DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Excel in the AWS SAP-C02 Exam with Reliable Study Materials

Preparing for the SPOTO AWS SAP-C02 exam offers significant advantages for those aiming to achieve AWS Certified Solutions Architect - Professional certification. Our comprehensive collection of exam questions and answers is meticulously crafted to cover advanced topics, ensuring that certified individuals can confidently provide complex solutions to intricate problems. Earning the AWS Certified Solutions Architect - Professional certification through SPOTO not only validates your advanced knowledge and skills but also enhances your professional credibility and income potential. It positions you as a sought-after expert capable of driving cloud initiatives and delivering value to organizations. Utilize SPOTO's AWS SAP-C02 exam questions to pass successfully and advance your AWS career.
Take other online exams

Question #1
A company uses an AWS CodeCommit repository. The company must store a backup copy of the data that is in the repository in a second AWS Region.Which solution will meet these requirements?
A. nstruct each business unit to add a unique secondary CIDR range to the business unit's VPC
B. reate an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VPC
C. reate an AWS PrivateLink endpoint service to share the marketing application
D. reate a Network Load Balancer (NLB) in front of the marketing application in a private subnet
View answer
Correct Answer: C

View The Updated SAP-C02 Exam Questions

SPOTO Provides 100% Real SAP-C02 Exam Questions for You to Pass Your SAP-C02 Exam!

Question #2
A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company’s AWS accounts, which are using AWS Organizations. AWS Site-to-Site VPN connectivity already exists between the on-premises environment and all the company’s AWS accounts.The company’s security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location.Which solution
A. onfigure AWS IAM Identity Center (AWS Single Sign-On) to connect to Active Directory by using SAML 2
B. onfigure AWS IAM Identity Center (AWS Single Sign-On) by using IAM Identity Center as an identity source
C. n one of the company’s AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2
D. n one of the company’s AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provider
View answer
Correct Answer: A
Question #3
An online retail company is migrating its legacy on-premises .NET application to AWS. The application runs on load-balanced frontend web servers, load-balanced application servers, and a Microsoft SQL Server database.The company wants to use AWS managed services where possible and does not want to rewrite the application. A solutions architect needs to implement a solution to resolve scaling issues and minimize licensing costs as the application scales.Which solution will meet these requirements MOST cost-e
A. dd an Amazon CloudFront distribution
B. dd an Amazon API Gateway edge-optimized API endpoint to expose the APIs
C. dd an accelerator in AWS Global Accelerator
D. eploy the APIs to two additional AWS Regions: eu-west-1 and ap-southeast-2
View answer
Correct Answer: A
Question #4
A company is running an application in the AWS Cloud. The application collects and stores a large amount of unstructured data in an Amazon S3 bucket. The S3 bucket contains several terabytes of data and uses the S3 Standard storage class. The data increases in size by several gigabytes every day.The company needs to query and analyze the data. The company does not access data that is more than 1 year old. However, the company must retain all the data indefinitely for compliance reasons.Which solution will m
A. se S3 Select to query the data
B. se Amazon Redshift Spectrum to query the data
C. se an AWS Glue Data Catalog and Amazon Athena to query the data
D. se Amazon Redshift Spectrum to query the data
View answer
Correct Answer: C
Question #5
A company uses an Amazon Aurora PostgreSQL DB cluster for applications in a single AWS Region. The company's database team must monitor all data activity on all the databases.Which solution will achieve this goal?
A. et up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task
B. tart a database activity stream on the Aurora DB cluster to capture the activity stream in Amazon EventBridge
C. tart a database activity stream on the Aurora DB cluster to push the activity stream to an Amazon Kinesis data stream
D. et up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task
View answer
Correct Answer: C
Question #6
A company has created an OU in AWS Organizations for each of its engineering teams. Each OU owns multiple AWS accounts. The organization has hundreds of AWS accounts.A solutions architect must design a solution so that each OU can view a breakdown of usage costs across its AWS accounts.Which solution meets these requirements?
A. reate an AWS Cost and Usage Report (CUR) for each OU by using AWS Resource Access Manager
B. reate an AWS Cost and Usage Report (CUR) from the AWS Organizations management account
C. reate an AWS Cost and Usage Report (CUR) in each AWS Organizations member account
D. reate an AWS Cost and Usage Report (CUR) by using AWS Systems Manager
View answer
Correct Answer: B
Question #7
A solutions architect is creating an application that stores objects in an Amazon S3 bucket. The solutions architect must deploy the application in two AWS Regions that will be used simultaneously. The objects in the two S3 buckets must remain synchronized with each other.Which combination of steps will meet these requirements with the LEAST operational overhead? (Choose three.)
A. igrate all applications to the closest AWS Region that is compliant
B. se AWS Snowball Edge Storage Optimized devices for the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds
C. nstall AWS Outposts for the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds
D. igrate the applications that have data regulatory requirements or requirements for latency of single-digit milliseconds to an AWS Local Zone
View answer
Correct Answer: ABE
Question #8
A company runs a new application as a static website in Amazon S3. The company has deployed the application to a production AWS account and uses Amazon CloudFront to deliver the website. The website calls an Amazon API Gateway REST API. An AWS Lambda function backs each API method.The company wants to create a CSV report every 2 weeks to show each API Lambda function’s recommended configured memory, recommended cost, and the price difference between current configurations and the recommendations. The compan
A. reate a Lambda function that extracts metrics data for each API Lambda function from Amazon CloudWatch Logs for the 2-week period
B. pt in to AWS Compute Optimizer
C. pt in to AWS Compute Optimizer
D. urchase the AWS Business Support plan for the production account
View answer
Correct Answer: B
Question #9
A company has developed APIs that use Amazon API Gateway with Regional endpoints. The APIs call AWS Lambda functions that use API Gateway authentication mechanisms. After a design review, a solutions architect identifies a set of APIs that do not require public access.The solutions architect must design a solution to make the set of APIs accessible only from a VPC. All APIs need to be called with an authenticated userWhich solution will meet these requirements with the LEAST amount of effort?
A. reate an internal Application Load Balancer (ALB)
B. emove the DNS entry that is associated with the API in API Gateway
C. pdate the API endpoint from Regional to private in API Gateway
D. eploy the Lambda functions inside the VPC Provision an EC2 instance, and install an Apache server
View answer
Correct Answer: C
Question #10
A company wants to run a custom network analysis software package to inspect traffic as traffic leaves and enters a VPC. The company has deployed the solution by using AWS CloudFormation on three Amazon EC2 instances in an Auto Scaling group. All network routing has been established to direct traffic to the EC2 instances.Whenever the analysis software stops working, the Auto Scaling group replaces an instance. The network routes are not updated when the instance replacement occurs.Which combination of steps
A. onfigure the ECS services to use the blue/green deployment type and a Network Load Balancer
B. onfigure the ECS services to use the blue/green deployment type and a Network Load Balancer
C. onfigure the ECS services to use the blue/green deployment type and an Application Load Balancer
D. onfigure the ECS services to use the blue/green deployment type and an Application Load Balancer
View answer
Correct Answer: BDE
Question #11
A company uses AWS Organizations to manage its AWS accounts. The company needs a list of all its Amazon EC2 instances that have underutilized CPU or memory usage. The company also needs recommendations for how to downsize these underutilized instances.Which solution will meet these requirements with the LEAST effort?
A. nstall a CPU and memory monitoring tool from AWS Marketplace on all the EC2 instances
B. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
C. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
D. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
View answer
Correct Answer: B
Question #12
A company has migrated Its forms-processing application to AWS. When users interact with the application, they upload scanned forms as files through a web application. A database stores user metadata and references to files that are stored in Amazon S3. The web application runs on Amazon EC2 instances and an Amazon RDS for PostgreSQL database.When forms are uploaded, the application sends notifications to a team through Amazon Simple Notification Service (Amazon SNS). A team member then logs in and processe
A. evelop custom libraries to perform optical character recognition (OCR) on the forms
B. xtend the system with an application tier that uses AWS Step Functions and AWS Lambda
C. ost a new application tier on EC2 instances
D. xtend the system with an application tier that uses AWS Step Functions and AWS Lambda
View answer
Correct Answer: D
Question #13
A finance company is running its business-critical application on current-generation Linux EC2 instances. The application includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a moderate amount of traffic during the month. However, it slows down during the final three days of each month due to month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to meet the increased demand.Which of
A. re-warming Elastic Load Balancers, using a bigger instance type, changing all Amazon EBS volumes to GP2 volumes
B. erforming a one-time migration of the database cluster to Amazon RDS, and creating several additional read replicas to handle the load during end of month
C. sing Amazon CloudWatch with AWS Lambda to change the type, size, or IOPS of Amazon EBS volumes in the cluster based on a specific CloudWatch metric
D. eplacing all existing Amazon EBS volumes with new PIOPS volumes that have the maximum available storage size and I/O per second by taking snapshots before the end of the month and reverting back afterwards
View answer
Correct Answer: B
Question #14
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.Which solution will meet these requirements?
