DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!

Pass the AWS Exam Easily with Updated SAP-C02 Practice Questions

Preparing for the SPOTO AWS SAP-C02 exam comes with numerous advantages for AWS Certified Solutions Architect - Professional aspirants. Our comprehensive exam questions and answers cover advanced topics, enabling certified individuals to showcase their expertise in providing complex solutions to intricate problems. Accessing our exam preparation resources and study materials enhances your understanding of optimizing safety, cost, and performance while automating manual processes, aligning with industry best practices. Our mock exams simulate the real exam environment, allowing you to practice under pressure and refine your strategies for success. Earning the AWS Certified Solutions Architect - Professional certification through SPOTO not only validates your advanced knowledge and skills but also enhances your professional profile and income potential. It positions you as a valuable asset to organizations looking to implement cloud initiatives and develop talent with critical cloud skills. Benefit from SPOTO's AWS SAP-C02 exam questions to pass successfully and excel in your AWS career.
Take other online exams
Question #1
A large education company recently introduced Amazon Workspaces to provide access to internal applications across multiple universities. The company is storing user profiles on an Amazon FSx for Windows File Server file system. The file system is configured with a DNS alias and is connected to a self-managed Active Directory. As more users begin to use the Workspaces, login time increases to unacceptable levels.An investigation reveals a degradation in performance of the file system. The company created the
A. se AWS Backup to create a point-in-time backup of the file system
B. isconnect users from the file system
C. eploy an AWS DataSync agent onto a new Amazon EC2 instance
D. nable shadow copies on the existing file system by using a Windows PowerShell command
View answer
Correct Answer: A
Question #2
A company hosts a Git repository in an on-premises data center. The company uses webhooks to invoke functionality that runs in the AWS Cloud. The company hosts the webhook logic on a set of Amazon EC2 instances in an Auto Scaling group that the company set as a target for an Application Load Balancer (ALB). The Git server calls the ALB for the configured webhooks. The company wants to move the solution to a serverless architecture.Which solution will meet these requirements with the LEAST operational overhe
A. or each webhook, create and configure an AWS Lambda function URL
B. reate an Amazon API Gateway HTTP API
C. eploy the webhook logic to AWS App Runner
D. ontainerize the webhook logic
View answer
Correct Answer: B
Question #3
An external audit of a company’s serverless application reveals IAM policies that grant too many permissions. These policies are attached to the company's AWS Lambda execution roles. Hundreds of the company's Lambda functions have broad access permissions such as full access to Amazon S3 buckets and Amazon DynamoDB tables. The company wants each function to have only the minimum permissions that the function needs to complete its task.A solutions architect must determine which permissions each Lambda functi
A. et up Amazon CodeGuru to profile the Lambda functions and search for AWS API calls
B. urn on AWS CloudTrail logging for the AWS account
C. urn on AWS CloudTrail logging for the AWS account
D. urn on AWS CloudTrail logging for the AWS account
View answer
Correct Answer: B
Question #4
A retail company is hosting an ecommerce website on AWS across multiple AWS Regions. The company wants the website to be operational at all times for online purchases. The website stores data in an Amazon RDS for MySQL DB instance.Which solution will provide the HIGHEST availability for the database?
A. onfigure automated backups on Amazon RDS
B. onfigure global tables and read replicas on Amazon RDS
C. onfigure global tables and automated backups on Amazon RDS
D. onfigure read replicas on Amazon RDS
View answer
Correct Answer: D
Question #5
A company is hosting a three-tier web application in an on-premises environment. Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database. A solutions architect must design a scalable and highly available solution to meet the demand of 200,000 daily users.Which steps should the solutions architect take to design an appropriate
A. se AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance
B. se AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zones
C. se AWS Elastic Beanstalk to create an automatically scaling web server environment that spans two separate Regions with an Application Load Balancer (ALB) in each Region
D. se AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon ECS cluster of Spot instances spanning three Availability Zones
View answer
Correct Answer: B
Question #6
A solutions architect must analyze a company’s Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to determine whether the company is using resources efficiently. The company is running several large, high-memory EC2 instances to host database clusters that are deployed in active/passive configurations. The utilization of these EC2 instances varies by the applications that use the databases, and the company has not identified a pattern.The solutions architect must analyze the environme
A. reate a dashboard by using AWS Systems Manager OpsCenter
B. urn on Amazon CloudWatch detailed monitoring for the EC2 instances and their EBS volumes
C. nstall the Amazon CloudWatch agent on each of the EC2 instances
D. ign up for the AWS Enterprise Support plan
View answer
Correct Answer: C
Question #7
A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production.The HR department is releasing a new system that will launch in 3 months. In preparation, the H
A. n the AWS Billing and Cost Management console for the HR department's production account turn off RI sharing
B. emove the HR department's production AWS account from the organization
C. n the AWS Billing and Cost Management console
D. reate an SCP in the organization to restrict access to the RIs
View answer
Correct Answer: C
Question #8
A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the application’s data. The DB instance has a read replica in the backup Region. The application presents an endpoint to end users by usi
A. econfigure the application’s Route 53 record with a latency-based routing policy that load balances traffic between the two ALBs
B. reate an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values
C. onfigure the Auto Scaling group in the backup Region to have the same values as the Auto Scaling group in the primary Region
D. onfigure an endpoint in AWS Global Accelerator with the two ALBs as equal weighted targets
View answer
Correct Answer: B
Question #9
A company runs a Java application that has complex dependencies on VMs that are in the company's data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers.Which solution will meet these requirements with the LEAST code changes?
A. igrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container
B. igrate the application code to a container that runs in AWS Lambda
C. igrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) on EKS managed node groups by using AWS App2Container
D. igrate the application code to a container that runs in AWS Lambda
View answer
Correct Answer: A
Question #10
A solutions architect must create a business case for migration of a company's on-premises data center to the AWS Cloud. The solutions architect will use a configuration management database (CMDB) export of all the company's servers to create the case.Which solution will meet these requirements MOST cost-effectively?
A. se AWS Well-Architected Tool to import the CMDB data to perform an analysis and generate recommendations
B. se Migration Evaluator to perform an analysis
C. mplement resource matching rules
D. se AWS Application Discovery Service to import the CMDB data to perform an analysis
View answer
Correct Answer: B
Question #11
A company is migrating an application to AWS. It wants to use fully managed services as much as possible during the migration. The company needs to store large important documents within the application with the following requirements:1. The data must be highly durable and available2. The data must always be encrypted at rest and in transit3. The encryption key must be managed by the company and rotated periodicallyWhich of the following solutions should the solutions architect recommend?
A. eploy the storage gateway to AWS in file gateway mode
B. se Amazon S3 with a bucket policy to enforce HTTPS for connections to the bucket and to enforce server-side encryption and AWS KMS for object encryption
C. se Amazon DynamoDB with SSL to connect to DynamoDB
D. eploy instances with Amazon EBS volumes attached to store this data
View answer
Correct Answer: B
Question #12
A company is running an application in the AWS Cloud. The application consists of microservices that run on a fleet of Amazon EC2 instances in multiple Availability Zones behind an Application Load Balancer. The company recently added a new REST API that was implemented in Amazon API Gateway. Some of the older microservices that run on EC2 instances need to call this new API.The company does not want the API to be accessible from the public internet and does not want proprietary data to traverse the public
A. reate an AWS Site-to-Site VPN connection between the VPC and the API Gateway
B. reate an interface VPC endpoint for API Gateway, and set an endpoint policy to only allow access to the specific API
C. odify the API Gateway to use IAM authentication
D. reate an accelerator in AWS Global Accelerator, and connect the accelerator to the API Gateway
View answer
Correct Answer: B
Question #13
A financial services company in North America plans to release a new online web application to its customers on AWS. The company will launch the application in the us-east-1 Region on Amazon EC2 instances. The application must be highly available and must dynamically scale to meet user traffic. The company also wants to implement a disaster recovery environment for the application in the us-west-1 Region by using active-passive failover.Which solution will meet these requirements?
A. reate a VPC in us-east-1 and a VPC in us-west-1
B. reate a VPC in us-east-1 and a VPC in us-west-1
C. reate a VPC in us-east-1 and a VPC in us-west-1
D. reate a VPC in us-east-1 and a VPC in us-west-1
View answer
Correct Answer: C
Question #14
A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company’s engineers rely heavily on SSH access to the instances for troubleshooting.The company’s existing architecture includes the following:-A VPC with private and public subnets, and a NAT gateway.-Site-to-Site VPN for connectivity with the on-premises environment.-EC2 security groups with direct SSH access from the on-premises environment.The company needs to increase security controls ar
A. nstall and configure EC2 Instance Connect on the fleet of EC2 instances
B. pdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer’s devices
C. pdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer’s devices
D. reate an IAM role with the AmazonSSMManagedInstanceCore managed policy attached
View answer
Correct Answer: D
Question #15
A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer. A recent security audit revealed that the company has configured encryption at rest for ElastiCache. However, the company did not configure ElastiCache to use encryption in transit. Additionally, users can access the cache without authentication.A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.Which solution will meet th
A. reate an AUTH token
B. reate an AUTH token
C. reate an SSL certificate
D. reate an SSL certificate
View answer
Correct Answer: B
Question #16
A company has five development teams that have each created five AWS accounts to develop and host applications. To track spending, the development teams log in to each account every month, record the current cost from the AWS Billing and Cost Management console, and provide the information to the company's finance team.The company has strict compliance requirements and needs to ensure that resources are created only in AWS Regions in the United States. However, some resources have been created in other Regi
A. se the OrganizationAccountAccessRole IAM role to create a new IAM policy with read-only access in each member account
B. se the OrganizationAccountAccessRole IAM role to create a new IAM role with read-only access in each member account
C. sk the security team to use AWS Security Token Service (AWS STS) to call the AssumeRole API for the OrganizationAccountAccessRole IAM role in the management account from the security account
View answer
Correct Answer: BDE
Question #17
An external audit of a company’s serverless application reveals IAM policies that grant too many permissions. These policies are attached to the company's AWS Lambda execution roles. Hundreds of the company's Lambda functions have broad access permissions such as full access to Amazon S3 buckets and Amazon DynamoDB tables. The company wants each function to have only the minimum permissions that the function needs to complete its task.A solutions architect must determine which permissions each Lambda functi
A. et up Amazon CodeGuru to profile the Lambda functions and search for AWS API calls
B. urn on AWS CloudTrail logging for the AWS account
C. urn on AWS CloudTrail logging for the AWS account
D. urn on AWS CloudTrail logging for the AWS account
View answer
Correct Answer: B
Question #18
A company uses a Grafana data visualization solution that runs on a single Amazon EC2 instance to monitor the health of the company's AWS workloads. The company has invested time and effort to create dashboards that the company wants to preserve. The dashboards need to be highly available and cannot be down for longer than 10 minutes. The company needs to minimize ongoing maintenance.Which solution will meet these requirements with the LEAST operational overhead?
A. igrate to Amazon CloudWatch dashboards
B. reate an Amazon Managed Grafana workspace
C. reate an AMI that has Grafana pre-installed
D. onfigure AWS Backup to back up the EC2 instance that runs Grafana once each hour
View answer
Correct Answer: B
Question #19
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deploye
A. se AWS Firewall Manager to create a security group and security group policy to deny access from the IP addresses
B. reate an AWS WAF web ACL with a rate-based rule, and set the rule action to Block
C. se AWS Firewall Manager to create a security group and security group policy to allow access only to specific CIDR ranges
D. reate an AWS WAF web ACL with an IP set match rule, and set the rule action to Block
View answer
Correct Answer: B
Question #20
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS Region. The company’s on-premises network uses the connection to communicate with the company’s resources in the AWS Cloud. The connection has a single private virtual interface that connects to a single VPC.A solutions architect must implement a solution that adds a redundant Direct Connect connection in the same Region. The solution also must provide connectivity to other Regions through the same pair of Direct
A. rovision a Direct Connect gateway
B. eep the existing private virtual interface
C. eep the existing private virtual interface
D. rovision a transit gateway
View answer
Correct Answer: A
Question #21
A company runs an IoT application in the AWS Cloud. The company has millions of sensors that collect data from houses in the United States. The sensors use the MQTT protocol to connect and send data to a custom MQTT broker. The MQTT broker stores the data on a single Amazon EC2 instance. The sensors connect to the broker through the domain named iot.example.com. The company uses Amazon Route 53 as its DNS service. The company stores the data in Amazon DynamoDB.On several occasions, the amount of data has ov
A. reate an Application Load Balancer (ALB) and an Auto Scaling group for the MQTT broker
B. et up AWS IoT Core to receive the sensor data
C. reate a Network Load Balancer (NLB)
D. et up AWS IoT Greengrass to receive the sensor data
View answer
Correct Answer: B
Question #22
A company consists or two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured low-way replication between the S3 buckets. The S3 buckets have millions of objects.Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires
A. urn on SSE-S3 on both S3 buckets
B. reate an AWS Key Management Service (AWS KMS) key in each account
C. urn on SSE-S3 on both S3 buckets
D. reate an AWS Key Management Service, (AWS KMS) key in each account
View answer
Correct Answer: A
Question #23
A company has applications in an AWS account that is named Source. The account is in an organization in AWS Organizations. One of the applications uses AWS Lambda functions and stores inventory data in an Amazon Aurora database. The application deploys the Lambda functions by using a deployment package. The company has configured automated backups for Aurora.The company wants to migrate the Lambda functions and the Aurora database to a new AWS account that is named Target. The application processes critical
A. igrate the data processing script to an AWS Lambda function
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. igrate the data processing script to a container image
D. igrate the data processing script to a container image that runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
View answer
Correct Answer: B
Question #24
A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company’s marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects.A solutions architect has created an IAM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up a
A. se regularly scheduled AWS Snowball Edge devices to transfer the sequencing data into AWS
B. se AWS Data Pipeline to transfer the sequencing data to Amazon S3
C. se AWS DataSync to transfer the sequencing data to Amazon S3
D. se an AWS Storage Gateway file gateway to transfer the sequencing data to Amazon S3
View answer
Correct Answer: ACF
Question #25
A company needs to build a disaster recovery (DR) solution for its ecommerce website. The web application is hosted on a fleet of t3.large Amazon EC2 instances and uses an Amazon RDS for MySQL DB instance. The EC2 instances are in an Auto Scaling group that extends across multiple Availability Zones.In the event of a disaster, the web application must fail over to the secondary environment with an RPO of 30 seconds and an RTO of 10 minutes.Which solution will meet these requirements MOST cost-effectively?
A. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
B. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
C. et up a backup plan in AWS Backup to create cross-Region backups for the EC2 instances and the DB instance
D. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
View answer
Correct Answer: B
Question #26
A company is running an application in the AWS Cloud. The application runs on containers m an Amazon Elastic Container Service (Amazon ECS) cluster. The ECS tasks use the Fargate launch type. The application's data is relational and is stored in Amazon Aurora MySQL. To meet regulatory requirements, the application must be able to recover to a separate AWS Region in the event of an application failure. In case of a failure, no data can be lost.Which solution will meet these requirements with the LEAST amount
A. rovision an Aurora Replica in a different Region
B. et up AWS DataSync for continuous replication of the data to a different Region
C. et up AWS Database Migration Service (AWS DMS) to perform a continuous replication of the data to a different Region
D. se Amazon Data Lifecycle Manager (Amazon DLM) to schedule a snapshot every 5 minutes
View answer
Correct Answer: A
Question #27
A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The application’s user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.Which solution will provide a consist
A. nable Aurora Auto Scaling for Aurora Replicas
B. nable Aurora Auto Scaling for Aurora writers
C. nable Aurora Auto Scaling for Aurora Replicas
D. nable Aurora Scaling for Aurora writers
View answer
Correct Answer: C
Question #28
A company wants to containerize a multi-tier web application and move the application from an on-premises data center to AWS. The application includes web. application, and database tiers. The company needs to make the application fault tolerant and scalable. Some frequently accessed data must always be available across application servers. Frontend web servers need session persistence and must scale to meet increases in traffic.Which solution will meet these requirements with the LEAST ongoing operational
A. un the application on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
B. un the application on Amazon Elastic Container Service (Amazon ECS) on Amazon EC2
C. un the application on Amazon Elastic Kubernetes Service (Amazon EKS)
D. eploy the application on Amazon Elastic Kubernetes Service (Amazon EKS)
View answer
Correct Answer: D
Question #29
A company runs a processing engine in the AWS Cloud. The engine processes environmental data from logistics centers to calculate a sustainability index. The company has millions of devices in logistics centers that are spread across Europe. The devices send information to the processing engine through a RESTful API.The API experiences unpredictable bursts of traffic. The company must implement a solution to process all data that the devices send to the processing engine. Data loss is unacceptable.Which solu
A. reate an Application Load Balancer (ALB) for the RESTful API
B. reate an Amazon API Gateway HTTP API that implements the RESTful API
C. reate an Amazon API Gateway REST API that implements the RESTful API
D. reate an Amazon CloudFront distribution for the RESTful API
View answer
Correct Answer: B
Question #30
A company has several AWS accounts. A development team is building an automation framework for cloud governance and remediation processes. The automation framework uses AWS Lambda functions in a centralized account. A solutions architect must implement a least privilege permissions policy that allows the Lambda functions to run in each of the company's AWS accounts.Which combination of steps will meet these requirements? (Choose two.)
A. eploy a CI/CD pipeline that incorporates AMIs to contain the application and their configurations
B. pecify AWS Elastic Beanstalk to stage in a secondary environment as the deployment target for the CI/CD pipeline of the application
C. se AWS Systems Manager to re-provision the infrastructure for each deployment
D. oll out the application updates as part of an Auto Scaling event using prebuilt AMIs
View answer
Correct Answer: AB
Question #31
A company needs to create and manage multiple AWS accounts for a number of departments from a central location. The security team requires read-only access to all accounts from its own AWS account. The company is using AWS Organizations and created an account for the security team.How should a solutions architect meet these requirements?
A. reate peering connections between the egress VPC and the spoke VPCs
B. reate a transit gateway, and share it with the existing AWS accounts
C. reate a transit gateway in every account
D. reate an AWS PrivateLink connection between the egress VPC and the spoke VPCs
View answer
Correct Answer: B
Question #32
An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in each organizational unit (OU) that will be used by procurement managers. The procurement team’s policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The
A. reate an explicit deny statement for each AWS service that should be constrained
B. emove the FullAWSAccess SCP from the developers account’s OU
C. odify the FullAWSAccess SCP to explicitly deny all services
D. dd an explicit deny statement using a wildcard to the end of the SCP
View answer
Correct Answer: C
Question #33
A company is building a call center by using Amazon Connect. The company’s operations team is defining a disaster recovery (DR) strategy across AWS Regions. The contact center has dozens of contact flows, hundreds of users, and dozens of claimed phone numbers.Which solution will provide DR with the LOWEST RTO?
A. reate an AWS Lambda function to check the availability of the Amazon Connect instance and to send a notification to the operations team in case of unavailability
B. rovision a new Amazon Connect instance with all existing users in a second Region
C. rovision a new Amazon Connect instance with all existing contact flows and claimed phone numbers in a second Region
D. rovision a new Amazon Connect instance with all existing users and contact flows in a second Region
View answer
Correct Answer: D
Question #34
A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access.After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must pro
A. reate a new Elastic Beanstalk application
B. reate a second Elastic Beanstalk environment
C. odify the existing environment’s capacity configuration to use a load-balanced environment type
D. elect the Rebuild environment action with the load balancing option
View answer
Correct Answer: ACE
Question #35
A company runs an application on AWS. The company curates data from several different sources. The company uses proprietary algorithms to perform data transformations and aggregations. After the company performs ETL processes, the company stores the results in Amazon Redshift tables. The company sells this data to other companies. The company downloads the data as files from the Amazon Redshift tables and transmits the files to several data customers by using FTP. The number of data customers has grown sign
A. se AWS Data Exchange for APIs to share data with customers
B. n the AWS account of the company that produces the data, create an AWS Data Exchange datashare by connecting AWS Data Exchange to the Redshift cluster
C. ownload the data from the Amazon Redshift tables to an Amazon S3 bucket periodically
D. ublish the Amazon Redshift data to an Open Data on AWS Data Exchange
View answer
Correct Answer: B
Question #36
A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions a
A. reate a desired-instance-type managed rule in AWS Config
B. n the EC2 console, create a launch template that specifies the instance types that are allowed
C. reate a new IAM policy
D. se EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image
View answer
Correct Answer: C
Question #37
A company is migrating an application to AWS. It wants to use fully managed services as much as possible during the migration. The company needs to store large important documents within the application with the following requirements:1. The data must be highly durable and available2. The data must always be encrypted at rest and in transit3. The encryption key must be managed by the company and rotated periodicallyWhich of the following solutions should the solutions architect recommend?
A. eploy the storage gateway to AWS in file gateway mode
B. se Amazon S3 with a bucket policy to enforce HTTPS for connections to the bucket and to enforce server-side encryption and AWS KMS for object encryption
C. se Amazon DynamoDB with SSL to connect to DynamoDB
D. eploy instances with Amazon EBS volumes attached to store this data
View answer
Correct Answer: B
Question #38
A company recently completed the migration from an on-premises data center to the AWS Cloud by using a replatforming strategy. One of the migrated servers is running a legacy Simple Mail Transfer Protocol (SMTP) service that a critical application relies upon. The application sends outbound email messages to the company’s customers. The legacy SMTP server does not support TLS encryption and uses TCP port 25. The application can use SMTP only.The company decides to use Amazon Simple Email Service (Amazon SES
A. onfigure the application to connect to Amazon SES by using TLS Wrapper
B. onfigure the application to connect to Amazon SES by using STARTTLS
C. onfigure the application to use the SES API to send email messages
D. onfigure the application to use AWS SDKs to send email messages
View answer
Correct Answer: B
Question #39
A company is planning to store a large number of archived documents and make the documents available to employees through the corporate intranet. Employees will access the system by connecting through a client VPN service that is attached to a VPC. The data must not be accessible to the public.The documents that the company is storing are copies of data that is held on physical media elsewhere. The number of requests will be low. Availability and speed of retrieval are not concerns of the company.Which solu
A. reate an Amazon S3 bucket
B. aunch an Amazon EC2 instance that runs a web server
C. aunch an Amazon EC2 instance that runs a web server Attach an Amazon Elastic Block Store (Amazon EBS) volume to store the archived data
D. reate an Amazon S3 bucket
View answer
Correct Answer: A
Question #40
Example Corp. has an on-premises data center and a VPC named VPC A in the Example Corp. AWS account. The on-premises network connects to VPC A through an AWS Site-To-Site VPN. The on-premises servers can properly access VPC
A. Example Corp
A. reate a transit gateway
B. reate a transit gateway
C. pdate the route tables for the Site-to-Site VPN and both VPCs for all three networks
D. odify the Site-to-Site VPN’s virtual private gateway definition to include VPC A and VPC B
View answer
Correct Answer: A
Question #41
A company is storing data on premises on a Windows file server. The company produces 5 GB of new data daily.The company migrated part of its Windows-based workload to AWS and needs the data to be available on a file system in the cloud. The company already has established an AWS Direct Connect connection between the on-premises network and AWS.Which data migration strategy should the company use?
A. se the file gateway option in AWS Storage Gateway to replace the existing Windows file server, and point the existing file share to the new file gateway
B. se AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon FSx
C. se AWS Data Pipeline to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
D. se AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: B
Question #42
A company wants to use AWS for disaster recovery for an on-premises application. The company has hundreds of Windows-based servers that run the application. All the servers mount a common share.The company has an RTO of 15 minutes and an RPO of 5 minutes. The solution must support native failover and fallback capabilities.Which solution will meet these requirements MOST cost-effectively?
A. reate an AWS Storage Gateway File Gateway
B. reate a set of AWS CloudFormation templates to create infrastructure
C. reate an AWS Cloud Development Kit (AWS CDK) pipeline to stand up a multi-site active-active environment on AWS
D. se AWS Elastic Disaster Recovery to replicate the on-premises servers
View answer
Correct Answer: D
Question #43
A video streaming company recently launched a mobile app for video sharing. The app uploads various files to an Amazon S3 bucket in the us-east-1 Region. The files range in size from 1 GB to 10 GB.Users who access the app from Australia have experienced uploads that take long periods of time. Sometimes the files fail to completely upload for these users. A solutions architect must improve the app’s performance for these uploads.Which solutions will meet these requirements? (Choose two.)
A. reate an Amazon Aurora MySQL Serverless v1 DB instance
B. reate an RDS proxy
C. reate a two-node Amazon Aurora MySQL DB cluster
D. reate an Amazon S3 bucket
View answer
Correct Answer: AD
Question #44
A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.The company has the following DNS resolution requirements:-On-premises systems should be able to resolve and connect to cloud.example.com.-All VPCs should be able to resolve cloud.example.com.There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.Which architecture s
A. ssociate the private hosted zone to all the VPCs
B. ssociate the private hosted zone to all the VPCs
C. ssociate the private hosted zone to the shared services VP Create a Route 53 outbound resolver in the shared services VP Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud
D. ssociate the private hosted zone to the shared services VPC
View answer
Correct Answer: A
Question #45
A company has an organization that has many AWS accounts in AWS Organizations. A solutions architect must improve how the company manages common security group rules for the AWS accounts in the organization.The company has a common set of IP CIDR ranges in an allow list in each AWS account to allow access to and from the company’s on-premises network. Developers within each account are responsible for adding new IP CIDR ranges to their security groups. The security team has its own AWS account. Currently, t
A. et up an Amazon Simple Notification Service (Amazon SNS) topic in the security team's AWS account
B. reate new customer-managed prefix lists in each AWS account within the organization
C. reate a new customer-managed prefix list in the security team’s AWS account
D. reate an IAM role in each account in the organization
View answer
Correct Answer: C
Question #46
A company is running a web application in the AWS Cloud. The application consists of dynamic content that is created on a set of Amazon EC2 instances. The EC2 instances run in an Auto Scaling group that is configured as a target group for an Application Load Balancer (ALB).The company is using an Amazon CloudFront distribution to distribute the application globally. The CloudFront distribution uses the ALB as an origin. The company uses Amazon Route 53 for DNS and has created an A record of www.example.com
A. rovision a full, secondary application deployment in a different AWS Region
B. rovision an ALB, an Auto Scaling group, and EC2 instances in a different AWS Region
C. rovision an Auto Scaling group and EC2 instances in a different AWS Region
D. rovision a full, secondary application deployment in a different AWS Region
View answer
Correct Answer: B
Question #47
An international delivery company hosts a delivery management system on AWS. Drivers use the system to upload confirmation of delivery. Confirmation includes the recipient’s signature or a photo of the package with the recipient. The driver’s handheld device uploads signatures and photos through FTP to a single Amazon EC2 instance. Each handheld device saves a file in a directory based on the signed-in user, and the file name matches the delivery number. The EC2 instance then adds metadata to the file after
A. reate an AMI of the existing EC2 instance
B. se AWS Transfer Family to create an FTP server that places the files in Amazon Elastic File System (Amazon EFS)
C. se AWS Transfer Family to create an FTP server that places the files in Amazon S3
D. pdate the handheld devices to place the files directly in Amazon S3
View answer
Correct Answer: C
Question #48
A solutions architect is designing the data storage and retrieval architecture for a new application that a company will be launching soon. The application is designed to ingest millions of small records per minute from devices all around the world. Each record is less than 4 KB in size and needs to be stored in a durable location where it can be retrieved with low latency. The data is ephemeral and the company is required to store the data for 120 days only, after which the data can be deleted.The solution
A. esign the application to store each incoming record as a single
B. esign the application to store each incoming record in an Amazon DynamoDB table properly configured for the scale
C. esign the application to store each incoming record in a single table in an Amazon RDS MySQL database
D. esign the application to batch incoming records before writing them to an Amazon S3 bucket
View answer
Correct Answer: B
Question #49
A company is developing a new service that will be accessed using TCP on a static port. A solutions architect must ensure that the service is highly available, has redundancy across Availability Zones, and is accessible using the DNS name my.service.com, which is publicly accessible. The service must use fixed address assignments so other companies can add the addresses to their allow lists.Assuming that resources are deployed in multiple Availability Zones in a single Region, which solution will meet these
A. reate Amazon EC2 instances with an Elastic IP address for each instance
B. reate an Amazon ECS cluster and a service definition for the application
C. reate Amazon EC2 instances for the service
D. reate an Amazon ECS cluster and a service definition for the application
View answer
Correct Answer: C
Question #50
A company is running several workloads in a single AWS account. A new company policy states that engineers can provision only approved resources and that engineers must use AWS CloudFormation to provision these resources. A solutions architect needs to create a solution to enforce the new restriction on the IAM role that the engineers use for access.What should the solutions architect do to create the solution?
A. pload AWS CloudFormation templates that contain approved resources to an Amazon S3 bucket
B. pdate the IAM policy for the engineers’ IAM role with permissions to only allow provisioning of approved resources and AWS CloudFormation
C. pdate the IAM policy for the engineers’ IAM role with permissions to only allow AWS CloudFormation actions
D. rovision resources in AWS CloudFormation stacks
View answer
Correct Answer: C
Question #51
A company is running a critical application that uses an Amazon RDS for MySQL database to store data. The RDS DB instance is deployed in Multi-AZ mode.A recent RDS database failover test caused a 40-second outage to the application. A solutions architect needs to design a solution to reduce the outage time to less than 20 seconds.Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)
A. he customer should provide the partner company with their AWS account access keys to log in and perform the required tasks
B. he customer should create an IAM user and assign the required permissions to the IAM user
C. he customer should create an IAM role and assign the required permissions to the IAM role
D. he customer should create an IAM role and assign the required permissions to the IAM role
View answer
Correct Answer: CDE
Question #52
A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.Which solution will meet these
A. pload the container images to AWS Lambda as functions
B. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
C. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
D. pload the container images to AWS Elastic Beanstalk
View answer
Correct Answer: B
Question #53
A company has migrated an application from on premises to AWS. The application frontend is a static website that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB). The application backend is a Python application that runs on three EC2 instances behind another ALB. The EC2 instances are large, general purpose On-Demand Instances that were sized to meet the on-premises specifications for peak usage of the application.The application averages hundreds of thousands of requests each mont
A. urchase Standard Reserved Instances for the EC2 instances that the EKS cluster uses in its baseline load
B. urchase Compute Savings Plans for the predicted medium load of the EKS cluster
C. urchase EC2 Instance Savings Plans for the predicted base load of the EKS cluster
D. urchase Compute Savings Plans for the predicted base load of the EKS cluster
View answer
Correct Answer: BE
Question #54
A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances.Which set of actions will ensure that log files are copied to the central S3 b
A. reate a script to copy log files to Amazon S3, and store the script in a file on the EC2 instance
B. reate an AWS Systems Manager document with a script to copy log files to Amazon S3
C. hange the log delivery rate to every 5 minutes
D. reate an AWS Systems Manager document with a script to copy log files to Amazon S3
View answer
Correct Answer: B
Question #55
A company is planning to migrate an application to AWS. The application runs as a Docker container and uses an NFS version 4 file share.A solutions architect must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure.Which solution will meet these requirements?
A. reate a second ALB, and deploy the new logic to a set of EC2 instances in a new Auto Scaling group
B. reate a second target group that is referenced by the ALDeploy the new logic to EC2 instances in this new target group
C. reate a new launch configuration for the Auto Scaling group
D. reate a second Auto Scaling group that is referenced by the ALB
View answer
Correct Answer: A
Question #56
A company is refactoring its on-premises order-processing platform in the AWS Cloud. The platform includes a web front end that is hosted on a fleet of VMs, RabbitMQ to connect the front end to the backend, and a Kubernetes cluster to run a containerized backend system to process the orders. The company does not want to make any major changes to the application.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an AMI of the web server VM
B. reate a custom AWS Lambda runtime to mimic the web server environment
C. reate an AMI of the web server VM
D. reate an AMI of the web server VM
View answer
Correct Answer: A
Question #57
A company has a monolithic application that is critical to the company’s business. The company hosts the application on an Amazon EC2 instance that runs Amazon Linux 2. The company’s application team receives a directive from the legal department to back up the data from the instance’s encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the administrative SSH key pair for the instance. The application must continue to serve the users.Which solu
A. ttach a role to the instance with permission to write to Amazon S3
B. reate an image of the instance with the reboot option turned on
C. ake a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM)
D. reate an image of the instance
View answer
Correct Answer: A
Question #58
A solutions architect must analyze a company’s Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to determine whether the company is using resources efficiently. The company is running several large, high-memory EC2 instances to host database clusters that are deployed in active/passive configurations. The utilization of these EC2 instances varies by the applications that use the databases, and the company has not identified a pattern.The solutions architect must analyze the environme
A. reate a dashboard by using AWS Systems Manager OpsCenter
B. urn on Amazon CloudWatch detailed monitoring for the EC2 instances and their EBS volumes
C. nstall the Amazon CloudWatch agent on each of the EC2 instances
D. ign up for the AWS Enterprise Support plan
View answer
Correct Answer: C
Question #59
A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local drive. The company wants to move the backups to more robust cloud storage on Amazon S3. The company has set up a 10 Gbps AWS Direct Connect connection between the on-premises data center and AWS.Which solution meets these requirements MOST cost-effectively?
A. reate an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPC
B. reate an AWS Direct Connect connection between the on-premises data center and AWS
C. reate an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPUse a transit gateway with dynamic routing
D. reate an AWS Direct Connect connection between the on-premises data center and AWS
View answer
Correct Answer: A
Question #60
A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company's finance team has a data processing application that uses AWS Lambda and Amazon DynamoDB. The company's marketing team wants to access the data that is stored in the DynamoDB table.The DynamoDB table contains confidential data. The marketing team can have access to only specific attributes of data in the DynamoDB table. The finance team and the marketing team have separate AWS accounts.What should a solutions architect
A. reate an SCP to grant the marketing team's AWS account access to the specific attributes of the DynamoDB table
B. reate an IAM role in the finance team's account by using IAM policy conditions for specific DynamoDB attributes (fine-grained access control)
C. reate a resource-based IAM policy that includes conditions for specific DynamoDB attributes (fine-grained access control)
D. reate an IAM role in the finance team's account to access the DynamoDB table
View answer
Correct Answer: B
Question #61
A financial services company receives a regular data feed from its credit card servicing partner. Approximately 5,000 records are sent every 15 minutes in plaintext, delivered over HTTPS directly into an Amazon S3 bucket with server-side encryption. This feed contains sensitive credit card primary account number (PAN) data. The company needs to automatically mask the PAN before sending the data to another S3 bucket for additional internal processing. The company also needs to remove and merge specific field
A. nvoke an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
B. nvoke an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
C. reate an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match
D. reate an AWS Glue crawler and custom classifier based upon the data feed formats and build a table definition to match
View answer
Correct Answer: C
Question #62
A company is planning to host a web application on AWS and wants to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server.Which solution will meet this requirement?
A. lace the EC2 instances behind an Application Load Balancer (ALB)
B. ssociate the EC2 instances with a target group
C. lace the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB
D. lace the EC2 instances behind a Network Load Balancer (NLB)
View answer
Correct Answer: C
Question #63
A company wants to use AWS to create a business continuity solution in case the company's main on-premises application fails. The application runs on physical servers that also run other applications. The on-premises application that the company is planning to migrate uses a MySQL database as a data store. All the company's on-premises applications use operating systems that are compatible with Amazon EC2.Which solution will achieve the company's goal with the LEAST operational overhead?
A. nstall the AWS Replication Agent on the source servers, including the MySQL servers
B. nstall the AWS Replication Agent on the source servers, including the MySQL servers
C. reate AWS Database Migration Service (AWS DMS) replication servers and a target Amazon Aurora MySQL DB cluster to host the database
D. eploy an AWS Storage Gateway Volume Gateway on premises
View answer
Correct Answer: B
Question #64
A company runs an IoT application in the AWS Cloud. The company has millions of sensors that collect data from houses in the United States. The sensors use the MQTT protocol to connect and send data to a custom MQTT broker. The MQTT broker stores the data on a single Amazon EC2 instance. The sensors connect to the broker through the domain named iot.example.com. The company uses Amazon Route 53 as its DNS service. The company stores the data in Amazon DynamoDB.On several occasions, the amount of data has ov
A. reate an Application Load Balancer (ALB) and an Auto Scaling group for the MQTT broker
B. et up AWS IoT Core to receive the sensor data
C. reate a Network Load Balancer (NLB)
D. et up AWS IoT Greengrass to receive the sensor data
View answer
Correct Answer: B
Question #65
A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone. The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements:•Inbound requests must be filtered for common vulnerability attacks.•Rejected requests must be sent to a third-party auditing application.•All resources should be highly available.Which solution meets these requirements?
A. onfigure a Multi-AZ Auto Scaling group using the application's AMI
B. onfigure an Application Load Balancer (ALB) and add the EC2 instances as targets
C. onfigure an Application Load Balancer (ALB) along with a target group adding the EC2 instances as targets
D. onfigure a Multi-AZ Auto Scaling group using the application's AMI
View answer
Correct Answer: D
Question #66
A telecommunications company is running an application on AWS. The company has set up an AWS Direct Connect connection between the company's on-premises data center and AWS. The company deployed the application on Amazon EC2 instances in multiple Availability Zones behind an internal Application Load Balancer (ALB). The company's clients connect from the on-premises network by using HTTPS. The TLS terminates in the ALB. The company has multiple target groups and uses path-based routing to forward requests b
A. onfigure the existing ALB to use static IP addresses
B. reate a Network Load Balancer (NLB)
C. reate a Network Load Balancer (NLB)
D. reate a Gateway Load Balancer (GWLB)
View answer
Correct Answer: B
Question #67
A solutions architect needs to copy data from an Amazon S3 bucket m an AWS account to a new S3 bucket in a new AWS account. The solutions architect must implement a solution that uses the AWS CLI. Which combination of steps will successfully copy the data? (Choose three.)
A. reate an alias for every new deployed version of the Lambda function
B. eploy the application into a new CloudFormation stack
C. reate a version for every new deployed Lambda function
D. onfigure AWS CodeDeploy and use CodeDeployDefault
View answer
Correct Answer: BDF
Question #68
A company hosts a Git repository in an on-premises data center. The company uses webhooks to invoke functionality that runs in the AWS Cloud. The company hosts the webhook logic on a set of Amazon EC2 instances in an Auto Scaling group that the company set as a target for an Application Load Balancer (ALB). The Git server calls the ALB for the configured webhooks. The company wants to move the solution to a serverless architecture.Which solution will meet these requirements with the LEAST operational overhe
A. or each webhook, create and configure an AWS Lambda function URL
B. reate an Amazon API Gateway HTTP API
C. eploy the webhook logic to AWS App Runner
D. ontainerize the webhook logic
View answer
Correct Answer: B
Question #69
A company runs a proprietary stateless ETL application on an Amazon EC2 Linux instances. The application is a Linux binary, and the source code cannot be modified. The application is single-threaded, uses 2 GB of RAM, and is highly CPU intensive. The application is scheduled to run every 4 hours and runs for up to 20 minutes. A solutions architect wants to revise the architecture for the solution.Which strategy should the solutions architect use?
A. reate an Amazon CloudFront distribution to serve assets from the S3 bucket
B. reate an Amazon CloudFront distribution to serve assets from the S3 bucket
C. reate another S3 bucket in a new Region, and configure S3 Cross-Region Replication between the buckets
D. reate another S3 bucket in the sine Region, and configure S3 Same-Region Replication between the buckets
View answer
Correct Answer: C
Question #70
A company has several AWS accounts. A development team is building an automation framework for cloud governance and remediation processes. The automation framework uses AWS Lambda functions in a centralized account. A solutions architect must implement a least privilege permissions policy that allows the Lambda functions to run in each of the company's AWS accounts.Which combination of steps will meet these requirements? (Choose two.)
A. eploy a CI/CD pipeline that incorporates AMIs to contain the application and their configurations
B. pecify AWS Elastic Beanstalk to stage in a secondary environment as the deployment target for the CI/CD pipeline of the application
C. se AWS Systems Manager to re-provision the infrastructure for each deployment
D. oll out the application updates as part of an Auto Scaling event using prebuilt AMIs
View answer
Correct Answer: AB
Question #71
A company wants to migrate to AWS. The company wants to use a multi-account structure with centrally managed access to all accounts and applications. The company also wants to keep the traffic on a private network. Multi-factor authentication (MFA) is required at login, and specific roles are assigned to user groups.The company must create separate accounts for development. staging, production, and shared network. The production account and the shared network account must have connectivity to all accounts.
A. he Lambda function reached its concurrency limit
B. he Lambda function its Region limit for concurrency
C. he company reached its API Gateway account limit for calls per second
D. he company reached its API Gateway default per-method limit for calls per second
View answer
Correct Answer: ACD
Question #72
A company runs a proprietary stateless ETL application on an Amazon EC2 Linux instances. The application is a Linux binary, and the source code cannot be modified. The application is single-threaded, uses 2 GB of RAM, and is highly CPU intensive. The application is scheduled to run every 4 hours and runs for up to 20 minutes. A solutions architect wants to revise the architecture for the solution.Which strategy should the solutions architect use?
A. reate an Amazon CloudFront distribution to serve assets from the S3 bucket
B. reate an Amazon CloudFront distribution to serve assets from the S3 bucket
C. reate another S3 bucket in a new Region, and configure S3 Cross-Region Replication between the buckets
D. reate another S3 bucket in the sine Region, and configure S3 Same-Region Replication between the buckets
View answer
Correct Answer: C
Question #73
A company is migrating its development and production workloads to a new organization in AWS Organizations. The company has created a separate member account for development and a separate member account for production. Consolidated billing is linked to the management account. In the management account, a solutions architect needs to create an IAM user that can stop or terminate resources in both member accounts.Which solution will meet this requirement?
A. reate an IAM user and a cross-account role in the management account
B. reate an IAM user in each member account
C. reate an IAM user in the management account
D. reate an IAM user in the management account
View answer
Correct Answer: D
Question #74
An entertainment company recently launched a new game. To ensure a good experience for players during the launch period, the company deployed a static quantity of 12 r6g.16xlarge (memory optimized) Amazon EC2 instances behind a Network Load Balancer. The company's operations team used the Amazon CloudWatch agent and a custom metric to include memory utilization in its monitoring strategy.Analysis of the CloudWatch metrics from the launch period showed consumption at about one quarter of the CPU and memory t
A. onfigure the Auto Scaling group to deploy c6g
B. onfigure the Auto Scaling group to deploy m6g
C. onfigure the Auto Scaling group to deploy r6g
D. onfigure the Auto Scaling group to deploy r6g
View answer
Correct Answer: C
Question #75
A company wants to use AWS to create a business continuity solution in case the company's main on-premises application fails. The application runs on physical servers that also run other applications. The on-premises application that the company is planning to migrate uses a MySQL database as a data store. All the company's on-premises applications use operating systems that are compatible with Amazon EC2.Which solution will achieve the company's goal with the LEAST operational overhead?
A. nstall the AWS Replication Agent on the source servers, including the MySQL servers
B. nstall the AWS Replication Agent on the source servers, including the MySQL servers
C. reate AWS Database Migration Service (AWS DMS) replication servers and a target Amazon Aurora MySQL DB cluster to host the database
D. eploy an AWS Storage Gateway Volume Gateway on premises
View answer
Correct Answer: B
Question #76
A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts. AWS Site-to-Site VPN connections are configured between all of the company’s global offices and the transit account. The company has AWS Config enabled on all of its accounts.The company’s networking team needs to centrally manage a list of internal IP address ranges that belong to t
A. reate a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges
B. reate a new AWS Config managed rule that contains all of the internal IP address ranges
C. n the transit account, create a VPC prefix list with all of the internal IP address ranges
D. n the transit account, create a security group with all of the internal IP address ranges
View answer
Correct Answer: C
Question #77
A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.How can the company prevent users from accidentally deleting data in this way?
A. odify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources
B. onfigure a stack policy that disallows the deletion of RDS and EBS resources
C. odify IAM policies lo deny deleting RDS and EBS resources that are tagged with an "aws:cloudformation:stack-name" tag
D. se AWS Config rules to prevent deleting RDS and EBS resources
View answer
Correct Answer: A
Question #78
A company is planning to migrate 1,000 on-premises servers to AWS. The servers run on several VMware clusters in the company’s data center. As part of the migration plan, the company wants to gather server metrics such as CPU details, RAM usage, operating system information, and running processes. The company then wants to query and analyze the data.Which solution will meet these requirements?
A. eploy and configure the AWS Agentless Discovery Connector virtual appliance on the on-premises hosts
B. xport only the VM performance information from the on-premises hosts
C. reate a script to automatically gather the server information from the on-premises hosts
D. eploy the AWS Application Discovery Agent to each on-premises server
View answer
Correct Answer: D
Question #79
An entertainment company recently launched a new game. To ensure a good experience for players during the launch period, the company deployed a static quantity of 12 r6g.16xlarge (memory optimized) Amazon EC2 instances behind a Network Load Balancer. The company's operations team used the Amazon CloudWatch agent and a custom metric to include memory utilization in its monitoring strategy.Analysis of the CloudWatch metrics from the launch period showed consumption at about one quarter of the CPU and memory t
A. onfigure the Auto Scaling group to deploy c6g
B. onfigure the Auto Scaling group to deploy m6g
C. onfigure the Auto Scaling group to deploy r6g
D. onfigure the Auto Scaling group to deploy r6g
View answer
Correct Answer: C
Question #80
A company is developing a new on-demand video application that is based on microservices. The application will have 5 million users at launch and will have 30 million users after 6 months. The company has deployed the application on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. The company developed the application by using ECS services that use the HTTPS protocol.A solutions architect needs to implement updates to the application by using blue/green deployments. The solution must distribute
A. onfigure scan on push on the repository
B. onfigure scan on push on the repository
C. chedule an AWS Lambda function to start a manual image scan every hour
D. onfigure periodic image scan on the repository
View answer
Correct Answer: D
Question #81
A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL.The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks.Which solut
A. reate an Amazon CloudWatch alarm that monitors server access
B. eploy AWS Shield Advanced in addition to AWS WAF
C. reate an Amazon CloudWatch alarm that monitors user IP addresses
D. nspect access logs to find a pattern of IP addresses that launched the attacks
View answer
Correct Answer: B
Question #82
A company runs a web application on AWS. The web application delivers static content from an Amazon S3 bucket that is behind an Amazon CloudFront distribution. The application serves dynamic content by using an Application Load Balancer (ALB) that distributes requests to a fleet of Amazon EC2 instances in Auto Scaling groups. The application uses a domain name setup in Amazon Route 53.Some users reported occasional issues when the users attempted to access the website during peak hours. An operations team f
A. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type
B. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type
C. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on
D. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on
View answer
Correct Answer: C
Question #83
A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.What should the solutions architect do to meet these requirements?
A. onfigure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server
B. se the VMware vSphere client to export the application as an image in Open Virtualization Format (OVF) format
C. onfigure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share
D. reate a managed-instance activation for a hybrid environment in AWS Systems Manager
View answer
Correct Answer: B
Question #84
A solutions architect is designing the data storage and retrieval architecture for a new application that a company will be launching soon. The application is designed to ingest millions of small records per minute from devices all around the world. Each record is less than 4 KB in size and needs to be stored in a durable location where it can be retrieved with low latency. The data is ephemeral and the company is required to store the data for 120 days only, after which the data can be deleted.The solution
A. esign the application to store each incoming record as a single
B. esign the application to store each incoming record in an Amazon DynamoDB table properly configured for the scale
C. esign the application to store each incoming record in a single table in an Amazon RDS MySQL database
D. esign the application to batch incoming records before writing them to an Amazon S3 bucket
View answer
Correct Answer: B
Question #85
A solutions architect is auditing the security setup or an AWS Lambda function for a company. The Lambda function retrieves, the latest changes from an Amazon Aurora database. The Lambda function and the database run in the same VPC. Lambda environment variables are providing the database credentials to the Lambda function.The Lambda function aggregates data and makes the data available in an Amazon S3 bucket that is configured for server-side encryption with AWS KMS managed encryption keys (SSE-KMS). The d
A. nable IAM database authentication on the Aurora DB cluster
B. nable IAM database authentication on the Aurora DB cluster
C. ave the database credentials in AWS Systems Manager Parameter Store
D. ave the database credentials in AWS Secrets Manager
View answer
Correct Answer: A
Question #86
A company’s solutions architect is reviewing a web application that runs on AWS. The application references static assets in an Amazon S3 bucket in the us-east-1 Region. The company needs resiliency across multiple AWS Regions. The company already has created an S3 bucket in a second Region. Which solution will meet these requirements with the LEAST operational overhead?
A. onfigure the application to write each object to both S3 buckets
B. reate an AWS Lambda function to copy objects from the S3 bucket in us-east-1 to the S3 bucket in the second Region
C. onfigure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region
D. onfigure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region
View answer
Correct Answer: C
Question #87
A company is processing videos in the AWS Cloud by Using Amazon EC2 instances in an Auto Scaling group. It takes 30 minutes to process a video Several EC2 instances scale in and out depending on the number of videos in an Amazon Simple Queue Service (Amazon SQS) queue.The company has configured the SQS queue with a redrive policy that specifies a target dead-letter queue and a maxReceiveCount of 1. The company has set the visibility timeout for the SQS queue to 1 hour. The company has set up an Amazon Cloud
A. urn on termination protection tor the EC2 Instances
B. pdate the visibility timeout for the SQS queue to 3 hours
C. onfigure scale-in protection for the instances during processing
D. pdate the redrive policy and set maxReceiveCount to 0
View answer
Correct Answer: C
Question #88
A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL.The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks.Which solut
A. reate an Amazon CloudWatch alarm that monitors server access
B. eploy AWS Shield Advanced in addition to AWS WAF
C. reate an Amazon CloudWatch alarm that monitors user IP addresses
D. nspect access logs to find a pattern of IP addresses that launched the attacks
View answer
Correct Answer: B
Question #89
A company's solutions architect is analyzing costs of a multi-application environment. The environment is deployed across multiple Availability Zones in a single AWS Region. After a recent acquisition, the company manages two organizations in AWS Organizations. The company has created multiple service provider applications as AWS PrivateLink-powered VPC endpoint services in one organization. The company has created multiple service consumer applications in the other organization.Data transfer charges are mu
A. reate a new S3 bucket
B. reate an Amazon FSx for Windows File Server Single-AZ file system within the VPC that is connected to the Direct Connect connection
C. reate an Amazon FSx for Windows File Server Multi-AZ file system within the VPC that is connected to the Direct Connect connection
D. reate a new S3 bucket
View answer
Correct Answer: AB
Question #90
A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.Which actions should a solutions architect lake to resolve the problem and prevent it from
A. nable VPC Flow Logs
B. dd an interface VPC endpoint for Kinesis Data Streams to the VPC
C. nable VPC Flow Logs and Amazon Detective
D. dd an interface VPC endpoint for Kinesis Data Streams to the VPC
View answer
Correct Answer: ABE
Question #91
A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endpoint IP addresses are not permitted.The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.Which solution meets t
A. egister the customer-owned block of IP addresses in the company's AWS account
B. dd a subnet containing the customer-owned block of IP addresses to a VPC
C. egister the customer-owned block of IP addresses with Amazon Route 53
D. egister the customer-owned block of IP addresses in the company’s AWS account
View answer
Correct Answer: A
Question #92
A large company runs workloads in VPCs that are deployed across hundreds of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateways are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.A solutions architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internet through an egress VPC. The solutions architect already has deploye
A. se AWS Firewall Manager to create a security group and security group policy to deny access from the IP addresses
B. reate an AWS WAF web ACL with a rate-based rule, and set the rule action to Block
C. se AWS Firewall Manager to create a security group and security group policy to allow access only to specific CIDR ranges
D. reate an AWS WAF web ACL with an IP set match rule, and set the rule action to Block
View answer
Correct Answer: B
Question #93
A company is developing a new on-demand video application that is based on microservices. The application will have 5 million users at launch and will have 30 million users after 6 months. The company has deployed the application on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate. The company developed the application by using ECS services that use the HTTPS protocol.A solutions architect needs to implement updates to the application by using blue/green deployments. The solution must distribute
A. onfigure scan on push on the repository
B. onfigure scan on push on the repository
C. chedule an AWS Lambda function to start a manual image scan every hour
D. onfigure periodic image scan on the repository
View answer
Correct Answer: D
Question #94
A company wants to migrate its data analytics environment from on premises to AWS. The environment consists of two simple Node.js applications. One of the applications collects sensor data and loads it into a MySQL database. The other application aggregates the data into reports. When the aggregation jobs run, some of the load jobs fail to run correctly.The company must resolve the data loading issue. The company also needs the migration to occur without interruptions or changes for the company’s customers.
A. et up an Amazon Aurora MySQL database as a replication target for the on-premises database
B. et up an Amazon Aurora MySQL database
C. et up an Amazon Aurora MySQL database
D. et up an Amazon Aurora MySQL database
View answer
Correct Answer: C
Question #95
A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.The company recently acquired a new business unit and invited the new unit’s existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the co
A. emove the organization’s root SCPs that limit access to AWS Config
B. reate a temporary OU named Onboarding for the new account
C. onvert the organization’s root SCPs from deny list SCPs to allow list SCPs to allow the required services only
D. reate a temporary OU named Onboarding for the new account
View answer
Correct Answer: D
Question #96
An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account.What is the MOST secure way to allow org1 to access resources in org2?
A. reate an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2
B. reate an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on AWS Fargate
C. reate an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2
D. reate an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate
View answer
Correct Answer: D
Question #97
A company's solutions architect is analyzing costs of a multi-application environment. The environment is deployed across multiple Availability Zones in a single AWS Region. After a recent acquisition, the company manages two organizations in AWS Organizations. The company has created multiple service provider applications as AWS PrivateLink-powered VPC endpoint services in one organization. The company has created multiple service consumer applications in the other organization.Data transfer charges are mu
A. reate a new S3 bucket
B. reate an Amazon FSx for Windows File Server Single-AZ file system within the VPC that is connected to the Direct Connect connection
C. reate an Amazon FSx for Windows File Server Multi-AZ file system within the VPC that is connected to the Direct Connect connection
D. reate a new S3 bucket
View answer
Correct Answer: AB
Question #98
A solutions architect is planning to migrate critical Microsoft SQL Server databases to AWS. Because the databases are legacy systems, the solutions architect will move the databases to a modern data architecture. The solutions architect must migrate the databases with near-zero downtime.Which solution will meet these requirements?
A. se AWS Application Migration Service and the AWS Schema Conversion Tool (AWS SCT)
B. se AWS Database Migration Service (AWS DMS) to rehost the database
C. se native database high availability tools
D. se AWS Application Migration Service
View answer
Correct Answer: C
Question #99
A company has migrated Its forms-processing application to AWS. When users interact with the application, they upload scanned forms as files through a web application. A database stores user metadata and references to files that are stored in Amazon S3. The web application runs on Amazon EC2 instances and an Amazon RDS for PostgreSQL database.When forms are uploaded, the application sends notifications to a team through Amazon Simple Notification Service (Amazon SNS). A team member then logs in and processe
A. evelop custom libraries to perform optical character recognition (OCR) on the forms
B. xtend the system with an application tier that uses AWS Step Functions and AWS Lambda
C. ost a new application tier on EC2 instances
D. xtend the system with an application tier that uses AWS Step Functions and AWS Lambda
View answer
Correct Answer: D
Question #100
A company is hosting a monolithic REST-based API for a mobile app on five Amazon EC2 instances in public subnets of a VPC. Mobile clients connect to the API by using a domain name that is hosted on Amazon Route 53. The company has created a Route 53 multivalue answer routing policy with the IP addresses of all the EC2 instances. Recently, the app has been overwhelmed by large and sudden increases to traffic. The app has not been able to keep up with the traffic.A solutions architect needs to implement a sol
A. eparate the API into individual AWS Lambda functions
B. ontainerize the API logic
C. reate an Auto Scaling group
D. reate an Application Load Balancer (ALB) in front of the API
View answer
Correct Answer: D
Question #101
A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS queue. The company wants to re-architect the application
A. se Amazon ECS containers for the web application and Spot instances for the Auto Scaling group that processes the SQS queue
B. tore the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application
C. ost the web application in Amazon S3
D. se AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the web application and launch a worker environment to process the SQS queue
View answer
Correct Answer: C
Question #102
A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
A. reate a new VPC for outbound traffic to the internet
B. reate a new VPC for outbound traffic to the internet
C. reate an AWS Network Firewall firewall for rule-based filtering in each AWS account
D. n each AWS account, create an Auto Scaling group of network-optimized Amazon EC2 instances that run an open-source internet proxy for rule-based filtering
View answer
Correct Answer: BD
Question #103
A company wants to use AWS for disaster recovery for an on-premises application. The company has hundreds of Windows-based servers that run the application. All the servers mount a common share.The company has an RTO of 15 minutes and an RPO of 5 minutes. The solution must support native failover and fallback capabilities.Which solution will meet these requirements MOST cost-effectively?
A. reate an AWS Storage Gateway File Gateway
B. reate a set of AWS CloudFormation templates to create infrastructure
C. reate an AWS Cloud Development Kit (AWS CDK) pipeline to stand up a multi-site active-active environment on AWS
D. se AWS Elastic Disaster Recovery to replicate the on-premises servers
View answer
Correct Answer: D
Question #104
A company needs to audit the security posture of a newly acquired AWS account. The company’s data security team requires a notification only when an Amazon S3 bucket becomes publicly exposed. The company has already established an Amazon Simple Notification Service (Amazon SNS) topic that has the data security team's email address subscribed.Which solution will meet these requirements?
A. reate an S3 event notification on all S3 buckets for the isPublic event
B. reate an analyzer in AWS Identity and Access Management Access Analyzer
C. reate an Amazon EventBridge rule for the event type “Bucket-Level API Call via CloudTrail” with a filter for “PutBucketPolicy
D. ctivate AWS Config and add the cloudtrail-s3-dataevents-enabled rule
View answer
Correct Answer: B
Question #105
A large education company recently introduced Amazon Workspaces to provide access to internal applications across multiple universities. The company is storing user profiles on an Amazon FSx for Windows File Server file system. The file system is configured with a DNS alias and is connected to a self-managed Active Directory. As more users begin to use the Workspaces, login time increases to unacceptable levels.An investigation reveals a degradation in performance of the file system. The company created the
A. se AWS Backup to create a point-in-time backup of the file system
B. isconnect users from the file system
C. eploy an AWS DataSync agent onto a new Amazon EC2 instance
D. nable shadow copies on the existing file system by using a Windows PowerShell command
View answer
Correct Answer: A
Question #106
A solutions architect is planning to migrate critical Microsoft SQL Server databases to AWS. Because the databases are legacy systems, the solutions architect will move the databases to a modern data architecture. The solutions architect must migrate the databases with near-zero downtime.Which solution will meet these requirements?
A. se AWS Application Migration Service and the AWS Schema Conversion Tool (AWS SCT)
B. se AWS Database Migration Service (AWS DMS) to rehost the database
C. se native database high availability tools
D. se AWS Application Migration Service
View answer
Correct Answer: C
Question #107
A financial services company in North America plans to release a new online web application to its customers on AWS. The company will launch the application in the us-east-1 Region on Amazon EC2 instances. The application must be highly available and must dynamically scale to meet user traffic. The company also wants to implement a disaster recovery environment for the application in the us-west-1 Region by using active-passive failover.Which solution will meet these requirements?
A. reate a VPC in us-east-1 and a VPC in us-west-1
B. reate a VPC in us-east-1 and a VPC in us-west-1
C. reate a VPC in us-east-1 and a VPC in us-west-1
D. reate a VPC in us-east-1 and a VPC in us-west-1
View answer
Correct Answer: C
Question #108
A company has created an OU in AWS Organizations for each of its engineering teams. Each OU owns multiple AWS accounts. The organization has hundreds of AWS accounts.A solutions architect must design a solution so that each OU can view a breakdown of usage costs across its AWS accounts.Which solution meets these requirements?
A. reate an AWS Cost and Usage Report (CUR) for each OU by using AWS Resource Access Manager
B. reate an AWS Cost and Usage Report (CUR) from the AWS Organizations management account
C. reate an AWS Cost and Usage Report (CUR) in each AWS Organizations member account
D. reate an AWS Cost and Usage Report (CUR) by using AWS Systems Manager
View answer
Correct Answer: B
Question #109
A company with several AWS accounts is using AWS Organizations and service control policies (SCPs). An administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111: Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the administrator address this problem?
A. dd s3:CreateBucket with “Allow” effect to the SCP
B. emove the account from the OU, and attach the SCP directly to account 1111-1111-1111
C. nstruct the developers to add Amazon S3 permissions to their IAM entities
D. emove the SCP from account 1111-1111-1111
View answer
Correct Answer: C
Question #110
A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production.The HR department is releasing a new system that will launch in 3 months. In preparation, the H
A. n the AWS Billing and Cost Management console for the HR department's production account turn off RI sharing
B. emove the HR department's production AWS account from the organization
C. n the AWS Billing and Cost Management console
D. reate an SCP in the organization to restrict access to the RIs
View answer
Correct Answer: C
Question #111
A company has built a high performance computing (HPC) cluster in AWS for a tightly coupled workload that generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster size to 1.000 EC2 instances, overall performance was well below expectations.Which collection of design choices should a solutions architect make to achieve the maximum performance from the HPC clust
A. se an SCP to deny the creation of resources that do not have the required tags
B. se an SCP to deny the creation of resources that do not have the required tags
C. se an SCP to allow the creation of resources only when the resources have the required tags
D. se an SCP to deny the creation of resources that do not have the required tags
View answer
Correct Answer: ACF
Question #112
A company operates an on-premises software-as-a-service (SaaS) solution that ingests several files daily. The company provides multiple public SFTP endpoints to its customers to facilitate the file transfers. The customers add the SFTP endpoint IP addresses to their firewall allow list for outbound traffic. Changes to the SFTP endpoint IP addresses are not permitted.The company wants to migrate the SaaS solution to AWS and decrease the operational overhead of the file transfer service.Which solution meets t
A. egister the customer-owned block of IP addresses in the company's AWS account
B. dd a subnet containing the customer-owned block of IP addresses to a VPC
C. egister the customer-owned block of IP addresses with Amazon Route 53
D. egister the customer-owned block of IP addresses in the company’s AWS account
View answer
Correct Answer: A
Question #113
A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company's information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application.Which combination of steps should the solutions architec
A. nable VPC flows logs, and send them to CloudWatch
B. reate an Amazon Kinesis Data Firehose delivery stream with Splunk as the destination
C. sk the company to log every request that is made to the databases along with the EC2 instance IP address
D. end the CloudWatch logs to an Amazon Kinesis data stream with Amazon Kinesis Data Analytics for SQL Applications
View answer
Correct Answer: AC
Question #114
A digital marketing company has multiple AWS accounts that belong to various teams. The creative team uses an Amazon S3 bucket in its AWS account to securely store images and media files that are used as content for the company’s marketing campaigns. The creative team wants to share the S3 bucket with the strategy team so that the strategy team can view the objects.A solutions architect has created an IAM role that is named strategy_reviewer in the Strategy account. The solutions architect also has set up a
A. se regularly scheduled AWS Snowball Edge devices to transfer the sequencing data into AWS
B. se AWS Data Pipeline to transfer the sequencing data to Amazon S3
C. se AWS DataSync to transfer the sequencing data to Amazon S3
D. se an AWS Storage Gateway file gateway to transfer the sequencing data to Amazon S3
View answer
Correct Answer: ACF
Question #115
A company manufactures smart vehicles. The company uses a custom application to collect vehicle data. The vehicles use the MQTT protocol to connect to the application. The company processes the data in 5-minute intervals. The company then copies vehicle telematics data to on-premises storage. Custom applications analyze this data to detect anomalies.The number of vehicles that send data grows constantly. Newer vehicles generate high volumes of data. The on-premises storage solution is not able to scale for
A. se AWS IoT Greengrass to send the vehicle data to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
B. se AWS IoT Core to receive the vehicle data
C. se AWS IoT FleetWise to collect the vehicle data
D. se Amazon MQ for RabbitMQ to collect the vehicle data
View answer
Correct Answer: B
Question #116
A company has an on-premises monitoring solution using a PostgreSQL database for persistence of events. The database is unable to scale due to heavy ingestion and it frequently runs out of storage.The company wants to create a hybrid solution and has already set up a VPN connection between its network and AWS. The solution should include the following attributes:-Managed AWS services to minimize operational complexity.-A buffer that automatically scales to match the throughput of data and requires no ongoin
A. reate a private VIF from the DX-A connection into a Direct Connect gateway
B. reate a transit VIF from the DX-A connection into a Direct Connect gateway
C. reate a transit VIF from the DX-A connection into a Direct Connect gateway
D. reate a transit VIF from the DX-A connection into a Direct Connect gateway
View answer
Correct Answer: AD
Question #117
A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC. The company needs to integrate the application with a new service from an external provider. The external provider supports only requests that come from public IPv4 addresses that are in an allow list.The company must provide a single public IP address to the external provider before the application can start using the new service.Which solution will give the application the ability to access the ne
A. eploy a NAT gateway
B. eploy an egress-only internet gateway
C. eploy an internet gateway
D. eploy an internet gateway
View answer
Correct Answer: A
Question #118
A solutions architect needs to implement a client-side encryption mechanism for objects that will be stored in a new Amazon S3 bucket. The solutions architect created a CMK that is stored in AWS Key Management Service (AWS KMS) for this purpose.The solutions architect created the following IAM policy and attached it to an IAM role:During tests, the solutions architect was able to successfully get existing test objects in the S3 bucket. However, attempts to upload a new object resulted in an error message. T
A. ms:GenerateDataKey
B. ms:GetKeyPolicy
C. ms:GetPublicKey
D. ms:Sign
View answer
Correct Answer: A
Question #119
A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances in the us-east-1 Region. Artists upload photos of their work as large-size. high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region. The users in Europe are reporting slow performance for their image uploads.How can a solutions architect improve the performance of the image upload process?
A. edeploy the application to use S3 multipart uploads
B. reate an Amazon CloudFront distribution and point to the application as a custom origin
C. onfigure the buckets to use S3 Transfer Acceleration
D. reate an Auto Scaling group for the EC2 instances and create a scaling policy
View answer
Correct Answer: C
Question #120
A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.The company has the following DNS resolution requirements:On-premises systems should be able to resolve and connect to cloud.example.com.All VPCs should be able to resolve cloud.example.com.There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.Which architecture sho
A. ssociate the private hosted zone to all the VPCs
B. ssociate the private hosted zone to all the VPCs
C. ssociate the private hosted zone to the shared services VPCreate a Route 53 outbound resolver in the shared services VPAttach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud
D. ssociate the private hosted zone to the shared services VPC
View answer
Correct Answer: D
Question #121
A company is planning to host a web application on AWS and wants to load balance the traffic across a group of Amazon EC2 instances. One of the security requirements is to enable end-to-end encryption in transit between the client and the web server.Which solution will meet this requirement?
A. lace the EC2 instances behind an Application Load Balancer (ALB)
B. ssociate the EC2 instances with a target group
C. lace the EC2 instances behind an Application Load Balancer (ALB) Provision an SSL certificate using AWS Certificate Manager (ACM), and associate the SSL certificate with the ALB
D. lace the EC2 instances behind a Network Load Balancer (NLB)
View answer
Correct Answer: C
Question #122
A solutions architect is designing a solution to process events. The solution must have the ability to scale in and out based on the number of events that the solution receives. If a processing error occurs, the event must move into a separate queue for review.Which solution will meet these requirements?
A. end event details to an Amazon Simple Notification Service (Amazon SNS) topic
B. ublish events to an Amazon Simple Queue Service (Amazon SQS) queue
C. rite events to an Amazon DynamoDB table
D. ublish events to an Amazon EventBndge event bus
View answer
Correct Answer: A
Question #123
A company is storing data on premises on a Windows file server. The company produces 5 GB of new data daily.The company migrated part of its Windows-based workload to AWS and needs the data to be available on a file system in the cloud. The company already has established an AWS Direct Connect connection between the on-premises network and AWS.Which data migration strategy should the company use?
A. se the file gateway option in AWS Storage Gateway to replace the existing Windows file server, and point the existing file share to the new file gateway
B. se AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon FSx
C. se AWS Data Pipeline to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
D. se AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: B
Question #124
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failur
A. reate an AWS PrivateLink interface VPC endpoint
B. reate an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC
C. reate a VPC peering connection between the third-party SaaS application and the company VP Update route tables by adding the needed routes for the peering connection
D. reate an AWS PrivateLink endpoint service
View answer
Correct Answer: ADF
Question #125
A company has a website that runs on four Amazon EC2 instances that are behind an Application Load Balancer (ALB). When the ALB detects that an EC2 instance is no longer available, an Amazon CloudWatch alarm enters the ALARM state. A member of the company's operations team then manually adds a new EC2 instance behind the ALB.A solutions architect needs to design a highly available solution that automatically handles the replacement of EC2 instances. The company needs to minimize downtime during the switch t
A. elete the existing ALB
B. reate an Auto Scaling group that is configured to handle the web application traffic
C. elete the existing ALB and the EC2 instances
D. reate an Auto Scaling group that is configured to handle the web application traffic
View answer
Correct Answer: B
Question #126
A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.How can the company prevent users from accidentally deleting data in this way?
A. odify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources
B. onfigure a stack policy that disallows the deletion of RDS and EBS resources
C. odify IAM policies lo deny deleting RDS and EBS resources that are tagged with an "aws:cloudformation:stack-name" tag
D. se AWS Config rules to prevent deleting RDS and EBS resources
View answer
Correct Answer: A
Question #127
A company uses an AWS CodeCommit repository. The company must store a backup copy of the data that is in the repository in a second AWS Region.Which solution will meet these requirements?
A. nstruct each business unit to add a unique secondary CIDR range to the business unit's VPC
B. reate an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VPC
C. reate an AWS PrivateLink endpoint service to share the marketing application
D. reate a Network Load Balancer (NLB) in front of the marketing application in a private subnet
View answer
Correct Answer: C
Question #128
A company has 10 accounts that are part of an organization in AWS Organizations. AWS Config is configured in each account. All accounts belong to either the Prod OU or the NonProd OU.The company has set up an Amazon EventBridge rule in each AWS account to notify an Amazon Simple Notification Service (Amazon SNS) topic when an Amazon EC2 security group inbound rule is created with 0.0.0.0/0 as the source. The company’s security team is subscribed to the SNS topic.For all accounts in the NonProd OU, the secur
A. odify the EventBridge rule to invoke an AWS Lambda function to remove the security group inbound rule and to publish to the SNS topic
B. dd the vpc-sg-open-only-to-authorized-ports AWS Config managed rule to the NonProd OU
C. onfigure an SCP to allow the ec2:AuthorizeSecurityGroupIngress action when the value of the aws:SourceIp condition key is not 0
D. onfigure an SCP to deny the ec2:AuthorizeSecurityGroupIngress action when the value of the aws:SourceIp condition key is 0
View answer
Correct Answer: C
Question #129
A retail company needs to provide a series of data files to another company, which is its business partner. These files are saved in an Amazon S3 bucket under Account A, which belongs to the retail company. The business partner company wants one of its IAM users, User_DataProcessor, to access the files from its own AWS account (Account B).Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Choose two.)
A. urn on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account
B. n Account A, set the S3 bucket policy to the following:
C. n Account A, set the S3 bucket policy to the following:
D. n Account B, set the permissions of User_DataProcessor to the following:
E. n Account B, set the permissions of User_DataProcessor to the following:
View answer
Correct Answer: C
Question #130
A video processing company wants to build a machine learning (ML) model by using 600 TB of compressed data that is stored as thousands of files in the company's on-premises network attached storage system. The company does not have the necessary compute resources on premises for ML experiments and wants to use AWS.The company needs to complete the data transfer to AWS within 3 weeks. The data transfer will be a one-time transfer. The data must be encrypted in transit. The measured upload speed of the compan
A. rder several AWS Snowball Edge Storage Optimized devices by using the AWS Management Console
B. et up a 10 Gbps AWS Direct Connect connection between the company location and the nearest AWS Region
C. reate a VPN connection between the on-premises network attached storage and the nearest AWS Region
D. eploy an AWS Storage Gateway file gateway on premises
View answer
Correct Answer: A
Question #131
A company is running applications on AWS in a multi-account environment. The company's sales team and marketing team use separate AWS accounts in AWS Organizations.The sales team stores petabytes of data in an Amazon S3 bucket. The marketing team uses Amazon QuickSight for data visualizations. The marketing team needs access to data that the sates team stores in the S3 bucket. The company has encrypted the S3 bucket with an AWS Key Management Service (AWS KMS) key. The marketing team has already created the
A. reate a new S3 bucket in the marketing account
B. reate an SCP to grant access to the S3 bucket to the marketing account
C. pdate the S3 bucket policy in the marketing account to grant access to the QuickSight role
D. reate an IAM role in the sales account and grant access to the S3 bucket
View answer
Correct Answer: D
Question #132
A company has Linux-based Amazon EC2 instances. Users must access the instances by using SSH with EC2 SSH key pairs. Each machine requires a unique EC2 key pair.The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the keys in a securely encrypted place. The company will accept less than 1 minute of downtime during key rotation.Which solution will meet these requirements?
A. tore all the keys in AWS Secrets Manager
B. tore all the keys in Parameter Store, a capability of AWS Systems Manager, as a string
C. mport the EC2 key pairs into AWS Key Management Service (AWS KMS)
D. dd all the EC2 instances to Fleet Manager, a capability of AWS Systems Manager
View answer
Correct Answer: A
Question #133
A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks. Trusted access has been enabled in Organizations.What should the solutions
A. reate a stack set in the Organizations member accounts
B. reate stacks in the Organizations member accounts
C. reate a stack set in the Organizations management account
D. reate stacks in the Organizations management account
View answer
Correct Answer: C
Question #134
A company has 50 AWS accounts that are members of an organization in AWS Organizations. Each account contains multiple VPCs. The company wants to use AWS Transit Gateway to establish connectivity between the VPCs in each member account. Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment.Which combination of steps will meet these requirements? (Choose two.)
A. reate an IAM role named procurement-manager-role in all AWS accounts in the organization
B. reate an IAM role named procurement-manager-role in all AWS accounts in the organization
C. reate an IAM role named procurement-manager-role in all the shared services accounts in the organization
D. reate an IAM role named procurement-manager-role in all AWS accounts that will be used by developers
View answer
Correct Answer: AC
Question #135
A company is running a web application in a VPC. The web application runs on a group of Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is using AWS WAF.An external customer needs to connect to the web application. The company must provide IP addresses to all external customers.Which solution will meet these requirements with the LEAST operational overhead?
A. eplace the ALB with a Network Load Balancer (NLB)
B. llocate an Elastic IP address
C. reate an AWS Global Accelerator standard accelerator
D. onfigure an Amazon CloudFront distribution
View answer
Correct Answer: C
Question #136
A company’s factory and automation applications are running in a single VPC. More than 20 applications run on a combination of Amazon EC2, Amazon Elastic Container Service (Amazon ECS), and Amazon RDS.The company has software engineers spread across three teams. One of the three teams owns each application, and each time is responsible for the cost and performance of all of its applications. Team resources have tags that represent their application and team. The teams use IAM access for daily activities.The
A. ssociate a block of customer-owned public IP addresses to the VPC
B. egister a block of customer-owned public IP addresses in the AWS account
C. reate Elastic IP addresses from the block of customer-owned IP addresses
D. egister a block of customer-owned public IP addresses in the AWS account
View answer
Correct Answer: ACF
Question #137
A company runs a customer service center that accepts calls and automatically sends all customers a managed, interactive, two-way experience survey by text message. The applications that support the customer service center run on machines that the company hosts in an on-premises data center. The hardware that the company uses is old, and the company is experiencing downtime with the system. The company wants to migrate the system to AWS to improve reliability.Which solution will meet these requirements with
A. se Amazon Connect to replace the old call center hardware
B. se Amazon Connect to replace the old call center hardware
C. igrate the call center software to Amazon EC2 instances that are in an Auto Scaling group
D. se Amazon Pinpoint to replace the old call center hardware and to send text message surveys to customers
View answer
Correct Answer: A
Question #138
A company needs to build a disaster recovery (DR) solution for its ecommerce website. The web application is hosted on a fleet of t3.large Amazon EC2 instances and uses an Amazon RDS for MySQL DB instance. The EC2 instances are in an Auto Scaling group that extends across multiple Availability Zones.In the event of a disaster, the web application must fail over to the secondary environment with an RPO of 30 seconds and an RTO of 10 minutes.Which solution will meet these requirements MOST cost-effectively?
A. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
B. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
C. et up a backup plan in AWS Backup to create cross-Region backups for the EC2 instances and the DB instance
D. se infrastructure as code (IaC) to provision the new infrastructure in the DR Region
View answer
Correct Answer: B
Question #139
A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCs in multiple AWS accounts. Currently, the applications are accessible from the company's on-premises office network through an AWS Site-to-Site VPN connection. The VPC in the company's main AWS account has peering connections established with VPCs in other AWS accounts. A solutions architect must design a scalable AWS Client VPN s
A. reate a Client VPN endpoint in each AWS account
B. reate a Client VPN endpoint in the main AWS account
C. reate a Client VPN endpoint in the main AWS account
D. reate a Client VPN endpoint in the main AWS account
View answer
Correct Answer: B
Question #140
A company needs to migrate its customer transactions database from on premises to AWS. The database resides on an Oracle DB instance that runs on a Linux server. According to a new security requirement, the company must rotate the database password each year.Which solution will meet these requirements with the LEAST operational overhead?
A. onvert the database to Amazon DynamoDB by using the AWS Schema Conversion Tool (AWS SCT)
B. igrate the database to Amazon RDS for Oracle
C. igrate the database to an Amazon EC2 instance
D. igrate the database to Amazon Neptune by using the AWS Schema Conversion Tool (AWS SCT)
View answer
Correct Answer: B
Question #141
A company runs a serverless application in a single AWS Region. The application accesses external URLs and extracts metadata from those sites. The company uses an Amazon Simple Notification Service (Amazon SNS) topic to publish URLs to an Amazon Simple Queue Service (Amazon SQS) queue. An AWS Lambda function uses the queue as an event source and processes the URLs from the queue. Results are saved to an Amazon S3 bucket.The company wants to process each URL in other Regions to compare possible differences i
A. se AWS Lambda to run the application
B. se AWS Batch to run the application
C. se AWS Fargate to run the application
D. se Amazon EC2 Spot Instances to run the application
View answer
Correct Answer: AC
Question #142
A company is using Amazon OpenSearch Service to analyze data. The company loads data into an OpenSearch Service cluster with 10 data nodes from an Amazon S3 bucket that uses S3 Standard storage. The data resides in the cluster for 1 month for read-only analysis. After 1 month, the company deletes the index that contains the data from the cluster. For compliance purposes, the company must retain a copy of all input data.The company is concerned about ongoing costs and asks a solutions architect to recommend
A. eplace all the data nodes with UltraWarm nodes to handle the expected capacity
B. educe the number of data nodes in the cluster to 2 Add UltraWarm nodes to handle the expected capacity
C. educe the number of data nodes in the cluster to 2
D. educe the number of data nodes in the cluster to 2
View answer
Correct Answer: B
Question #143
A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company’s IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role.The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to acces
A. reate an organization in AWS Organizations
B. reate an organization in AWS Organizations
C. reate an organization in AWS Organizations
D. reate an organization in AWS Organizations
View answer
Correct Answer: D
Question #144
A solutions architect wants to cost-optimize and appropriately size Amazon EC2 instances in a single AWS account. The solutions architect wants to ensure that the instances are optimized based on CPU, memory, and network metrics.Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
A. onfigure AWS Elastic Disaster Recovery to replicate the CodeCommit repository data to the second Region
B. se AWS Backup to back up the CodeCommit repository on an hourly schedule
C. reate an Amazon EventBridge rule to invoke AWS CodeBuild when the company pushes code to the repository
D. reate an AWS Step Functions workflow on an hourly schedule to take a snapshot of the CodeCommit repository
View answer
Correct Answer: CD
Question #145
A company runs a Java application that has complex dependencies on VMs that are in the company's data center. The application is stable. but the company wants to modernize the technology stack. The company wants to migrate the application to AWS and minimize the administrative overhead to maintain the servers.Which solution will meet these requirements with the LEAST code changes?
A. igrate the application to Amazon Elastic Container Service (Amazon ECS) on AWS Fargate by using AWS App2Container
B. igrate the application code to a container that runs in AWS Lambda
C. igrate the application to Amazon Elastic Kubernetes Service (Amazon EKS) on EKS managed node groups by using AWS App2Container
D. igrate the application code to a container that runs in AWS Lambda
View answer
Correct Answer: A
Question #146
A company uses Amazon S3 to store files and images in a variety of storage classes. The company's S3 costs have increased substantially during the past year.A solutions architect needs to review data trends for the past 12 months and identity the appropriate storage class for the objects.Which solution will meet these requirements?
A. se AWS CloudFormation templates
B. se AWS Organizations
C. se AWS Organizations and AWS CloudFormation StackSets
D. se nested stacks with AWS CloudFormation templates
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.