AWS SAA-C03 Exam Questions for Effective Preparation | AWS Certified Solutions Architect

Question #1

An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC

A. The application requires access to a database in VPC B

A. reate a DB instance security group that allows all traffic from the public IP address of the application server in VPC

B. onfigure a VPC peering connection between VPC A and VPC

C. ake the DB instance publicly accessible

D. aunch an EC2 instance with an Elastic IP address into VPC B

View answer

Correct Answer: B

Question #2

A company runs an application on Amazon EC2 instances. The company needs to implement a disaster recovery (DR) solution for the application. The DR solution needs to have a recovery time objective (RTO) of less than 4 hours. The DR solution also needs to use the fewest possible AWS resources during normal operations.Which solution will meet these requirements in the MOST operationally efficient way?

A. reate Amazon Machine Images (AMIs) to back up the EC2 instances

B. reate Amazon Machine Images (AMIs) to back up the EC2 instances

C. aunch EC2 instances in a secondary AWS Region

D. aunch EC2 instances in a secondary Availability Zone

View answer

Correct Answer: B

Question #3

A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.Which change to the network architecture should a solutions architect recommend to

A. reate a NAT gateway

B. onfigure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted

C. ove the EC2 instances to private subnets

D. emove the internet gateway from the VPC

View answer

Correct Answer: C

Question #4

A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region. The database is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. The company was recently acquired and must securely share a backup of the database with the acquiring company’s AWS account in ap-southeast-3.What should a solutions architect do to meet these requirements?

A. reate a database snapshot

B. reate a database snapshot

C. reate a database snapshot that uses a different AWS managed KMS key

D. reate a database snapshot

View answer

Correct Answer: B

Question #5

A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement. new documents cannot be modified or deleted after they are stored.What should a solutions architect do to meet this requirement?

A. tore the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled

B. tore the uploaded documents in an Amazon S3 bucket

C. tore the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled

D. tore the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume

View answer

Correct Answer: A

Question #6

A company moved its on-premises PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. The company successfully launched a new product. The workload on the database has increased. The company wants to accommodate the larger workload without adding infrastructure.Which solution will meet these requirements MOST cost-effectively?

A. uy reserved DB instances for the total workload

B. ake the Amazon RDS for PostgreSQL DB instance a Multi-AZ DB instance

C. uy reserved DB instances for the total workload

D. ake the Amazon RDS for PostgreSQL DB instance an on-demand DB instance

View answer

Correct Answer: A

Question #7

A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has deployments across multiple AWS Regions.The company needs to route users to the Region with the lowest latency. The company also needs automated failover between Regions.Which solution will meet these requirements?

A. eploy a Network Load Balancer (NLB) and an associated target group

B. eploy an Application Load Balancer (ALB) and an associated target group

C. eploy a Network Load Balancer (NLB) and an associated target group

View answer

Correct Answer: A

Question #8

A development team has launched a new application that is hosted on Amazon EC2 instances inside a development VPC. A solutions architect needs to create a new VPC in the same account. The new VPC will be peered with the development VPC. The VPC CIDR block for the development VPC is 192.168.0.0/24. The solutions architect needs to create a CIDR block for the new VPC. The CIDR block must be valid for a VPC peering connection to the development VPC.What is the SMALLEST CIDR block that meets these requirements?

A. 0

B. 92

C. 92

D. 0

View answer

Correct Answer: D

Question #9

A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application.What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?

A. se DynamoDB transactions to write new event data to the table

B. ave the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics

C. nable Amazon DynamoDB Streams on the table

D. dd a custom attribute to each record to flag new items

View answer

Correct Answer: C

Question #10

A solutions architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.Which solution meets these requirements and is MOST secure?

A. onfigure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets

B. onfigure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets

C. onfigure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets

D. onfigure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets

View answer

Correct Answer: C

Question #11

A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than

A. reate an Amazon Kinesis Data Firehose delivery stream to ingest the alerts

B. aunch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts

C. reate an Amazon Kinesis Data Firehose delivery stream to ingest the alerts

D. reate an Amazon Simple Queue Service (Amazon SQS) standard queue to ingest the alerts, and set the message retention period to 14 days

View answer

Correct Answer: A

Question #12

A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

A. reate a peering connection between the VPCs

B. reate a Transit VPC

C. reate a peering connection between the VPCs

D. reate a Transit VPC

View answer

Correct Answer: AC

Question #13

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never al

A. opy the data so both EBS volumes contain all the documents

B. onfigure the Application Load Balancer to direct a user to the server with the documents

C. opy the data from both EBS volumes to Amazon EFS

D. onfigure the Application Load Balancer to send the request to both servers

View answer

Correct Answer: C

Question #14

A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are deliver

A. ncrease the size of the DB instance to an instance type that has more available memory

B. odify the DB instance to be a Multi-AZ DB instance

C. odify the API to write incoming data to an Amazon Simple Queue Service (Amazon SQS) queue

D. odify the API to write incoming data to an Amazon Simple Notification Service (Amazon SNS) topic

View answer

Correct Answer: B

Question #15

A company has an application that runs on several Amazon EC2 instances. Each EC2 instance has multiple Amazon Elastic Block Store (Amazon EBS) data volumes attached to it. The application’s EC2 instance configuration and data need to be backed up nightly. The application also needs to be recoverable in a different AWS Region.Which solution will meet these requirements in the MOST operationally efficient way?

A. rite an AWS Lambda function that schedules nightly snapshots of the application’s EBS volumes and copies the snapshots to a different Region

B. reate a backup plan by using AWS Backup to perform nightly backups

C. reate a backup plan by using AWS Backup to perform nightly backups

D. rite an AWS Lambda function that schedules nightly snapshots of the application's EBS volumes and copies the snapshots to a different Availability Zone

View answer

Correct Answer: B

Question #16

An application runs on an Amazon EC2 instance that has an Elastic IP address in VPC

A. The application requires access to a database in VPC B

A. reate a DB instance security group that allows all traffic from the public IP address of the application server in VPC

B. onfigure a VPC peering connection between VPC A and VPC

C. ake the DB instance publicly accessible

D. aunch an EC2 instance with an Elastic IP address into VPC B

View answer

Correct Answer: B

Question #17

A company hosts a frontend application that uses an Amazon API Gateway API backend that is integrated with AWS Lambda. When the API receives requests, the Lambda function loads many libraries. Then the Lambda function connects to an Amazon RDS database, processes the data, and returns the data to the frontend application. The company wants to ensure that response latency is as low as possible for all its users with the fewest number of changes to the company's operations.Which solution will meet these requi

A. stablish a connection between the frontend application and the database to make queries faster by bypassing the API

B. onfigure provisioned concurrency for the Lambda function that handles the requests

C. ache the results of the queries in Amazon S3 for faster retrieval of similar datasets

D. ncrease the size of the database to increase the number of connections Lambda can establish at one time

View answer

Correct Answer: B

Question #18

A company has a web application that is based on Java and PHP. The company plans to move the application from on premises to AWS. The company needs the ability to test new site features frequently. The company also needs a highly available and managed solution that requires minimum operational overhead.Which solution will meet these requirements?

A. reate a read replica

B. reate a read replica

C. igrate the ordering application to Amazon DynamoDB with on-demand capacity

D. chedule the reporting queries for non-peak hours

View answer

Correct Answer: B

Question #19

A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company's user base grows while providing the lowest login latency possible.Which solution will meet th

A. se Amazon Cognito for authentication

B. se AWS Directory Service for Microsoft Active Directory for authentication

C. se Amazon Cognito for authentication

D. se AWS Directory Service for Microsoft Active Directory for authentication

View answer

Correct Answer: A

Question #20

As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most efficient way to obtain this report information.Which solution meets these requirements?

A. un a query with Amazon Athena to generate the report

B. reate a report in Cost Explorer and download the report

C. ccess the bill details from the billing dashboard and download the bill

D. odify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES)

View answer

Correct Answer: B

Question #21

A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.What should a solutions architect do to meet these requirements?

A. reate an AWS Lambda function to apply the patch to all EC2 instances

B. onfigure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances

C. onfigure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances

D. se AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances

View answer

Correct Answer: D

Question #22

A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.How should the scaling be changed to address the staff complai

A. mplement a scheduled action that sets the desired capacity to 20 shortly before the office opens

B. mplement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period

C. mplement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period

D. mplement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens

View answer

Correct Answer: A

Question #23

A company uses Amazon EC2 instances and AWS Lambda functions to run its application. The company has VPCs with public subnets and private subnets in its AWS account. The EC2 instances run in a private subnet in one of the VPCs. The Lambda functions need direct network access to the EC2 instances for the application to work.The application will run for at least 1 year. The company expects the number of Lambda functions that the application uses to increase during that time. The company wants to maximize its

A. urchase an EC2 Instance Savings Plan Optimize the Lambda functions’ duration and memory usage and the number of invocations

B. urchase an EC2 Instance Savings Plan Optimize the Lambda functions' duration and memory usage, the number of invocations, and the amount of data that is transferred

C. urchase a Compute Savings Plan

D. urchase a Compute Savings Plan

View answer

Correct Answer: C

Question #24

A company is developing an ecommerce application that will consist of a load-balanced front end, a container-based application, and a relational database. A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible.Which solutions meet these requirements? (Choose two.)

A. se AWS Transfer Family to configure an SFTP-enabled server with a publicly accessible endpoint

B. se Amazon S3 File Gateway as an SFTP server

C. aunch an Amazon EC2 instance in a private subnet in a VP Instruct the new partner to upload files to the EC2 instance by using a VPN

D. aunch Amazon EC2 instances in a private subnet in a VPC

View answer

Correct Answer: AD

Question #25

A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.Which solution will meet these requirements?

A. se an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application receives an order

B. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an order

C. se an API Gateway authorizer to block any requests while the application processes an order

D. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the application receives an order

View answer

Correct Answer: A

Question #26

A solutions architect is designing the architecture for a software demonstration environment. The environment will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The system will experience significant increases in traffic during working hours but is not required to operate on weekends.Which combination of actions should the solutions architect take to ensure that the system can scale to meet demand? (Choose two.)

A. reate an AWS DataSync task that shares the data as a mountable file system

B. reate an AWS Storage Gateway file gateway

C. reate an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre

D. reate an Amazon FSx for Lustre file system

View answer

Correct Answer: DE

Question #27

A solutions architect has created a new AWS account and must secure AWS account root user access. Which combination of actions will accomplish this? (Choose two.)

A. se AWS Key Management Service (AWS KMS) certificates on the ALB to encrypt data in transit

B. se the AWS root account to log in to the AWS Management Console

C. se AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest

D. se BitLocker to encrypt all data at rest

View answer

Correct Answer: AB

Question #28

A company runs its ecommerce application on AWS. Every new order is published as a massage in a RabbitMQ queue that runs on an Amazon EC2 instance in a single Availability Zone. These messages are processed by a different application that runs on a separate EC2 instance. This application stores the details in a PostgreSQL database on another EC2 instance. All the EC2 instances are in the same Availability Zone.The company needs to redesign its architecture to provide the highest availability with the least

A. igrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ

B. igrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ

C. reate a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue

D. reate a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue

View answer

Correct Answer: B

Question #29

A company is building a solution that will report Amazon EC2 Auto Scaling events across all the applications in an AWS account. The company needs to use a serverless solution to store the EC2 Auto Scaling status data in Amazon S3. The company then will use the data in Amazon S3 to provide near-real-time updates in a dashboard. The solution must not affect the speed of EC2 instance launches.How should the company move the data to Amazon S3 to meet these requirements?

