DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

AWS SAP-C02 Exam Questions for Effective Preparation | AWS Certified Solutions Architect - Professional

Achieving the AWS Certified Solutions Architect - Professional certification is a testament to your advanced expertise in architecting complex AWS solutions. However, preparing for the SAP-C02 exam can be a daunting task. This is where SPOTO's AWS SAP-C02 Exam Questions can be your invaluable ally. SPOTO's exam questions and answers are meticulously crafted by industry experts, ensuring they accurately reflect the real exam content. These study materials cover a wide range of test questions spanning various topics, allowing you to thoroughly assess your knowledge and identify areas that require further preparation. Additionally, SPOTO offers mock exams that simulate the actual certification exam environment, enabling you to gauge your readiness and build confidence. With these comprehensive exam resources at your disposal, you can effectively prepare and increase your chances of passing the AWS Certified Solutions Architect - Professional exam successfully on your first attempt.
Take other online exams

Question #1
A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declinin
A. reate a queue using Amazon SQS
B. reate a queue using Amazon MQ
C. reate a queue using Amazon MQ
D. reate a queue using Amazon SQS
View answer
Correct Answer: D
Question #2
A health insurance company stores personally identifiable information (PII) in an Amazon S3 bucket. The company uses server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the objects. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company’s security team manages. The S3 bucket does not have versioning enabled.Which solution will meet these requirements?
A. n the S3 bucket properties, change the default encryption to SSE-S3 with a customer managed key
B. n the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
C. n the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
D. n the S3 bucket properties, change the default encryption to AES-256 with a customer managed key
View answer
Correct Answer: D
Question #3
A company is hosting a monolithic REST-based API for a mobile app on five Amazon EC2 instances in public subnets of a VPC. Mobile clients connect to the API by using a domain name that is hosted on Amazon Route 53. The company has created a Route 53 multivalue answer routing policy with the IP addresses of all the EC2 instances. Recently, the app has been overwhelmed by large and sudden increases to traffic. The app has not been able to keep up with the traffic.A solutions architect needs to implement a sol
A. eparate the API into individual AWS Lambda functions
B. ontainerize the API logic
C. reate an Auto Scaling group
D. reate an Application Load Balancer (ALB) in front of the API
View answer
Correct Answer: D
Question #4
A company is developing a new service that will be accessed using TCP on a static port. A solutions architect must ensure that the service is highly available, has redundancy across Availability Zones, and is accessible using the DNS name my.service.com, which is publicly accessible. The service must use fixed address assignments so other companies can add the addresses to their allow lists.Assuming that resources are deployed in multiple Availability Zones in a single Region, which solution will meet these
A. reate Amazon EC2 instances with an Elastic IP address for each instance
B. reate an Amazon ECS cluster and a service definition for the application
C. reate Amazon EC2 instances for the service
D. reate an Amazon ECS cluster and a service definition for the application
View answer
Correct Answer: C
Question #5
A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances use a variety of tools to perform patching. Management requires a single report showing the patch status of all the servers and instances.Which set of actions should a solutions architect take to meet these requirements?
A. se AWS Systems Manager to manage patches on the on-premises servers and EC2 instances
B. se AWS OpsWorks to manage patches on the on-premises servers and EC2 instances
C. se an Amazon EventBridge rule to apply patches by scheduling an AWS Systems Manager patch remediation job
D. se AWS OpsWorks to manage patches on the on-premises servers and EC2 instances
View answer
Correct Answer: A
Question #6
During an audit, a security team discovered that a development team was putting IAM user secret access keys in their code and then committing it to an AWS CodeCommit repository. The security team wants to automatically find and remediate instances of this security vulnerability.Which solution will ensure that the credentials are appropriately secured automatically?
A. un a script nightly using AWS Systems Manager Run Command to search for credentials on the development instances
B. se a scheduled AWS Lambda function to download and scan the application code from CodeCommit
C. onfigure Amazon Macie to scan for credentials in CodeCommit repositories
D. onfigure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions for credentials
View answer
Correct Answer: D
Question #7
A company is implementing a serverless architecture by using AWS Lambda functions that need to access a Microsoft SQL Server DB instance on Amazon RDS. The company has separate environments for development and production, including a clone of the database system.The company's developers are allowed to access the credentials for the development database. However, the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access. Thi
A. eploy Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer for the web tier and for the application tier
B. reate images of all the servers by using AWS Database Migration Service (AWS DMS)
C. ontainerize the web frontend tier and the application tier
D. eparate the application functions into AWS Lambda functions
View answer
Correct Answer: D
Question #8
Example Corp. has an on-premises data center and a VPC named VPC A in the Example Corp. AWS account. The on-premises network connects to VPC A through an AWS Site-To-Site VPN. The on-premises servers can properly access VPC
A. Example Corp
A. reate a transit gateway
B. reate a transit gateway
C. pdate the route tables for the Site-to-Site VPN and both VPCs for all three networks
D. odify the Site-to-Site VPN’s virtual private gateway definition to include VPC A and VPC B
View answer
Correct Answer: A
Question #9
A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-Region AWS CloudTrail trail in the AWS account.Which combination of steps will meet these requirements? (Choose three.)
A. reate an Amazon EventBridge rule that runs once every day
B. reate an Amazon EventBridge rule that runs every business day in the evening
C. reate an Amazon EventBridge rule that runs every business day in the evening, Configure the rule to invoke an AWS Lambda function that terminates, instances based on the lag
D. reate an Amazon EventBridge rule that runs every hour
View answer
Correct Answer: ADE
Question #10
A company has a latency-sensitive trading platform that uses Amazon DynamoDB as a storage backend. The company configured the DynamoDB table to use on-demand capacity mode. A solutions architect needs to design a solution to improve the performance of the trading platform. The new solution must ensure high availability for the trading platform.Which solution will meet these requirements with the LEAST latency?
A. reate a two-node DynamoDB Accelerator (DAX) cluster
B. reate a three-node DynamoDB Accelerator (DAX) cluster
C. reate a three-node DynamoDB Accelerator (DAX) cluster
D. reate a single-node DynamoDB Accelerator (DAX) cluster
View answer
Correct Answer: B
Question #11
A video processing company has an application that downloads images from an Amazon S3 bucket, processes the images, stores a transformed image in a second S3 bucket, and updates metadata about the image in an Amazon DynamoDB table. The application is written in Node.js and runs by using an AWS Lambda function. The Lambda function is invoked when a new image is uploaded to Amazon S3.The application ran without incident for a while. However, the size of the images has grown significantly. The Lambda function
A. urn on mandatory guardrails in AWS Control Tower
B. nable the appropriate guardrail from the list of strongly recommended guardrails in AWS Control Tower
C. se AWS Config to create a new mandatory guardrail
D. reate a custom SCP in AWS Control Tower
View answer
Correct Answer: AB
Question #12
A solutions architect needs to improve an application that is hosted in the AWS Cloud. The application uses an Amazon Aurora MySQL DB instance that is experiencing overloaded connections. Most of the application’s operations insert records into the database. The application currently stores credentials in a text-based configuration file.The solutions architect needs to implement a solution so that the application can handle the current connection load. The solution must keep the credentials secure and must
A. eploy an Amazon RDS Proxy layer
B. eploy an Amazon RDS Proxy layer in front of the DB instance
C. reate an Aurora Replica
D. reate an Aurora Replica
View answer
Correct Answer: A
Question #13
A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company's information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application.Which combination of steps should the solutions architec
A. nable VPC flows logs, and send them to CloudWatch
B. reate an Amazon Kinesis Data Firehose delivery stream with Splunk as the destination
C. sk the company to log every request that is made to the databases along with the EC2 instance IP address
D. end the CloudWatch logs to an Amazon Kinesis data stream with Amazon Kinesis Data Analytics for SQL Applications
View answer
Correct Answer: AC
Question #14
A company runs an application on AWS. The company curates data from several different sources. The company uses proprietary algorithms to perform data transformations and aggregations. After the company performs ETL processes, the company stores the results in Amazon Redshift tables. The company sells this data to other companies. The company downloads the data as files from the Amazon Redshift tables and transmits the files to several data customers by using FTP. The number of data customers has grown sign
A. se AWS Data Exchange for APIs to share data with customers
B. n the AWS account of the company that produces the data, create an AWS Data Exchange datashare by connecting AWS Data Exchange to the Redshift cluster
C. ownload the data from the Amazon Redshift tables to an Amazon S3 bucket periodically
D. ublish the Amazon Redshift data to an Open Data on AWS Data Exchange
View answer
Correct Answer: B
Question #15
A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest. A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront.Which combination of steps will meet the encryption requirements? (Choose three.)
A. tore the database credentials in AWS Systems Manager Parameter Store by using a SecureString parameter that is encrypted by an AWS Key Management Service (AWS KMS) customer managed key
B. ncrypt the database credentials by using the AWS Key Management Service (AWS KMS) default Lambda key
C. tore the database credentials in the environment variables of each Lambda function
D. tore the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customer managed key
View answer
Correct Answer: ACE
Question #16
A company has more than 10,000 sensors that send data to an on-premises Apache Kafka server by using the Message Queuing Telemetry Transport (MQTT) protocol. The on-premises Kafka server transforms the data and then stores the results as objects in an Amazon S3 bucket.Recently, the Kafka server crashed. The company lost sensor data while the server was being restored. A solutions architect must create a new design on AWS that is highly available and scalable to prevent a similar occurrence.Which solution wi
A. aunch two Amazon EC2 instances to host the Kafka server in an active/standby configuration across two Availability Zones
B. igrate the on-premises Kafka server to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
C. eploy AWS IoT Core, and connect it to an Amazon Kinesis Data Firehose delivery stream
D. eploy AWS IoT Core, and launch an Amazon EC2 instance to host the Kafka server
View answer
Correct Answer: C
Question #17
A company is migrating an application from on-premises infrastructure to the AWS Cloud. During migration design meetings, the company expressed concerns about the availability and recovery options for its legacy Windows file server. The file server contains sensitive business-critical data that cannot be recreated in the event of data corruption or data loss. According to compliance requirements, the data must not travel across the public internet. The company wants to move to AWS managed services where pos
A. reate a destination Amazon S3 bucket in the DR Region
B. reate an FSx for Windows File Server file system in the DR Region
C. reate an FSx for Windows File Server file system in the DR Region
D. reate an FSx for Windows File Server file system in the DR Region
View answer
Correct Answer: C
Question #18
A company uses Amazon S3 to store files and images in a variety of storage classes. The company's S3 costs have increased substantially during the past year.A solutions architect needs to review data trends for the past 12 months and identity the appropriate storage class for the objects.Which solution will meet these requirements?
A. se AWS CloudFormation templates
B. se AWS Organizations
C. se AWS Organizations and AWS CloudFormation StackSets
D. se nested stacks with AWS CloudFormation templates
View answer
Correct Answer: C
Question #19
A company wants to migrate to AWS. The company is running thousands of VMs in a VMware ESXi environment. The company has no configuration management database and has little knowledge about the utilization of the VMware portfolio.A solutions architect must provide the company with an accurate inventory so that the company can plan for a cost-effective migration.Which solution will meet these requirements with the LEAST operational overhead?
A. se AWS Systems Manager Patch Manager to deploy Migration Evaluator to each VM
B. xport the VMware portfolio to a
C. eploy the Migration Evaluator agentless collector to the ESXi hypervisor
D. eploy the AWS Application Migration Service Agent to each VM
View answer
Correct Answer: C
Question #20
A company recently deployed an application on AWS. The application uses Amazon DynamoDB. The company measured the application load and configured the RCUs and WCUs on the DynamoDB table to match the expected peak load. The peak load occurs once a week for a 4-hour period and is double the average load. The application load is close to the average load for the rest of the week. The access pattern includes many more writes to the table than reads of the table.A solutions architect needs to implement a solutio
A. se AWS Application Auto Scaling to increase capacity during the peak period
B. onfigure on-demand capacity mode for the table
C. onfigure DynamoDB Accelerator (DAX) in front of the table
D. onfigure DynamoDB Accelerator (DAX) in front of the table
View answer
Correct Answer: A
Question #21
A company has an application in the AWS Cloud. The application runs on a fleet of 20 Amazon EC2 instances. The EC2 instances are persistent and store data on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes.The company must maintain backups in a separate AWS Region. The company must be able to recover the EC2 instances and their configuration within 1 business day, with loss of no more than 1 day's worth of data. The company has limited staff and needs a backup solution that optimizes opera
A. reate a second CloudFormation template that can recreate the EC2 instances in the secondary Region
B. se Amazon Data Lifecycle Manager (Amazon DLM) to create daily multivolume snapshots of the EBS volumes
C. se AWS Backup to create a scheduled daily backup plan for the EC2 instances
D. eploy EC2 instances of the same size and configuration to the secondary Region
View answer
Correct Answer: C
Question #22
A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)
A. reate a new VPC for outbound traffic to the internet
B. reate a new VPC for outbound traffic to the internet
C. reate an AWS Network Firewall firewall for rule-based filtering in each AWS account
D. n each AWS account, create an Auto Scaling group of network-optimized Amazon EC2 instances that run an open-source internet proxy for rule-based filtering
View answer
Correct Answer: BD
Question #23
A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company is hosting internal applications with VPCs in multiple AWS accounts. Currently, the applications are accessible from the company's on-premises office network through an AWS Site-to-Site VPN connection. The VPC in the company's main AWS account has peering connections established with VPCs in other AWS accounts. A solutions architect must design a scalable AWS Client VPN s
A. reate a Client VPN endpoint in each AWS account
B. reate a Client VPN endpoint in the main AWS account
C. reate a Client VPN endpoint in the main AWS account
D. reate a Client VPN endpoint in the main AWS account
View answer
Correct Answer: B
Question #24
A company is planning to migrate 1,000 on-premises servers to AWS. The servers run on several VMware clusters in the company’s data center. As part of the migration plan, the company wants to gather server metrics such as CPU details, RAM usage, operating system information, and running processes. The company then wants to query and analyze the data.Which solution will meet these requirements?
A. eploy and configure the AWS Agentless Discovery Connector virtual appliance on the on-premises hosts
B. xport only the VM performance information from the on-premises hosts
C. reate a script to automatically gather the server information from the on-premises hosts
D. eploy the AWS Application Discovery Agent to each on-premises server
View answer
Correct Answer: D
Question #25
A company has an organization that has many AWS accounts in AWS Organizations. A solutions architect must improve how the company manages common security group rules for the AWS accounts in the organization.The company has a common set of IP CIDR ranges in an allow list in each AWS account to allow access to and from the company’s on-premises network. Developers within each account are responsible for adding new IP CIDR ranges to their security groups. The security team has its own AWS account. Currently, t
A. et up an Amazon Simple Notification Service (Amazon SNS) topic in the security team's AWS account
B. reate new customer-managed prefix lists in each AWS account within the organization
C. reate a new customer-managed prefix list in the security team’s AWS account
D. reate an IAM role in each account in the organization
View answer
Correct Answer: C
Question #26
A financial services company receives a regular data feed from its credit card servicing partner. Approximately 5,000 records are sent every 15 minutes in plaintext, delivered over HTTPS directly into an Amazon S3 bucket with server-side encryption. This feed contains sensitive credit card primary account number (PAN) data. The company needs to automatically mask the PAN before sending the data to another S3 bucket for additional internal processing. The company also needs to remove and merge specific field
A. nvoke an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
B. nvoke an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
C. reate an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match
D. reate an AWS Glue crawler and custom classifier based upon the data feed formats and build a table definition to match
View answer
Correct Answer: C
Question #27
A company is planning a one-time migration of an on-premises MySQL database to Amazon Aurora MySQL in the us-east-1 Region. The company's current internet connection has limited bandwidth. The on-premises MySQL database is 60 TB in size. The company estimates that it will take a month to transfer the data to AWS over the current internet connection. The company needs a migration solution that will migrate the database more quickly.Which solution will migrate the database in the LEAST amount of time?
A. equest a 1 Gbps AWS Direct Connect connection between the on-premises data center and AWS
B. se AWS DataSync with the current internet connection to accelerate the data transfer between the on-premises data center and AWS
C. rder an AWS Snowball Edge device
D. rder an AWS Snowball device
View answer
Correct Answer: C
Question #28
A company is migrating a document processing workload to AWS. The company has updated many applications to natively use the Amazon S3 API to store, retrieve, and modify documents that a processing server generates at a rate of approximately 5 documents every second. After the document processing is finished, customers can download the documents directly from Amazon S3.During the migration, the company discovered that it could not immediately update the processing server that generates many documents to supp
A. igrate the application to an AWS Lambda function
B. et up an Amazon S3 File Gateway and configure a file share that is linked to the document store
C. onfigure Amazon FSx for Lustre with an import and export policy
D. onfigure AWS DataSync to connect to an Amazon EC2 instance
View answer
Correct Answer: B
Question #29
A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.Which actions should a solutions architect lake to resolve the problem and prevent it from
A. nable VPC Flow Logs
B. dd an interface VPC endpoint for Kinesis Data Streams to the VPC
C. nable VPC Flow Logs and Amazon Detective
D. dd an interface VPC endpoint for Kinesis Data Streams to the VPC
View answer
Correct Answer: ABE
Question #30
A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.Which solution will meet these
A. pload the container images to AWS Lambda as functions
B. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
C. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
D. pload the container images to AWS Elastic Beanstalk
View answer
Correct Answer: B
Question #31
A company runs a serverless application in a single AWS Region. The application accesses external URLs and extracts metadata from those sites. The company uses an Amazon Simple Notification Service (Amazon SNS) topic to publish URLs to an Amazon Simple Queue Service (Amazon SQS) queue. An AWS Lambda function uses the queue as an event source and processes the URLs from the queue. Results are saved to an Amazon S3 bucket.The company wants to process each URL in other Regions to compare possible differences i
A. se AWS Lambda to run the application
B. se AWS Batch to run the application
C. se AWS Fargate to run the application
D. se Amazon EC2 Spot Instances to run the application
View answer
Correct Answer: AC
Question #32
A company is hosting a three-tier web application in an on-premises environment. Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database. A solutions architect must design a scalable and highly available solution to meet the demand of 200,000 daily users.Which steps should the solutions architect take to design an appropriate
A. se AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance
B. se AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zones
C. se AWS Elastic Beanstalk to create an automatically scaling web server environment that spans two separate Regions with an Application Load Balancer (ALB) in each Region
D. se AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon ECS cluster of Spot instances spanning three Availability Zones
View answer
Correct Answer: B
Question #33
A company is building a call center by using Amazon Connect. The company’s operations team is defining a disaster recovery (DR) strategy across AWS Regions. The contact center has dozens of contact flows, hundreds of users, and dozens of claimed phone numbers.Which solution will provide DR with the LOWEST RTO?
A. reate an AWS Lambda function to check the availability of the Amazon Connect instance and to send a notification to the operations team in case of unavailability
B. rovision a new Amazon Connect instance with all existing users in a second Region
C. rovision a new Amazon Connect instance with all existing contact flows and claimed phone numbers in a second Region
D. rovision a new Amazon Connect instance with all existing users and contact flows in a second Region
View answer
Correct Answer: D
Question #34
A company has five development teams that have each created five AWS accounts to develop and host applications. To track spending, the development teams log in to each account every month, record the current cost from the AWS Billing and Cost Management console, and provide the information to the company's finance team.The company has strict compliance requirements and needs to ensure that resources are created only in AWS Regions in the United States. However, some resources have been created in other Regi
A. se the OrganizationAccountAccessRole IAM role to create a new IAM policy with read-only access in each member account
B. se the OrganizationAccountAccessRole IAM role to create a new IAM role with read-only access in each member account
C. sk the security team to use AWS Security Token Service (AWS STS) to call the AssumeRole API for the OrganizationAccountAccessRole IAM role in the management account from the security account
View answer
Correct Answer: BDE
Question #35
A company uses a Grafana data visualization solution that runs on a single Amazon EC2 instance to monitor the health of the company's AWS workloads. The company has invested time and effort to create dashboards that the company wants to preserve. The dashboards need to be highly available and cannot be down for longer than 10 minutes. The company needs to minimize ongoing maintenance.Which solution will meet these requirements with the LEAST operational overhead?
A. igrate to Amazon CloudWatch dashboards
B. reate an Amazon Managed Grafana workspace
C. reate an AMI that has Grafana pre-installed
D. onfigure AWS Backup to back up the EC2 instance that runs Grafana once each hour
View answer
Correct Answer: B
Question #36
A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts. AWS Site-to-Site VPN connections are configured between all of the company’s global offices and the transit account. The company has AWS Config enabled on all of its accounts.The company’s networking team needs to centrally manage a list of internal IP address ranges that belong to t
A. reate a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges
B. reate a new AWS Config managed rule that contains all of the internal IP address ranges
C. n the transit account, create a VPC prefix list with all of the internal IP address ranges
D. n the transit account, create a security group with all of the internal IP address ranges
View answer
Correct Answer: C
Question #37
A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files are uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.example.com through the use of Amazon Route 53.What should a solutions architect do to improve the reliability and scalability o
A. ove the EC2 instance into an Auto Scaling group
B. igrate the SFTP server to AWS Transfer for SFTP
C. igrate the SFTP server to a file gateway in AWS Storage Gateway
D. lace the EC2 instance behind a Network Load Balancer (NLB)
View answer
Correct Answer: B
Question #38
A company recently started hosting new application workloads in the AWS Cloud. The company is using Amazon EC2 instances. Amazon Elastic File System (Amazon EFS) file systems, and Amazon RDS DB instances.To meet regulatory and business requirements, the company must make the following changes for data backups:•Backups must be retained based on custom daily, weekly, and monthly requirements.•Backups must be replicated to at least one other AWS Region immediately after capture.•The backup solution must provid
A. se Amazon Kinesis Data Firehose to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon RDS instance
B. se Amazon Kinesis Data Streams to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon Redshift cluster using Amazon EMR
C. se Amazon S3 to collect the inbound device data, analyze the data from Amazon SQS with Kinesis, and save the results to an Amazon Redshift cluster
D. se an Amazon API Gateway to put requests into an Amazon SQS queue, analyze the data with an AWS Lambda function, and save the results to an Amazon Redshift cluster using Amazon EMR
View answer
Correct Answer: ABD
Question #39
A weather service provides high-resolution weather maps from a web application hosted on AWS in the eu-west-1 Region. The weather maps are updated frequently and stored in Amazon S3 along with static HTML content. The web application is fronted by Amazon CloudFront.The company recently expanded to serve users in the us-east-1 Region, and these new users report that viewing their respective weather maps is slow from time to time.Which combination of steps will resolve the us-east-1 performance issues? (Choos
A. emove old user profiles to create space
B. ncrease capacity by using the update-file-system command
C. onitor the file system by using the FreeStorageCapacity metric in Amazon CloudWatch
D. emove old user profiles to create space
View answer
Correct Answer: BD
Question #40
A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the application’s data. The DB instance has a read replica in the backup Region. The application presents an endpoint to end users by usi
A. econfigure the application’s Route 53 record with a latency-based routing policy that load balances traffic between the two ALBs
B. reate an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values
C. onfigure the Auto Scaling group in the backup Region to have the same values as the Auto Scaling group in the primary Region
D. onfigure an endpoint in AWS Global Accelerator with the two ALBs as equal weighted targets
View answer
Correct Answer: B
Question #41
A video processing company wants to build a machine learning (ML) model by using 600 TB of compressed data that is stored as thousands of files in the company's on-premises network attached storage system. The company does not have the necessary compute resources on premises for ML experiments and wants to use AWS.The company needs to complete the data transfer to AWS within 3 weeks. The data transfer will be a one-time transfer. The data must be encrypted in transit. The measured upload speed of the compan
A. rder several AWS Snowball Edge Storage Optimized devices by using the AWS Management Console
B. et up a 10 Gbps AWS Direct Connect connection between the company location and the nearest AWS Region
C. reate a VPN connection between the on-premises network attached storage and the nearest AWS Region
D. eploy an AWS Storage Gateway file gateway on premises
View answer
Correct Answer: A
Question #42
A company runs a customer service center that accepts calls and automatically sends all customers a managed, interactive, two-way experience survey by text message. The applications that support the customer service center run on machines that the company hosts in an on-premises data center. The hardware that the company uses is old, and the company is experiencing downtime with the system. The company wants to migrate the system to AWS to improve reliability.Which solution will meet these requirements with
A. se Amazon Connect to replace the old call center hardware
B. se Amazon Connect to replace the old call center hardware
C. igrate the call center software to Amazon EC2 instances that are in an Auto Scaling group
D. se Amazon Pinpoint to replace the old call center hardware and to send text message surveys to customers
View answer
Correct Answer: A
Question #43
An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account.What is the MOST secure way to allow org1 to access resources in org2?
A. reate an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2
B. reate an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on AWS Fargate
C. reate an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2
D. reate an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate
View answer
Correct Answer: D
Question #44
A company hosts an application on AWS. The application reads and writes objects that are stored in a single Amazon S3 bucket. The company must modify the application to deploy the application in two AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?
A. et up an Amazon CloudFront distribution with the S3 bucket as an origin
B. reate a new S3 bucket in a second Region
C. reate a new S3 bucket in a second Region Deploy the application in the second Region
D. et up an S3 gateway endpoint with the S3 bucket as an origin
View answer
Correct Answer: B
Question #45
A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed. Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts.Which solution meets these requirements with the LEAST amount of operational overhead?
A. se AWS Firewall Manager to manage AWS WAF rules across accounts in the organization
B. eploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules
C. reate AWS WAF rules in the management account of the organization
D. se AWS Control Tower to manage AWS WAF rules across accounts in the organization
View answer
Correct Answer: A
Question #46
A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit lo
A. reate a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type
B. reate a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type
C. se AWS CloudHSM to store the encryption keys
D. se the S3 Intelligent-Tiering storage class for the S3 bucket
View answer
Correct Answer: AC
Question #47
A solutions architect is preparing to deploy a new security tool into several previously unused AWS Regions. The solutions architect will deploy the tool by using an AWS CloudFormation stack set. The stack set's template contains an 1AM role that has a custom name. Upon creation of the stack set. no stack instances are created successfully.What should the solutions architect do to deploy the stacks successfully?
A. nable the new Regions in all relevant accounts
B. se the Service Quotas console to request a quota increase for the number of CloudFormation stacks in each new Region in all relevant accounts
C. pecify the CAPABILITY_NAMED_IAM capability and the SELF_MANAGED permissions model during the creation of the stack set
D. pecify an administration role ARN and the CAPABILITYJAM capability during the creation of the stack set
View answer
Correct Answer: A
Question #48
A company is using Amazon OpenSearch Service to analyze data. The company loads data into an OpenSearch Service cluster with 10 data nodes from an Amazon S3 bucket that uses S3 Standard storage. The data resides in the cluster for 1 month for read-only analysis. After 1 month, the company deletes the index that contains the data from the cluster. For compliance purposes, the company must retain a copy of all input data.The company is concerned about ongoing costs and asks a solutions architect to recommend
A. eplace all the data nodes with UltraWarm nodes to handle the expected capacity
B. educe the number of data nodes in the cluster to 2 Add UltraWarm nodes to handle the expected capacity
C. educe the number of data nodes in the cluster to 2
D. educe the number of data nodes in the cluster to 2
View answer
Correct Answer: B
Question #49
A company has applications in an AWS account that is named Source. The account is in an organization in AWS Organizations. One of the applications uses AWS Lambda functions and stores inventory data in an Amazon Aurora database. The application deploys the Lambda functions by using a deployment package. The company has configured automated backups for Aurora.The company wants to migrate the Lambda functions and the Aurora database to a new AWS account that is named Target. The application processes critical
A. igrate the data processing script to an AWS Lambda function
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. igrate the data processing script to a container image
D. igrate the data processing script to a container image that runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
View answer
Correct Answer: B
Question #50
A company is building an electronic document management system in which users upload their documents. The application stack is entirely serverless and runs on AWS in the eu-central-1 Region. The system includes a web application that uses an Amazon CloudFront distribution for delivery with Amazon S3 as the origin. The web application communicates with Amazon API Gateway Regional endpoints. The API Gateway APIs call AWS Lambda functions that store metadata in an Amazon Aurora Serverless database and put the
A. onfigure S3 Intelligent-Tiering on the S3 bucket
B. onfigure an S3 Lifecycle policy to transition image objects and video objects from S3 Standard to S3 Glacier Deep Archive after 30 days
C. eplace Amazon S3 with an Amazon Elastic File System (Amazon EFS) file system that is mounted on Amazon EC2 instances
D. dd a Cache-Control: max-age header to the S3 image objects and S3 video objects
View answer
Correct Answer: AC
Question #51
A delivery company is running a serverless solution in the AWS Cloud. The solution manages user data, delivery information, and past purchase details. The solution consists of several microservices. The central user service stores sensitive data in an Amazon DynamoDB table. Several of the other microservices store a copy of parts of the sensitive data in different storage services.The company needs the ability to delete user information upon request. As soon as the central user service deletes a user, every
A. ctivate DynamoDB Streams on the DynamoDB table
B. et up DynamoDB event notifications on the DynamoDB table
C. onfigure the central user service to post an event on a custom Amazon EventBridge event bus when the company deletes a user
D. onfigure the central user service to post a message on an Amazon Simple Queue Service (Amazon SQS) queue when the company deletes a user
View answer
Correct Answer: C
Question #52
A company uses a service to collect metadata from applications that the company hosts on premises. Consumer devices such as TVs and internet radios access the applications. Many older devices do not support certain HTTP headers and exhibit errors when these headers are present in responses. The company has configured an on-premises load balancer to remove the unsupported headers from responses sent to older devices, which the company identified by the User-Agent headers.The company wants to migrate the serv
A. reate an Amazon CloudFront distribution for the metadata service
B. reate an Amazon API Gateway REST API for the metadata service
C. reate an Amazon API Gateway HTTP API for the metadata service
D. reate an Amazon CloudFront distribution for the metadata service
View answer
Correct Answer: B
Question #53
A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company’s AWS accounts, which are using AWS Organizations. AWS Site-to-Site VPN connectivity already exists between the on-premises environment and all the company’s AWS accounts.The company’s security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location.Which solution
A. onfigure AWS IAM Identity Center (AWS Single Sign-On) to connect to Active Directory by using SAML 2
B. onfigure AWS IAM Identity Center (AWS Single Sign-On) by using IAM Identity Center as an identity source
C. n one of the company’s AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2
D. n one of the company’s AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provider
View answer
Correct Answer: A
Question #54
A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.What should the solutions architect do to meet these requirements?
A. onfigure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server
B. se the VMware vSphere client to export the application as an image in Open Virtualization Format (OVF) format
C. onfigure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share
D. reate a managed-instance activation for a hybrid environment in AWS Systems Manager
View answer
Correct Answer: B
Question #55
A solutions architect needs to assess a newly acquired company’s portfolio of applications and databases. The solutions architect must create a business case to migrate the portfolio to AWS. The newly acquired company runs applications in an on-premises data center. The data center is not well documented. The solutions architect cannot immediately determine how many applications and databases exist. Traffic for the applications is variable. Some applications are batch processes that run at the end of each m
A. se AWS Server Migration Service (AWS SMS) and AWS Database Migration Service (AWS DMS) to evaluate migration
B. se AWS Application Migration Service
C. se Migration Evaluator to generate a list of servers
D. se AWS Control Tower in the destination account to generate an application portfolio
View answer
Correct Answer: C
Question #56
A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company's finance team has a data processing application that uses AWS Lambda and Amazon DynamoDB. The company's marketing team wants to access the data that is stored in the DynamoDB table.The DynamoDB table contains confidential data. The marketing team can have access to only specific attributes of data in the DynamoDB table. The finance team and the marketing team have separate AWS accounts.What should a solutions architect
A. reate an SCP to grant the marketing team's AWS account access to the specific attributes of the DynamoDB table
B. reate an IAM role in the finance team's account by using IAM policy conditions for specific DynamoDB attributes (fine-grained access control)
C. reate a resource-based IAM policy that includes conditions for specific DynamoDB attributes (fine-grained access control)
D. reate an IAM role in the finance team's account to access the DynamoDB table
View answer
Correct Answer: B
Question #57
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region.The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicate with VPCs in other OUs.Which solutio
A. reate an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU
B. n each OU, create a dedicated networking account that has a single VPC
C. rovision a transit gateway in an account in each OU
D. n each OU, create a dedicated networking account that has a single VPC
View answer
Correct Answer: C
Question #58
A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account
A. The company’s applications and databases are running in Account B
A. econfigure Amazon EFS to enable maximum I/O
B. pdate the blog site to use instance store volumes for storage
C. onfigure an Amazon CloudFront distribution
D. et up an Amazon CloudFront distribution for all site contents, and point the distribution at the ALB
View answer
Correct Answer: CE
Question #59
A company is processing videos in the AWS Cloud by Using Amazon EC2 instances in an Auto Scaling group. It takes 30 minutes to process a video Several EC2 instances scale in and out depending on the number of videos in an Amazon Simple Queue Service (Amazon SQS) queue.The company has configured the SQS queue with a redrive policy that specifies a target dead-letter queue and a maxReceiveCount of 1. The company has set the visibility timeout for the SQS queue to 1 hour. The company has set up an Amazon Cloud
A. urn on termination protection tor the EC2 Instances
B. pdate the visibility timeout for the SQS queue to 3 hours
C. onfigure scale-in protection for the instances during processing
D. pdate the redrive policy and set maxReceiveCount to 0
View answer
Correct Answer: C
Question #60
A company is providing weather data over a REST-based API to several customers. The API is hosted by Amazon API Gateway and is integrated with different AWS Lambda functions for each API operation. The company uses Amazon Route 53 for DNS and has created a resource record of weather.example.com. The company stores data for the API in Amazon DynamoDB tables. The company needs a solution that will give the API the ability to fail over to a different AWS Region.Which solution will meet these requirements?
A. eploy a new set of Lambda functions in a new Region
B. eploy a new API Gateway API and Lambda functions in another Region
C. eploy a new API Gateway API and Lambda functions in another Region
D. eploy a new API Gateway API in a new Region
View answer
Correct Answer: C
Question #61
A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company’s IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role.The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to acces
A. reate an organization in AWS Organizations
B. reate an organization in AWS Organizations
C. reate an organization in AWS Organizations
D. reate an organization in AWS Organizations
View answer
Correct Answer: D
Question #62
A company is creating a sequel for a popular online game. A large number of users from all over the world will play the game within the first week after launch. Currently, the game consists of the following components deployed in a single AWS Region: Amazon S3 bucket that stores game assets Amazon DynamoDB table that stores player scoresA solutions architect needs to design a multi-Region solution that will reduce latency, improve reliability, and require the least effort to implement.What should the soluti
A. se an Amazon Aurora DB cluster as the database for the subscriber data
B. se MongoDB on Amazon EC2 instances as the database for the subscriber data
C. onfigure Amazon DocumentDB (with MongoDB compatibility) with appropriately sized instances in multiple Availability Zones as the database for the subscriber data
D. onfigure Amazon DocumentDB (with MongoDB compatibility) in on-demand capacity mode in multiple Availability Zones as the database for the subscriber data
View answer
Correct Answer: C
Question #63
A company is providing weather data over a REST-based API to several customers. The API is hosted by Amazon API Gateway and is integrated with different AWS Lambda functions for each API operation. The company uses Amazon Route 53 for DNS and has created a resource record of weather.example.com. The company stores data for the API in Amazon DynamoDB tables. The company needs a solution that will give the API the ability to fail over to a different AWS Region.Which solution will meet these requirements?
A. eploy a new set of Lambda functions in a new Region
B. eploy a new API Gateway API and Lambda functions in another Region
C. eploy a new API Gateway API and Lambda functions in another Region
D. eploy a new API Gateway API in a new Region
View answer
Correct Answer: C
Question #64
A company is planning to migrate its business-critical applications from an on-premises data center to AWS. The company has an on-premises installation of a Microsoft SQL Server Always On cluster. The company wants to migrate to an AWS managed database service. A solutions architect must design a heterogeneous database migration on AWS.Which solution will meet these requirements?
A. igrate the SQL Server databases to Amazon RDS for MySQL by using backup and restore utilities
B. se an AWS Snowball Edge Storage Optimized device to transfer data to Amazon S3
C. se the AWS Schema Conversion Tool to translate the database schema to Amazon RDS for MySQL
D. se AWS DataSync to migrate data over the network between on-premises storage and Amazon S3
View answer
Correct Answer: C
Question #65
A retail company needs to provide a series of data files to another company, which is its business partner. These files are saved in an Amazon S3 bucket under Account A, which belongs to the retail company. The business partner company wants one of its IAM users, User_DataProcessor, to access the files from its own AWS account (Account B).Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Choose two.)
A. urn on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account
B. n Account A, set the S3 bucket policy to the following:
C. n Account A, set the S3 bucket policy to the following:
D. n Account B, set the permissions of User_DataProcessor to the following:
E. n Account B, set the permissions of User_DataProcessor to the following:
View answer
Correct Answer: C
Question #66
A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer. The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application.How should a solutions architect configure the web ACLs to meet these requirements?
A. et the action of the web ACL rules to Count
B. se only rate-based rules in the web ACLs, and set the throttle limit as high as possible
C. et the action of the web ACL rules to Block
D. se only custom rule groups in the web ACLs, and set the action to Allow
View answer
Correct Answer: A
Question #67
An adventure company has launched a new feature on its mobile app. Users can use the feature to upload their hiking and rafting photos and videos anytime. The photos and videos are stored in Amazon S3 Standard storage in an S3 bucket and are served through Amazon CloudFront.The company needs to optimize the cost of the storage. A solutions architect discovers that most of the uploaded photos and videos are accessed infrequently after 30 days. However, some of the uploaded photos and videos are accessed freq
A. ownload AWS Cost and Usage Reports for the last 12 months of S3 usage
B. se S3 storage class analysis
C. se Amazon S3 Storage Lens
D. se Access Analyzer for S3
View answer
Correct Answer: A
Question #68
A company is creating a centralized logging service running on Amazon EC2 that will receive and analyze logs from hundreds of AWS accounts. AWS PrivateLink is being used to provide connectivity between the client services and the logging service.In each AWS account with a client, an interface endpoint has been created for the logging service and is available. The logging service running on EC2 instances with a Network Load Balancer (NLB) are deployed in different subnets. The clients are unable to submit lo
A. reate a new S3 bucket that has server-side encryption with customer-provided keys (SSE-C) as the encryption type
B. reate a new S3 bucket that has server-side encryption with Amazon S3 managed keys (SSE-S3) as the encryption type
C. se AWS CloudHSM to store the encryption keys
D. se the S3 Intelligent-Tiering storage class for the S3 bucket
View answer
Correct Answer: AC
Question #69
An international delivery company hosts a delivery management system on AWS. Drivers use the system to upload confirmation of delivery. Confirmation includes the recipient’s signature or a photo of the package with the recipient. The driver’s handheld device uploads signatures and photos through FTP to a single Amazon EC2 instance. Each handheld device saves a file in a directory based on the signed-in user, and the file name matches the delivery number. The EC2 instance then adds metadata to the file after
A. reate an AMI of the existing EC2 instance
B. se AWS Transfer Family to create an FTP server that places the files in Amazon Elastic File System (Amazon EFS)
C. se AWS Transfer Family to create an FTP server that places the files in Amazon S3
D. pdate the handheld devices to place the files directly in Amazon S3
View answer
Correct Answer: C
Question #70
A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declinin
A. reate a queue using Amazon SQS
B. reate a queue using Amazon MQ
C. reate a queue using Amazon MQ
D. reate a queue using Amazon SQS
View answer
Correct Answer: D
Question #71
A company has VPC flow logs enabled for Its NAT gateway. The company is seeing Action = ACCEPT for inbound traffic that comes from public IP address 198.51.100.2 destined for a private Amazon EC2 instance.A solutions architect must determine whether the traffic represents unsolicited inbound connections from the internet. The first two octets of the VPC CIDR block are 203.0.Which set of steps should the solutions architect take to meet these requirements?
A. pen the AWS CloudTrail console
B. pen the Amazon CloudWatch console
C. pen the AWS CloudTrail console
D. pen the Amazon CloudWatch console
View answer
Correct Answer: B
Question #72
A company that has multiple AWS accounts is using AWS Organizations. The company’s AWS accounts host VPCs, Amazon EC2 instances, and containers.The company’s compliance team has deployed a security tool in each VPC where the company has deployments. The security tools run on EC2 instances and send information to the AWS account that is dedicated for the compliance team. The company has tagged all the compliance-related resources with a key of “costCenter” and a value or “compliance”.The company wants to ide
A. n the management account of the organization, activate the costCenter user-defined tag
B. n the member accounts of the organization, activate the costCenter user-defined tag
C. n the member accounts of the organization activate the costCenter user-defined tag
D. reate a custom report in the organization view in AWS Trusted Advisor
View answer
Correct Answer: A
Question #73
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.Which solution will meet these requirements?
A. se an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function
B. se an AWS Step Functions state machine to pass events to the Lambda function
C. se an Amazon EventBridge rule to pass events to the Lambda function
D. se an Amazon Simple Notification Service (Amazon SNS) topic to store events and Invoke the Lambda function
View answer
Correct Answer: A
Question #74
A company runs a microservice as an AWS Lambda function. The microservice writes data to an on-premises SQL database that supports a limited number of concurrent connections. When the number of Lambda function invocations is too high, the database crashes and causes application downtime. The company has an AWS Direct Connect connection between the company's VPC and the on-premises data center. The company wants to protect the database from crashes.Which solution will meet these requirements?
A. rite the data to an Amazon Simple Queue Service (Amazon SQS) queue
B. reate a new Amazon Aurora Serverless DB cluster
C. reate an Amazon RDS Proxy DB instance
D. rite the data to an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: A
Question #75
A company uses an on-premises data analytics platform. The system is highly available in a fully redundant configuration across 12 servers in the company’s data center. The system runs scheduled jobs, both hourly and daily, in addition to one-time requests from users. Scheduled jobs can take between 20 minutes and 2 hours to finish running and have tight SLAs. The scheduled jobs account for 65% of the system usage. User jobs typically finish running in less than 5 minutes and have no SL
A. The user jobs acco
A. plit the 12 instances across two Availability Zones in the chosen AWS Region
B. plit the 12 instances across three Availability Zones in the chosen AWS Region
C. plit the 12 instances across three Availability Zones in the chosen AWS Region
D. plit the 12 instances across three Availability Zones in the chosen AWS Region
View answer
Correct Answer: D
Question #76
A company needs to architect a hybrid DNS solution. This solution will use an Amazon Route 53 private hosted zone for the domain cloud.example.com for the resources stored within VPCs.The company has the following DNS resolution requirements:-On-premises systems should be able to resolve and connect to cloud.example.com.-All VPCs should be able to resolve cloud.example.com.There is already an AWS Direct Connect connection between the on-premises corporate network and AWS Transit Gateway.Which architecture s
A. ssociate the private hosted zone to all the VPCs
B. ssociate the private hosted zone to all the VPCs
C. ssociate the private hosted zone to the shared services VP Create a Route 53 outbound resolver in the shared services VP Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud
D. ssociate the private hosted zone to the shared services VPC
View answer
Correct Answer: A
Question #77
A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.The company recently acquired a new business unit and invited the new unit’s existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the co
A. emove the organization’s root SCPs that limit access to AWS Config
B. reate a temporary OU named Onboarding for the new account
C. onvert the organization’s root SCPs from deny list SCPs to allow list SCPs to allow the required services only
D. reate a temporary OU named Onboarding for the new account
View answer
Correct Answer: B
Question #78
A video streaming company recently launched a mobile app for video sharing. The app uploads various files to an Amazon S3 bucket in the us-east-1 Region. The files range in size from 1 GB to 10 GB.Users who access the app from Australia have experienced uploads that take long periods of time. Sometimes the files fail to completely upload for these users. A solutions architect must improve the app’s performance for these uploads.Which solutions will meet these requirements? (Choose two.)
A. reate an Amazon Aurora MySQL Serverless v1 DB instance
B. reate an RDS proxy
C. reate a two-node Amazon Aurora MySQL DB cluster
D. reate an Amazon S3 bucket
View answer
Correct Answer: AD
Question #79
A company is providing weather data over a REST-based API to several customers. The API is hosted by Amazon API Gateway and is integrated with different AWS Lambda functions for each API operation. The company uses Amazon Route 53 for DNS and has created a resource record of weather.example.com. The company stores data for the API in Amazon DynamoDB tables. The company needs a solution that will give the API the ability to fail over to a different AWS Region.Which solution will meet these requirements?
A. eploy a new set of Lambda functions in a new Region
B. eploy a new API Gateway API and Lambda functions in another Region
C. eploy a new API Gateway API and Lambda functions in another Region
D. eploy a new API Gateway API in a new Region
View answer
Correct Answer: C
Question #80
A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand.Which of
A. re-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes
B. erforming a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month
C. sing Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric
D. eplacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards
View answer
Correct Answer: B
Question #81
A telecommunications company is running an application on AWS. The company has set up an AWS Direct Connect connection between the company's on-premises data center and AWS. The company deployed the application on Amazon EC2 instances in multiple Availability Zones behind an internal Application Load Balancer (ALB). The company's clients connect from the on-premises network by using HTTPS. The TLS terminates in the ALB. The company has multiple target groups and uses path-based routing to forward requests b
A. onfigure the existing ALB to use static IP addresses
B. reate a Network Load Balancer (NLB)
C. reate a Network Load Balancer (NLB)
D. reate a Gateway Load Balancer (GWLB)
View answer
Correct Answer: B
Question #82
A company gives users the ability to upload images from a custom application. The upload process invokes an AWS Lambda function that processes and stores the image in an Amazon S3 bucket. The application invokes the Lambda function by using a specific function version ARN.The Lambda function accepts image processing parameters by using environment variables. The company often adjusts the environment variables of the Lambda function to achieve optimal image processing output. The company tests different para
A. igrate public DNS to Amazon Route 53
B. lace a Network Load Balancer (NLB) in front of the AL Migrate public DNS to Amazon Route 53
C. reate an AWS Global Accelerator accelerator with multiple endpoint groups that target endpoints in appropriate AWS Regions
D. reate an Amazon API Gateway API that is backed by AWS Lambda in one of the AWS Regions
View answer
Correct Answer: D
Question #83
A solutions architect needs to implement a client-side encryption mechanism for objects that will be stored in a new Amazon S3 bucket. The solutions architect created a CMK that is stored in AWS Key Management Service (AWS KMS) for this purpose.The solutions architect created the following IAM policy and attached it to an IAM role:During tests, the solutions architect was able to successfully get existing test objects in the S3 bucket. However, attempts to upload a new object resulted in an error message. T
A. ms:GenerateDataKey
B. ms:GetKeyPolicy
C. ms:GetPublicKey
D. ms:Sign
View answer
Correct Answer: A
Question #84
A company recently acquired several other companies. Each company has a separate AWS account with a different billing and reporting method. The acquiring company has consolidated all the accounts into one organization in AWS Organizations. However, the acquiring company has found it difficult to generate a cost report that contains meaningful groups for all the teams.The acquiring company’s finance team needs a solution to report on costs for all the companies through a self-managed application.Which soluti
A. reate an AWS Cost and Usage Report for the organization
B. reate an AWS Cost and Usage Report for the organization
C. reate an Amazon QuickSight dataset that receives spending information from the AWS Price List Query API
D. se the AWS Price List Query API to collect account spending information
View answer
Correct Answer: A
Question #85
A company has deployed an application on AWS Elastic Beanstalk. The application uses Amazon Aurora for the database layer. An Amazon CloudFront distribution serves web requests and includes the Elastic Beanstalk domain name as the origin server. The distribution is configured with an alternate domain name that visitors use when they access the application.Each week, the company takes the application out of service for routine maintenance. During the time that the application is unavailable, the company want
A. irectly modify the environment variables of the published Lambda function version
B. reate an Amazon DynamoDB table to store the image processing parameters
C. irectly code the image processing parameters within the Lambda function and remove the environment variables
D. reate a Lambda function alias
View answer
Correct Answer: ACD
Question #86
A solutions architect needs to copy data from an Amazon S3 bucket m an AWS account to a new S3 bucket in a new AWS account. The solutions architect must implement a solution that uses the AWS CLI. Which combination of steps will successfully copy the data? (Choose three.)
A. reate an alias for every new deployed version of the Lambda function
B. eploy the application into a new CloudFormation stack
C. reate a version for every new deployed Lambda function
D. onfigure AWS CodeDeploy and use CodeDeployDefault
View answer
Correct Answer: BDF
Question #87
A company wants to migrate to AWS. The company is running thousands of VMs in a VMware ESXi environment. The company has no configuration management database and has little knowledge about the utilization of the VMware portfolio.A solutions architect must provide the company with an accurate inventory so that the company can plan for a cost-effective migration.Which solution will meet these requirements with the LEAST operational overhead?
A. se AWS Systems Manager Patch Manager to deploy Migration Evaluator to each VM
B. xport the VMware portfolio to a
C. eploy the Migration Evaluator agentless collector to the ESXi hypervisor
D. eploy the AWS Application Migration Service Agent to each VM
View answer
Correct Answer: C
Question #88
A software company has deployed an application that consumes a REST API by using Amazon API Gateway, AWS Lambda functions, and an Amazon DynamoDB table. The application is showing an increase in the number of errors during PUT requests. Most of the PUT calls come from a small number of clients that are authenticated with specific API keys.A solutions architect has identified that a large number of the PUT requests originate from one client. The API is noncritical, and clients can tolerate retries of unsucce
A. mplement retry logic with exponential backoff and irregular variation in the client application
B. mplement API throttling through a usage plan at the API Gateway level
C. urn on API caching to enhance responsiveness for the production stage
D. mplement reserved concurrency at the Lambda function level to provide the resources that are needed during sudden increases in traffic
View answer
Correct Answer: B
Question #89
A company is running a critical stateful web application on two Linux Amazon EC2 instances behind an Application Load Balancer (ALB) with an Amazon RDS for MySQL database. The company hosts the DNS records for the application in Amazon Route 53. A solutions architect must recommend a solution to improve the resiliency of the application.The solution must meet the following objectives:•Application tier: RPO of 2 minutes. RTO of 30 minutes•Database tier: RPO of 5 minutes. RTO of 30 minutesThe company does not
A. onfigure the EC2 instances to use AWS Elastic Disaster Recovery
B. onfigure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes
C. reate a backup plan in AWS Backup for the EC2 instances and RDS DB instance
D. onfigure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes
View answer
Correct Answer: A
Question #90
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failur
A. se an Elastic Load Balancer to distribute traffic across multiple EC2 instances
B. se an Elastic Load Balancer to distribute traffic across multiple EC2 instances
C. odify the DB instance to create a read replica in the same Availability Zone
D. odify the DB instance to create a Multi-AZ deployment that extends across two Availability Zones
E. reate a replication group for the ElastiCache for Redis cluster
F. reate a replication group for the ElastiCache for Redis cluster
View answer
Correct Answer: ADF
Question #91
A retail company is hosting an ecommerce website on AWS across multiple AWS Regions. The company wants the website to be operational at all times for online purchases. The website stores data in an Amazon RDS for MySQL DB instance.Which solution will provide the HIGHEST availability for the database?
A. onfigure automated backups on Amazon RDS
B. onfigure global tables and read replicas on Amazon RDS
C. onfigure global tables and automated backups on Amazon RDS
D. onfigure read replicas on Amazon RDS
View answer
Correct Answer: D
Question #92
A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The application’s user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.Which solution will provide a consist
A. nable Aurora Auto Scaling for Aurora Replicas
B. nable Aurora Auto Scaling for Aurora writers
C. nable Aurora Auto Scaling for Aurora Replicas
D. nable Aurora Scaling for Aurora writers
View answer
Correct Answer: C
Question #93
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS Region. The company’s on-premises network uses the connection to communicate with the company’s resources in the AWS Cloud. The connection has a single private virtual interface that connects to a single VPC.A solutions architect must implement a solution that adds a redundant Direct Connect connection in the same Region. The solution also must provide connectivity to other Regions through the same pair of Direct
A. rovision a Direct Connect gateway
B. eep the existing private virtual interface
C. eep the existing private virtual interface
D. rovision a transit gateway
View answer
Correct Answer: A
Question #94
A company recently completed the migration from an on-premises data center to the AWS Cloud by using a replatforming strategy. One of the migrated servers is running a legacy Simple Mail Transfer Protocol (SMTP) service that a critical application relies upon. The application sends outbound email messages to the company’s customers. The legacy SMTP server does not support TLS encryption and uses TCP port 25. The application can use SMTP only.The company decides to use Amazon Simple Email Service (Amazon SES
A. onfigure the application to connect to Amazon SES by using TLS Wrapper
B. onfigure the application to connect to Amazon SES by using STARTTLS
C. onfigure the application to use the SES API to send email messages
D. onfigure the application to use AWS SDKs to send email messages
View answer
Correct Answer: B
Question #95
A company has deployed an application on AWS Elastic Beanstalk. The application uses Amazon Aurora for the database layer. An Amazon CloudFront distribution serves web requests and includes the Elastic Beanstalk domain name as the origin server. The distribution is configured with an alternate domain name that visitors use when they access the application.Each week, the company takes the application out of service for routine maintenance. During the time that the application is unavailable, the company want
A. irectly modify the environment variables of the published Lambda function version
B. reate an Amazon DynamoDB table to store the image processing parameters
C. irectly code the image processing parameters within the Lambda function and remove the environment variables
D. reate a Lambda function alias
View answer
Correct Answer: ACD
Question #96
A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-Region AWS CloudTrail trail in the AWS account.Which combination of steps will meet these requirements? (Choose three.)
A. reate an Amazon EventBridge rule that runs once every day
B. reate an Amazon EventBridge rule that runs every business day in the evening
C. reate an Amazon EventBridge rule that runs every business day in the evening, Configure the rule to invoke an AWS Lambda function that terminates, instances based on the lag
D. reate an Amazon EventBridge rule that runs every hour
View answer
Correct Answer: ADE
Question #97
A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently.The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public Application Load Balancer (ALB) will provide end users with access to the application. The company must prevent attacks and ensure business continuity with minimal service int
A. et up a Route 53 failover routing policy
B. reate a second CloudFront distribution and an S3 static website to host the custom error page
C. reate a CloudFront origin group that has two origins
D. reate a CloudFront function that validates each HTTP response code that the ALB returns
View answer
Correct Answer: AE
Question #98
A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.Which solution will meet these requirements?
A. reate an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. eploy the Lambda function to the us-west-2 Region
D. eploy the Lambda function and an API Gateway endpoint to the us-west-2 Region
View answer
Correct Answer: D
Question #99
A company is subject to regulatory audits of its financial information. External auditors who use a single AWS account need access to the company's AWS account. A solutions architect must provide the auditors with secure, read-only access to the company's AWS account. The solution must comply with AWS security best practices.Which solution will meet these requirements?
A. n the company's AWS account, create resource policies for all resources in the account to grant access to the auditors' AWS account
B. n the company's AWS account, create an IAM role that trusts the auditors' AWS account
C. n the company's AWS account, create an IAM user
D. n the company's AWS account, create an IAM group that has the required permissions
View answer
Correct Answer: B
Question #100
A company is designing a new website that hosts static content. The website will give users the ability to upload and download large files. According to company requirements, all data must be encrypted in transit and at rest. A solutions architect is building the solution by using Amazon S3 and Amazon CloudFront.Which combination of steps will meet the encryption requirements? (Choose three.)
A. tore the database credentials in AWS Systems Manager Parameter Store by using a SecureString parameter that is encrypted by an AWS Key Management Service (AWS KMS) customer managed key
B. ncrypt the database credentials by using the AWS Key Management Service (AWS KMS) default Lambda key
C. tore the database credentials in the environment variables of each Lambda function
D. tore the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customer managed key
View answer
Correct Answer: ACE
Question #101
A company has set up its entire infrastructure on AWS. The company uses Amazon EC2 instances to host its ecommerce website and uses Amazon S3 to store static data. Three engineers at the company handle the cloud administration and development through one AWS account. Occasionally, an engineer alters an EC2 security group configuration of another engineer and causes noncompliance issues in the environment.A solutions architect must set up a system that tracks changes that the engineers make. The system must
A. et up AWS Organizations for the company
B. nable AWS CloudTrail to capture the changes to EC2 security groups
C. nable SCPs on the AWS account to provide alerts when noncompliant security group changes are made to the environment
D. nable AWS Config on the EC2 security groups to track any noncompliant changes
View answer
Correct Answer: D
Question #102
A company wants to migrate to AWS. The company wants to use a multi-account structure with centrally managed access to all accounts and applications. The company also wants to keep the traffic on a private network. Multi-factor authentication (MFA) is required at login, and specific roles are assigned to user groups.The company must create separate accounts for development. staging, production, and shared network. The production account and the shared network account must have connectivity to all accounts.
A. he Lambda function reached its concurrency limit
B. he Lambda function its Region limit for concurrency
C. he company reached its API Gateway account limit for calls per second
D. he company reached its API Gateway default per-method limit for calls per second
View answer
Correct Answer: ACD
Question #103
A company that uses AWS Organizations allows developers to experiment on AWS. As part of the landing zone that the company has deployed, developers use their company email address to request an account. The company wants to ensure that developers are not launching costly services or running services unnecessarily. The company must give developers a fixed monthly budget to limit their AWS costs.Which combination of steps will meet these requirements? (Choose three.)
A. ownload the Lambda function deployment package from the Source account
B. ownload the Lambda function deployment package from the Source account
C. se AWS Resource Access Manager (AWS RAM) to share the Lambda functions and the Aurora DB cluster with the Target account
D. se AWS Resource Access Manager (AWS RAM) to share the Lambda functions with the Target account
View answer
Correct Answer: BCF
Question #104
A weather service provides high-resolution weather maps from a web application hosted on AWS in the eu-west-1 Region. The weather maps are updated frequently and stored in Amazon S3 along with static HTML content. The web application is fronted by Amazon CloudFront.The company recently expanded to serve users in the us-east-1 Region, and these new users report that viewing their respective weather maps is slow from time to time.Which combination of steps will resolve the us-east-1 performance issues? (Choos
A. emove old user profiles to create space
B. ncrease capacity by using the update-file-system command
C. onitor the file system by using the FreeStorageCapacity metric in Amazon CloudWatch
D. emove old user profiles to create space
View answer
Correct Answer: BD
Question #105
A company is running a critical application that uses an Amazon RDS for MySQL database to store data. The RDS DB instance is deployed in Multi-AZ mode.A recent RDS database failover test caused a 40-second outage to the application. A solutions architect needs to design a solution to reduce the outage time to less than 20 seconds.Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)
A. he customer should provide the partner company with their AWS account access keys to log in and perform the required tasks
B. he customer should create an IAM user and assign the required permissions to the IAM user
C. he customer should create an IAM role and assign the required permissions to the IAM role
D. he customer should create an IAM role and assign the required permissions to the IAM role
View answer
Correct Answer: CDE
Question #106
A life sciences company is using a combination of open source tools to manage data analysis workflows and Docker containers running on servers in its on-premises data center to process genomics data. Sequencing data is generated and stored on a local storage area network (SAN), and then the data is processed. The research and development teams are running into capacity issues and have decided to re-architect their genomics analysis platform on AWS to scale based on workload demands and reduce the turnaround
A. reate an Amazon Elastic File System (Amazon EFS) file share
B. reate a new AMI from the current EC2 Instance that is running
C. reate an Amazon FSx for Windows File Server file system
D. reate a new AMI from the current EC2 instance that is running
View answer
Correct Answer: C
Question #107
A company is developing a web application that runs on Amazon EC2 instances in an Auto Scaling group behind a public-facing Application Load Balancer (ALB). Only users from a specific country are allowed to access the application. The company needs the ability to log the access requests that have been blocked. The solution should require the least possible maintenance.Which solution meets these requirements?
A. reate an IPSet containing a list of IP ranges that belong to the specified country
B. reate an AWS WAF web ACL
C. onfigure AWS Shield to block any requests that do not originate from the specified country
D. reate a security group rule that allows ports 80 and 443 from IP ranges that belong to the specified country
View answer
Correct Answer: B
Question #108
A company is migrating a document processing workload to AWS. The company has updated many applications to natively use the Amazon S3 API to store, retrieve, and modify documents that a processing server generates at a rate of approximately 5 documents every second. After the document processing is finished, customers can download the documents directly from Amazon S3.During the migration, the company discovered that it could not immediately update the processing server that generates many documents to supp
A. igrate the application to an AWS Lambda function
B. et up an Amazon S3 File Gateway and configure a file share that is linked to the document store
C. onfigure Amazon FSx for Lustre with an import and export policy
D. onfigure AWS DataSync to connect to an Amazon EC2 instance
View answer
Correct Answer: B
Question #109
A company is running a traditional web application on Amazon EC2 instances. The company needs to refactor the application as microservices that run on containers. Separate versions of the application exist in two distinct environments: production and testing. Load for the application is variable, but the minimum load and the maximum load are known. A solutions architect needs to design the updated application with a serverless architecture that minimizes operational complexity.Which solution will meet these
A. pload the container images to AWS Lambda as functions
B. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
C. pload the container images to Amazon Elastic Container Registry (Amazon ECR)
D. pload the container images to AWS Elastic Beanstalk
View answer
Correct Answer: B
Question #110
A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks. Trusted access has been enabled in Organizations.What should the solutions
A. reate a stack set in the Organizations member accounts
B. reate stacks in the Organizations member accounts
C. reate a stack set in the Organizations management account
D. reate stacks in the Organizations management account
View answer
Correct Answer: C
Question #111
A company plans to refactor a monolithic application into a modern application design deployed on AWS. The CI/CD pipeline needs to be upgraded to support the modern design for the application with the following requirements:-It should allow changes to be released several times every hour.-It should be able to roll back the changes as quickly as possible.Which design will meet these requirements?
A. onfigure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
B. onfigure AWS Budgets in the organization's management account and configure budget alerts that are grouped by application, environment, and owner
C. onfigure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
D. nable AWS Cost and Usage Reports in the organization's management account and configure reports grouped by application, environment
View answer
Correct Answer: B
Question #112
A company has hundreds of AWS accounts. The company uses an organization in AWS Organizations to manage all the accounts. The company has turned on all features.A finance team has allocated a daily budget for AWS costs. The finance team must receive an email notification if the organization's AWS costs exceed 80% of the allocated budget. A solutions architect needs to implement a solution to track the costs and deliver the notifications.Which solution will meet these requirements?
A. n the organization's management account, use AWS Budgets to create a budget that has a daily period
B. n the organization’s management account, set up the organizational view feature for AWS Trusted Advisor
C. egister the organization with AWS Control Tower
D. onfigure the member accounts to save a daily AWS Cost and Usage Report to an Amazon S3 bucket in the organization's management account
View answer
Correct Answer: A
Question #113
A company has set up its entire infrastructure on AWS. The company uses Amazon EC2 instances to host its ecommerce website and uses Amazon S3 to store static data. Three engineers at the company handle the cloud administration and development through one AWS account. Occasionally, an engineer alters an EC2 security group configuration of another engineer and causes noncompliance issues in the environment.A solutions architect must set up a system that tracks changes that the engineers make. The system must
A. et up AWS Organizations for the company
B. nable AWS CloudTrail to capture the changes to EC2 security groups
C. nable SCPs on the AWS account to provide alerts when noncompliant security group changes are made to the environment
D. nable AWS Config on the EC2 security groups to track any noncompliant changes
View answer
Correct Answer: D
Question #114
A company has an on-premises monitoring solution using a PostgreSQL database for persistence of events. The database is unable to scale due to heavy ingestion and it frequently runs out of storage.The company wants to create a hybrid solution and has already set up a VPN connection between its network and AWS. The solution should include the following attributes:-Managed AWS services to minimize operational complexity.-A buffer that automatically scales to match the throughput of data and requires no ongoin
A. reate a private VIF from the DX-A connection into a Direct Connect gateway
B. reate a transit VIF from the DX-A connection into a Direct Connect gateway
C. reate a transit VIF from the DX-A connection into a Direct Connect gateway
D. reate a transit VIF from the DX-A connection into a Direct Connect gateway
View answer
Correct Answer: AD
Question #115
A solutions architect is creating an application that stores objects in an Amazon S3 bucket. The solutions architect must deploy the application in two AWS Regions that will be used simultaneously. The objects in the two S3 buckets must remain synchronized with each other.Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose three.)
A. igrate all applications to the closest AWS Region that is compliant
B. se AWS Snowball Edge Storage Optimized devices for the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds
C. nstall AWS Outposts for the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds
D. igrate the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds to an AWS Local Zone
View answer
Correct Answer: ABE
Question #116
A company runs a web application on AWS. The web application delivers static content from an Amazon S3 bucket that is behind an Amazon CloudFront distribution. The application serves dynamic content by using an Application Load Balancer (ALB) that distributes requests to a fleet of Amazon EC2 instances in Auto Scaling groups. The application uses a domain name setup in Amazon Route 53.Some users reported occasional issues when the users attempted to access the website during peak hours. An operations team f
A. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type
B. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type
C. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on
D. eploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on
View answer
Correct Answer: C
Question #117
An online gaming company needs to rehost its gaming platform on AWS. The company's gaming application requires high performance computing (HPC) processing and has a leaderboard that changes frequently. An Ubuntu instance that is optimized for compute generation hosts a Node.js application for game display. Game state is tracked in an on-premises Redis instance.The company needs a migration strategy that optimizes application performance.Which solution will meet these requirements?
A. reate an Auto Scaling group of m5
B. reate an Auto Scaling group of c5
C. reate an Auto Scaling group of c5
D. reate an Auto Scaling group of m5
View answer
Correct Answer: C
Question #118
A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing from some of the terminated EC2 instances.Which set of actions will ensure that log files are copied to the central S3 b
A. reate a script to copy log files to Amazon S3, and store the script in a file on the EC2 instance
B. reate an AWS Systems Manager document with a script to copy log files to Amazon S3
C. hange the log delivery rate to every 5 minutes
D. reate an AWS Systems Manager document with a script to copy log files to Amazon S3
View answer
Correct Answer: B
Question #119
A company is running an application that uses an Amazon ElastiCache for Redis cluster as a caching layer. A recent security audit revealed that the company has configured encryption at rest for ElastiCache. However, the company did not configure ElastiCache to use encryption in transit. Additionally, users can access the cache without authentication.A solutions architect must make changes to require user authentication and to ensure that the company is using end-to-end encryption.Which solution will meet th
A. reate an AUTH token
B. reate an AUTH token
C. reate an SSL certificate
D. reate an SSL certificate
View answer
Correct Answer: B
Question #120
A company is building an electronic document management system in which users upload their documents. The application stack is entirely serverless and runs on AWS in the eu-central-1 Region. The system includes a web application that uses an Amazon CloudFront distribution for delivery with Amazon S3 as the origin. The web application communicates with Amazon API Gateway Regional endpoints. The API Gateway APIs call AWS Lambda functions that store metadata in an Amazon Aurora Serverless database and put the
A. onfigure S3 Intelligent-Tiering on the S3 bucket
B. onfigure an S3 Lifecycle policy to transition image objects and video objects from S3 Standard to S3 Glacier Deep Archive after 30 days
C. eplace Amazon S3 with an Amazon Elastic File System (Amazon EFS) file system that is mounted on Amazon EC2 instances
D. dd a Cache-Control: max-age header to the S3 image objects and S3 video objects
View answer
Correct Answer: AC
Question #121
A company recently started hosting new application workloads in the AWS Cloud. The company is using Amazon EC2 instances. Amazon Elastic File System (Amazon EFS) file systems, and Amazon RDS DB instances.To meet regulatory and business requirements, the company must make the following changes for data backups:•Backups must be retained based on custom daily, weekly, and monthly requirements.•Backups must be replicated to at least one other AWS Region immediately after capture.•The backup solution must provid
A. se Amazon Kinesis Data Firehose to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon RDS instance
B. se Amazon Kinesis Data Streams to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon Redshift cluster using Amazon EMR
C. se Amazon S3 to collect the inbound device data, analyze the data from Amazon SQS with Kinesis, and save the results to an Amazon Redshift cluster
D. se an Amazon API Gateway to put requests into an Amazon SQS queue, analyze the data with an AWS Lambda function, and save the results to an Amazon Redshift cluster using Amazon EMR
View answer
Correct Answer: ABD
Question #122
A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS queue. The company wants to re-architect the application
A. se Amazon ECS containers for the web application and Spot instances for the Auto Scaling group that processes the SQS queue
B. tore the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application
C. ost the web application in Amazon S3
D. se AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the web application and launch a worker environment to process the SQS queue
View answer
Correct Answer: C
Question #123
A company hosts an application on AWS. The application reads and writes objects that are stored in a single Amazon S3 bucket. The company must modify the application to deploy the application in two AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?
A. et up an Amazon CloudFront distribution with the S3 bucket as an origin
B. reate a new S3 bucket in a second Region
C. reate a new S3 bucket in a second Region Deploy the application in the second Region
D. et up an S3 gateway endpoint with the S3 bucket as an origin
View answer
Correct Answer: B
Question #124
A company’s solutions architect is reviewing a web application that runs on AWS. The application references static assets in an Amazon S3 bucket in the us-east-1 Region. The company needs resiliency across multiple AWS Regions. The company already has created an S3 bucket in a second Region. Which solution will meet these requirements with the LEAST operational overhead?
A. onfigure the application to write each object to both S3 buckets
B. reate an AWS Lambda function to copy objects from the S3 bucket in us-east-1 to the S3 bucket in the second Region
C. onfigure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region
D. onfigure replication on the S3 bucket in us-east-1 to replicate objects to the S3 bucket in the second Region
View answer
Correct Answer: C
Question #125
A company has 10 accounts that are part of an organization in AWS Organizations. AWS Config is configured in each account. All accounts belong to either the Prod OU or the NonProd OU.The company has set up an Amazon EventBridge rule in each AWS account to notify an Amazon Simple Notification Service (Amazon SNS) topic when an Amazon EC2 security group inbound rule is created with 0.0.0.0/0 as the source. The company’s security team is subscribed to the SNS topic.For all accounts in the NonProd OU, the secur
A. odify the EventBridge rule to invoke an AWS Lambda function to remove the security group inbound rule and to publish to the SNS topic
B. dd the vpc-sg-open-only-to-authorized-ports AWS Config managed rule to the NonProd OU
C. onfigure an SCP to allow the ec2:AuthorizeSecurityGroupIngress action when the value of the aws:SourceIp condition key is not 0
D. onfigure an SCP to deny the ec2:AuthorizeSecurityGroupIngress action when the value of the aws:SourceIp condition key is 0
View answer
Correct Answer: C
Question #126
An adventure company has launched a new feature on its mobile app. Users can use the feature to upload their hiking and rafting photos and videos anytime. The photos and videos are stored in Amazon S3 Standard storage in an S3 bucket and are served through Amazon CloudFront.The company needs to optimize the cost of the storage. A solutions architect discovers that most of the uploaded photos and videos are accessed infrequently after 30 days. However, some of the uploaded photos and videos are accessed freq
A. ownload AWS Cost and Usage Reports for the last 12 months of S3 usage
B. se S3 storage class analysis
C. se Amazon S3 Storage Lens
D. se Access Analyzer for S3
View answer
Correct Answer: A
Question #127
A company has migrated an application from on premises to AWS. The application frontend is a static website that runs on two Amazon EC2 instances behind an Application Load Balancer (ALB). The application backend is a Python application that runs on three EC2 instances behind another ALB. The EC2 instances are large, general purpose On-Demand Instances that were sized to meet the on-premises specifications for peak usage of the application.The application averages hundreds of thousands of requests each mont
A. urchase Standard Reserved Instances for the EC2 instances that the EKS cluster uses in its baseline load
B. urchase Compute Savings Plans for the predicted medium load of the EKS cluster
C. urchase EC2 Instance Savings Plans for the predicted base load of the EKS cluster
D. urchase Compute Savings Plans for the predicted base load of the EKS cluster
View answer
Correct Answer: BE
Question #128
A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access.After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must pro
A. reate a new Elastic Beanstalk application
B. reate a second Elastic Beanstalk environment
C. odify the existing environment’s capacity configuration to use a load-balanced environment type
D. elect the Rebuild environment action with the load balancing option
View answer
Correct Answer: ACE
Question #129
A company is implementing a serverless architecture by using AWS Lambda functions that need to access a Microsoft SQL Server DB instance on Amazon RDS. The company has separate environments for development and production, including a clone of the database system.The company's developers are allowed to access the credentials for the development database. However, the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access. Thi
A. eploy Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer for the web tier and for the application tier
B. reate images of all the servers by using AWS Database Migration Service (AWS DMS)
C. ontainerize the web frontend tier and the application tier
D. eparate the application functions into AWS Lambda functions
View answer
Correct Answer: D
Question #130
A retail company needs to provide a series of data files to another company, which is its business partner. These files are saved in an Amazon S3 bucket under Account A, which belongs to the retail company. The business partner company wants one of its IAM users, User_DataProcessor, to access the files from its own AWS account (Account B).Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Choose two.)
A. urn on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account A
B. n Account A, set the S3 bucket policy to the following:
C. n Account A, set the S3 bucket policy to the following:
D. n Account B, set the permissions of User_DataProcessor to the following:
E. n Account B, set the permissions of User_DataProcessor to the following:
View answer
Correct Answer: D
Question #131
A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions a
A. reate a desired-instance-type managed rule in AWS Config
B. n the EC2 console, create a launch template that specifies the instance types that are allowed
C. reate a new IAM policy
D. se EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image
View answer
Correct Answer: C
Question #132
A company wants to containerize a multi-tier web application and move the application from an on-premises data center to AWS. The application includes web. application, and database tiers. The company needs to make the application fault tolerant and scalable. Some frequently accessed data must always be available across application servers. Frontend web servers need session persistence and must scale to meet increases in traffic.Which solution will meet these requirements with the LEAST ongoing operational
A. un the application on Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
B. un the application on Amazon Elastic Container Service (Amazon ECS) on Amazon EC2
C. un the application on Amazon Elastic Kubernetes Service (Amazon EKS)
D. eploy the application on Amazon Elastic Kubernetes Service (Amazon EKS)
View answer
Correct Answer: D
Question #133
A company is migrating its development and production workloads to a new organization in AWS Organizations. The company has created a separate member account for development and a separate member account for production. Consolidated billing is linked to the management account. In the management account, a solutions architect needs to create an IAM user that can stop or terminate resources in both member accounts.Which solution will meet this requirement?
A. reate an IAM user and a cross-account role in the management account
B. reate an IAM user in each member account
C. reate an IAM user in the management account
D. reate an IAM user in the management account
View answer
Correct Answer: D
Question #134
A company has VPC flow logs enabled for Its NAT gateway. The company is seeing Action = ACCEPT for inbound traffic that comes from public IP address 198.51.100.2 destined for a private Amazon EC2 instance.A solutions architect must determine whether the traffic represents unsolicited inbound connections from the internet. The first two octets of the VPC CIDR block are 203.0.Which set of steps should the solutions architect take to meet these requirements?
A. pen the AWS CloudTrail console
B. pen the Amazon CloudWatch console
C. pen the AWS CloudTrail console
D. pen the Amazon CloudWatch console
View answer
Correct Answer: B
Question #135
A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently.The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public Application Load Balancer (ALB) will provide end users with access to the application. The company must prevent attacks and ensure business continuity with minimal service int
A. et up a Route 53 failover routing policy
B. reate a second CloudFront distribution and an S3 static website to host the custom error page
C. reate a CloudFront origin group that has two origins
D. reate a CloudFront function that validates each HTTP response code that the ALB returns
View answer
Correct Answer: AE
Question #136
A company is building a solution in the AWS Cloud. Thousands or devices will connect to the solution and send data. Each device needs to be able to send and receive data in real time over the MQTT protocol. Each device must authenticate by using a unique X.509 certificate.Which solution will meet these requirements with the LEAST operational overhead?
A. et up AWS IoT Core
B. reate a Network Load Balancer (NLB) and configure it with an AWS Lambda authorizer
C. et up AWS IoT Core
D. et up an Amazon API Gateway HTTP API and a Network Load Balancer (NLB)
View answer
Correct Answer: C
Question #137
A global media company is planning a multi-Region deployment of an application. Amazon DynamoDB global tables will back the deployment to keep the user experience consistent across the two continents where users are concentrated. Each deployment will have a public Application Load Balancer (ALB). The company manages public DNS internally. The company wants to make the application available through an apex domain.Which solution will meet these requirements with the LEAST effort?
A. eploy the shared libraries and custom classes into a Docker image
B. eploy the shared libraries and custom classes to a Docker image
C. eploy the shared libraries and custom classes to a Docker container in Amazon Elastic Container Service (Amazon ECS) by using the AWS Fargate launch type
D. eploy the shared libraries, custom classes, and code for the API's Lambda functions to a Docker image
View answer
Correct Answer: C
Question #138
A company wants to migrate its workloads from on premises to AWS. The workloads run on Linux and Windows. The company has a large on-premises infrastructure that consists of physical machines and VMs that host numerous applications.The company must capture details about the system configuration, system performance, running processes, and network connections of its on-premises workloads. The company also must divide the on-premises applications into groups for AWS migrations. The company needs recommendation
A. eplace the NAT gateways with NAT instances
B. ove the EC2 instances to the public subnets
C. et up an S3 gateway VPC endpoint in the VP Attach an endpoint policy to the endpoint to allow the required actions on the S3 bucket
D. ttach an Amazon Elastic File System (Amazon EFS) volume to the EC2 instances
View answer
Correct Answer: ADE
Question #139
An environmental company is deploying sensors in major cities throughout a country to measure air quality. The sensors connect to AWS IoT Core to ingest timeseries data readings. The company stores the data in Amazon DynamoDB.For business continuity, the company must have the ability to ingest and store data in two AWS Regions.Which solution will meet these requirements?
A. reate an Amazon Route 53 alias failover routing policy with values for AWS IoT Core data endpoints in both Regions Migrate data to Amazon Aurora global tables
B. reate a domain configuration for AWS IoT Core in each Region
C. reate a domain configuration for AWS IoT Core in each Region
D. reate an Amazon Route 53 latency-based routing policy
View answer
Correct Answer: C
Question #140
A company has a monolithic application that is critical to the company’s business. The company hosts the application on an Amazon EC2 instance that runs Amazon Linux 2. The company’s application team receives a directive from the legal department to back up the data from the instance’s encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the administrative SSH key pair for the instance. The application must continue to serve the users.Which solu
A. ttach a role to the instance with permission to write to Amazon S3
B. reate an image of the instance with the reboot option turned on
C. ake a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM)
D. reate an image of the instance
View answer
Correct Answer: A
Question #141
A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The application’s user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.Which solution will provide a consist
A. nable Aurora Auto Scaling for Aurora Replicas
B. nable Aurora Auto Scaling for Aurora writers
C. nable Aurora Auto Scaling for Aurora Replicas
D. nable Aurora Scaling for Aurora writers
View answer
Correct Answer: C
Question #142
A company uses a service to collect metadata from applications that the company hosts on premises. Consumer devices such as TVs and internet radios access the applications. Many older devices do not support certain HTTP headers and exhibit errors when these headers are present in responses. The company has configured an on-premises load balancer to remove the unsupported headers from responses sent to older devices, which the company identified by the User-Agent headers.The company wants to migrate the serv
A. reate an Amazon CloudFront distribution for the metadata service
B. reate an Amazon API Gateway REST API for the metadata service
C. reate an Amazon API Gateway HTTP API for the metadata service
D. reate an Amazon CloudFront distribution for the metadata service
View answer
Correct Answer: B
Question #143
A company is planning to migrate its business-critical applications from an on-premises data center to AWS. The company has an on-premises installation of a Microsoft SQL Server Always On cluster. The company wants to migrate to an AWS managed database service. A solutions architect must design a heterogeneous database migration on AWS.Which solution will meet these requirements?
A. igrate the SQL Server databases to Amazon RDS for MySQL by using backup and restore utilities
B. se an AWS Snowball Edge Storage Optimized device to transfer data to Amazon S3
C. se the AWS Schema Conversion Tool to translate the database schema to Amazon RDS for MySQL
D. se AWS DataSync to migrate data over the network between on-premises storage and Amazon S3
View answer
Correct Answer: C
Question #144
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses an Amazon RDS for MariaDB DB instance for a relational database. For the application to function, each piece of the infrastructure must be healthy and must be in an active state.A solutions architect needs to improve the application's architecture so that the infrastructure can automatically recover from failur
A. reate an AWS PrivateLink interface VPC endpoint
B. reate an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VPC
C. reate a VPC peering connection between the third-party SaaS application and the company VP Update route tables by adding the needed routes for the peering connection
D. reate an AWS PrivateLink endpoint service
View answer
Correct Answer: ADF
Question #145
A company runs many workloads on AWS and uses AWS Organizations to manage its accounts. The workloads are hosted on Amazon EC2. AWS Fargate. and AWS Lambda. Some of the workloads have unpredictable demand. Accounts record high usage in some months and low usage in other months.The company wants to optimize its compute costs over the next 3 years. A solutions architect obtains a 6-month average for each of the accounts across the organization to calculate usage.Which solution will provide the MOST cost savin
A. urchase Reserved Instances for the organization to match the size and number of the most common EC2 instances from the member accounts
B. urchase a Compute Savings Plan for the organization from the management account by using the recommendation at the management account level
C. urchase Reserved Instances for each member account that had high EC2 usage according to the data from the last 6 months
D. urchase an EC2 Instance Savings Plan for each member account from the management account based on EC2 usage data from the last 6 months
View answer
Correct Answer: B
Question #146
A company runs many workloads on AWS and uses AWS Organizations to manage its accounts. The workloads are hosted on Amazon EC2. AWS Fargate. and AWS Lambda. Some of the workloads have unpredictable demand. Accounts record high usage in some months and low usage in other months.The company wants to optimize its compute costs over the next 3 years. A solutions architect obtains a 6-month average for each of the accounts across the organization to calculate usage.Which solution will provide the MOST cost savin
A. urchase Reserved Instances for the organization to match the size and number of the most common EC2 instances from the member accounts
B. urchase a Compute Savings Plan for the organization from the management account by using the recommendation at the management account level
C. urchase Reserved Instances for each member account that had high EC2 usage according to the data from the last 6 months
D. urchase an EC2 Instance Savings Plan for each member account from the management account based on EC2 usage data from the last 6 months
View answer
Correct Answer: B
Question #147
A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region.The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicate with VPCs in other OUs.Which solutio
A. reate an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU
B. n each OU, create a dedicated networking account that has a single VPC
C. rovision a transit gateway in an account in each OU
D. n each OU, create a dedicated networking account that has a single VPC
View answer
Correct Answer: C
Question #148
A solutions architect needs to improve an application that is hosted in the AWS Cloud. The application uses an Amazon Aurora MySQL DB instance that is experiencing overloaded connections. Most of the application’s operations insert records into the database. The application currently stores credentials in a text-based configuration file.The solutions architect needs to implement a solution so that the application can handle the current connection load. The solution must keep the credentials secure and must
A. eploy an Amazon RDS Proxy layer
B. eploy an Amazon RDS Proxy layer in front of the DB instance
C. reate an Aurora Replica
D. reate an Aurora Replica
View answer
Correct Answer: A
Question #149
A company is building a solution in the AWS Cloud. Thousands or devices will connect to the solution and send data. Each device needs to be able to send and receive data in real time over the MQTT protocol. Each device must authenticate by using a unique X.509 certificate.Which solution will meet these requirements with the LEAST operational overhead?
A. et up AWS IoT Core
B. reate a Network Load Balancer (NLB) and configure it with an AWS Lambda authorizer
C. et up AWS IoT Core
D. et up an Amazon API Gateway HTTP API and a Network Load Balancer (NLB)
View answer
Correct Answer: C
Question #150
A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.Which solution will meet these requirements?
A. reate an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1
B. reate an Amazon Simple Queue Service (Amazon SQS) queue
C. eploy the Lambda function to the us-west-2 Region
D. eploy the Lambda function and an API Gateway endpoint to the us-west-2 Region
View answer
Correct Answer: D
Question #151
An environmental company is deploying sensors in major cities throughout a country to measure air quality. The sensors connect to AWS IoT Core to ingest timeseries data readings. The company stores the data in Amazon DynamoDB.For business continuity, the company must have the ability to ingest and store data in two AWS Regions.Which solution will meet these requirements?
A. reate an Amazon Route 53 alias failover routing policy with values for AWS IoT Core data endpoints in both Regions Migrate data to Amazon Aurora global tables
B. reate a domain configuration for AWS IoT Core in each Region
C. reate a domain configuration for AWS IoT Core in each Region
D. reate an Amazon Route 53 latency-based routing policy
View answer
Correct Answer: C
Question #152
A company is running a compute workload by using Amazon EC2 Spot Instances that are in an Auto Scaling group. The launch template uses two placement groups and a single instance type.Recently, a monitoring system reported Auto Scaling instance launch failures that correlated with longer wait times for system users. The company needs to improve the overall reliability of the workload.Which solution will meet this requirement?
A. eplace the launch template with a launch configuration to use an Auto Scaling group that uses attribute-based instance type selection
B. reate a new launch template version that uses attribute-based instance type selection
C. pdate the launch template Auto Scaling group to increase the number of placement groups
D. pdate the launch template to use a larger instance type
View answer
Correct Answer: B
Question #153
A company has built a high performance computing (HPC) cluster in AWS for a tightly coupled workload that generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster size to 1.000 EC2 instances, overall performance was well below expectations.Which collection of design choices should a solutions architect make to achieve the maximum performance from the HPC clust
A. se an SCP to deny the creation of resources that do not have the required tags
B. se an SCP to deny the creation of resources that do not have the required tags
C. se an SCP to allow the creation of resources only when the resources have the required tags
D. se an SCP to deny the creation of resources that do not have the required tags
View answer
Correct Answer: ACF
Question #154
A company is running several workloads in a single AWS account. A new company policy states that engineers can provision only approved resources and that engineers must use AWS CloudFormation to provision these resources. A solutions architect needs to create a solution to enforce the new restriction on the IAM role that the engineers use for access.What should the solutions architect do to create the solution?
A. pload AWS CloudFormation templates that contain approved resources to an Amazon S3 bucket
B. pdate the IAM policy for the engineers’ IAM role with permissions to only allow provisioning of approved resources and AWS CloudFormation
C. pdate the IAM policy for the engineers’ IAM role with permissions to only allow AWS CloudFormation actions
D. rovision resources in AWS CloudFormation stacks
View answer
Correct Answer: C
Question #155
A company is using multiple AWS accounts. The DNS records are stored in a private hosted zone for Amazon Route 53 in Account
A. The company’s applications and databases are running in Account B
A. econfigure Amazon EFS to enable maximum I/O
B. pdate the blog site to use instance store volumes for storage
C. onfigure an Amazon CloudFront distribution
D. et up an Amazon CloudFront distribution for all site contents, and point the distribution at the ALB
View answer
Correct Answer: CE
Question #156
A company plans to refactor a monolithic application into a modern application design deployed on AWS. The CI/CD pipeline needs to be upgraded to support the modern design for the application with the following requirements:-It should allow changes to be released several times every hour.-It should be able to roll back the changes as quickly as possible.Which design will meet these requirements?
A. onfigure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
B. onfigure AWS Budgets in the organization's management account and configure budget alerts that are grouped by application, environment, and owner
C. onfigure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
D. nable AWS Cost and Usage Reports in the organization's management account and configure reports grouped by application, environment
View answer
Correct Answer: B
Question #157
A software company has deployed an application that consumes a REST API by using Amazon API Gateway, AWS Lambda functions, and an Amazon DynamoDB table. The application is showing an increase in the number of errors during PUT requests. Most of the PUT calls come from a small number of clients that are authenticated with specific API keys.A solutions architect has identified that a large number of the PUT requests originate from one client. The API is noncritical, and clients can tolerate retries of unsucce
A. mplement retry logic with exponential backoff and irregular variation in the client application
B. mplement API throttling through a usage plan at the API Gateway level
C. urn on API caching to enhance responsiveness for the production stage
D. mplement reserved concurrency at the Lambda function level to provide the resources that are needed during sudden increases in traffic
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: