
202. An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances. What should the Solutions Architect recommend to optimize the cost of the environment after business hours?
- A. Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost.
- B. Replace all On-Demand Instances with Spot Instances in the Auto Scaling group.
- C. Purchase Reserved Instances for the minimum number of Auto Scaling instances.
- D. Reduce the number of minimum instances to 0. New requests to the Application Load Balancer create new instances.
203. A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application. How can a Solutions Architect meet this requirement?
- A. Enable AWS CloudTrail for the Application Load Balancer.
- B. Enable Access Logs on the Application Load Balancer.
- C. Install CloudWatch Agent on the Application Load Balancer.
- D. Enable CloudWatch metrics on the Application Load Balancer.
204. As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration?
- A. Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.
- B. Use a third-party solution for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.
- C. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.
- D. Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2
205. A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two Availability Zones. What would be the MOST appropriate VPC design for this specific use case?
- A. Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS.
- B. One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS.
- C. One public subnet for the elastic load balancer, one public subnet for the web servers, and one private subnet for the database.
- D. Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.
206. A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours. What is the MOST cost-effective way to provide enough compute?
- A. Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
- B. Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
- C. Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM.
- D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.
207. A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s during peak hours. The application is currently throttling errors from the DynamoDB table during peak hours. What is the MOST cost-efficient change to support the increased traffic with minimal changes to the application?
- A. Use Amazon SQS to manage the write operations to the DynamoDB table.
- B. Change DynamoDB table configuration to 600 write capacity units.
- C. Increase the number of Amazon EC2 instances to support the traffic.
- D. Configure Amazon DynamoDB Auto Scaling to handle the extra demand.
208. A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators. Which of the following options should the Architect recommend? (Choose two.)
- Create a bastion host in a public subnet, and use the bastion host to connect to the database.
- Log in to the web servers in the public subnet to connect to the database.
- Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet.
- Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database.
- Attach an Elastic IP address to the database
209. A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 instances running behind an ELB Classic Load Balancer. The security team requires that all web servers must be accessible only through the Load Balancer, and that none of the web servers are directly accessible from the Internet. How should the Architect meet these requirements?
- Use a Load Balancer installed on an Amazon EC2 instance.
- Configure the web servers’ security group to deny traffic from the public Internet.
- Create an Amazon CloudFront distribution in front of the ELB Classic Load Balancer.
- Configure the web tier security group to allow only traffic from the ELB Classic Load Balancer.
210. Your company has plan to migrate their 20TB video archive to AWS. The files are rarely accessed but sometime they would like to access and a 3 to 5 hour retrieval time frame is acceptable. However when there is a breakup the editors require access to archived footage within minutes. Which storage solution meets the needs of this organization while providing the LOWEST cost of storage?
- Store the archive in Amazon S3 Reduced Redundancy Storage.
- Store the archive in Amazon Glacier and use standard retrieval for all content.
- Store the archive in Amazon Glacier and pay the additional charge for expedited retrieval when needed.
- Store the archive in Amazon S3 with a lifecycle policy to move this to S3 infrequent access after 30 days.
211. An application tier currently hosts two web services on the same set of instances, listening on different ports.Which AWS service should a solutions architect use to route traffic to the service based on the incoming request.
- AWS Application Load Balancer
- Amazon Cloudfront
- Amazon Route 53
- AWS Classic Load Balancer
212. A development team is building an application with front-end and backend application tiers. Each tier consist of Amazon EC2 instances behind an ELB Classic Load Balancer. The instances run in Auto Scaling groups across multiple Availability Zones. The network team has allocated the 10.0.0.0/24 address space for this application. Only the front-end load balancer should be exposed to the Internet. There are concerns about the limited size of the address space and the ability of each tier to scale. What should the VPC subnet design be in each Availability Zone ?
- One public subnet for the load balancer tier, one public subnet for the front-end tier, and one private subnet for the backend tier.
- One shared public subnet for all tiers of the application.
- One public subnet for the load balancer tier and one shared private subnet for the application tiers.
- One shared private subnet for all tiers of the application.
213. A Company is developing several critical long-running applications hosted on Docker. How should a Solutions Architect design a solution to meet the scalability and orchestration requirements on AWS ?
- Use Amazon ECS and Service Auto Scaling.
- Use Spot Instances for orchestration and for scaling containers on existing Amazon EC2 Instances.
- Use AWS Opsworks to launch containers in new Amazon EC2 Instances.
- Use Auto Scaling groups to launch containers on existing Amazon EC2 Instances.
214. A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading images through the web server will create too much traffic. What is the MOST efficient to store images from a mobile application on Amazon S3?
- Upload directly to S3 using a pre-signed URL
- Upload to a second bucket, and have a Lambda event copy the image to the primary bucket.
- Upload to a separate Auto Scaling group of servers behind an ELB Classic Load Balancer, and have them write to the Amazon S3 bucket.
- Expand the web server fleet with Spot Instances to provide the resources to handle the images.
215. A Solutions Architect is developing a new web application on AWS. The architect expects the application to become very popular, so the application must scale to support the load. The Architect wants to focus on software development and deploying new features without provisioning or managing instances. Which solution is appropriate?
- Amazon API Gateway and AWS Lambda
- Elastic Load Balancing with Auto Scaling groups and Amazon EC2
- Amazon API Gateway and Amazon EC2
- Amazon Cloudfront and AWS Lambda.
216. You have an application running in us-west-2 that requires six EC2 instances running at all times. With three Availability Zones in that region (us-west-2a, us-west-2b and us-west-2c) which of the following deployments provides fault tolerance if any Availability Zone in us-west-2 become unavailable? (SELECT TWO)
- 2 EC2 instances in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c
- 3 EC2 instances in us-west-2a, 3 EC2 instances in us-west-2b, no EC2 instances in us-west-2c
- 4 EC2 instances in us-west-2a, 2 EC2 instances in us-west-2b, 2 EC2 instances in us-west-2c
- 6 EC2 instances in us-west-2a, 6 EC2 instances in us-west-2b, no EC2 instances in us-west-2c
- 3 EC2 instances in us-west-2a, 3 EC2 instances in us-west-2b, 3 EC2 instances in us-west-2c
217. A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances show no traffic, except for web request to the application.Based on these requirements, what security groups rules should be put on the Amazon EC2 instances?
- An inbound rule allowing traffic from the security group attached to the ALB
- An inbound rule allowing traffic from the network ACLs attached to the ALB
- An outbound rule allowing traffic to the security group attached to the ALB
- An outbound rule blocking all traffic to the internet.
218. A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system. Which action should a Solutions Architect recommend to improve this process?
- Use the AWS CLI to create queues using AWS IAM Access Keys.
- Write a script to create the Amazon SQS queue using AWS Lambda
- Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues.
- Use AWS Cloudformation Templates to manage the Amazon SQS queue creation.
219. A company has a popular multiplayer mobile game hosted in its on-premise datacenter. The current infrastructure can no longer keep up with demand and the company considering a move to the cloud. Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?
- Amazon EC2 and an Application Load Balancer
- Amazon S3 and Amazon Cloudfront
- Amazon EC2 and Amazon Elastic Transcoder
- AWS Lambda and Amazon API Gateway
- A solutions Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet the requirements?
- Configure the database security group to allow database traffic from the application server IP addresses.
- Configure the database security group to allow database traffic from the application server security group
- Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
- Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
221. A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application store data in DynamoDB. The Architect needs to secure access to the DynamoDB table. What combination of steps does AWS recommend to archive secure authorization? ( Select TWO )
- Store an access key on the Amazon EC2 instance with rights to the DynamoDB table.
- Attach an IAM user to the Amazon EC2 instance.
- Create an IAM role with permissions to write to the DynamoDB table.
- Attach an IAM role to the Amazon EC2 instance.
- Attach an IAM policy to the Amazon EC2 instance.
222. A Solution Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500MB/s. Which storage type will meet the performance requirements of this application?
- EBS Provisioned IOPS SSD
- EBS General Purpose SSD
- EBS Cold HDD
- EBS Throughput Optimized HDD
223. A Solution Architect is designing a solution that must store and retrieve session data and JSON documents. The solution must provide high availability, strong consistent, and data durability. Which solution meets these requirements?
- Amazon EBS volume with Provisioned IOPS
- Amazon EC2 instance store
- Amazon SQS
- Amazon DynamoDB table
224. A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10000 each minutes. Usage can vary depending on time day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expect traffic? (Select TWO)
- Launch Amazon EC2 instances in an Auto Scaling group behind an ELB
- Store all static files in a multi-AZ Amazon Aurora database
- Create an Cloudfront distribution pointing to static content in Amazon S3
- Use Amazon Route 53 to route traffic to the correct region
- Use Amazon S3 multipart uploads to improve upload times
225. A Solutions Architect is designing a web application. The web and application tiers need to access the internet, but they cannot be accessed from the Internet. Which of the following steps is required?
- Attach an Elastic IP address to each Amazon EC2 instance and add a route from the private subnet to the public subnet.
- Launch a NAT gateway in the public subnet and add a route to it from the private subnet.
- Launch Amazon EC2 instances in the public subnet and change the security group to allow outbound traffic on port 80
- Launch a NAT gateway in the private subnet and deploy a NAT instance in the private subnet.
226. A team has an application that detects new objects being uploaded into an Amazon S3 bucket. The uploads trigger Lambda function to write object metadata into an Amazon DynamoDB table and RDS PostgreSQL database. Which action should the team take to ensure high availability?
- Enable cross-region replication in the Amazon S3 bucket
- Create a Lambda function for each Availability Zone the application is deployed in.
- Enable multi-AZ on the RDS PostgreSQL database.
- Create a DynamoDB stream for the DynamoDB table.
227. A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers. How should a Solutions Architect design a solution to meet the requirements without impacting running application.
- Create a network ACL on the web server’s subnet, and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet.
- Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
- Create a network ACL on the web servers subnet, allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic.
- Open the MySQL port on the security group for web server and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
228. A user is designing a new service that receives location updates from 3600 rental cars every hour. The cars upload the location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale?
- Amazon EC2 and Amazon EBS
- Amazon Kinesis Firehose and Amazon S3
- Amazon ECS and Amazon RDS
- Amazon S3 events and AWS Lambda
229. A Solutions Architect is designing a Lambda function that calls an API to list all running Amazon RDS instances. How should the request be authorized?
- Create an IAM access and secret key, and store it in the Lambda function
- Assign an IAM role to the Lambda function with permissions to list all Amazon RDS instances.
- Assign an IAM role to Amazon RDS with permissions to list all Amazon RDS instances.
- Create an IAM access and secret key, and store it in an encrypted RDS database.
230. A Solutions Architect is designing a solution to store a large quantity of event data in Amazon S3. The architect anticipates that the workload will consistently exceed 100 requests each second. What should the architect do in Amazon S3 to optimize performance?
- Randomize a key name prefix
- Store the event data in separate buckets
- Randomize the key name suffix
- Use Amazon S3 Transfer Acceleration
231. An e-commerce application is hosted in AWS. The last time a new product was launched, the application experienced a performance issue due to an enormous spike in traffic. Management decided that capacity must be doubled the week of future product launches. Which is the MOST efficient way for management to ensure that capacity requirements are met?
- Add a Step scaling policy
- Add a Dynamic Scaling policy
- Add a Scheduled Scaling action
- Add Amazon EC2 Spot instances.
232. A legacy application running on premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place. How should the Architect meet this requirement?
- Create an IAM role that allows access from the corporate network to Amazon S3
- Configure a proxy on Amazon Ec2 and use an Amazon S3 VPC endpoint
- Use Amazon API Gateway to do IP whitelisting.
- Configure IP whitelisting on the customers gateway.
233. An application is running in a single AWS region. The business team adds a requirement to run the application in a second region for multi-region high availability. A Solutions Architect needs to enable traffic to be distributed to multiple regions for high availability. Which AWS service meets the requirements?
- Amazon Route 53
- Elastic Load Balancing
- Amazon Cloudfront
- Amazon S3 Website hosting.
234. A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00 AM the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage of the call center staff starts work at 9:00 AM, so Auto Scaling does not have enough time to scale out to meet demand. How can the Architect fix the problem?
- Change the Auto Scaling group scale out event to scale based on network utilization.
- Create an Autoscaling scheduled action to scale out the necessary resources at 8:30 AM every morning.
- Use Reserved Instances to ensure the system has reserved the right amount of capacity for the scale-up events.
- Permanently keep a steady state of instances that is needed at 9:00 AM to guarantee available resources, but leverage Spot Instances.
235. A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available. What should an administrator do to improve performance?
- Convert the database to Amazon Redshift
- Create a Cloudfront distribution
- Convert the database to use EBS provisioned IOPS
- Create one or more read replicas.
237. A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a three-tier web application hosted in an on-premise data center. Which solution allows rapid provision of a working, fully-scaled production environment?
- Continuously replicate the production database server to Amazon RDS. Use AWS CloudFormation to deploy the application and any additional servers if necessary.
- Continuously replicate the production database server to Amazon RDS. Create one application load balancer and register on premises servers. Configure ELB Application Load Balancer to automatically deploy Amazon EC2 instances for application and additional servers if the on-premises application is down.
- Use a scheduled Lambda function to replicate the production database to AWS. Use Amazon Route 53 health checks to deploy the application automatically to Amazon S3 if production is unhealthy.
- Use a scheduled Lambda function to replicate the production database to AWS. Register on-premises servers to an Auto Scaling group and deploy the application and additional servers if production is unavailable.
238. An application is running on an Amazon EC2 instance in a private subnet. The application needs to read and write data on to Amazon Kinesis Data Streams, and corporate policy requires that this traffic should not go to the internet. How can these requirements be met?
- Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis through the Nat gateway.
- Configure a gateway VPC endpoint for Kinesis and route all traffic to Kinesis through the gateway VPC endpoint.
- Configure an interface VPC endpoint for Kinesis and route all traffic to Kinesis through the interface VPC endpoint.
- Configure an AWS Direct Connect private virtual interface for Kinesis and route all traffic to Kinesis through the virtual interface.
239. An organization stores customer files and must frequently increase the size of its on-premises storage system to enable quick access and archiving. The organization needs an AWS solution. How can this requirement be met at the lowest cost?
- Use Amazon Glacier for regular storage and Amazon S3 for archiving data.
- Use Amazon S3 for regular storage and Amazon Glacier for archiving data.
- Use Amazon EBS for regular storage and Amazon S3 for archiving data.
- Use Amazon EBS for archiving data and Amazon Glacier for regular storage.
240. A startup company is building an application to track the high scores for a popular video game. Their Solution Architect tasked with designing a solution to allow real-time processing of scores from millions of players worldwide. Which AWS service should the Architect use to provide reliable data ingestion from the video game into the datastore?
- AWS Data Pipeline
- Amazon Kinesis Firehose
- Amazon DynamoDB Streams
- Amazon Elasticsearch Service
241. Your company deploy a simple API for their website that receives about 1000 requests each day and has an average response time of 50 ms. It is currently hosted on one c4.large instance. Which changes to the architecture will provide high availability at the LOWEST cost?
- Create an Auto Scaling group with a minimum of one instance and a maximum of two instances, then use an Application Load Balancer to balance the traffic.
- Recreate the API using Amazon API Gateway and use AWS Lambda as the service backend.
- Create an Auto Scaling group with a minimum and a maximum of low instances, then use an Application Load Balancer to balance the traffic.
- Recreate the API using Amazon API Gateway and integrate the new API with the existing backend service.
242. A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralization document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamic and able to serve up to 100 concurrent EC2 instances. Which solution meets these requirements?
- Create an Amazon S3 bucket and store all of the documents in this bucket.
- Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s).
- Use Amazon Glacier to store all of the documents.
- Create an Amazon Elastic File System ( Amazon EFS ) to store and share the documents.