A. se an Amazon CloudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose

B. aunch an Amazon EMR cluster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose

C. reate an Amazon EventBridge rule to invoke an AWS Lambda function on a schedule

D. se a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent

View answer

Correct Answer: A

Question #30

A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes to an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.What should a solutions architect do to ensure messages are being processed once only?

A. se the CreateQueue API call to create a new queue

B. se the AddPermission API call to add appropriate permissions

C. se the ReceiveMessage API call to set an appropriate wait time

D. se the ChangeMessageVisibility API call to increase the visibility timeout

View answer

Correct Answer: D

Question #31

A company is running a multi-tier ecommerce web application in the AWS Cloud. The application runs on Amazon EC2 instances with an Amazon RDS for MySQL Multi-AZ DB instance. Amazon RDS is configured with the latest generation DB instance with 2,000 GB of storage in a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. The database performance affects the application during periods of high demand.A database administrator analyzes the logs in Amazon CloudWatch Logs and discovers that the

A. eplace the volume with a magnetic volume

B. ncrease the number of IOPS on the gp3 volume

C. eplace the volume with a Provisioned IOPS SSD (io2) volume

D. eplace the 2,000 GB gp3 volume with two 1,000 GB gp3 volumes

View answer

Correct Answer: C

Question #32

A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.Which solution meets these requirements?

A. reate an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones

B. reate an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data

C. reate an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data

D. reate an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance

View answer

Correct Answer: B

Question #33

A company deploys an application on five Amazon EC2 instances. An Application Load Balancer (ALB) distributes traffic to the instances by using a target group. The average CPU usage on each of the instances is below 10% most of the time, with occasional surges to 65%.A solutions architect needs to implement a solution to automate the scalability of the application. The solution must optimize the cost of the architecture and must ensure that the application has enough CPU resources when surges occur.Which so

A. reate an Amazon CloudWatch alarm that enters the ALARM state when the CPUUtilization metric is less than 20%

B. reate an EC2 Auto Scaling group

C. reate an EC2 Auto Scaling group

D. reate two Amazon CloudWatch alarms

View answer

Correct Answer: B

Question #34

A company hosts a website analytics application on a single Amazon EC2 On-Demand Instance. The analytics software is written in PHP and uses a MySQL database. The analytics software, the web server that provides PHP, and the database server are all hosted on the EC2 instance. The application is showing signs of performance degradation during busy times and is presenting 5xx errors. The company needs to make the application scale seamlessly.Which solution will meet these requirements MOST cost-effectively?

A. igrate the database to an Amazon RDS for MySQL DB instance

B. igrate the database to an Amazon RDS for MySQL DB instance

C. igrate the database to an Amazon Aurora MySQL DB instance

D. igrate the database to an Amazon Aurora MySQL DB instance

View answer

Correct Answer: D

Question #35

A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed: If the messages fail to process, they must be retained so that they do not impact the processing of any remaining message

A. et up an Amazon EC2 instance running a Redis database

B. se an Amazon Kinesis data stream to receive the messages from the sender application

C. ntegrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue

D. ubscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process

View answer

Correct Answer: C

Question #36

A company is migrating applications to AWS. The applications are deployed in different accounts. The company manages the accounts centrally by using AWS Organizations. The company's security team needs a single sign-on (SSO) solution across all the company's accounts. The company must continue managing the users and groups in its on-premises self-managed Microsoft Active Directory.Which solution will meet these requirements?

A. nable AWS Single Sign-On (AWS SSO) from the AWS SSO console

B. nable AWS Single Sign-On (AWS SSO) from the AWS SSO console

C. se AWS Directory Service

D. eploy an identity provider (IdP) on premises

View answer

Correct Answer: B

Question #37

A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3 Due to security concerns, the company requires a pnvate and secure connection between its EC2 resources and Amazon S3.Which solution meets these requirements?

A. et up S3 bucket policies to allow access from a VPC endpomt

B. et up an 1AM policy to grant read-write access to the S3 bucket

C. et up a NAT gateway to access resources outside the private subnet

D. et up an access key ID and a secret access key to access the S3 bucket

View answer

Correct Answer: A

Question #38

A company is planning to move its data to an Amazon S3 bucket. The data must be encrypted when it is stored in the S3 bucket. Additionally, the encryption key must be automatically rotated every year.Which solution will meet these requirements with the LEAST operational overhead?

A. ove the data to the S3 bucket

B. reate an AWS Key Management Service (AWS KMS) customer managed key

C. reate an AWS Key Management Service (AWS KMS) customer managed key

D. ncrypt the data with customer key material before moving the data to the S3 bucket

View answer

Correct Answer: B

Question #39

A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.Which solution will meet these requirements?

A. se an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application receives an order

B. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an order

C. se an API Gateway authorizer to block any requests while the application processes an order

D. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the application receives an order

View answer

Correct Answer: B

Question #40

A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.Which policy should be used to meet this requirement?

A. imple routing policy

B. atency routing policy

C. ultivalue routing policy

D. eolocation routing policy

View answer

Correct Answer: C

Question #41

A company is running a multi-tier ecommerce web application in the AWS Cloud. The application runs on Amazon EC2 instances with an Amazon RDS for MySQL Multi-AZ DB instance. Amazon RDS is configured with the latest generation DB instance with 2,000 GB of storage in a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume. The database performance affects the application during periods of high demand.A database administrator analyzes the logs in Amazon CloudWatch Logs and discovers that the

A. eplace the volume with a magnetic volume

B. ncrease the number of IOPS on the gp3 volume

C. eplace the volume with a Provisioned IOPS SSD (io2) volume

D. eplace the 2,000 GB gp3 volume with two 1,000 GB gp3 volumes

View answer

Correct Answer: C

Question #42

A company stores raw collected data in an Amazon S3 bucket. The data is used for several types of analytics on behalf of the company's customers. The type of analytics requested determines the access pattern on the S3 objects.The company cannot predict or control the access pattern. The company wants to reduce its S3 costs.Which solution will meet these requirements?

A. se S3 replication to transition infrequently accessed objects to S3 Standard-Infrequent Access (S3 Standard-IA)

B. se S3 Lifecycle rules to transition objects from S3 Standard to Standard-Infrequent Access (S3 Standard-IA)

C. se S3 Lifecycle rules to transition objects from S3 Standard to S3 Intelligent-Tiering

D. se S3 Inventory to identify and transition objects that have not been accessed from S3 Standard to S3 Intelligent-Tiering

View answer

Correct Answer: C

Question #43

An application development team is designing a microservice that will convert large images to smaller, compressed images. When a user uploads an image through the web interface, the microservice should store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function, and store the image in its compressed form in a different S3 bucket.A solutions architect needs to design a solution that uses durable, stateless components to process the images automatically.Which combination

A. reate a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection

B. reate an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection

C. eploy a transit gateway in the inspection VP Configure route tables to route the incoming packets through the transit gateway

D. eploy a Gateway Load Balancer in the inspection VPC

View answer

Correct Answer: AB

Question #44

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.What should the company do to guarantee the EC2 capacity?

A. ove the catalog to Amazon ElastiCache for Redis

B. eploy a larger EC2 instance with a larger instance store

C. ove the catalog from the instance store to Amazon S3 Glacier Deep Archive

D. ove the catalog to an Amazon Elastic File System (Amazon EFS) file system

View answer

Correct Answer: D

Question #45

A company is planning to migrate a commercial off-the-shelf application from its on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.Which Amazon EC2 pricing option is the MOST cost-effective?

A. edicated Reserved Hosts

B. edicated On-Demand Hosts

C. edicated Reserved Instances

D. edicated On-Demand Instances

View answer

Correct Answer: A

Question #46

A company wants to reduce the cost of its existing three-tier web architecture. The web, application, and database servers are running on Amazon EC2 instances for the development, test, and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours.The production EC2 instances run 24 hours a day. The development and test EC2 instances run for at least 8 hours each day. The company plans to implement automation to stop the developmen

A. se Spot Instances for the production EC2 instances

B. se Reserved Instances for the production EC2 instances

C. se Spot blocks for the production EC2 instances

D. se On-Demand Instances for the production EC2 instances

View answer

Correct Answer: B

Question #47

A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company’s security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.Which solution will meet this requirement with the LEAST amount of administrative overhead?

A. ublish data to Amazon Kinesis Data Streams

B. ublish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination

C. tore ingested data in an EC2 instance store

D. tore ingested data in an Amazon Elastic Block Store (Amazon EBS) volume

View answer

Correct Answer: A

Question #48

A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.How should a solutions architect accomplish this?

A. reate an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages

B. reate an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process

C. reate an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages

D. reate an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process

View answer

Correct Answer: A

Question #49

A company is building a containerized application on premises and decides to move the application to AWS. The application will have thousands of users soon after it is deployed. The company is unsure how to manage the deployment of containers at scale. The company needs to deploy the containerized application in a highly available architecture that minimizes operational overhead.Which solution will meet these requirements?

A. tore container images in an Amazon Elastic Container Registry (Amazon ECR) repository

B. tore container images in an Amazon Elastic Container Registry (Amazon ECR) repository

C. tore container images in a repository that runs on an Amazon EC2 instance

D. reate an Amazon EC2 Amazon Machine Image (AMI) that contains the container image

View answer

Correct Answer: A

Question #50

A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.What should a solutions architect recommend?

A. eploy Amazon Inspector and associate it with the ALB

B. eploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule

C. eploy rules to the network ACLs associated with the ALB to block the incomingtraffic

D. eploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty

View answer

Correct Answer: B

Question #51

A reporting team receives files each day in an Amazon S3 bucket. The reporting team manually reviews and copies the files from this initial S3 bucket to an analysis S3 bucket each day at the same time to use with Amazon QuickSight. Additional teams are starting to send more files in larger sizes to the initial S3 bucket.The reporting team wants to move the files automatically analysis S3 bucket as the files enter the initial S3 bucket. The reporting team also wants to use AWS Lambda functions to run pattern

A. reate a Lambda function to copy the files to the analysis S3 bucket

B. reate a Lambda function to copy the files to the analysis S3 bucket

C. onfigure S3 replication between the S3 buckets

D. onfigure S3 replication between the S3 buckets

View answer

Correct Answer: D

Question #52

A company is planning to move its data to an Amazon S3 bucket. The data must be encrypted when it is stored in the S3 bucket. Additionally, the encryption key must be automatically rotated every year.Which solution will meet these requirements with the LEAST operational overhead?

A. ove the data to the S3 bucket

B. reate an AWS Key Management Service (AWS KMS) customer managed key

C. reate an AWS Key Management Service (AWS KMS) customer managed key

D. ncrypt the data with customer key material before moving the data to the S3 bucket

View answer

Correct Answer: B

Question #53

A company has a data ingestion workflow that consists of the following:• An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries• An AWS Lambda function to process the data and record metadataThe company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.Which combination of actions should a

A. se an Amazon S3 bucket as a secure transfer point

B. se an Amazon S3 bucket as a secure transfer point

C. mplement custom scanning algorithms in an AWS Lambda function

D. mplement custom scanning algorithms in an AWS Lambda function

View answer

Correct Answer: BE

Question #54

A company is designing an application where users upload small files into Amazon S3. After a user uploads a file, the file requires one-time simple processing to transform the data and save the data in JSON format for later analysis.Each file must be processed as quickly as possible after it is uploaded. Demand will vary. On some days, users will upload a high number of files. On other days, users will upload a few files or no files.Which solution meets these requirements with the LEAST operational overhead

A. onfigure Amazon EMR to read text files from Amazon S3

B. onfigure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue

C. onfigure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue

D. onfigure Amazon EventBridge (Amazon CloudWatch Events) to send an event to Amazon Kinesis Data Streams when a new file is uploaded

View answer

Correct Answer: C

Question #55

A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in anotherAWS Region with minimal downtime.What should a solutions architect do to meet these requirements with the LEAST amount of downtime?

A. reate an Auto Scaling group and a load balancer in the disaster recovery Region

B. reate an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be launched when needed Configure DNS failover to point to the new disaster recovery Region's load balancer

C. reate an AWS CloudFormation template to create EC2 instances and a load balancer to be launched when needed

D. reate an Auto Scaling group and load balancer in the disaster recovery Region

View answer

Correct Answer: A

Question #56

A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

A. eleting IAM users

B. eleting directories

C. eleting Amazon EC2 instances

D. eleting logs from Amazon CloudWatch Logs

View answer

Correct Answer: C

Question #57

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance. After a routine compliance check, the company sets a standard that requires a recovery point objective (RPO) of less than 1 second for all its production databases.Which solution meets these requirements?

A. nable a Multi-AZ deployment for the DB instance

B. nable auto scaling for the DB instance in one Availability Zone

C. onfigure the DB instance in one Availability Zone, and create multiple read replicas in a separate Availability Zone

D. onfigure the DB instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

View answer

Correct Answer: A

Question #58

A company is running its production and nonproduction environment workloads in multiple AWS accounts. The accounts are in an organization in AWS Organizations. The company needs to design a solution that will prevent the modification of cost usage tags.Which solution will meet these requirements?

A. reate a custom AWS Config rule to prevent tag modification except by authorized principals

B. reate a custom trail in AWS CloudTrail to prevent tag modification

C. reate a service control policy (SCP) to prevent tag modification except by authorized principals

D. reate custom Amazon CloudWatch logs to prevent tag modification

View answer

Correct Answer: C

Question #59

A company is migrating a distributed application to AWS. The application serves variable workloads. The legacy platform consists of a primary server that coordinates jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes resiliency and scalability.How should a solutions architect design the architecture to meet these requirements?

A. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs

B. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs

C. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group

D. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group

View answer

Correct Answer: B

Question #60

A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally.Which AWS solution should the company use to meet these requirements?

A. mazon S3 File Gateway

B. WS Storage Gateway Tape Gateway

C. WS Storage Gateway Volume Gateway stored volumes

D. WS Storage Gateway Volume Gateway cached volumes

View answer

Correct Answer: D

Question #61

A solutions architect configured a VPC that has a small range of IP addresses. The number of Amazon EC2 instances that are in the VPC is increasing, and there is an insufficient number of IP addresses for future workloads.Which solution resolves this issue with the LEAST operational overhead?

A. dd an additional IPv4 CIDR block to increase the number of IP addresses and create additional subnets in the VPC

B. reate a second VPC with additional subnets

C. se AWS Transit Gateway to add a transit gateway and connect a second VPC with the first VPUpdate the routes of the transit gateway and VPCs

D. reate a second VPC

View answer

Correct Answer: A

Question #62

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.The application has increased in popularity, and millions of users worldwide accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.Which solution meets these requirements MOST cost-effectively?

A. eploy an AWS Global Accelerator accelerator in front of the web servers

B. eploy an Amazon CloudFront web distribution in front of the S3 bucket

C. eploy an Amazon ElastiCache for Redis instance in front of the web servers

D. eploy an Amazon ElastiCache for Memcached instance in front of the web servers

View answer

Correct Answer: B

Question #63

A company has implemented a self-managed DNS service on AWS. The solution consists of the following:•Amazon EC2 instances in different AWS Regions•Endpoints of a standard accelerator in AWS Global AcceleratorThe company wants to protect the solution against DDoS attacks.What should a solutions architect do to meet this requirement?

A. ubscribe to AWS Shield Advanced

B. ubscribe to AWS Shield Advanced

C. reate an AWS WAF web ACL that includes a rate-based rule

D. reate an AWS WAF web ACL that includes a rate-based rule

View answer

Correct Answer: A

Question #64

A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets. Because of regulatory requirements, the company must retain backup files for a specific time period. The company must not alter the files for the duration of the retention period.Which solution will meet these requirements?

A. se AWS Backup to create a backup vault that has a vault lock in governance mode

B. se Amazon Data Lifecycle Manager to create the required automated snapshot policy

C. se Amazon S3 File Gateway to create the backup

D. se AWS Backup to create a backup vault that has a vault lock in compliance mode

View answer

Correct Answer: D

Question #65

A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.What should a solutions architect recommend to meet these requirements?

A. onfigure AWS WAF rules and associate them with the ALB

B. eploy the application using Amazon S3 with public hosting enabled

C. eploy AWS Shield Advanced and add the ALB as a protected resource

D. reate a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB

View answer

Correct Answer: A

Question #66

A company observes an increase in Amazon EC2 costs in its most recent bill. The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances. A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling.How should the solutions architect generate the information with the LEAST operational overhead?

A. se AWS Budgets to create a budget report and compare EC2 costs based on instance types

B. se Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

C. se graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

D. se AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket

View answer

Correct Answer: C

Question #67

A company is storing 700 terabytes of data on a large network-attached storage (NAS) system in its corporate data center. The company has a hybrid environment with a 10 Gbps AWS Direct Connect connection.After an audit from a regulator, the company has 90 days to move the data to the cloud. The company needs to move the data efficiently and without disruption. The company still needs to be able to access and update the data during the transfer window.Which solution will meet these requirements?

A. reate an AWS DataSync agent in the corporate data center

B. ack up the data to AWS Snowball Edge Storage Optimized devices

C. se rsync to copy the data directly from local storage to a designated Amazon S3 bucket over the Direct Connect connection

D. ack up the data on tapes

View answer

Correct Answer: A

Question #68

A company hosts a serverless application on AWS. The application uses Amazon API Gateway, AWS Lambda, and an Amazon RDS for PostgreSQL database. The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The company needs a solution that reduces the application failures with the least amount of change to the code.What should a solutions architect do to meet these requirements?

A. educe the Lambda concurrency rate

B. nable RDS Proxy on the RDS DB instance

C. esize the RDS DB instance class to accept more connections

D. igrate the database to Amazon DynamoDB with on-demand scaling

View answer

Correct Answer: B

Question #69

A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC. The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other. However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway. The company is concerned about data transfer charges.What is the MOST cost-effective way for the company to avoid Regional data transfer charges?

A. aunch the NAT gateway in each Availability Zone

B. eplace the NAT gateway with a NAT instance

C. eploy a gateway VPC endpoint for Amazon S3

D. rovision an EC2 Dedicated Host to run the EC2 instances

View answer

Correct Answer: C

Question #70

A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.Which solution will

A. efactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances

B. hange the platform from Aurora to Amazon DynamoD Provision a DynamoDB Accelerator (DAX) cluster

C. et up two Lambda functions

D. et up two Lambda functions

View answer

Correct Answer: D

Question #71

A company is designing an application where users upload small files into Amazon S3. After a user uploads a file, the file requires one-time simple processing to transform the data and save the data in JSON format for later analysis.Each file must be processed as quickly as possible after it is uploaded. Demand will vary. On some days, users will upload a high number of files. On other days, users will upload a few files or no files.Which solution meets these requirements with the LEAST operational overhead

A. onfigure Amazon EMR to read text files from Amazon S3

B. onfigure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue

C. onfigure Amazon S3 to send an event notification to an Amazon Simple Queue Service (Amazon SQS) queue

D. onfigure Amazon EventBridge (Amazon CloudWatch Events) to send an event to Amazon Kinesis Data Streams when a new file is uploaded

View answer

Correct Answer: C

Question #72

A company has launched an Amazon RDS for MySQL DB instance. Most of the connections to the database come from serverless applications. Application traffic to the database changes significantly at random intervals. At times of high demand, users report that their applications experience database connection rejection errors.Which solution will resolve this issue with the LEAST operational overhead?

A. reate a proxy in RDS Proxy

B. eploy Amazon ElastiCache for Memcached between the users’ applications and the DB instance

C. igrate the DB instance to a different instance class that has higher I/O capacity

D. onfigure Multi-AZ for the DB instance

View answer

Correct Answer: A

Question #73

A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs to modify the infrastructure to be highly available without modifying the application.Which architecture should the solutions architect choose that provides high availability?

A. reate an Auto Scaling group that uses three instances across each of two Regions

B. odify the Auto Scaling group to use three instances across each of two Availability Zones

C. reate an Auto Scaling template that can be used to quickly create more instances in another Region

D. hange the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier

View answer

Correct Answer: B

Question #74

As part of budget planning, management wants a report of AWS billed items listed by user. The data will be used to create department budgets. A solutions architect needs to determine the most efficient way to obtain this report information.Which solution meets these requirements?

A. un a query with Amazon Athena to generate the report

B. reate a report in Cost Explorer and download the report

C. ccess the bill details from the billing dashboard and download the bill

D. odify a cost budget in AWS Budgets to alert with Amazon Simple Email Service (Amazon SES)

View answer

Correct Answer: B

Question #75

A solutions architect is designing a multi-tier application for a company. The application's users upload images from a mobile device. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchrono

A. rite a custom AWS Lambda function to generate the thumbnail and alert the user

B. reate an AWS Step Functions workflow

C. reate an Amazon Simple Queue Service (Amazon SQS) message queue

D. reate Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions

View answer

Correct Answer: C

Question #76

A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes to an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.What should a solutions architect do to ensure messages are being processed once only?

A. se the CreateQueue API call to create a new queue

B. se the AddPermission API call to add appropriate permissions

C. se the ReceiveMessage API call to set an appropriate wait time

D. se the ChangeMessageVisibility API call to increase the visibility timeout

View answer

Correct Answer: D

Question #77

A company has a three-tier application on AWS that ingests sensor data from its users’ devices. The traffic flows through a Network Load Balancer (NLB), then to Amazon EC2 instances for the web tier, and finally to EC2 instances for the application tier. The application tier makes calls to a database.What should a solutions architect do to improve the security of the data in transit?

A. onfigure a TLS listener

B. onfigure AWS Shield Advanced

C. hange the load balancer to an Application Load Balancer (ALB)

D. ncrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS)

View answer

Correct Answer: A

Question #78

A company has an on-premises MySQL database used by the global sales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrator wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future.Which service should a solutions architect recommend?

A. mazon Aurora MySQL

B. mazon Aurora Serverless for MySQL

C. mazon Redshift Spectrum

D. mazon RDS for MySQL

View answer

Correct Answer: B

Question #79

A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.Which storage option meets these requirements?

A. 3 Standard

B. 3 Intelligent-Tiering

C. 3 Standard-Infrequent Access (S3 Standard-IA)

D. 3 One Zone-Infrequent Access (S3 One Zone-IA)

View answer

Correct Answer: B

Question #80

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.What should a solutions architect do to meet these requirements?

A. se AWS Key Management Service (AWS KMS) to create keys

B. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager

C. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager

D. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store

View answer

Correct Answer: C

Question #81

A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.Which solution will meet these requirements?

A. reate an S3 bucket

B. reate an AWS Snowball Edge job

C. eploy an S3 File Gateway on premises

D. et up an AWS Direct Connect connection between the on-premises network and AWS

View answer

Correct Answer: B

Question #82

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.Which solution will meet these requirements?

A. se Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC

B. se Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering

C. se AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VP

D. se AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC

View answer

Correct Answer: C

Question #83

A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL in the database layer. Several players will compete concurrently online. The game’s developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.What should a solutions architect do to meet these requirements?

A. se AWS Glue to create an ML transform to build and train models

B. se Amazon SageMaker to build and train models

C. se a pre-built ML Amazon Machine Image (AMI) from the AWS Marketplace to build and train models

D. se Amazon QuickSight to build and train models by using calculated fields

View answer

Correct Answer: B

Question #84

A company needs to retain application log files for a critical application for 10 years. The application team regularly accesses logs from the past month for troubleshooting, but logs older than 1 month are rarely accessed. The application generates more than 10 TB of logs per month.Which storage option meets these requirements MOST cost-effectively?

A. tore the logs in Amazon S3

B. tore the logs in Amazon S3

C. tore the logs in Amazon CloudWatch Logs

D. tore the logs in Amazon CloudWatch Logs

View answer

Correct Answer: B

Question #85

An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts, and the application did not process the orders of those customers.A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections.

A. onfigure provisioned concurrency for the Lambda function

B. se Amazon RDS Proxy to create a proxy for the database

C. reate a read replica for the database in a different AWS Region

D. igrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS)

View answer

Correct Answer: B

Question #86

A solutions architect is developing a VPC architecture that includes multiple subnets. The architecture will host applications that use Amazon EC2 instances and Amazon RDS DB instances. The architecture consists of six subnets in two Availability Zones. Each Availability Zone includes a public subnet, a private subnet, and a dedicated subnet for databases. Only EC2 instances that run in the private subnets can have access to the RDS databases.Which solution will meet these requirements?

A. reate a new route table that excludes the route to the public subnets' CIDR blocks

B. reate a security group that denies inbound traffic from the security group that is assigned to instances in the public subnets

C. reate a security group that allows inbound traffic from the security group that is assigned to instances in the private subnets

D. reate a new peering connection between the public subnets and the private subnets

View answer

Correct Answer: C

Question #87

A company hosts a frontend application that uses an Amazon API Gateway API backend that is integrated with AWS Lambda. When the API receives requests, the Lambda function loads many libraries. Then the Lambda function connects to an Amazon RDS database, processes the data, and returns the data to the frontend application. The company wants to ensure that response latency is as low as possible for all its users with the fewest number of changes to the company's operations.Which solution will meet these requi

A. stablish a connection between the frontend application and the database to make queries faster by bypassing the API

B. onfigure provisioned concurrency for the Lambda function that handles the requests

C. ache the results of the queries in Amazon S3 for faster retrieval of similar datasets

D. ncrease the size of the database to increase the number of connections Lambda can establish at one time

View answer

Correct Answer: B

Question #88

A company has a static website that is hosted on Amazon CloudFront in front of Amazon S3. The static website uses a database backend. The company notices that the website does not reflect updates that have been made in the website’s Git repository. The company checks the continuous integration and continuous delivery (CI/CD) pipeline between the Git repository and Amazon S3. The company verifies that the webhooks are configured properly and that the CI/CD pipeline is sending messages that indicate successfu

A. dd an Application Load Balancer

B. dd Amazon ElastiCache for Redis or Memcached to the database layer of the web application

C. nvalidate the CloudFront cache

D. se AWS Certificate Manager (ACM) to validate the website’s SSL certificate

View answer

Correct Answer: C

Question #89

A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 instances contain highly sensitive data and run in a private subnet. According to company policy, the EC2 instances that run in the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party’s URL. Other internet traffic must be blocked.Which solution meets these requirements?

A. dd an Amazon CloudFront distribution for the dynamic content

B. dd an Amazon CloudFront distribution for the static content

C. dd an Amazon CloudFront distribution for the dynamic content

D. dd an Amazon CloudFront distribution for the static content

View answer

Correct Answer: A

Question #90

A company has thousands of edge devices that collectively generate 1 TB of status alerts each day. Each alert is approximately 2 KB in size. A solutions architect needs to implement a solution to ingest and store the alerts for future analysis.The company wants a highly available solution. However, the company needs to minimize costs and does not want to manage additional infrastructure. Additionally, the company wants to keep 14 days of data available for immediate analysis and archive any data older than

A. reate an Amazon Kinesis Data Firehose delivery stream to ingest the alerts

B. aunch Amazon EC2 instances across two Availability Zones and place them behind an Elastic Load Balancer to ingest the alerts

C. reate an Amazon Kinesis Data Firehose delivery stream to ingest the alerts

D. reate an Amazon Simple Queue Service (Amazon SQS) standard queue to ingest the alerts, and set the message retention period to 14 days

View answer

Correct Answer: A

Question #91

A solutions architect is designing a new hybrid architecture to extend a company's on-premises infrastructure to AWS. The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.What should the solutions architect do to meet these requirements?

A. rovision an AWS Direct Connect connection to a Region

B. rovision a VPN tunnel connection to a Region for private connectivity

C. rovision an AWS Direct Connect connection to a Region

D. rovision an AWS Direct Connect connection to a Region

View answer

Correct Answer: A

Question #92

A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?

A. ncrypt a copy of the latest DB snapshot

B. reate a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it

C. opy the snapshots and enable encryption using AWS Key Management Service (AWS KMS)

D. opy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS)

View answer

Correct Answer: A

Question #93

A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The company is using a MongoDB database for data storage. The company wants to migrate some of these environments to AWS, but no code changes or deployment method changes are possible at this time. The company needs a solution that minimizes operational overhead.Which solution meets these requirements?

A. se Amazon Rekognition for multiple speaker recognition

B. se Amazon Transcribe for multiple speaker recognition

C. se Amazon Translate for multiple speaker recognition

D. se Amazon Rekognition for multiple speaker recognition

View answer

Correct Answer: D

Question #94

A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company's AWS account can have the ability to delete the objects.What should a solutions architect do to meet these requirements?

A. reate an S3 Glacier vault

B. reate an S3 bucket with S3 Object Lock enabled

C. reate an S3 bucket

D. reate an S3 bucket with S3 Object Lock enabled

View answer

Correct Answer: D

Question #95

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.What should a solutions architect do to accomplish this goal?

A. se AWS Secrets Manager

B. se AWS Systems Manager Parameter Store

C. reate an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key

D. reate an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance

View answer

Correct Answer: A

Question #96

The customers of a finance company request appointments with financial advisors by sending text messages. A web application that runs on Amazon EC2 instances accepts the appointment requests. The text messages are published to an Amazon Simple Queue Service (Amazon SQS) queue through the web application. Another application that runs on EC2 instances then sends meeting invitations and meeting confirmation email messages to the customers. After successful scheduling, this application stores the meeting infor

A. dd a DynamoDB Accelerator (DAX) cluster in front of the DynamoDB database

B. dd an Amazon API Gateway API in front of the web application that accepts the appointment requests

C. dd an Amazon CloudFront distribution

D. dd an Auto Scaling group for the application that sends meeting invitations

View answer

Correct Answer: D

Question #97

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table.What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

A. se a VPC endpoint for DynamoDB

B. se a NAT gateway in a public subnet

C. se a NAT instance in a private subnet

D. se the internet gateway attached to the VPC

View answer

Correct Answer: A

Question #98

A company runs its infrastructure on AWS and has a registered base of 700,000 users for its document management application. The company intends to create a product that converts large .pdf files to .jpg image files. The .pdf files average 5 MB in size. The company needs to store the original files and the converted files. A solutions architect must design a scalable solution to accommodate demand that will grow rapidly over time.Which solution meets these requirements MOST cost-effectively?

A. ave the

B. ave the

C. pload the

D. pload the

View answer

Correct Answer: A

Question #99

The customers of a finance company request appointments with financial advisors by sending text messages. A web application that runs on Amazon EC2 instances accepts the appointment requests. The text messages are published to an Amazon Simple Queue Service (Amazon SQS) queue through the web application. Another application that runs on EC2 instances then sends meeting invitations and meeting confirmation email messages to the customers. After successful scheduling, this application stores the meeting infor

A. dd a DynamoDB Accelerator (DAX) cluster in front of the DynamoDB database

B. dd an Amazon API Gateway API in front of the web application that accepts the appointment requests

C. dd an Amazon CloudFront distribution

D. dd an Auto Scaling group for the application that sends meeting invitations

View answer

Correct Answer: D

Question #100

A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of static files and dynamic server-side code.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A. nstall an external image management library on an EC2 instance

B. reate a CloudFront origin request policy

C. se a Lambda@Edge function with an external image management library

D. reate a CloudFront response headers policy

View answer

Correct Answer: AD

Question #101

An ecommerce company has an order-processing application that uses Amazon API Gateway and an AWS Lambda function. The application stores data in an Amazon Aurora PostgreSQL database. During a recent sales event, a sudden surge in customer orders occurred. Some customers experienced timeouts, and the application did not process the orders of those customers.A solutions architect determined that the CPU utilization and memory utilization were high on the database because of a large number of open connections.

A. onfigure provisioned concurrency for the Lambda function

B. se Amazon RDS Proxy to create a proxy for the database

C. reate a read replica for the database in a different AWS Region

D. igrate the data from Aurora PostgreSQL to Amazon DynamoDB by using AWS Database Migration Service (AWS DMS)

View answer

Correct Answer: B

Question #102

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications. Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.What should a solutions architect recommend to meet these requirements?

A. tore the transactions data into Amazon DynamoDB

B. tream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3

C. tream the transactions data into Amazon Kinesis Data Streams

D. tore the batched transactions data in Amazon S3 as files

View answer

Correct Answer: C

Question #103

A company recently announced the deployment of its retail website to a global audience. The website runs on multiple Amazon EC2 instances behind an Elastic Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones.The company wants to provide its customers with different versions of content based on the devices that the customers use to access the website.Which combination of actions should a solutions architect take to meet these requirements? (Choose two.)

A. reate a peering connection between the VPCs

B. reate a Transit VPC

C. reate a peering connection between the VPCs

D. reate a Transit VPC

View answer

Correct Answer: AC

Question #104

A company hosts a three-tier web application that includes a PostgreSQL database. The database stores the metadata from documents. The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month. The documents are stored in Amazon S3. The documents are usually written only once, but they are updated frequently.The reporting process takes a few hours with the use of relational queries. The reporting process must not prevent any document modifications or t

A. et up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica

B. et up a new Amazon Aurora PostgreSQL DB cluster that includes an Aurora Replica

C. et up a new Amazon RDS for PostgreSQL Multi-AZ DB instance

D. et up a new Amazon DynamoDB table to store the documents

View answer

Correct Answer: B

Question #105

A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region. It runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs). A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.Which solutio

A. onfigure an accelerator in AWS Global Accelerator

B. reate an Amazon CloudFront distribution and specify the ALB as the origin server

C. reate an Amazon CloudFront distribution and specify Amazon S3 as the origin server

D. onfigure an Amazon DynamoDB database to serve as the data store for the application

View answer

Correct Answer: A

Question #106

An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.What should the solutions architect recommend?

A. hange the existing database to a Multi-AZ deployment

B. hange the existing database to a Multi-AZ deployment

C. reate read replicas for the database

D. reate read replicas for the database

View answer

Correct Answer: D

Question #107

A company has a service that produces event data. The company wants to use AWS to process the event data as it is received. The data is written in a specific order that must be maintained throughout processing. The company wants to implement a solution that minimizes operational overhead.How should a solutions architect accomplish this?

A. reate an Amazon Simple Queue Service (Amazon SQS) FIFO queue to hold messages

B. reate an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process

C. reate an Amazon Simple Queue Service (Amazon SQS) standard queue to hold messages

D. reate an Amazon Simple Notification Service (Amazon SNS) topic to deliver notifications containing payloads to process

View answer

Correct Answer: A

Question #108

A company is running its production and nonproduction environment workloads in multiple AWS accounts. The accounts are in an organization in AWS Organizations. The company needs to design a solution that will prevent the modification of cost usage tags.Which solution will meet these requirements?

A. reate a custom AWS Config rule to prevent tag modification except by authorized principals

B. reate a custom trail in AWS CloudTrail to prevent tag modification

C. reate a service control policy (SCP) to prevent tag modification except by authorized principals

D. reate custom Amazon CloudWatch logs to prevent tag modification

View answer

Correct Answer: C

Question #109

A company has migrated an application to Amazon EC2 Linux instances. One of these EC2 instances runs several 1-hour tasks on a schedule. These tasks were written by different teams and have no common programming language. The company is concerned about performance and scalability while these tasks run on a single instance. A solutions architect needs to implement a solution to resolve these concerns.Which solution will meet these requirements with the LEAST operational overhead?

A. se AWS Batch to run the tasks as jobs

B. onvert the EC2 instance to a container

C. opy the tasks into AWS Lambda functions

D. reate an Amazon Machine Image (AMI) of the EC2 instance that runs the tasks

View answer

Correct Answer: A

Question #110

A company hosts its static website by using Amazon S3. The company wants to add a contact form to its webpage. The contact form will have dynamic server-side components for users to input their name, email address, phone number, and user message. The company anticipates that there will be fewer than 100 site visits each month.Which solution will meet these requirements MOST cost-effectively?

A. ost a dynamic contact form page in Amazon Elastic Container Service (Amazon ECS)

B. reate an Amazon API Gateway endpoint with an AWS Lambda backend that makes a call to Amazon Simple Email Service (Amazon SES)

C. onvert the static webpage to dynamic by deploying Amazon Lightsail

D. reate a t2

View answer

Correct Answer: B

Question #111

A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:Which IAM principals can the solutions architect attach this policy to? (Choose two.)

A. se Reserved Instances for the frontend nodes

B. se Reserved Instances for the frontend nodes

C. se Spot Instances for the frontend nodes

D. se Spot Instances for the frontend nodes

View answer

Correct Answer: AB

Question #112

A company uses an Amazon EC2 instance to run a script to poll for and process messages in an Amazon Simple Queue Service (Amazon SQS) queue. The company wants to reduce operational costs while maintaining its ability to process a growing number of messages that are added to the queue.What should a solutions architect recommend to meet these requirements?

A. ncrease the size of the EC2 instance to process messages faster

B. se Amazon EventBridge to turn off the EC2 instance when the instance is underutilized

C. igrate the script on the EC2 instance to an AWS Lambda function with the appropriate runtime

D. se AWS Systems Manager Run Command to run the script on demand

View answer

Correct Answer: C

Question #113

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC. A solutions architect needs to connect from the on-premises network, through the company's internet connection, to the bastion host, and to the application servers. The solutions architect must make sure that the security groups of all the EC2 instances will allow that access.Which combination of steps should the soluti

A. se Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer

B. se Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures

C. se Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group

D. se Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group

View answer

Correct Answer: CD

Question #114

A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.Which storage solution will meet these requirements?

A. ove the data objects to S3 Glacier Deep Archive after 30 days

B. ove the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days

C. ove the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days

D. ove the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately

View answer

Correct Answer: B

Question #115

A company wants to share accounting data with an external auditor. The data is stored in an Amazon RDS DB instance that resides in a private subnet. The auditor has its own AWS account and requires its own copy of the database.What is the MOST secure way for the company to share the database with the auditor?

A. reate a read replica of the database

B. xport the database contents to text files

C. opy a snapshot of the database to an Amazon S3 bucket

D. reate an encrypted snapshot of the database

View answer

Correct Answer: D

Question #116

A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company’s IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.What should a solutions architect do to meet this requirement with the LEAST operational effort?

A. reate a new AWS Key Management Service (AWS KMS) encryption key

B. reate two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password

C. tore a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system

D. tore a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials

View answer

Correct Answer: A

Question #117

A company has migrated an application to Amazon EC2 Linux instances. One of these EC2 instances runs several 1-hour tasks on a schedule. These tasks were written by different teams and have no common programming language. The company is concerned about performance and scalability while these tasks run on a single instance. A solutions architect needs to implement a solution to resolve these concerns.Which solution will meet these requirements with the LEAST operational overhead?

A. se AWS Batch to run the tasks as jobs

B. onvert the EC2 instance to a container

C. opy the tasks into AWS Lambda functions

D. reate an Amazon Machine Image (AMI) of the EC2 instance that runs the tasks

View answer

Correct Answer: A

Question #118

A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers in an Auto Scaling group. Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention.Which solution should a solutions architect recommend?

A. se Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage

B. se a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage

C. se a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage

D. se an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage

View answer

Correct Answer: B

Question #119

A company has an ecommerce checkout workflow that writes an order to a database and calls a service to process the payment. Users are experiencing timeouts during the checkout process. When users resubmit the checkout form, multiple unique orders are created for the same desired transaction.How should a solutions architect refactor this workflow to prevent the creation of multiple orders?

A. onfigure the web application to send an order message to Amazon Kinesis Data Firehose

B. reate a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application path request

C. tore the order in the database

D. tore the order in the database

View answer

Correct Answer: D

Question #120

A company has a data ingestion workflow that includes the following components:-An Amazon Simple Notification Service (Amazon SNS) topic that receives notifications about new data deliveries-An AWS Lambda function that processes and stores the dataThe ingestion workflow occasionally fails because of network connectivity issues. When failure occurs, the corresponding data is not ingested unless the company manually reruns the job.What should a solutions architect do to ensure that all notifications are event

A. onfigure the Lambda function for deployment across multiple Availability Zones

B. odify the Lambda function's configuration to increase the CPU and memory allocations for the function

C. onfigure the SNS topic’s retry strategy to increase both the number of retries and the wait time between retries

D. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as the on-failure destination

View answer

Correct Answer: D

Question #121

A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files.Which storage option meets these requirements?

A. 3 Standard

B. 3 Intelligent-Tiering

C. 3 Standard-Infrequent Access (S3 Standard-IA)

D. 3 One Zone-Infrequent Access (S3 One Zone-IA)

View answer

Correct Answer: B

Question #122

A company website hosted on Amazon EC2 instances processes classified data stored in The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.Which solution will meet this requirement?

A. reate an 1AM role that specifies EBS encryption Attach the role to the EC2 instances

B. reate the EBS volumes as encrypted volumes Attach the EBS volumes to the EC2 instances

C. reate an EC2 instance tag that has a key of Encrypt and a value of True Tag all instances that require encryption at the EBS level

D. reate an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account Ensure that the key policy is active

View answer

Correct Answer: B

Question #123

A company is developing a mobile gaming app in a single AWS Region. The app runs on multiple Amazon EC2 instances in an Auto Scaling group. The company stores the app data in Amazon DynamoDB. The app communicates by using TCP traffic and UDP traffic between the users and the servers. The application will be used globally. The company wants to ensure the lowest possible latency for all users.Which solution will meet these requirements?

A. se AWS Global Accelerator to create an accelerator

B. se AWS Global Accelerator to create an accelerator

C. reate an Amazon CloudFront content delivery network (CDN) endpoint

D. reate an Amazon CloudFront content delivery network (CDN) endpoint

View answer

Correct Answer: B

Question #124

A company runs its ecommerce application on AWS. Every new order is published as a massage in a RabbitMQ queue that runs on an Amazon EC2 instance in a single Availability Zone. These messages are processed by a different application that runs on a separate EC2 instance. This application stores the details in a PostgreSQL database on another EC2 instance. All the EC2 instances are in the same Availability Zone.The company needs to redesign its architecture to provide the highest availability with the least

A. igrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ

B. igrate the queue to a redundant pair (active/standby) of RabbitMQ instances on Amazon MQ

C. reate a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue

D. reate a Multi-AZ Auto Scaling group for EC2 instances that host the RabbitMQ queue

View answer

Correct Answer: B

Question #125

A company recently created a disaster recovery site in a different AWS Region. The company needs to transfer large amounts of data back and forth between NFS file systems in the two Regions on a periodic basis.Which solution will meet these requirements with the LEAST operational overhead?

A. se AWS DataSync

B. se AWS Snowball devices

C. et up an SFTP server on Amazon EC2

D. se AWS Database Migration Service (AWS DMS)

View answer

Correct Answer: A

Question #126

A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.Which configuration will meet this requirement?

A. onfigure the security group for the EC2 instances

B. onfigure the security group on the Application Load Balancer

C. onfigure AWS WAF on the Application Load Balancer in a VP

D. onfigure the network ACL for the subnet that contains the EC2 instances

View answer

Correct Answer: C

Question #127

A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.What should a solutions architect do to mitigate any single point of failure in this architecture?

A. dd a set of VPNs between the Management and Production VPCs

B. dd a second virtual private gateway and attach it to the Management VPC

C. dd a second set of VPNs to the Management VPC from a second customer gateway device

D. dd a second VPC peering connection between the Management VPC and the Production VPC

View answer

Correct Answer: C

Question #128

A company has a custom application with embedded credentials that retrieves information from an Amazon RDS MySQL DB instance. Management says the application must be made more secure with the least amount of programming effort.What should a solutions architect do to meet these requirements?

A. se AWS Key Management Service (AWS KMS) to create keys

B. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager

C. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Secrets Manager

D. reate credentials on the RDS for MySQL database for the application user and store the credentials in AWS Systems Manager Parameter Store

View answer

Correct Answer: C

Question #129

A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.Which solution meets these requirements and is the MOST operationally efficient?

A. erver-side encryption with customer-provided keys (SSE-C)

B. erver-side encryption with Amazon S3 managed keys (SSE-S3)

C. erver-side encryption with AWS KMS keys (SSE-KMS) with manual rotation

D. erver-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation

View answer

Correct Answer: D

Question #130

A company’s reporting system delivers hundreds of .csv files to an Amazon S3 bucket each day. The company must convert these files to Apache Parquet format and must store the files in a transformed data bucket.Which solution will meet these requirements with the LEAST development effort?

A. reate an Amazon EMR cluster with Apache Spark installed

B. reate an AWS Glue crawler to discover the data

C. se AWS Batch to create a job definition with Bash syntax to transform the data and output the data to the transformed data bucket

D. reate an AWS Lambda function to transform the data and output the data to the transformed data bucket

View answer

Correct Answer: B

Question #131

A company is using AWS to design a web application that will process insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost. The solution must maximize operational efficiency and must minimize maintenance.Which solution meets these requirements?

A. reate multiple Amazon Kinesis data streams based on the quote type

B. reate an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type

C. reate a single Amazon Simple Notification Service (Amazon SNS) topic

D. reate multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon OpenSearch Service cluster

View answer

Correct Answer: C

Question #132

A company sells datasets to customers who do research in artificial intelligence and machine learning (AI/ML). The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region. The company hosts a web application that the customers use to purchase access to a given dataset. The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer. After a purchase is made, customers receive an S3 signed URL that allows access to the files.The

A. onfigure S3 Transfer Acceleration on the existing S3 bucket

B. eploy an Amazon CloudFront distribution with the existing S3 bucket as the origin

C. et up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets

D. odify the web application to enable streaming of the datasets to end users

View answer

Correct Answer: B

Question #133

A company uses an Amazon EC2 instance to run a script to poll for and process messages in an Amazon Simple Queue Service (Amazon SQS) queue. The company wants to reduce operational costs while maintaining its ability to process a growing number of messages that are added to the queue.What should a solutions architect recommend to meet these requirements?

A. ncrease the size of the EC2 instance to process messages faster

B. se Amazon EventBridge to turn off the EC2 instance when the instance is underutilized

C. igrate the script on the EC2 instance to an AWS Lambda function with the appropriate runtime

D. se AWS Systems Manager Run Command to run the script on demand

View answer

Correct Answer: C

Question #134

A company wants to experiment with individual AWS accounts for its engineer team. The company wants to be notified as soon as the Amazon EC2 instance usage for a given month exceeds a specific threshold for each account.What should a solutions architect do to meet this requirement MOST cost-effectively?

A. se Cost Explorer to create a daily report of costs by service

B. se Cost Explorer to create a monthly report of costs by service

C. se AWS Budgets to create a cost budget for each account

D. se AWS Cost and Usage Reports to create a report with hourly granularity

View answer

Correct Answer: C

Question #135

A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A. onfigure the organization’s centralized CloudTrail trail to expire objects after 3 years

B. onfigure the S3 Lifecycle policy to delete previous versions as well as current versions

C. reate an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years

D. onfigure the parent account as the owner of all objects that are delivered to the S3 bucket

View answer

Correct Answer: AE

Question #136

A manufacturing company has machine sensors that upload .csv files to an Amazon S3 bucket. These .csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports.The images become irrelevant after 1 month, but the .csv files must be kept to train machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance.Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

A. et up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display

B. et up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display

C. lace an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application

D. reate a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application

View answer

Correct Answer: BC

Question #137

A company wants to create a mobile app that allows users to stream slow-motion video clips on their mobile devices. Currently, the app captures video clips and uploads the video clips in raw format into an Amazon S3 bucket. The app retrieves these video clips directly from the S3 bucket. However, the videos are large in their raw format.Users are experiencing issues with buffering and playback on mobile devices. The company wants to implement solutions to maximize the performance and scalability of the app

A. eploy Amazon CloudFront for content delivery and caching

B. se AWS DataSync to replicate the video files across AW'S Regions in other S3 buckets

C. se Amazon Elastic Transcoder to convert the video files to more appropriate formats

D. eploy an Auto Sealing group of Amazon EC2 instances in Local Zones for content delivery and caching

E. eploy an Auto Scaling group of Amazon EC2 instances to convert the video files to more appropriate formats

View answer

Correct Answer: A

Question #138

An image-hosting company stores its objects in Amazon S3 buckets. The company wants to avoid accidental exposure of the objects in the S3 buckets to the public. All S3 objects in the entire AWS account need to remain private.Which solution will meet these requirements?

A. se Amazon GuardDuty to monitor S3 bucket policies

B. se AWS Trusted Advisor to find publicly accessible S3 buckets

C. se AWS Resource Access Manager to find publicly accessible S3 buckets

D. se the S3 Block Public Access feature on the account level

View answer

Correct Answer: D

Question #139

A company has a three-tier application on AWS that ingests sensor data from its users’ devices. The traffic flows through a Network Load Balancer (NLB), then to Amazon EC2 instances for the web tier, and finally to EC2 instances for the application tier. The application tier makes calls to a database.What should a solutions architect do to improve the security of the data in transit?

A. onfigure a TLS listener

B. onfigure AWS Shield Advanced

C. hange the load balancer to an Application Load Balancer (ALB)

D. ncrypt the Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instances by using AWS Key Management Service (AWS KMS)

View answer

Correct Answer: A

Question #140

A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.What should a solutions architect do to secure the audit documents?

A. nable the versioning and MFA Delete features on the S3 bucket

B. nable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account

C. dd an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates

D. se AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key

View answer

Correct Answer: A

Question #141

A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company’s network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.What should a solutions architect do to meet these requirements?

A. se AWS Snowball

B. se AWS DataSync

C. se a secure VPN connection

D. se Amazon S3 Transfer Acceleration

View answer

Correct Answer: A

Question #142

A company has a three-tier web application that is in a single server. The company wants to migrate the application to the AWS Cloud. The company also wants the application to align with the AWS Well-Architected Framework and to be consistent with AWS recommended best practices for security, scalability, and resiliency.Which combination of solutions will meet these requirements? (Choose three.)

A. se AWS App2Container (A2C) to containerize the job

B. opy the code into an AWS Lambda function that has 1 GB of memory

C. se AWS App2Container (A2C) to containerize the job

D. onfigure the existing schedule to stop the EC2 instance at the completion of the job and restart the EC2 instance when the next job starts

View answer

Correct Answer: CEF

Question #143

A company needs to configure a real-time data ingestion architecture for its application. The company needs an API, a process that transforms data as the data is streamed, and a storage solution for the data.Which solution will meet these requirements with the LEAST operational overhead?

A. eploy an Amazon EC2 instance to host an API that sends data to an Amazon Kinesis data stream

B. eploy an Amazon EC2 instance to host an API that sends data to AWS Glue

C. onfigure an Amazon API Gateway API to send data to an Amazon Kinesis data stream

D. onfigure an Amazon API Gateway API to send data to AWS Glue

View answer

Correct Answer: C

Question #144

A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.Which combination of configuration options will meet these requirements? (Ch

A. et up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately

B. et up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years

C. se S3 Intelligent-Tiering

D. et up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years

View answer

Correct Answer: CE

Question #145

A solutions architect needs to implement a solution to reduce a company's storage costs. All the company's data is in the Amazon S3 Standard storage class. The company must keep all data for at least 25 years. Data from the most recent 2 years must be highly available and immediately retrievable.Which solution will meet these requirements?

A. mazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

B. mazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage

C. mazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage

D. mazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

View answer

Correct Answer: B

Question #146

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration.What should a solutions architect recommend?

A. se Amazon S3 to host the front-end layer

B. se load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer

C. se Amazon S3 to host the front-end layer

D. se load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer

View answer

Correct Answer: C

Question #147

A serverless application uses Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. The Lambda function needs permissions to read and write to the DynamoDB table.Which solution will give the Lambda function access to the DynamoDB table MOST securely?

A. reate an IAM user with programmatic access to the Lambda function

B. reate an IAM role that includes Lambda as a trusted service

C. reate an IAM user with programmatic access to the Lambda function

D. reate an IAM role that includes DynamoDB as a trusted service

View answer

Correct Answer: B

Question #148

A solutions architect is implementing a complex Java application with a MySQL database. The Java application must be deployed on Apache Tomcat and must be highly available.What should the solutions architect do to meet these requirements?

A. eploy the application in AWS Lambda

B. eploy the application by using AWS Elastic Beanstalk

C. igrate the database to Amazon ElastiCache

D. aunch an Amazon EC2 instance

View answer

Correct Answer: B

Question #149

A solutions architect needs to design a system to store client case files. The files are core company assets and are important. The number of files will grow over time.The files must be simultaneously accessible from multiple application servers that run on Amazon EC2 instances. The solution must have built-in redundancy.Which solution meets these requirements?

A. mazon Elastic File System (Amazon EFS)

B. mazon Elastic Block Store (Amazon EBS)

C. mazon S3 Glacier Deep Archive

D. WS Backup

View answer

Correct Answer: A

Question #150

A solutions architect is designing a company’s disaster recovery (DR) architecture. The company has a MySQL database that runs on an Amazon EC2 instance in a private subnet with scheduled backup. The DR design needs to include multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?

A. igrate the MySQL database to multiple EC2 instances

B. igrate the MySQL database to Amazon RDS

C. igrate the MySQL database to an Amazon Aurora global database

D. tore the scheduled backup of the MySQL database in an Amazon S3 bucket that is configured for S3 Cross-Region Replication (CRR)

View answer

Correct Answer: C

Question #151

A company runs a web application on Amazon EC2 instances in multiple Availability Zones. The EC2 instances are in private subnets. A solutions architect implements an internet-facing Application Load Balancer (ALB) and specifies the EC2 instances as the target group. However, the internet traffic is not reaching the EC2 instances.How should the solutions architect reconfigure the architecture to resolve this issue?

A. eplace the ALB with a Network Load Balancer

B. ove the EC2 instances to public subnets

C. pdate the route tables for the EC2 instances’ subnets to send 0

D. reate public subnets in each Availability Zone

View answer

Correct Answer: D

Question #152

A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet.Which solution will meet these requirements?

A. onfigure an S3 gateway endpoint

B. reate an S3 bucket in a private subnet

C. reate an S3 bucket in the same AWS Region as the EC2 instances

D. onfigure a NAT gateway in the same subnet as the EC2 instances

View answer

Correct Answer: A

Question #153

A company runs a global web application on Amazon EC2 instances behind an Application Load Balancer. The application stores data in Amazon Aurora. The company needs to create a disaster recovery solution and can tolerate up to 30 minutes of downtime and potential data loss. The solution does not need to handle the load when the primary infrastructure is healthy.What should a solutions architect do to meet these requirements?

A. eploy the application with the required infrastructure elements in place

B. ost a scaled-down deployment of the application in a second AWS Region

C. eplicate the primary infrastructure in a second AWS Region

D. ack up data with AWS Backup

View answer

Correct Answer: A

Question #154

A company runs a web-based portal that provides users with global breaking news, local alerts, and weather updates. The portal delivers each user a personalized view by using mixture of static and dynamic content. Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB). The company wants the portal to provide this content to its users across the world as quickly as possible.How should a solutions architect design the application to ensur

A. eploy the application stack in a single AWS Region

B. eploy the application stack in two AWS Regions

C. eploy the application stack in a single AWS Region

D. eploy the application stack in two AWS Regions

View answer

Correct Answer: A

Question #155

A company is running a batch application on Amazon EC2 instances. The application consists of a backend with multiple Amazon RDS databases. The application is causing a high number of reads on the databases. A solutions architect must reduce the number of database reads while ensuring high availability.What should the solutions architect do to meet this requirement?

A. dd Amazon RDS read replicas

B. se Amazon ElastiCache for Redis

C. se Amazon Route 53 DNS caching

D. se Amazon ElastiCache for Memcached

View answer

Correct Answer: A

Question #156

An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.Which service should the solutions architect use to find the desired information?

A. mazon GuardDuty

B. mazon Inspector

C. WS CloudTrail

D. WS Config

View answer

Correct Answer: C

Question #157

An online learning company is migrating to the AWS Cloud. The company maintains its student records in a PostgreSQL database. The company needs a solution in which its data is available and online across multiple AWS Regions at all times.Which solution will meet these requirements with the LEAST amount of operational overhead?

A. igrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances

B. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on

C. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance

D. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance

View answer

Correct Answer: C

Question #158

A company runs a fleet of web servers using an Amazon RDS for PostgreSQL DB instance. After a routine compliance check, the company sets a standard that requires a recovery point objective (RPO) of less than 1 second for all its production databases.Which solution meets these requirements?

A. nable a Multi-AZ deployment for the DB instance

B. nable auto scaling for the DB instance in one Availability Zone

C. onfigure the DB instance in one Availability Zone, and create multiple read replicas in a separate Availability Zone

D. onfigure the DB instance in one Availability Zone, and configure AWS Database Migration Service (AWS DMS) change data capture (CDC) tasks

View answer

Correct Answer: A

Question #159

A company runs a web application that is deployed on Amazon EC2 instances in the private subnet of a VPC. An Application Load Balancer (ALB) that extends across the public subnets directs web traffic to the EC2 instances. The company wants to implement new security measures to restrict inbound traffic from the ALB to the EC2 instances while preventing access from any other source inside or outside the private subnet of the EC2 instances.Which solution will meet these requirements?

A. onfigure a route in a route table to direct traffic from the internet to the private IP addresses of the EC2 instances

B. onfigure the security group for the EC2 instances to only allow traffic that comes from the security group for the AL

C. ove the EC2 instances into the public subnet

D. onfigure the security group for the ALB to allow any TCP traffic on any port

View answer

Correct Answer: B

Question #160

A company is implementing new data retention policies for all databases that run on Amazon RDS DB instances. The company must retain daily backups for a minimum period of 2 years. The backups must be consistent and restorable.Which solution should a solutions architect recommend to meet these requirements?

A. reate a backup vault in AWS Backup to retain RDS backups

B. onfigure a backup window for the RDS DB instances for daily snapshots

C. onfigure database transaction logs to be automatically backed up to Amazon CloudWatch Logs with an expiration period of 2 years

D. onfigure an AWS Database Migration Service (AWS DMS) replication task

View answer

Correct Answer: A

Question #161

A company has an AWS account used for software engineering. The AWS account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company’s data center.Which solution will meet these requirements?

A. onfigure the Lambda function to run in the VPC with the appropriate security group

B. et up a VPN connection from AWS to the data center

C. pdate the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect

D. reate an Elastic IP address

View answer

Correct Answer: A

Question #162

A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:Which IAM principals can the solutions architect attach this policy to? (Choose two.)

A. se Reserved Instances for the frontend nodes

B. se Reserved Instances for the frontend nodes

C. se Spot Instances for the frontend nodes

D. se Spot Instances for the frontend nodes

View answer

Correct Answer: AB

Question #163

A company runs an application on a large fleet of Amazon EC2 instances. The application reads and writes entries into an Amazon DynamoDB table. The size of the DynamoDB table continuously grows, but the application needs only data from the last 30 days. The company needs a solution that minimizes cost and development effort.Which solution meets these requirements?

A. se an AWS CloudFormation template to deploy the complete solution

B. se an EC2 instance that runs a monitoring application from AWS Marketplace

C. onfigure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table

D. xtend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table

View answer

Correct Answer: D

Question #164

A company’s application is having performance issues. The application is stateful and needs to complete in-memory tasks on Amazon EC2 instances. The company used AWS CloudFormation to deploy infrastructure and used the M5 EC2 instance family. As traffic increased, the application performance degraded. Users are reporting delays when the users attempt to access the application.Which solution will resolve these issues in the MOST operationally efficient way?

A. n AWS Glue job

B. n AWS Lambda function

C. containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS)

D. containerized service hosted in Amazon ECS with Amazon EC2

View answer

Correct Answer: D

Question #165

A company offers a food delivery service that is growing rapidly. Because of the growth, the company’s order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes the following:-A group of Amazon EC2 instances that run in an Amazon EC2 Auto Scaling group to collect orders from the application-Another group of EC2 instances that run in an Amazon EC2 Auto Scaling group to fulfill ordersThe order collection process occurs quickly, but the order fulfillm

A. se Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups

B. se Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups

C. rovision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment

D. rovision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment

View answer

Correct Answer: D

Question #166

A company uses AWS Organizations. A member account has purchased a Compute Savings Plan. Because of changes in the workloads inside the member account, the account no longer receives the full benefit of the Compute Savings Plan commitment. The company uses less than 50% of its purchased compute power.

A. urn on discount sharing from the Billing Preferences section of the account console in the member account that purchased the Compute Savings Plan

B. urn on discount sharing from the Billing Preferences section of the account console in the company's Organizations management account

C. igrate additional compute workloads from another AWS account to the account that has the Compute Savings Plan

D. ell the excess Savings Plan commitment in the Reserved Instance Marketplace

View answer

Correct Answer: B

Question #167

A company has an ecommerce checkout workflow that writes an order to a database and calls a service to process the payment. Users are experiencing timeouts during the checkout process. When users resubmit the checkout form, multiple unique orders are created for the same desired transaction.How should a solutions architect refactor this workflow to prevent the creation of multiple orders?

A. onfigure the web application to send an order message to Amazon Kinesis Data Firehose

B. reate a rule in AWS CloudTrail to invoke an AWS Lambda function based on the logged application path request

C. tore the order in the database

D. tore the order in the database

View answer

Correct Answer: D

Question #168

A company recently created a disaster recovery site in a different AWS Region. The company needs to transfer large amounts of data back and forth between NFS file systems in the two Regions on a periodic basis.Which solution will meet these requirements with the LEAST operational overhead?

A. se AWS DataSync

B. se AWS Snowball devices

C. et up an SFTP server on Amazon EC2

D. se AWS Database Migration Service (AWS DMS)

View answer

Correct Answer: A

Question #169

A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination.There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.What should a solutions architect do to increase the application's performance?

A. reate a new SSL certificate using AWS Certificate Manager (ACM)

B. reate an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket

C. reate another EC2 instance as a proxy server

D. mport the SSL certificate into AWS Certificate Manager (ACM)

View answer

Correct Answer: D

Question #170

A company moved its on-premises PostgreSQL database to an Amazon RDS for PostgreSQL DB instance. The company successfully launched a new product. The workload on the database has increased. The company wants to accommodate the larger workload without adding infrastructure.Which solution will meet these requirements MOST cost-effectively?

A. uy reserved DB instances for the total workload

B. ake the Amazon RDS for PostgreSQL DB instance a Multi-AZ DB instance

C. uy reserved DB instances for the total workload

D. ake the Amazon RDS for PostgreSQL DB instance an on-demand DB instance

View answer

Correct Answer: A

Question #171

A company hosts an application on AWS Lambda functions that are invoked by an Amazon API Gateway API. The Lambda functions save customer data to an Amazon Aurora MySQL database. Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete. The result is that customer data is not recorded for some of the event.A solutions architect needs to design a solution that stores customer data that is created during database upgrades.Which soluti

A. rovision an Amazon RDS proxy to sit between the Lambda functions and the database

B. ncrease the run time of the Lambda functions to the maximum

C. ersist the customer data to Lambda local storage

D. tore the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue

View answer

Correct Answer: A

Question #172

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?

A. tore the credentials as secrets in AWS Secrets Manager

B. tore the credentials as secrets in AWS Systems Manager by creating a secure string parameter

C. tore the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled

D. ncrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys

View answer

Correct Answer: A

Question #173

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud.Which solution will meet these requirements?

A. se Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC

B. se Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering

C. se AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VP

D. se AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC

View answer

Correct Answer: C

Question #174

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.Which solution will provide private network connectivity to Amazon S3?

A. reate a gateway VPC endpoint to the S3 bucket

B. tream the logs to Amazon CloudWatch Logs

C. reate an instance profile on Amazon EC2 to allow S3 access

D. reate an Amazon API Gateway API with a private link to access the S3 endpoint

View answer

Correct Answer: A

Question #175

A company must migrate 20 TB of data from a data center to the AWS Cloud within 30 days. The company’s network bandwidth is limited to 15 Mbps and cannot exceed 70% utilization.What should a solutions architect do to meet these requirements?

A. se AWS Snowball

B. se AWS DataSync

C. se a secure VPN connection

D. se Amazon S3 Transfer Acceleration

View answer

Correct Answer: A

Question #176

A company needs to retain application log files for a critical application for 10 years. The application team regularly accesses logs from the past month for troubleshooting, but logs older than 1 month are rarely accessed. The application generates more than 10 TB of logs per month.Which storage option meets these requirements MOST cost-effectively?

A. tore the logs in Amazon S3

B. tore the logs in Amazon S3

C. tore the logs in Amazon CloudWatch Logs

D. tore the logs in Amazon CloudWatch Logs

View answer

Correct Answer: B

Question #177

A medical research lab produces data that is related to a new study. The lab wants to make the data available with minimum latency to clinics across the country for their on-premises, file-based applications. The data files are stored in an Amazon S3 bucket that has read-only permissions for each clinic.What should a solutions architect recommend to meet these requirements?

A. eploy an AWS Storage Gateway file gateway as a virtual machine (VM) on premises at each clinic

B. igrate the files to each clinic’s on-premises applications by using AWS DataSync for processing

C. eploy an AWS Storage Gateway volume gateway as a virtual machine (VM) on premises at each clinic

D. ttach an Amazon Elastic File System (Amazon EFS) file system to each clinic’s on-premises servers

View answer

Correct Answer: A

Question #178

A company designed a stateless two-tier application that uses Amazon EC2 in a single Availability Zone and an Amazon RDS Multi-AZ DB instance. New company management wants to ensure the application is highly available.What should a solutions architect do to meet this requirement?

A. onfigure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer

B. onfigure the application to take snapshots of the EC2 instances and send them to a different AWS Region

C. onfigure the application to use Amazon Route 53 latency-based routing to feed requests to the application

D. onfigure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer

View answer

Correct Answer: A

Question #179

A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company’s account.Which solution will meet these requirements with the LEAST operational overhead?

A. reate an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected

B. onfigure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3

C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call

D. onfigure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs

View answer

Correct Answer: D

Question #180

An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale for a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.Which solution will meet these requirements with the LEAST operational overhead?

A. se Amazon S3 to host the full website in different S3 buckets

B. eploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones

C. igrate the full application to run in containers

D. se an Amazon S3 bucket to host the website's static content

View answer

Correct Answer: D

Question #181

A company is running a popular social media website. The website gives users the ability to upload images to share with other users. The company wants to make sure that the images do not contain inappropriate content. The company needs a solution that minimizes development effort.What should a solutions architect do to meet these requirements?

A. se Amazon Comprehend to detect inappropriate content

B. se Amazon Rekognition to detect inappropriate content

C. se Amazon SageMaker to detect inappropriate content

D. se AWS Fargate to deploy a custom machine learning model to detect inappropriate content

View answer

Correct Answer: B

Question #182

A company has hired a solutions architect to design a reliable architecture for its application. The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers. The EC2 instances are located in a single Availability Zone.An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment.What should the solutions architect do to maxim

A. elete one EC2 instance and enable termination protection on the other EC2 instance

B. pdate the DB instance to be Multi-AZ, and enable deletion protection

C. reate an additional DB instance along with an Amazon API Gateway and an AWS Lambda function

D. lace the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones

View answer

Correct Answer: B

Question #183

A solutions architect is designing a shared storage solution for a web application that is deployed across multiple Availability Zones The web application runs on Amazon EC2 instances that are in an Auto Scaling group The company plans to make frequent changes to the content The solution must have strong consistency in returning the new content as soon as the changes occur.Which solutions meet these requirements? (Select TWO)

A. se AWS Storage Gateway Volume Gateway Internet Small Computer Systems Interface (iSCSI) block storage that is mounted to the individual EC2 instances

B. reate an Amazon Elastic File System (Amazon EFS) file system Mount the EFS file system on the individual EC2 instances

C. reate a shared Amazon Elastic Block Store (Amazon EBS) volume

D. se AWS DataSync to perform continuous synchronization of data between EC2 hosts in the Auto Scaling group

E. reate an Amazon S3 bucket to store the web content Set the metadata for the Cache-Control header to no-cache Use Amazon CloudFront to deliver the content

View answer

Correct Answer: BE

Question #184

A company is implementing a shared storage solution for a gaming application that is hosted in an on-premises data center. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.Which solution meets these requirements?

A. reate an AWS Storage Gateway file gateway

B. reate an Amazon EC2 Windows instance

C. reate an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre

D. reate an Amazon FSx for Lustre file system

View answer

Correct Answer: D

Question #185

A solutions architect needs to implement a solution to reduce a company's storage costs. All the company's data is in the Amazon S3 Standard storage class. The company must keep all data for at least 25 years. Data from the most recent 2 years must be highly available and immediately retrievable.Which solution will meet these requirements?

A. mazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

B. mazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage

C. mazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage

D. mazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

View answer

Correct Answer: B

Question #186

A development team runs monthly resource-intensive tests on its general purpose Amazon RDS for MySQL DB instance with Performance Insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance.Which solution meets these requirements MOST cost-effectively?

A. top the DB instance when tests are completed

B. se an Auto Scaling policy with the DB instance to automatically scale when tests are completed

C. reate a snapshot when tests are completed

D. odify the DB instance to a low-capacity instance when tests are completed

View answer

Correct Answer: C

Question #187

A company's containerized application runs on an Amazon EC2 instance. The application needs to download security certificates before it can communicate with other business applications. The company wants a highly secure solution to encrypt and decrypt the certificates in near real time. The solution also needs to store data in highly available storage after the data is encrypted.Which solution will meet these requirements with the LEAST operational overhead?

A. reate AWS Secrets Manager secrets for encrypted certificates

B. reate an AWS Lambda function that uses the Python cryptography library to receive and perform encryption operations

C. reate an AWS Key Management Service (AWS KMS) customer managed key

D. reate an AWS Key Management Service (AWS KMS) customer managed key

View answer

Correct Answer: C

Question #188

A company’s compliance team needs to move its file shares to AWS. The shares run on a Windows Server SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windo

A. reate an Active Directory Connector to connect to the Active Directory

B. ssign a tag with a Restrict tag key and a Compliance tag value

C. reate an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict access

D. oin the file system to the Active Directory to restrict access

View answer

Correct Answer: D

Question #189

A company wants to use the AWS Cloud to make an existing application highly available and resilient. The current version of the application resides in the company's data center. The application recently experienced data loss after a database server crashed because of an unexpected power outage.The company needs a solution that avoids any single points of failure. The solution must give the application the ability to scale to meet user demand.Which solution will meet these requirements?

A. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones

B. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group in a single Availability Zone

C. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones

D. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones

View answer

Correct Answer: A

Question #190

A solutions architect needs to design a new microservice for a company’s application. Clients must be able to call an HTTPS endpoint to reach the microservice. The microservice also must use AWS Identity and Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x.Which solution will deploy the function in the MOST operationally efficient way?

A. reate an Amazon API Gateway REST API

B. reate a Lambda function URL for the function

C. reate an Amazon CloudFront distribution

D. reate an Amazon CloudFront distribution

View answer

Correct Answer: A

Question #191

A hospital needs to store patient records in an Amazon S3 bucket. The hospital’s compliance team must ensure that all protected health information (PHI) is encrypted in transit and at rest. The compliance team must administer the encryption key for data at rest.Which solution will meet these requirements?

A. dd an X-API-Key header in the HTTP header for authorization

B. se an interface endpoint

C. se a gateway endpoint

D. dd an Amazon Simple Queue Service (Amazon SQS) queue between the two REST APIs

View answer

Correct Answer: C

Question #192

A company runs a public three-tier web application in a VPC. The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to communicate with a license server over the internet. The company needs a managed solution that minimizes operational maintenance.Which solution meets these requirements?

A. rovision a NAT instance in a public subnet

B. rovision a NAT instance in a private subnet

C. rovision a NAT gateway in a public subnet

D. rovision a NAT gateway in a private subnet

View answer

Correct Answer: C

Question #193

A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity.Which solution meets these requirements?

A. urn on S3 Transfer Acceleration on the destination S3 bucket

B. pload the data from each site to an S3 bucket in the closest Region

C. chedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region

D. pload the data from each site to an Amazon EC2 instance in the closest Region

View answer

Correct Answer: A

Question #194

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company’s application. A solutions architect wants to implement a solution that is highly available, fault tolerant, and automatically scalable.What should the solutions architect recommend?

A. emove the two NAT instances and replace them with two NAT gateways in the same Availability Zone

B. se Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones

C. emove the two NAT instances and replace them with two NAT gateways in different Availability Zones

D. eplace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer

View answer

Correct Answer: C

Question #195

A company has a large dataset for its online advertising business stored in an Amazon RDS for MySQL DB instance in a single Availability Zone. The company wants business reporting queries to run without impacting the write operations to the production DB instance.Which solution meets these requirements?

A. eploy RDS read replicas to process the business reporting queries

B. cale out the DB instance horizontally by placing it behind an Elastic Load Balancer

C. cale up the DB instance to a larger instance type to handle write operations and queries

D. eploy the DB instance in multiple Availability Zones to process the business reporting queries

View answer

Correct Answer: A

Question #196

A company runs a web application on Amazon EC2 instances in multiple Availability Zones. The EC2 instances are in private subnets. A solutions architect implements an internet-facing Application Load Balancer (ALB) and specifies the EC2 instances as the target group. However, the internet traffic is not reaching the EC2 instances.How should the solutions architect reconfigure the architecture to resolve this issue?

A. eplace the ALB with a Network Load Balancer

B. ove the EC2 instances to public subnets

C. pdate the route tables for the EC2 instances’ subnets to send 0

D. reate public subnets in each Availability Zone

View answer

Correct Answer: D

Question #197

A security team wants to limit access to specific services or actions in all of the team’s AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.What should a solutions architect do to accomplish this?

A. reate an ACL to provide access to the services or actions

B. reate a security group to allow accounts and attach it to user groups

C. reate cross-account roles in each account to deny access to the services or actions

D. reate a service control policy in the root organizational unit to deny access to the services or actions

View answer

Correct Answer: D

Question #198

A company needs to keep user transaction data in an Amazon DynamoDB table. The company must retain the data for 7 years.What is the MOST operationally efficient solution that meets these requirements?

A. se DynamoDB point-in-time recovery to back up the table continuously

B. se AWS Backup to create backup schedules and retention policies for the table

C. reate an on-demand backup of the table by using the DynamoDB console

D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function

View answer

Correct Answer: B

Question #199

A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC. The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other. However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway. The company is concerned about data transfer charges.What is the MOST cost-effective way for the company to avoid Regional data transfer charges?

A. aunch the NAT gateway in each Availability Zone

B. eplace the NAT gateway with a NAT instance

C. eploy a gateway VPC endpoint for Amazon S3

D. rovision an EC2 Dedicated Host to run the EC2 instances

View answer

Correct Answer: C

Question #200

A company uses AWS Organizations with all features enabled and runs multiple Amazon EC2 workloads in the ap-southeast-2 Region. The company has a service control policy (SCP) that prevents any resources from being created in any other Region. A security policy requires the company to encrypt all data at rest.An audit discovers that employees have created Amazon Elastic Block Store (Amazon EBS) volumes for EC2 instances without encrypting the volumes. The company wants any new EC2 instances that any IAM user

A. se an Amazon RDS Multi-AZ DB instance deployment

B. se an Amazon RDS Multi-AZ DB duster deployment Create two read replicas and point the read workload to the read replicas

C. se an Amazon RDS Multi-AZ DB instance deployment

D. se an Amazon RDS Multi-AZ DB cluster deployment Point the read workload to the reader endpoint

View answer

Correct Answer: CE

Question #201

An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both VPCs are in separate AWS accounts. The network administrator needs to design a solution to configure secure access to EC2 instance in VPC-B from VPC-

A. The connectivity should not have a single point of failure or bandwidth concerns

A. et up a VPC peering connection between VPC-A and VPC-B

B. et up VPC gateway endpoints for the EC2 instance running in VPC-

C. ttach a virtual private gateway to VPC-B and set up routing from VPC-A

D. reate a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A

View answer

Correct Answer: A

Question #202

A company has launched an Amazon RDS for MySQL DB instance. Most of the connections to the database come from serverless applications. Application traffic to the database changes significantly at random intervals. At times of high demand, users report that their applications experience database connection rejection errors.Which solution will resolve this issue with the LEAST operational overhead?

A. reate a proxy in RDS Proxy

B. eploy Amazon ElastiCache for Memcached between the users’ applications and the DB instance

C. igrate the DB instance to a different instance class that has higher I/O capacity

D. onfigure Multi-AZ for the DB instance

View answer

Correct Answer: A

Question #203

A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.Which set of services should a solutions architect recommend to meet these requirements?

A. se Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers

B. se Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group

C. se On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers

D. se On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group

View answer

Correct Answer: A

Question #204

A company uses AWS Organizations. A member account has purchased a Compute Savings Plan. Because of changes in the workloads inside the member account, the account no longer receives the full benefit of the Compute Savings Plan commitment. The company uses less than 50% of its purchased compute power.

A. urn on discount sharing from the Billing Preferences section of the account console in the member account that purchased the Compute Savings Plan

B. urn on discount sharing from the Billing Preferences section of the account console in the company's Organizations management account

C. igrate additional compute workloads from another AWS account to the account that has the Compute Savings Plan

D. ell the excess Savings Plan commitment in the Reserved Instance Marketplace

View answer

Correct Answer: B

Question #205

A company has an application that is backed by an Amazon DynamoDB table. The company’s compliance requirements specify that database backups must be taken every month, must be available for 6 months, and must be retained for 7 years.Which solution will meet these requirements?

A. se standard SQL queries in Amazon Athena to analyze the CloudFront logs in the S3 bucket

B. se standard SQL queries in Amazon Athena to analyze the CloudFront logs in the S3 bucket

C. se standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket

D. se standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket

View answer

Correct Answer: A

Question #206

A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate.What should a solutions architect recommend to meet this requirement?

A. dd a rule in ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day, beginning 30 days before any certificate will expire

B. reate an AWS Config rule that checks for certificates that will expire within 30 days

C. se AWS Trusted Advisor to check for certificates that will expire within 30 days

D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days

View answer

Correct Answer: D

Question #207

A company runs its application on an Oracle database. The company plans to quickly migrate to AWS because of limited resources for the database, backup administration, and data center maintenance. The application uses third-party database features that require privileged access.Which solution will help the company migrate the database to AWS MOST cost-effectively?

A. igrate the database to Amazon RDS for Oracle

B. igrate the database to Amazon RDS Custom for Oracle

C. igrate the database to an Amazon EC2 Amazon Machine Image (AMI) for Oracle

D. igrate the database to Amazon RDS for PostgreSQL by rewriting the application code to remove dependency on Oracle APEX

View answer

Correct Answer: B

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now

AWS SAA-C03 Exam Questions for Effective Preparation | AWS Certified Solutions Architect - Associate

View Answers after Submission

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE! Get Now

AWS SAA-C03 Exam Questions for Effective Preparation | AWS Certified Solutions Architect - Associate

View Answers after Submission

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now