A. se an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function
B. se an AWS Step Functions state machine to pass events to the Lambda function
C. se an Amazon EventBridge rule to pass events to the Lambda function
D. se an Amazon Simple Notification Service (Amazon SNS) topic to store events and Invoke the Lambda function
View answer
Correct Answer: A
Question #15
A company provides auction services for artwork and has users across North America and Europe. The company hosts its application in Amazon EC2 instances in the us-east-1 Region. Artists upload photos of their work as large-size. high-resolution image files from their mobile phones to a centralized Amazon S3 bucket created in the us-east-1 Region. The users in Europe are reporting slow performance for their image uploads.How can a solutions architect improve the performance of the image upload process?
A. edeploy the application to use S3 multipart uploads
B. reate an Amazon CloudFront distribution and point to the application as a custom origin
C. onfigure the buckets to use S3 Transfer Acceleration
D. reate an Auto Scaling group for the EC2 instances and create a scaling policy
View answer
Correct Answer: C
Question #16
A company wants to migrate its workloads from on premises to AWS. The workloads run on Linux and Windows. The company has a large on-premises infrastructure that consists of physical machines and VMs that host numerous applications.The company must capture details about the system configuration, system performance, running processes, and network connections of its on-premises workloads. The company also must divide the on-premises applications into groups for AWS migrations. The company needs recommendation
A. eplace the NAT gateways with NAT instances
B. ove the EC2 instances to the public subnets
C. et up an S3 gateway VPC endpoint in the VP Attach an endpoint policy to the endpoint to allow the required actions on the S3 bucket
D. ttach an Amazon Elastic File System (Amazon EFS) volume to the EC2 instances
View answer
Correct Answer: ADE
Question #17
A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company’s engineers rely heavily on SSH access to the instances for troubleshooting.The company’s existing architecture includes the following:-A VPC with private and public subnets, and a NAT gateway.-Site-to-Site VPN for connectivity with the on-premises environment.-EC2 security groups with direct SSH access from the on-premises environment.The company needs to increase security controls ar
A. nstall and configure EC2 Instance Connect on the fleet of EC2 instances
B. pdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer’s devices
C. pdate the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer’s devices
D. reate an IAM role with the AmazonSSMManagedInstanceCore managed policy attached
View answer
Correct Answer: D
Question #18
A company has more than 10,000 sensors that send data to an on-premises Apache Kafka server by using the Message Queuing Telemetry Transport (MQTT) protocol. The on-premises Kafka server transforms the data and then stores the results as objects in an Amazon S3 bucket.Recently, the Kafka server crashed. The company lost sensor data while the server was being restored. A solutions architect must create a new design on AWS that is highly available and scalable to prevent a similar occurrence.Which solution wi
A. aunch two Amazon EC2 instances to host the Kafka server in an active/standby configuration across two Availability Zones
B. igrate the on-premises Kafka server to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
C. eploy AWS IoT Core, and connect it to an Amazon Kinesis Data Firehose delivery stream
D. eploy AWS IoT Core, and launch an Amazon EC2 instance to host the Kafka server
View answer
Correct Answer: C
Question #19
A company runs a microservice as an AWS Lambda function. The microservice writes data to an on-premises SQL database that supports a limited number of concurrent connections. When the number of Lambda function invocations is too high, the database crashes and causes application downtime. The company has an AWS Direct Connect connection between the company's VPC and the on-premises data center. The company wants to protect the database from crashes.Which solution will meet these requirements?
A. rite the data to an Amazon Simple Queue Service (Amazon SQS) queue
B. reate a new Amazon Aurora Serverless DB cluster
C. reate an Amazon RDS Proxy DB instance
D. rite the data to an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: A
Question #20
A company’s public API runs as tasks on Amazon Elastic Container Service (Amazon ECS). The tasks run on AWS Fargate behind an Application Load Balancer (ALB) and are configured with Service Auto Scaling for the tasks based on CPU utilization. This service has been running well for several months.Recently, API performance slowed down and made the application unusable. The company discovered that a significant number of SQL injection attacks had occurred against the API and that the API service had scaled to
A. reate a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are forwarded to the ALB in front of the ECS tasks
B. reate a new AWS WAF Bot Control implementation
C. reate a new AWS WAF web ACL
D. reate a new AWS WAF web ACL
View answer
Correct Answer: C
Question #21
During an audit, a security team discovered that a development team was putting IAM user secret access keys in their code and then committing it to an AWS CodeCommit repository. The security team wants to automatically find and remediate instances of this security vulnerability.Which solution will ensure that the credentials are appropriately secured automatically?
A. un a script nightly using AWS Systems Manager Run Command to search for credentials on the development instances
B. se a scheduled AWS Lambda function to download and scan the application code from CodeCommit
C. onfigure Amazon Macie to scan for credentials in CodeCommit repositories
D. onfigure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions for credentials
View answer
Correct Answer: D
Question #22
A company is creating a REST API to share information with six of its partners based in the United States. The company has created an Amazon API Gateway Regional endpoint. Each of the six partners will access the API once per day to post daily sales figures.After initial deployment, the company observes 1,000 requests per second originating from 500 different IP addresses around the world. The company believes this traffic is originating from a botnet and wants to secure its API while minimizing cost.Which
A. reate an Amazon CloudFront distribution with the API as the origin
B. reate an Amazon CloudFront distribution with the API as the origin
C. reate an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners
D. reate an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners
View answer
Correct Answer: D
Question #23
A financial services company loaded millions of historical stock trades into an Amazon DynamoDB table. The table uses on-demand capacity mode. Once each day at midnight, a few million new records are loaded into the table. Application read activity against the table happens in bursts throughout the day. and a limited set of keys are repeatedly looked up. The company needs to reduce costs associated with DynamoDB.Which strategy should a solutions architect recommend to meet this requirement?
A. eploy an Amazon ElastiCache cluster in front of the DynamoDB table
B. eploy DynamoDB Accelerator (DAX)
C. se provisioned capacity mode
D. eploy DynamoDB Accelerator (DAX)
View answer
Correct Answer: D
Question #24
A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an encrypted file in Amazon S3. For the next version of the application, the security engineer wants to implement the following application design changes to improve security:-The database must use strong, randomly generated passwords stored in a secure AWS managed service.-The application resources must be deployed through AWS CloudFormation.-The application must rotate credentials for
A. enerate the database password as a secret resource using AWS Secrets Manager
B. enerate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
C. enerate the database password as a secret resource using AWS Secrets Manager
D. enerate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
View answer
Correct Answer: A
Question #25
A company has hundreds of AWS accounts. The company uses an organization in AWS Organizations to manage all the accounts. The company has turned on all features.A finance team has allocated a daily budget for AWS costs. The finance team must receive an email notification if the organization's AWS costs exceed 80% of the allocated budget. A solutions architect needs to implement a solution to track the costs and deliver the notifications.Which solution will meet these requirements?
A. n the organization's management account, use AWS Budgets to create a budget that has a daily period
B. n the organization’s management account, set up the organizational view feature for AWS Trusted Advisor
C. egister the organization with AWS Control Tower
D. onfigure the member accounts to save a daily AWS Cost and Usage Report to an Amazon S3 bucket in the organization's management account
View answer
Correct Answer: A
Question #26
A company has a latency-sensitive trading platform that uses Amazon DynamoDB as a storage backend. The company configured the DynamoDB table to use on-demand capacity mode. A solutions architect needs to design a solution to improve the performance of the trading platform. The new solution must ensure high availability for the trading platform.Which solution will meet these requirements with the LEAST latency?
A. reate a two-node DynamoDB Accelerator (DAX) cluster
B. reate a three-node DynamoDB Accelerator (DAX) cluster
C. reate a three-node DynamoDB Accelerator (DAX) cluster
D. reate a single-node DynamoDB Accelerator (DAX) cluster
View answer
Correct Answer: B
Question #27
A company that has multiple AWS accounts is using AWS Organizations. The company’s AWS accounts host VPCs, Amazon EC2 instances, and containers.The company’s compliance team has deployed a security tool in each VPC where the company has deployments. The security tools run on EC2 instances and send information to the AWS account that is dedicated for the compliance team. The company has tagged all the compliance-related resources with a key of “costCenter” and a value or “compliance”.The company wants to ide
A. n the management account of the organization, activate the costCenter user-defined tag
B. n the member accounts of the organization, activate the costCenter user-defined tag
C. n the member accounts of the organization activate the costCenter user-defined tag
D. reate a custom report in the organization view in AWS Trusted Advisor
View answer
Correct Answer: A
Question #28
A manufacturing company is building an inspection solution for its factory. The company has IP cameras at the end of each assembly line. The company has used Amazon SageMaker to train a machine learning (ML) model to identify common defects from still images.The company wants to provide local feedback to factory workers when a defect is detected. The company must be able to provide this feedback even if the factory’s internet connectivity is down. The company has a local Linux server that hosts an API that
A. et up an Amazon Kinesis video stream from each IP camera to AWS
B. eploy AWS IoT Greengrass on the local server
C. rder an AWS Snowball device
D. eploy Amazon Monitron devices on each IP camera
View answer
Correct Answer: B
Question #29
A company is running a web application in a VPC. The web application runs on a group of Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is using AWS WAF.An external customer needs to connect to the web application. The company must provide IP addresses to all external customers.Which solution will meet these requirements with the LEAST operational overhead?
A. eplace the ALB with a Network Load Balancer (NLB)
B. llocate an Elastic IP address
C. reate an AWS Global Accelerator standard accelerator
D. onfigure an Amazon CloudFront distribution
View answer
Correct Answer: C
Question #30
A retail company is operating its ecommerce application on AWS. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB instance as the database backend. Amazon CloudFront is configured with one origin that points to the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway) error. The root cause is malformed HTTP headers
A. reate an Amazon S3 bucket
B. reate an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Target
C. odify the existing Amazon Route 53 records by adding health checks
D. reate an Amazon CloudWatch alarm to invoke an AWS Lambda function if the ALB health check response Elb
E. dd a custom error response by configuring a CloudFront custom error page
View answer
Correct Answer: CE
Question #31
A company consists or two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured low-way replication between the S3 buckets. The S3 buckets have millions of objects.Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires
A. urn on SSE-S3 on both S3 buckets
B. reate an AWS Key Management Service (AWS KMS) key in each account
C. urn on SSE-S3 on both S3 buckets
D. reate an AWS Key Management Service, (AWS KMS) key in each account
View answer
Correct Answer: A
Question #32
A company has an application that runs as a ReplicaSet of multiple pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has nodes in multiple Availability Zones. The application generates many small files that must be accessible across all running instances of the application. The company needs to back up the files and retain the backups for 1 year.Which solution will meet these requirements while providing the FASTEST storage performance?
A. reate an Amazon Elastic File System (Amazon EFS) file system and a mount target for each subnet that contains nodes in the EKS cluster
B. reate an Amazon Elastic Block Store (Amazon EBS) volume
C. reate an Amazon S3 bucket
D. onfigure the ReplicaSet to use the storage available on each of the running application pods to store the files locally
View answer
Correct Answer: A
Question #33
A company wants to migrate its data analytics environment from on premises to AWS. The environment consists of two simple Node.js applications. One of the applications collects sensor data and loads it into a MySQL database. The other application aggregates the data into reports. When the aggregation jobs run, some of the load jobs fail to run correctly.The company must resolve the data loading issue. The company also needs the migration to occur without interruptions or changes for the company’s customers.
A. et up an Amazon Aurora MySQL database as a replication target for the on-premises database
B. et up an Amazon Aurora MySQL database
C. et up an Amazon Aurora MySQL database
D. et up an Amazon Aurora MySQL database
View answer
Correct Answer: C
Question #34
A company runs a new application as a static website in Amazon S3. The company has deployed the application to a production AWS account and uses Amazon CloudFront to deliver the website. The website calls an Amazon API Gateway REST API. An AWS Lambda function backs each API method.The company wants to create a CSV report every 2 weeks to show each API Lambda function’s recommended configured memory, recommended cost, and the price difference between current configurations and the recommendations. The compan
A. reate a Lambda function that extracts metrics data for each API Lambda function from Amazon CloudWatch Logs for the 2-week period
B. pt in to AWS Compute Optimizer
C. pt in to AWS Compute Optimizer
D. urchase the AWS Business Support plan for the production account
View answer
Correct Answer: B
Question #35
A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer. The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application.How should a solutions architect configure the web ACLs to meet these requirements?
A. et the action of the web ACL rules to Count
B. se only rate-based rules in the web ACLs, and set the throttle limit as high as possible
C. et the action of the web ACL rules to Block
D. se only custom rule groups in the web ACLs, and set the action to Allow
View answer
Correct Answer: A
Question #36
A company is running a critical stateful web application on two Linux Amazon EC2 instances behind an Application Load Balancer (ALB) with an Amazon RDS for MySQL database. The company hosts the DNS records for the application in Amazon Route 53. A solutions architect must recommend a solution to improve the resiliency of the application.The solution must meet the following objectives:•Application tier: RPO of 2 minutes. RTO of 30 minutes•Database tier: RPO of 5 minutes. RTO of 30 minutesThe company does not
A. onfigure the EC2 instances to use AWS Elastic Disaster Recovery
B. onfigure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes
C. reate a backup plan in AWS Backup for the EC2 instances and RDS DB instance
D. onfigure the EC2 instances to use Amazon Data Lifecycle Manager (Amazon DLM) to take snapshots of the EBS volumes
View answer
Correct Answer: A
Question #37
A solutions architect wants to cost-optimize and appropriately size Amazon EC2 instances in a single AWS account. The solutions architect wants to ensure that the instances are optimized based on CPU, memory, and network metrics.Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
A. onfigure AWS Elastic Disaster Recovery to replicate the CodeCommit repository data to the second Region
B. se AWS Backup to back up the CodeCommit repository on an hourly schedule
C. reate an Amazon EventBridge rule to invoke AWS CodeBuild when the company pushes code to the repository
D. reate an AWS Step Functions workflow on an hourly schedule to take a snapshot of the CodeCommit repository
View answer
Correct Answer: CD
Question #38
A company runs a processing engine in the AWS Cloud. The engine processes environmental data from logistics centers to calculate a sustainability index. The company has millions of devices in logistics centers that are spread across Europe. The devices send information to the processing engine through a RESTful API.The API experiences unpredictable bursts of traffic. The company must implement a solution to process all data that the devices send to the processing engine. Data loss is unacceptable.Which solu
A. reate an Application Load Balancer (ALB) for the RESTful API
B. reate an Amazon API Gateway HTTP API that implements the RESTful API
C. reate an Amazon API Gateway REST API that implements the RESTful API
D. reate an Amazon CloudFront distribution for the RESTful API
View answer
Correct Answer: B
Question #39
A company deploys a new web application. As pari of the setup, the company configures AWS WAF to log to Amazon S3 through Amazon Kinesis Data Firehose. The company develops an Amazon Athena query that runs once daily to return AWS WAF log data from the previous 24 hours. The volume of daily logs is constant. However, over time, the same query is taking more time to run.A solutions architect needs to design a solution to prevent the query time from continuing to increase. The solution must minimize operation
A. reate an AWS Lambda function that consolidates each day's AWS WAF logs into one log file
B. educe the amount of data scanned by configuring AWS WAF to send logs to a different S3 bucket each day
C. pdate the Kinesis Data Firehose configuration to partition the data in Amazon S3 by date and time
D. odify the Kinesis Data Firehose configuration and Athena table definition to partition the data by date and time
View answer
Correct Answer: D
Question #40
A financial company is planning to migrate its web application from on premises to AWS. The company uses a third-party security tool to monitor the inbound traffic to the application. The company has used the security tool for the last 15 years, and the tool has no cloud solutions available from its vendor. The company's security team is concerned about how to integrate the security tool with AWS technology.The company plans to deploy the application migration to AWS on Amazon EC2 instances. The EC2 instanc
A. onnect the IoT sensors to AWS IoT Core
B. igrate the application server to AWS Fargate, which will receive the information from IoT sensors and parse the information into a relational format
C. reate an AWS Transfer for SFTP server
D. se AWS Snowball Edge to collect data from the IoT sensors directly to perform local analysis
View answer
Correct Answer: AD
Question #41
A company needs to create and manage multiple AWS accounts for a number of departments from a central location. The security team requires read-only access to all accounts from its own AWS account. The company is using AWS Organizations and created an account for the security team.How should a solutions architect meet these requirements?
A. reate peering connections between the egress VPC and the spoke VPCs
B. reate a transit gateway, and share it with the existing AWS accounts
C. reate a transit gateway in every account
D. reate an AWS PrivateLink connection between the egress VPC and the spoke VPCs
View answer
Correct Answer: B
Question #42
A company uses an Amazon Aurora PostgreSQL DB cluster for applications in a single AWS Region. The company's database team must monitor all data activity on all the databases.Which solution will achieve this goal?
A. et up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task
B. tart a database activity stream on the Aurora DB cluster to capture the activity stream in Amazon EventBridge
C. tart a database activity stream on the Aurora DB cluster to push the activity stream to an Amazon Kinesis data stream
D. et up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task
View answer
Correct Answer: C
Question #43
A company needs to audit the security posture of a newly acquired AWS account. The company’s data security team requires a notification only when an Amazon S3 bucket becomes publicly exposed. The company has already established an Amazon Simple Notification Service (Amazon SNS) topic that has the data security team's email address subscribed.Which solution will meet these requirements?
A. reate an S3 event notification on all S3 buckets for the isPublic event
B. reate an analyzer in AWS Identity and Access Management Access Analyzer
C. reate an Amazon EventBridge rule for the event type “Bucket-Level API Call via CloudTrail” with a filter for “PutBucketPolicy
D. ctivate AWS Config and add the cloudtrail-s3-dataevents-enabled rule
View answer
Correct Answer: B
Question #44
A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company uses AWS Control Tower for governance and uses AWS Transit Gateway for VPC connectivity across accounts.In an AWS application account, the company’s application team has deployed a web application that uses AWS Lambda and Amazon RDS. The company's database administrators have a separate DBA account and use the account to centrally manage all the databases across the organization. The database administrators use an Amazo
A. se AWS Resource Access Manager (AWS RAM) to share the secrets from the application account with the DBA account
B. n the application account, create an IAM role that is named DBA-Secret
C. n the DBA account create an IAM role that is named DBA-Admin
D. n the DBA account, create an IAM role that is named DBA-Admin
View answer
Correct Answer: B
Question #45
A company uses a service to collect metadata from applications that the company hosts on premises. Consumer devices such as TVs and internet radios access the applications. Many older devices do not support certain HTTP headers and exhibit errors when these headers are present in responses. The company has configured an on-premises load balancer to remove the unsupported headers from responses sent to older devices, which the company identified by the User-Agent headers.The company wants to migrate the serv
A. reate an Amazon CloudFront distribution for the metadata service
B. reate an Amazon API Gateway REST API for the metadata service
C. reate an Amazon API Gateway HTTP API for the metadata service
D. reate an Amazon CloudFront distribution for the metadata service
View answer
Correct Answer: B
Question #46
A company is subject to regulatory audits of its financial information. External auditors who use a single AWS account need access to the company's AWS account. A solutions architect must provide the auditors with secure, read-only access to the company's AWS account. The solution must comply with AWS security best practices.Which solution will meet these requirements?
A. n the company's AWS account, create resource policies for all resources in the account to grant access to the auditors' AWS account
B. n the company's AWS account, create an IAM role that trusts the auditors' AWS account
C. n the company's AWS account, create an IAM user
D. n the company's AWS account, create an IAM group that has the required permissions
View answer
Correct Answer: B
Question #47
A solutions architect must create a business case for migration of a company's on-premises data center to the AWS Cloud. The solutions architect will use a configuration management database (CMDB) export of all the company's servers to create the case.Which solution will meet these requirements MOST cost-effectively?
A. se AWS Well-Architected Tool to import the CMDB data to perform an analysis and generate recommendations
B. se Migration Evaluator to perform an analysis
C. mplement resource matching rules
D. se AWS Application Discovery Service to import the CMDB data to perform an analysis
View answer
Correct Answer: B
Question #48
A company uses AWS Organizations to manage its AWS accounts. The company needs a list of all its Amazon EC2 instances that have underutilized CPU or memory usage. The company also needs recommendations for how to downsize these underutilized instances.Which solution will meet these requirements with the LEAST effort?
A. nstall a CPU and memory monitoring tool from AWS Marketplace on all the EC2 instances
B. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
C. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
D. nstall the Amazon CloudWatch agent on all the EC2 instances by using AWS Systems Manager
View answer
Correct Answer: B
Question #49
A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and AWS Lambda functions. The current deployment process of the application code is to create a new version number of the Lambda function and run an AWS CLI script to update. If the new function version has errors, another CLI script reverts by deploying the previous working version of the function. The company would like to decrease the time to deploy new versions of the application logic provided by the Lambda funct
A. reate and deploy nested AWS CloudFormation stacks with the parent stack consisting of the AWS CloudFront distribution and API Gateway, and the child stack containing the Lambda function
B. se AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shift traffic to the new version, and use pre-traffic and post-traffic test functions to verify code
C. efactor the AWS CLI scripts into a single script that deploys the new Lambda version
D. reate and deploy an AWS CloudFormation stack that consists of a new API Gateway endpoint that references the new Lambda version
View answer
Correct Answer: B
Question #50
A company is running an application in the AWS Cloud. The application collects and stores a large amount of unstructured data in an Amazon S3 bucket. The S3 bucket contains several terabytes of data and uses the S3 Standard storage class. The data increases in size by several gigabytes every day.The company needs to query and analyze the data. The company does not access data that is more than 1 year old. However, the company must retain all the data indefinitely for compliance reasons.Which solution will m
A. se S3 Select to query the data
B. se Amazon Redshift Spectrum to query the data
C. se an AWS Glue Data Catalog and Amazon Athena to query the data
D. se Amazon Redshift Spectrum to query the data
View answer
Correct Answer: C
Question #51
A company is planning to migrate an application to AWS. The application runs as a Docker container and uses an NFS version 4 file share.A solutions architect must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure.Which solution will meet these requirements?
A. reate a second ALB, and deploy the new logic to a set of EC2 instances in a new Auto Scaling group
B. reate a second target group that is referenced by the ALDeploy the new logic to EC2 instances in this new target group
C. reate a new launch configuration for the Auto Scaling group
D. reate a second Auto Scaling group that is referenced by the ALB
View answer
Correct Answer: A
Question #52
A company is running an application in the AWS Cloud. The application runs on containers m an Amazon Elastic Container Service (Amazon ECS) cluster. The ECS tasks use the Fargate launch type. The application's data is relational and is stored in Amazon Aurora MySQL. To meet regulatory requirements, the application must be able to recover to a separate AWS Region in the event of an application failure. In case of a failure, no data can be lost.Which solution will meet these requirements with the LEAST amount
A. rovision an Aurora Replica in a different Region
B. et up AWS DataSync for continuous replication of the data to a different Region
C. et up AWS Database Migration Service (AWS DMS) to perform a continuous replication of the data to a different Region
D. se Amazon Data Lifecycle Manager (Amazon DLM) to schedule a snapshot every 5 minutes
View answer
Correct Answer: A
Question #53
A delivery company is running a serverless solution in the AWS Cloud. The solution manages user data, delivery information, and past purchase details. The solution consists of several microservices. The central user service stores sensitive data in an Amazon DynamoDB table. Several of the other microservices store a copy of parts of the sensitive data in different storage services.The company needs the ability to delete user information upon request. As soon as the central user service deletes a user, every
A. ctivate DynamoDB Streams on the DynamoDB table
B. et up DynamoDB event notifications on the DynamoDB table
C. onfigure the central user service to post an event on a custom Amazon EventBridge event bus when the company deletes a user
D. onfigure the central user service to post a message on an Amazon Simple Queue Service (Amazon SQS) queue when the company deletes a user
View answer
Correct Answer: C
Question #54
A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC. The company needs to integrate the application with a new service from an external provider. The external provider supports only requests that come from public IPv4 addresses that are in an allow list.The company must provide a single public IP address to the external provider before the application can start using the new service.Which solution will give the application the ability to access the ne
A. eploy a NAT gateway
B. eploy an egress-only internet gateway
C. eploy an internet gateway
D. eploy an internet gateway
View answer
Correct Answer: A
Question #55
A company’s factory and automation applications are running in a single VPC. More than 20 applications run on a combination of Amazon EC2, Amazon Elastic Container Service (Amazon ECS), and Amazon RDS.The company has software engineers spread across three teams. One of the three teams owns each application, and each time is responsible for the cost and performance of all of its applications. Team resources have tags that represent their application and team. The teams use IAM access for daily activities.The
A. ssociate a block of customer-owned public IP addresses to the VPC
B. egister a block of customer-owned public IP addresses in the AWS account
C. reate Elastic IP addresses from the block of customer-owned IP addresses
D. egister a block of customer-owned public IP addresses in the AWS account
View answer
Correct Answer: ACF
Question #56
A solutions architect is designing a solution to process events. The solution must have the ability to scale in and out based on the number of events that the solution receives. If a processing error occurs, the event must move into a separate queue for review.Which solution will meet these requirements?
A. end event details to an Amazon Simple Notification Service (Amazon SNS) topic
B. ublish events to an Amazon Simple Queue Service (Amazon SQS) queue
C. rite events to an Amazon DynamoDB table
D. ublish events to an Amazon EventBndge event bus
View answer
Correct Answer: A
Question #57
A company is running applications on AWS in a multi-account environment. The company's sales team and marketing team use separate AWS accounts in AWS Organizations.The sales team stores petabytes of data in an Amazon S3 bucket. The marketing team uses Amazon QuickSight for data visualizations. The marketing team needs access to data that the sates team stores in the S3 bucket. The company has encrypted the S3 bucket with an AWS Key Management Service (AWS KMS) key. The marketing team has already created the
A. reate a new S3 bucket in the marketing account
B. reate an SCP to grant access to the S3 bucket to the marketing account
C. pdate the S3 bucket policy in the marketing account to grant access to the QuickSight role
D. reate an IAM role in the sales account and grant access to the S3 bucket
View answer
Correct Answer: D
Question #58
A company gives users the ability to upload images from a custom application. The upload process invokes an AWS Lambda function that processes and stores the image in an Amazon S3 bucket. The application invokes the Lambda function by using a specific function version ARN.The Lambda function accepts image processing parameters by using environment variables. The company often adjusts the environment variables of the Lambda function to achieve optimal image processing output. The company tests different para
A. igrate public DNS to Amazon Route 53
B. lace a Network Load Balancer (NLB) in front of the AL Migrate public DNS to Amazon Route 53
C. reate an AWS Global Accelerator accelerator with multiple endpoint groups that target endpoints in appropriate AWS Regions
D. reate an Amazon API Gateway API that is backed by AWS Lambda in one of the AWS Regions
View answer
Correct Answer: D
Question #59
A company has developed APIs that use Amazon API Gateway with Regional endpoints. The APIs call AWS Lambda functions that use API Gateway authentication mechanisms. After a design review, a solutions architect identifies a set of APIs that do not require public access.The solutions architect must design a solution to make the set of APIs accessible only from a VPC. All APIs need to be called with an authenticated userWhich solution will meet these requirements with the LEAST amount of effort?
A. reate an internal Application Load Balancer (ALB)
B. emove the DNS entry that is associated with the API in API Gateway
C. pdate the API endpoint from Regional to private in API Gateway
D. eploy the Lambda functions inside the VPC Provision an EC2 instance, and install an Apache server
View answer
Correct Answer: C
Question #60
A company has an on-premises Microsoft SQL Server database that writes a nightly 200 GB export to a local drive. The company wants to move the backups to more robust cloud storage on Amazon S3. The company has set up a 10 Gbps AWS Direct Connect connection between the on-premises data center and AWS.Which solution meets these requirements MOST cost-effectively?
A. reate an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPC
B. reate an AWS Direct Connect connection between the on-premises data center and AWS
C. reate an AWS Site-to-Site VPN connection between the on-premises data center and a new central VPUse a transit gateway with dynamic routing
D. reate an AWS Direct Connect connection between the on-premises data center and AWS
View answer
Correct Answer: A
Question #61
A life sciences company is using a combination of open source tools to manage data analysis workflows and Docker containers running on servers in its on-premises data center to process genomics data. Sequencing data is generated and stored on a local storage area network (SAN), and then the data is processed. The research and development teams are running into capacity issues and have decided to re-architect their genomics analysis platform on AWS to scale based on workload demands and reduce the turnaround
A. reate an Amazon Elastic File System (Amazon EFS) file share
B. reate a new AMI from the current EC2 Instance that is running
C. reate an Amazon FSx for Windows File Server file system
D. reate a new AMI from the current EC2 instance that is running
View answer
Correct Answer: C
Question #62
A company is running an application in the AWS Cloud. The application consists of microservices that run on a fleet of Amazon EC2 instances in multiple Availability Zones behind an Application Load Balancer. The company recently added a new REST API that was implemented in Amazon API Gateway. Some of the older microservices that run on EC2 instances need to call this new API.The company does not want the API to be accessible from the public internet and does not want proprietary data to traverse the public
A. reate an AWS Site-to-Site VPN connection between the VPC and the API Gateway
B. reate an interface VPC endpoint for API Gateway, and set an endpoint policy to only allow access to the specific API
C. odify the API Gateway to use IAM authentication
D. reate an accelerator in AWS Global Accelerator, and connect the accelerator to the API Gateway
View answer
Correct Answer: B
Question #63
A company uses AWS Organizations for a multi-account setup in the AWS Cloud. The company uses AWS Control Tower for governance and uses AWS Transit Gateway for VPC connectivity across accounts.In an AWS application account, the company’s application team has deployed a web application that uses AWS Lambda and Amazon RDS. The company's database administrators have a separate DBA account and use the account to centrally manage all the databases across the organization. The database administrators use an Amazo
A. se AWS Resource Access Manager (AWS RAM) to share the secrets from the application account with the DBA account
B. n the application account, create an IAM role that is named DBA-Secret
C. n the DBA account create an IAM role that is named DBA-Admin
D. n the DBA account, create an IAM role that is named DBA-Admin
View answer
Correct Answer: B
Question #64
A company is running a data-intensive application on AWS. The application runs on a cluster of hundreds of Amazon EC2 instances. A shared file system also runs on several EC2 instances that store 200 TB of data. The application reads and modifies the data on the shared file system and generates a report. The job runs once monthly, reads a subset of the files from the shared file system, and takes about 72 hours to complete. The compute instances scale in an Auto Scaling group, but the instances that host th
A. igrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class
B. igrate the data from the existing shared file system to a large Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled
C. igrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Standard storage class
D. igrate the data from the existing shared file system to an Amazon S3 bucket
View answer
Correct Answer: A
Question #65
A health insurance company stores personally identifiable information (PII) in an Amazon S3 bucket. The company uses server-side encryption with S3 managed encryption keys (SSE-S3) to encrypt the objects. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company’s security team manages. The S3 bucket does not have versioning enabled.Which solution will meet these requirements?
A. n the S3 bucket properties, change the default encryption to SSE-S3 with a customer managed key
B. n the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
C. n the S3 bucket properties, change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
D. n the S3 bucket properties, change the default encryption to AES-256 with a customer managed key
View answer
Correct Answer: D
Question #66
A company is planning to store a large number of archived documents and make the documents available to employees through the corporate intranet. Employees will access the system by connecting through a client VPN service that is attached to a VPC. The data must not be accessible to the public.The documents that the company is storing are copies of data that is held on physical media elsewhere. The number of requests will be low. Availability and speed of retrieval are not concerns of the company.Which solu
A. reate an Amazon S3 bucket
B. aunch an Amazon EC2 instance that runs a web server
C. aunch an Amazon EC2 instance that runs a web server Attach an Amazon Elastic Block Store (Amazon EBS) volume to store the archived data
D. reate an Amazon S3 bucket
View answer
Correct Answer: A
Question #67
A company runs a content management application on a single Windows Amazon EC2 instance in a development environment. The application reads and writes static content to a 2 TB Amazon Elastic Block Store (Amazon EBS) volume that is attached to the instance as the root device. The company plans to deploy this application in production as a highly available and fault-tolerant solution that runs on at least three EC2 instances across multiple Availability Zones.A solutions architect must design a solution that
A. et up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplace
B. et up Amazon Simple Email Service (Amazon SES) to send email messages
C. et up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplace
D. et up Amazon Simple Email Service (Amazon SES) to send email messages
View answer
Correct Answer: C
Question #68
A company has 50 AWS accounts that are members of an organization in AWS Organizations. Each account contains multiple VPCs. The company wants to use AWS Transit Gateway to establish connectivity between the VPCs in each member account. Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment.Which combination of steps will meet these requirements? (Choose two.)
A. reate an IAM role named procurement-manager-role in all AWS accounts in the organization
B. reate an IAM role named procurement-manager-role in all AWS accounts in the organization
C. reate an IAM role named procurement-manager-role in all the shared services accounts in the organization
D. reate an IAM role named procurement-manager-role in all AWS accounts that will be used by developers
View answer
Correct Answer: AC
Question #69
A company is refactoring its on-premises order-processing platform in the AWS Cloud. The platform includes a web front end that is hosted on a fleet of VMs, RabbitMQ to connect the front end to the backend, and a Kubernetes cluster to run a containerized backend system to process the orders. The company does not want to make any major changes to the application.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an AMI of the web server VM
B. reate a custom AWS Lambda runtime to mimic the web server environment
C. reate an AMI of the web server VM
D. reate an AMI of the web server VM
View answer
Correct Answer: A
Question #70
A company wants to run a custom network analysis software package to inspect traffic as traffic leaves and enters a VPC. The company has deployed the solution by using AWS CloudFormation on three Amazon EC2 instances in an Auto Scaling group. All network routing has been established to direct traffic to the EC2 instances.Whenever the analysis software stops working, the Auto Scaling group replaces an instance. The network routes are not updated when the instance replacement occurs.Which combination of steps
A. onfigure the ECS services to use the blue/green deployment type and a Network Load Balancer
B. onfigure the ECS services to use the blue/green deployment type and a Network Load Balancer
C. onfigure the ECS services to use the blue/green deployment type and an Application Load Balancer
D. onfigure the ECS services to use the blue/green deployment type and an Application Load Balancer
View answer
Correct Answer: BDE
Question #71
A company recently acquired several other companies. Each company has a separate AWS account with a different billing and reporting method. The acquiring company has consolidated all the accounts into one organization in AWS Organizations. However, the acquiring company has found it difficult to generate a cost report that contains meaningful groups for all the teams.The acquiring company’s finance team needs a solution to report on costs for all the companies through a self-managed application.Which soluti
A. reate an AWS Cost and Usage Report for the organization
B. reate an AWS Cost and Usage Report for the organization
C. reate an Amazon QuickSight dataset that receives spending information from the AWS Price List Query API
D. se the AWS Price List Query API to collect account spending information
View answer
Correct Answer: A
Question #72
A company with several AWS accounts is using AWS Organizations and service control policies (SCPs). An administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111: Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. How should the administrator address this problem?
A. dd s3:CreateBucket with “Allow” effect to the SCP
B. emove the account from the OU, and attach the SCP directly to account 1111-1111-1111
C. nstruct the developers to add Amazon S3 permissions to their IAM entities
D. emove the SCP from account 1111-1111-1111
View answer
Correct Answer: C
Question #73
A solutions architect needs to assess a newly acquired company’s portfolio of applications and databases. The solutions architect must create a business case to migrate the portfolio to AWS. The newly acquired company runs applications in an on-premises data center. The data center is not well documented. The solutions architect cannot immediately determine how many applications and databases exist. Traffic for the applications is variable. Some applications are batch processes that run at the end of each m
A. se AWS Server Migration Service (AWS SMS) and AWS Database Migration Service (AWS DMS) to evaluate migration
B. se AWS Application Migration Service
C. se Migration Evaluator to generate a list of servers
D. se AWS Control Tower in the destination account to generate an application portfolio
View answer
Correct Answer: C
Question #74
A company manufactures smart vehicles. The company uses a custom application to collect vehicle data. The vehicles use the MQTT protocol to connect to the application. The company processes the data in 5-minute intervals. The company then copies vehicle telematics data to on-premises storage. Custom applications analyze this data to detect anomalies.The number of vehicles that send data grows constantly. Newer vehicles generate high volumes of data. The on-premises storage solution is not able to scale for
A. se AWS IoT Greengrass to send the vehicle data to Amazon Managed Streaming for Apache Kafka (Amazon MSK)
B. se AWS IoT Core to receive the vehicle data
C. se AWS IoT FleetWise to collect the vehicle data
D. se Amazon MQ for RabbitMQ to collect the vehicle data
View answer
Correct Answer: B
Question #75
A company has a new application that needs to run on five Amazon EC2 instances in a single AWS Region. The application requires high-throughput, low-latency network connections between all of the EC2 instances where the application will run. There is no requirement for the application to be fault tolerant.Which solution will meet these requirements?
A. aunch five new EC2 instances into a cluster placement group
B. aunch five new EC2 instances into an Auto Scaling group in the same Availability Zone
C. aunch five new EC2 instances into a partition placement group
D. aunch five new EC2 instances into a spread placement group
View answer
Correct Answer: A
Question #76
A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed. Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts.Which solution meets these requirements with the LEAST amount of operational overhead?
A. se AWS Firewall Manager to manage AWS WAF rules across accounts in the organization
B. eploy an organization-wide AWS Config rule that requires all resources in the selected OUs to associate the AWS WAF rules
C. reate AWS WAF rules in the management account of the organization
D. se AWS Control Tower to manage AWS WAF rules across accounts in the organization
View answer
Correct Answer: A
Question #77
A company has an application that runs as a ReplicaSet of multiple pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has nodes in multiple Availability Zones. The application generates many small files that must be accessible across all running instances of the application. The company needs to back up the files and retain the backups for 1 year.Which solution will meet these requirements while providing the FASTEST storage performance?
A. reate an Amazon Elastic File System (Amazon EFS) file system and a mount target for each subnet that contains nodes in the EKS cluster
B. reate an Amazon Elastic Block Store (Amazon EBS) volume
C. reate an Amazon S3 bucket
D. onfigure the ReplicaSet to use the storage available on each of the running application pods to store the files locally
View answer
Correct Answer: A
Question #78
A global media company is planning a multi-Region deployment of an application. Amazon DynamoDB global tables will back the deployment to keep the user experience consistent across the two continents where users are concentrated. Each deployment will have a public Application Load Balancer (ALB). The company manages public DNS internally. The company wants to make the application available through an apex domain.Which solution will meet these requirements with the LEAST effort?
A. eploy the shared libraries and custom classes into a Docker image
B. eploy the shared libraries and custom classes to a Docker image
C. eploy the shared libraries and custom classes to a Docker container in Amazon Elastic Container Service (Amazon ECS) by using the AWS Fargate launch type
D. eploy the shared libraries, custom classes, and code for the API's Lambda functions to a Docker image
View answer
Correct Answer: C
Question #79
A company runs a content management application on a single Windows Amazon EC2 instance in a development environment. The application reads and writes static content to a 2 TB Amazon Elastic Block Store (Amazon EBS) volume that is attached to the instance as the root device. The company plans to deploy this application in production as a highly available and fault-tolerant solution that runs on at least three EC2 instances across multiple Availability Zones.A solutions architect must design a solution that
A. et up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplace
B. et up Amazon Simple Email Service (Amazon SES) to send email messages
C. et up an SMTP server on Amazon EC2 instances by using an AMI from the AWS Marketplace
D. et up Amazon Simple Email Service (Amazon SES) to send email messages
View answer
Correct Answer: C
Question #80
A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances.The company recently released a new version of the application. Some EC2 instances are now being marked as unhealthy and are being
A. uspend the Auto Scaling group’s HealthCheck scaling process
B. nable EC2 instance termination protection
C. et the termination policy to OldestInstance on the Auto Scaling group
D. uspend the Auto Scaling group’s Terminate process
View answer
Correct Answer: D
Question #81
A company has an application in the AWS Cloud. The application runs on a fleet of 20 Amazon EC2 instances. The EC2 instances are persistent and store data on multiple attached Amazon Elastic Block Store (Amazon EBS) volumes.The company must maintain backups in a separate AWS Region. The company must be able to recover the EC2 instances and their configuration within 1 business day, with loss of no more than 1 day's worth of data. The company has limited staff and needs a backup solution that optimizes opera
A. reate a second CloudFormation template that can recreate the EC2 instances in the secondary Region
B. se Amazon Data Lifecycle Manager (Amazon DLM) to create daily multivolume snapshots of the EBS volumes
C. se AWS Backup to create a scheduled daily backup plan for the EC2 instances
D. eploy EC2 instances of the same size and configuration to the secondary Region
View answer
Correct Answer: C
Question #82
A company’s public API runs as tasks on Amazon Elastic Container Service (Amazon ECS). The tasks run on AWS Fargate behind an Application Load Balancer (ALB) and are configured with Service Auto Scaling for the tasks based on CPU utilization. This service has been running well for several months.Recently, API performance slowed down and made the application unusable. The company discovered that a significant number of SQL injection attacks had occurred against the API and that the API service had scaled to
A. reate a new AWS WAF web ACL to monitor the HTTP requests and HTTPS requests that are forwarded to the ALB in front of the ECS tasks
B. reate a new AWS WAF Bot Control implementation
C. reate a new AWS WAF web ACL
D. reate a new AWS WAF web ACL
View answer
Correct Answer: C
Question #83
A company has Linux-based Amazon EC2 instances. Users must access the instances by using SSH with EC2 SSH key pairs. Each machine requires a unique EC2 key pair.The company wants to implement a key rotation policy that will, upon request, automatically rotate all the EC2 key pairs and keep the keys in a securely encrypted place. The company will accept less than 1 minute of downtime during key rotation.Which solution will meet these requirements?
A. tore all the keys in AWS Secrets Manager
B. tore all the keys in Parameter Store, a capability of AWS Systems Manager, as a string
C. mport the EC2 key pairs into AWS Key Management Service (AWS KMS)
D. dd all the EC2 instances to Fleet Manager, a capability of AWS Systems Manager
View answer
Correct Answer: A
Question #84
A company uses an on-premises data analytics platform. The system is highly available in a fully redundant configuration across 12 servers in the company’s data center. The system runs scheduled jobs, both hourly and daily, in addition to one-time requests from users. Scheduled jobs can take between 20 minutes and 2 hours to finish running and have tight SLAs. The scheduled jobs account for 65% of the system usage. User jobs typically finish running in less than 5 minutes and have no SL
A. The user jobs acco
A. plit the 12 instances across two Availability Zones in the chosen AWS Region
B. plit the 12 instances across three Availability Zones in the chosen AWS Region
C. plit the 12 instances across three Availability Zones in the chosen AWS Region
D. plit the 12 instances across three Availability Zones in the chosen AWS Region
View answer
Correct Answer: D
Question #85
A video processing company has an application that downloads images from an Amazon S3 bucket, processes the images, stores a transformed image in a second S3 bucket, and updates metadata about the image in an Amazon DynamoDB table. The application is written in Node.js and runs by using an AWS Lambda function. The Lambda function is invoked when a new image is uploaded to Amazon S3.The application ran without incident for a while. However, the size of the images has grown significantly. The Lambda function
A. urn on mandatory guardrails in AWS Control Tower
B. nable the appropriate guardrail from the list of strongly recommended guardrails in AWS Control Tower
C. se AWS Config to create a new mandatory guardrail
D. reate a custom SCP in AWS Control Tower
View answer
Correct Answer: AB
Question #86
An enterprise company wants to allow its developers to purchase third-party software through AWS Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in each organizational unit (OU) that will be used by procurement managers. The procurement team’s policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The
A. reate an explicit deny statement for each AWS service that should be constrained
B. emove the FullAWSAccess SCP from the developers account’s OU
C. odify the FullAWSAccess SCP to explicitly deny all services
D. dd an explicit deny statement using a wildcard to the end of the SCP
View answer
Correct Answer: C
Question #87
A company that uses AWS Organizations allows developers to experiment on AWS. As part of the landing zone that the company has deployed, developers use their company email address to request an account. The company wants to ensure that developers are not launching costly services or running services unnecessarily. The company must give developers a fixed monthly budget to limit their AWS costs.Which combination of steps will meet these requirements? (Choose three.)
A. ownload the Lambda function deployment package from the Source account
B. ownload the Lambda function deployment package from the Source account
C. se AWS Resource Access Manager (AWS RAM) to share the Lambda functions and the Aurora DB cluster with the Target account
D. se AWS Resource Access Manager (AWS RAM) to share the Lambda functions with the Target account
View answer
Correct Answer: BCF
Question #88
A financial company is planning to migrate its web application from on premises to AWS. The company uses a third-party security tool to monitor the inbound traffic to the application. The company has used the security tool for the last 15 years, and the tool has no cloud solutions available from its vendor. The company's security team is concerned about how to integrate the security tool with AWS technology.The company plans to deploy the application migration to AWS on Amazon EC2 instances. The EC2 instanc
A. onnect the IoT sensors to AWS IoT Core
B. igrate the application server to AWS Fargate, which will receive the information from IoT sensors and parse the information into a relational format
C. reate an AWS Transfer for SFTP server
D. se AWS Snowball Edge to collect data from the IoT sensors directly to perform local analysis
View answer
Correct Answer: AD
Question #89
A company is creating a REST API to share information with six of its partners based in the United States. The company has created an Amazon API Gateway Regional endpoint. Each of the six partners will access the API once per day to post daily sales figures.After initial deployment, the company observes 1,000 requests per second originating from 500 different IP addresses around the world. The company believes this traffic is originating from a botnet and wants to secure its API while minimizing cost.Which
A. reate an Amazon CloudFront distribution with the API as the origin
B. reate an Amazon CloudFront distribution with the API as the origin
C. reate an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners
D. reate an AWS WAF web ACL with a rule to allow access to the IP addresses used by the six partners
View answer
Correct Answer: D
Question #90
An online gaming company needs to rehost its gaming platform on AWS. The company's gaming application requires high performance computing (HPC) processing and has a leaderboard that changes frequently. An Ubuntu instance that is optimized for compute generation hosts a Node.js application for game display. Game state is tracked in an on-premises Redis instance.The company needs a migration strategy that optimizes application performance.Which solution will meet these requirements?
A. reate an Auto Scaling group of m5
B. reate an Auto Scaling group of c5
C. reate an Auto Scaling group of c5
D. reate an Auto Scaling group of m5
View answer
Correct Answer: C
Question #91
A company is running a web application in the AWS Cloud. The application consists of dynamic content that is created on a set of Amazon EC2 instances. The EC2 instances run in an Auto Scaling group that is configured as a target group for an Application Load Balancer (ALB).The company is using an Amazon CloudFront distribution to distribute the application globally. The CloudFront distribution uses the ALB as an origin. The company uses Amazon Route 53 for DNS and has created an A record of www.example.com
A. rovision a full, secondary application deployment in a different AWS Region
B. rovision an ALB, an Auto Scaling group, and EC2 instances in a different AWS Region
C. rovision an Auto Scaling group and EC2 instances in a different AWS Region
D. rovision a full, secondary application deployment in a different AWS Region
View answer
Correct Answer: B
Question #92
A company is running a data-intensive application on AWS. The application runs on a cluster of hundreds of Amazon EC2 instances. A shared file system also runs on several EC2 instances that store 200 TB of data. The application reads and modifies the data on the shared file system and generates a report. The job runs once monthly, reads a subset of the files from the shared file system, and takes about 72 hours to complete. The compute instances scale in an Auto Scaling group, but the instances that host th
A. igrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class
B. igrate the data from the existing shared file system to a large Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled
C. igrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Standard storage class
D. igrate the data from the existing shared file system to an Amazon S3 bucket
View answer
Correct Answer: A
Question #93
A manufacturing company is building an inspection solution for its factory. The company has IP cameras at the end of each assembly line. The company has used Amazon SageMaker to train a machine learning (ML) model to identify common defects from still images.The company wants to provide local feedback to factory workers when a defect is detected. The company must be able to provide this feedback even if the factory’s internet connectivity is down. The company has a local Linux server that hosts an API that
A. et up an Amazon Kinesis video stream from each IP camera to AWS
B. eploy AWS IoT Greengrass on the local server
C. rder an AWS Snowball device
D. eploy Amazon Monitron devices on each IP camera
View answer
Correct Answer: B
Question #94
A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and AWS Lambda functions. The current deployment process of the application code is to create a new version number of the Lambda function and run an AWS CLI script to update. If the new function version has errors, another CLI script reverts by deploying the previous working version of the function. The company would like to decrease the time to deploy new versions of the application logic provided by the Lambda funct
A. reate and deploy nested AWS CloudFormation stacks with the parent stack consisting of the AWS CloudFront distribution and API Gateway, and the child stack containing the Lambda function
B. se AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shift traffic to the new version, and use pre-traffic and post-traffic test functions to verify code
C. efactor the AWS CLI scripts into a single script that deploys the new Lambda version
D. reate and deploy an AWS CloudFormation stack that consists of a new API Gateway endpoint that references the new Lambda version
View answer
Correct Answer: B
Question #95
A company is running a compute workload by using Amazon EC2 Spot Instances that are in an Auto Scaling group. The launch template uses two placement groups and a single instance type.Recently, a monitoring system reported Auto Scaling instance launch failures that correlated with longer wait times for system users. The company needs to improve the overall reliability of the workload.Which solution will meet this requirement?
A. eplace the launch template with a launch configuration to use an Auto Scaling group that uses attribute-based instance type selection
B. reate a new launch template version that uses attribute-based instance type selection
C. pdate the launch template Auto Scaling group to increase the number of placement groups
D. pdate the launch template to use a larger instance type
View answer
Correct Answer: B
Question #96
A company uses AWS Organizations with a single OU named Production to manage multiple accounts. All accounts are members of the Production OU. Administrators use deny list SCPs in the root of the organization to manage access to restricted services.The company recently acquired a new business unit and invited the new unit’s existing AWS account to the organization. Once onboarded, the administrators of the new business unit discovered that they are not able to update existing AWS Config rules to meet the co
A. emove the organization’s root SCPs that limit access to AWS Config
B. reate a temporary OU named Onboarding for the new account
C. onvert the organization’s root SCPs from deny list SCPs to allow list SCPs to allow the required services only
D. reate a temporary OU named Onboarding for the new account
View answer
Correct Answer: D
Question #97
A company recently deployed an application on AWS. The application uses Amazon DynamoDB. The company measured the application load and configured the RCUs and WCUs on the DynamoDB table to match the expected peak load. The peak load occurs once a week for a 4-hour period and is double the average load. The application load is close to the average load for the rest of the week. The access pattern includes many more writes to the table than reads of the table.A solutions architect needs to implement a solutio
A. se AWS Application Auto Scaling to increase capacity during the peak period
B. onfigure on-demand capacity mode for the table
C. onfigure DynamoDB Accelerator (DAX) in front of the table
D. onfigure DynamoDB Accelerator (DAX) in front of the table
View answer
Correct Answer: A
Question #98
An online retail company is migrating its legacy on-premises .NET application to AWS. The application runs on load-balanced frontend web servers, load-balanced application servers, and a Microsoft SQL Server database.The company wants to use AWS managed services where possible and does not want to rewrite the application. A solutions architect needs to implement a solution to resolve scaling issues and minimize licensing costs as the application scales.Which solution will meet these requirements MOST cost-e
A. dd an Amazon CloudFront distribution
B. dd an Amazon API Gateway edge-optimized API endpoint to expose the APIs
C. dd an accelerator in AWS Global Accelerator
D. eploy the APIs to two additional AWS Regions: eu-west-1 and ap-southeast-2
View answer
Correct Answer: A
Question #99
A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the application’s dat
A. econfigure the application’s Route 53 record with a latency-based routing policy that load balances traffic between the two ALBs
B. reate an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values
C. onfigure the Auto Scaling group in the backup Region to have the same values as the Auto Scaling group in the primary Region
D. onfigure an endpoint in AWS Global Accelerator with the two ALBs as equal weighted targets
View answer
Correct Answer: B
Question #100
A solutions architect is auditing the security setup or an AWS Lambda function for a company. The Lambda function retrieves, the latest changes from an Amazon Aurora database. The Lambda function and the database run in the same VPC. Lambda environment variables are providing the database credentials to the Lambda function.The Lambda function aggregates data and makes the data available in an Amazon S3 bucket that is configured for server-side encryption with AWS KMS managed encryption keys (SSE-KMS). The d
A. nable IAM database authentication on the Aurora DB cluster
B. nable IAM database authentication on the Aurora DB cluster
C. ave the database credentials in AWS Systems Manager Parameter Store
D. ave the database credentials in AWS Secrets Manager
View answer
Correct Answer: A
Question #101
A company runs an application on a fleet of Amazon EC2 instances that are in private subnets behind an internet-facing Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. An AWS WAF web ACL that contains various AWS managed rules is associated with the CloudFront distribution.The company needs a solution that will prevent internet traffic from directly accessing the ALB.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a new web ACL that contains the same rules that the existing web ACL contains
B. ssociate the existing web ACL with the AL
C. dd a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only
D. dd a security group rule to the ALB to allow only the various CloudFront IP address ranges
View answer
Correct Answer: C
Question #102
A financial services company loaded millions of historical stock trades into an Amazon DynamoDB table. The table uses on-demand capacity mode. Once each day at midnight, a few million new records are loaded into the table. Application read activity against the table happens in bursts throughout the day. and a limited set of keys are repeatedly looked up. The company needs to reduce costs associated with DynamoDB.Which strategy should a solutions architect recommend to meet this requirement?
A. eploy an Amazon ElastiCache cluster in front of the DynamoDB table
B. eploy DynamoDB Accelerator (DAX)
C. se provisioned capacity mode
D. eploy DynamoDB Accelerator (DAX)
View answer
Correct Answer: D
Question #103
A company runs an application on a fleet of Amazon EC2 instances that are in private subnets behind an internet-facing Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. An AWS WAF web ACL that contains various AWS managed rules is associated with the CloudFront distribution.The company needs a solution that will prevent internet traffic from directly accessing the ALB.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a new web ACL that contains the same rules that the existing web ACL contains
B. ssociate the existing web ACL with the AL
C. dd a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only
D. dd a security group rule to the ALB to allow only the various CloudFront IP address ranges
View answer
Correct Answer: C
Question #104
A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an encrypted file in Amazon S3. For the next version of the application, the security engineer wants to implement the following application design changes to improve security:-The database must use strong, randomly generated passwords stored in a secure AWS managed service.-The application resources must be deployed through AWS CloudFormation.-The application must rotate credentials for
A. enerate the database password as a secret resource using AWS Secrets Manager
B. enerate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
C. enerate the database password as a secret resource using AWS Secrets Manager
D. enerate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
View answer
Correct Answer: A
Question #105
A company needs to migrate its customer transactions database from on premises to AWS. The database resides on an Oracle DB instance that runs on a Linux server. According to a new security requirement, the company must rotate the database password each year.Which solution will meet these requirements with the LEAST operational overhead?
A. onvert the database to Amazon DynamoDB by using the AWS Schema Conversion Tool (AWS SCT)
B. igrate the database to Amazon RDS for Oracle
C. igrate the database to an Amazon EC2 instance
D. igrate the database to Amazon Neptune by using the AWS Schema Conversion Tool (AWS SCT)
View answer
Correct Answer: B
Question #106
A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files are uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.example.com through the use of Amazon Route 53.What should a solutions architect do to improve the reliability and scalability o
A. ove the EC2 instance into an Auto Scaling group
B. igrate the SFTP server to AWS Transfer for SFTP
C. igrate the SFTP server to a file gateway in AWS Storage Gateway
D. lace the EC2 instance behind a Network Load Balancer (NLB)
View answer
Correct Answer: B
Question #107
A company is planning a one-time migration of an on-premises MySQL database to Amazon Aurora MySQL in the us-east-1 Region. The company's current internet connection has limited bandwidth. The on-premises MySQL database is 60 TB in size. The company estimates that it will take a month to transfer the data to AWS over the current internet connection. The company needs a migration solution that will migrate the database more quickly.Which solution will migrate the database in the LEAST amount of time?
A. equest a 1 Gbps AWS Direct Connect connection between the on-premises data center and AWS
B. se AWS DataSync with the current internet connection to accelerate the data transfer between the on-premises data center and AWS
C. rder an AWS Snowball Edge device
D. rder an AWS Snowball device
View answer
Correct Answer: C
Question #108
A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances use a variety of tools to perform patching. Management requires a single report showing the patch status of all the servers and instances.Which set of actions should a solutions architect take to meet these requirements?
A. se AWS Systems Manager to manage patches on the on-premises servers and EC2 instances
B. se AWS OpsWorks to manage patches on the on-premises servers and EC2 instances
C. se an Amazon EventBridge rule to apply patches by scheduling an AWS Systems Manager patch remediation job
D. se AWS OpsWorks to manage patches on the on-premises servers and EC2 instances
View answer
Correct Answer: A
Question #109
A company uses a load balancer to distribute traffic to Amazon EC2 instances in a single Availability Zone. The company is concerned about security and wants a solutions architect to re-architect the solution to meet the following requirements:•Inbound requests must be filtered for common vulnerability attacks.•Rejected requests must be sent to a third-party auditing application.•All resources should be highly available.Which solution meets these requirements?
A. onfigure a Multi-AZ Auto Scaling group using the application's AMI
B. onfigure an Application Load Balancer (ALB) and add the EC2 instances as targets
C. onfigure an Application Load Balancer (ALB) along with a target group adding the EC2 instances as targets
D. onfigure a Multi-AZ Auto Scaling group using the application's AMI
View answer
Correct Answer: D
Question #110
A company is creating a sequel for a popular online game. A large number of users from all over the world will play the game within the first week after launch. Currently, the game consists of the following components deployed in a single AWS Region: Amazon S3 bucket that stores game assets Amazon DynamoDB table that stores player scoresA solutions architect needs to design a multi-Region solution that will reduce latency, improve reliability, and require the least effort to implement.What should the soluti
A. se an Amazon Aurora DB cluster as the database for the subscriber data
B. se MongoDB on Amazon EC2 instances as the database for the subscriber data
C. onfigure Amazon DocumentDB (with MongoDB compatibility) with appropriately sized instances in multiple Availability Zones as the database for the subscriber data
D. onfigure Amazon DocumentDB (with MongoDB compatibility) in on-demand capacity mode in multiple Availability Zones as the database for the subscriber data
View answer
Correct Answer: C
Question #111
A company has a new application that needs to run on five Amazon EC2 instances in a single AWS Region. The application requires high-throughput, low-latency network connections between all of the EC2 instances where the application will run. There is no requirement for the application to be fault tolerant.Which solution will meet these requirements?
A. aunch five new EC2 instances into a cluster placement group
B. aunch five new EC2 instances into an Auto Scaling group in the same Availability Zone
C. aunch five new EC2 instances into a partition placement group
D. aunch five new EC2 instances into a spread placement group
View answer
Correct Answer: A
Question #112
A large company is running a popular web application. The application runs on several Amazon EC2 Linux instances in an Auto Scaling group in a private subnet. An Application Load Balancer is targeting the instances in the Auto Scaling group in the private subnet. AWS Systems Manager Session Manager is configured, and AWS Systems Manager Agent is running on all the EC2 instances.The company recently released a new version of the application. Some EC2 instances are now being marked as unhealthy and are being
A. uspend the Auto Scaling group’s HealthCheck scaling process
B. nable EC2 instance termination protection
C. et the termination policy to OldestInstance on the Auto Scaling group
D. uspend the Auto Scaling group’s Terminate process
View answer
Correct Answer: D

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: