DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Conquer the AWS SAA-C03 Exam with Realistic Practice Tests

Preparing for the SPOTO AWS SAA-C03 exam with our comprehensive exam questions and answers offers several advantages for aspiring AWS Certified Solutions Architects - Associate. Our test questions cover key topics across AWS services, focusing on designing cost-effective and optimized solutions in alignment with the AWS Well-Architected Framework. Accessing our exam preparation resources and study materials enhances your understanding and readiness for the exam, ensuring a deep grasp of AWS technologies and best practices. Our mock exams simulate the real exam environment, allowing you to practice under exam conditions and refine your strategies for success. Earning the AWS Certified Solutions Architect - Associate certification through SPOTO not only validates your knowledge and skills but also enhances your professional profile and income potential. It boosts your credibility and confidence when engaging with stakeholders and customers, showcasing your expertise in designing scalable and efficient AWS solutions. Benefit from SPOTO's AWS SAA-C03 exam questions to pass successfully and advance your AWS career.
Take other online exams

Question #1
A company is hosting a static website on Amazon S3 and is using Amazon Route 53 for DNS. The website is experiencing increased demand from around the world. The company must decrease latency for users who access the website.Which solution meets these requirements MOST cost-effectively?
A. eplicate the S3 bucket that contains the website to all AWS Regions
B. rovision accelerators in AWS Global Accelerator
C. dd an Amazon CloudFront distribution in front of the S3 bucket
D. nable S3 Transfer Acceleration on the bucket
View answer
Correct Answer: C
Question #2
A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on-premises network-attached storage (NAS). The solutions architect has proposed migrating the IIS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances.Which replacement to the on-premises file share is MOST resi
A. igrate the file share to Amazon RDS
B. igrate the file share to AWS Storage Gateway
C. igrate the file share to Amazon FSx for Windows File Server
D. igrate the file share to Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: C
Question #3
A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture.What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?
A. se Amazon Redshift to load all the content into one place and run the SQL queries as needed
B. se Amazon CloudWatch Logs to store the logs
C. se Amazon Athena directly with Amazon S3 to run the queries as needed
D. se AWS Glue to catalog the logs
View answer
Correct Answer: C
Question #4
A company uses a legacy application to produce data in CSV format. The legacy application stores the output data in Amazon S3. The company is deploying a new commercial off-the-shelf (COTS) application that can perform complex SQL queries to analyze data that is stored in Amazon Redshift and Amazon S3 only. However, the COTS application cannot process the .csv files that the legacy application produces.The company cannot update the legacy application to produce data in another format. The company needs to i
A. reate an AWS Glue extract, transform, and load (ETL) job that runs on a schedule
B. evelop a Python script that runs on Amazon EC2 instances to convert the
C. reate an AWS Lambda function and an Amazon DynamoDB table
D. se Amazon EventBridge to launch an Amazon EMR cluster on a weekly schedule
View answer
Correct Answer: A
Question #5
A company’s web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.Which solution will meet this requirement with the LEAST operationa
A. nable API caching and throttling on the API Gateway API
B. et up AWS WAF on the API Gateway API
C. pply fine-grained IAM permissions to the premium content in the DynamoDB table
D. mplement API usage plans and API keys to limit the access of users who do not have a subscription
View answer
Correct Answer: D
Question #6
A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second. The company wants to decouple the solution and increase scalability.Which solution meets these requirements?
A. ersist the messages to Amazon Kinesis Data Analytics
B. eploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU metrics
C. rite the messages to Amazon Kinesis Data Streams with a single shard
D. ublish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SOS) subscriptions
View answer
Correct Answer: A
Question #7
A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company’s content on their mobile devices.What should a solutions architect recommend to meet these requirements?
A. ublish content to a public Amazon S3 bucket
B. et up IPsec VPN between the mobile app and the AWS environment to stream content
C. se Amazon CloudFront
D. et up AWS Client VPN between the mobile app and the AWS environment to stream content
View answer
Correct Answer: C
Question #8
A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.Which solution meets these requirements?
A. nable Amazon GuardDuty on the account
B. nable Amazon Inspector on the EC2 instances
C. nable AWS Shield and assign Amazon Route 53 to it
D. nable AWS Shield Advanced and assign the ELB to it
View answer
Correct Answer: D
Question #9
A security audit reveals that Amazon EC2 instances are not being patched regularly. A solutions architect needs to provide a solution that will run regular security scans across a large fleet of EC2 instances. The solution should also patch the EC2 instances on a regular schedule and provide a report of each instance’s patch status.Which solution will meet these requirements?
A. et up Amazon Macie to scan the EC2 instances for software vulnerabilities
B. urn on Amazon GuardDuty in the account
C. et up Amazon Detective to scan the EC2 instances for software vulnerabilities
D. urn on Amazon Inspector in the account
View answer
Correct Answer: D
Question #10
A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company’s security policy requires that all website traffic be inspected by AWS WAF.How should the solutions architect comply with these requirements?
A. onfigure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only
B. onfigure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin
C. onfigure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only
D. onfigure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket
View answer
Correct Answer: D
Question #11
A company serves a dynamic website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The website needs to support multiple languages to serve customers around the world. The website’s architecture is running in the us-west-1 Region and is exhibiting high request latency for users that are located in other parts of the world.The website needs to serve requests quickly and efficiently regardless of a user’s location. However, the company does not want to recreate the existing arc
A. eplace the existing architecture with a website that is served from an Amazon S3 bucket
B. onfigure an Amazon CloudFront distribution with the ALB as the origin
C. reate an Amazon API Gateway API that is integrated with the ALB
D. aunch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region
View answer
Correct Answer: B
Question #12
A company runs a web application that is deployed on Amazon EC2 instances in the private subnet of a VPC. An Application Load Balancer (ALB) that extends across the public subnets directs web traffic to the EC2 instances. The company wants to implement new security measures to restrict inbound traffic from the ALB to the EC2 instances while preventing access from any other source inside or outside the private subnet of the EC2 instances.Which solution will meet these requirements?
A. onfigure a route in a route table to direct traffic from the internet to the private IP addresses of the EC2 instances
B. onfigure the security group for the EC2 instances to only allow traffic that comes from the security group for the AL
C. ove the EC2 instances into the public subnet
D. onfigure the security group for the ALB to allow any TCP traffic on any port
View answer
Correct Answer: B
Question #13
A company has a data ingestion workflow that consists of the following:• An Amazon Simple Notification Service (Amazon SNS) topic for notifications about new data deliveries• An AWS Lambda function to process the data and record metadataThe company observes that the ingestion workflow fails occasionally because of network connectivity issues. When such a failure occurs, the Lambda function does not ingest the corresponding data unless the company manually reruns the job.Which combination of actions should a
A. se an Amazon S3 bucket as a secure transfer point
B. se an Amazon S3 bucket as a secure transfer point
C. mplement custom scanning algorithms in an AWS Lambda function
D. mplement custom scanning algorithms in an AWS Lambda function
View answer
Correct Answer: BE
Question #14
A company has a small Python application that processes JSON documents and outputs the results to an on-premises SQL database. The application runs thousands of times each day. The company wants to move the application to the AWS Cloud. The company needs a highly available solution that maximizes scalability and minimizes operational overhead.Which solution will meet these requirements?
A. lace the JSON documents in an Amazon S3 bucket
B. lace the JSON documents in an Amazon S3 bucket
C. lace the JSON documents in an Amazon Elastic Block Store (Amazon EBS) volume
D. lace the JSON documents in an Amazon Simple Queue Service (Amazon SQS) queue as messages
View answer
Correct Answer: B
Question #15
A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS. The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.Which additional configuration strategy should the solutions architect use t
A. reate a security group for the web servers and allow port 443 from 0
B. reate a network ACL for the web servers and allow port 443 from 0
C. reate a security group for the web servers and allow port 443 from the load balancer
D. reate a network ACL for the web servers and allow port 443 from the load balancer
View answer
Correct Answer: C
Question #16
A company has a serverless website with millions of objects in an Amazon S3 bucket. The company uses the S3 bucket as the origin for an Amazon CloudFront distribution. The company did not set encryption on the S3 bucket before the objects were loaded. A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future.Which solution will meet these requirements with the LEAST amount of effort?
A. reate a new S3 bucket
B. urn on the default encryption settings for the S3 bucket
C. reate a new encryption key by using AWS Key Management Service (AWS KMS)
D. avigate to Amazon S3 in the AWS Management Console
View answer
Correct Answer: B
Question #17
A company has deployed a database in Amazon RDS for MySQL. Due to increased transactions, the database support team is reporting slow reads against the DB instance and recommends adding a read replica.Which combination of actions should a solutions architect take before implementing this change? (Choose two.)
A. reate a copy of the instance
B. reate an S3 VPC endpoint for Amazon S3
C. top the EC2 instances
D. oute incoming requests to Amazon Simple Queue Service (Amazon SQS)
View answer
Correct Answer: CE
Question #18
A company is storing petabytes of data in Amazon S3 Standard. The data is stored in multiple S3 buckets and is accessed with varying frequency. The company does not know access patterns for all the data. The company needs to implement a solution for each S3 bucket to optimize the cost of S3 usage.Which solution will meet these requirements with the MOST operational efficiency?
A. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Intelligent-Tiering
B. se the S3 storage class analysis tool to determine the correct tier for each object in the S3 bucket
C. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Glacier Instant Retrieval
D. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 One Zone-Infrequent Access (S3 One Zone-IA)
View answer
Correct Answer: A
Question #19
A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest. What should a solutions architect do to meet this requirement?
A. reate a key in AWS Key Management Service (AWS KMS)
B. reate an encryption key
C. enerate a certificate in AWS Certificate Manager (ACM)
D. enerate a certificate in AWS Identity and Access Management (IAM)
View answer
Correct Answer: A
Question #20
A company needs to keep user transaction data in an Amazon DynamoDB table. The company must retain the data for 7 years.What is the MOST operationally efficient solution that meets these requirements?
A. se DynamoDB point-in-time recovery to back up the table continuously
B. se AWS Backup to create backup schedules and retention policies for the table
C. reate an on-demand backup of the table by using the DynamoDB console
D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to invoke an AWS Lambda function
View answer
Correct Answer: B
Question #21
A company has a Microsoft .NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.Which combination of actions should the company take to meet these requirements? (Choose two.)
A. se Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes for compute and MongoDB on EC2 for data storage
B. se Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute and Amazon DynamoDB for data storage
C. se Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes for compute and Amazon DynamoDB for data storage
D. se Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute and Amazon DocumentDB (with MongoDB compatibility) for data storage
View answer
Correct Answer: BE
Question #22
A company hosts a multiplayer gaming application on AWS. The company wants the application to read data with sub-millisecond latency and run one-time queries on historical data.Which solution will meet these requirements with the LEAST operational overhead?
A. se Amazon RDS for data that is frequently accessed
B. tore the data directly in an Amazon S3 bucket
C. se Amazon DynamoDB with DynamoDB Accelerator (DAX) for data that is frequently accessed
D. se Amazon DynamoDB for data that is frequently accessed
View answer
Correct Answer: C
Question #23
A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after the files are created. After 7 days the files are rarely accessed.The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle man
A. se AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS
B. reate an Amazon S3 File Gateway to extend the company's storage space
C. reate an Amazon FSx for Windows File Server file system to extend the company's storage space
D. nstall a utility on each user's computer to access Amazon S3
View answer
Correct Answer: B
Question #24
A hospital needs to store patient records in an Amazon S3 bucket. The hospital’s compliance team must ensure that all protected health information (PHI) is encrypted in transit and at rest. The compliance team must administer the encryption key for data at rest.Which solution will meet these requirements?
A. dd an X-API-Key header in the HTTP header for authorization
B. se an interface endpoint
C. se a gateway endpoint
D. dd an Amazon Simple Queue Service (Amazon SQS) queue between the two REST APIs
View answer
Correct Answer: C
Question #25
A company collects data from thousands of remote devices by using a RESTful web services application that runs on an Amazon EC2 instance. The EC2 instance receives the raw data, transforms the raw data, and stores all the data in an Amazon S3 bucket. The number of remote devices will increase into the millions soon. The company needs a highly scalable solution that minimizes operational overhead.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. onfigure the organization’s centralized CloudTrail trail to expire objects after 3 years
B. onfigure the S3 Lifecycle policy to delete previous versions as well as current versions
C. reate an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years
D. onfigure the parent account as the owner of all objects that are delivered to the S3 bucket
View answer
Correct Answer: AE
Question #26
A company recently deployed a new auditing system to centralize information about operating system versions, patching, and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated.Which solution achieves these goals MOST efficiently?
A. se a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system
B. se EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated
C. se an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated
D. un a custom script on the instance operating system to send data to the audit system
View answer
Correct Answer: B
Question #27
A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.The application has increased in popularity, and millions of users worldwide accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.Which solution meets these requirements MOST cost-effectively?
A. eploy an AWS Global Accelerator accelerator in front of the web servers
B. eploy an Amazon CloudFront web distribution in front of the S3 bucket
C. eploy an Amazon ElastiCache for Redis instance in front of the web servers
D. eploy an Amazon ElastiCache for Memcached instance in front of the web servers
View answer
Correct Answer: B
Question #28
A company runs a web application that is backed by Amazon RDS. A new database administrator caused data loss by accidentally editing information in a database table. To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.Which feature should the solutions architect include in the design to meet this requirement?
A. ead replicas
B. anual snapshots
C. utomated backups
D. ulti-AZ deployments
View answer
Correct Answer: C
Question #29
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.Which solution will provide private network connectivity to Amazon S3?
A. reate a gateway VPC endpoint to the S3 bucket
B. tream the logs to Amazon CloudWatch Logs
C. reate an instance profile on Amazon EC2 to allow S3 access
D. reate an Amazon API Gateway API with a private link to access the S3 endpoint
View answer
Correct Answer: A
Question #30
A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.How should the scaling be changed to address the staff complai
A. mplement a scheduled action that sets the desired capacity to 20 shortly before the office opens
B. mplement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period
C. mplement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period
D. mplement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens
View answer
Correct Answer: A
Question #31
A company wants to experiment with individual AWS accounts for its engineer team. The company wants to be notified as soon as the Amazon EC2 instance usage for a given month exceeds a specific threshold for each account.What should a solutions architect do to meet this requirement MOST cost-effectively?
A. se Cost Explorer to create a daily report of costs by service
B. se Cost Explorer to create a monthly report of costs by service
C. se AWS Budgets to create a cost budget for each account
D. se AWS Cost and Usage Reports to create a report with hourly granularity
View answer
Correct Answer: C
Question #32
A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.Which design should the solutions architect use?
A. reate an Amazon SNS topic to send the jobs that need to be processed
B. reate an Amazon SQS queue to hold the jobs that need to be processed
C. reate an Amazon SQS queue to hold the jobs that need to be processed
D. reate an Amazon SNS topic to send the jobs that need to be processed
View answer
Correct Answer: C
Question #33
A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company must ensure that no API calls and no data are routed through public internet routes. Only the EC2 instance can have access to upload data to the S3 bucket.Which solution will meet these requirements?
A. reate an interface VPC endpoint for Amazon S3 in the subnet where the EC2 instance is located
B. reate a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located
C. un the nslookup tool from inside the EC2 instance to obtain the private IP address of the S3 bucket’s service API endpoint
D. se the AWS provided, publicly available ip-ranges
View answer
Correct Answer: B
Question #34
A company runs a container application on a Kubernetes cluster in the company's data center The application uses Advanced Message Queuing Protocol (AMQP) to communicate with a message queue The data center cannot scale fast enough to meet the company's expanding business needs The company wants to migrate the workloads to AWSWhich solution will meet these requirements with the LEAST operational overhead? \
A. igrate the container application to Amazon Elastic Container Service (Amazon ECS) Use Amazon Simple Queue Service (Amazon SQS) to retrieve the messages
B. igrate the container application to Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon MQ to retrieve the messages
C. se highly available Amazon EC2 instances to run the application Use Amazon MQ to retrieve the messages
D. se AWS Lambda functions to run the application Use Amazon Simple Queue Service (Amazon SQS) to retrieve the messages
View answer
Correct Answer: B
Question #35
A company has hired a solutions architect to design a reliable architecture for its application. The application consists of one Amazon RDS DB instance and two manually provisioned Amazon EC2 instances that run web servers. The EC2 instances are located in a single Availability Zone.An employee recently deleted the DB instance, and the application was unavailable for 24 hours as a result. The company is concerned with the overall reliability of its environment.What should the solutions architect do to maxim
A. elete one EC2 instance and enable termination protection on the other EC2 instance
B. pdate the DB instance to be Multi-AZ, and enable deletion protection
C. reate an additional DB instance along with an Amazon API Gateway and an AWS Lambda function
D. lace the EC2 instances in an EC2 Auto Scaling group that has multiple subnets located in multiple Availability Zones
View answer
Correct Answer: B
Question #36
A company’s order system sends requests from clients to Amazon EC2 instances. The EC2 instances process the orders and then store the orders in a database on Amazon RDS. Users report that they must reprocess orders when the system fails. The company wants a resilient solution that can process orders automatically if a system outage occurs.What should a solutions architect do to meet these requirements?
A. ove the EC2 instances into an Auto Scaling group
B. ove the EC2 instances into an Auto Scaling group behind an Application Load Balancer (ALB)
C. ove the EC2 instances into an Auto Scaling group
D. reate an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: C
Question #37
A company needs a backup strategy for its three-tier stateless web application. The web application runs on Amazon EC2 instances in an Auto Scaling group with a dynamic scaling policy that is configured to respond to scaling events. The database tier runs on Amazon RDS for PostgreSQL. The web application does not require temporary local storage on the EC2 instances. The company’s recovery point objective (RPO) is 2 hours.The backup strategy must maximize scalability and optimize resource utilization for thi
A. onfigure the security group for the web servers to allow inbound traffic on port 443 from 0
B. onfigure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers
C. onfigure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers
D. onfigure the security group for the web servers to allow inbound traffic on port 443 from 0
View answer
Correct Answer: C
Question #38
A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded. The company does not want this new service to affect the performance of the current application.What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?
A. se DynamoDB transactions to write new event data to the table
B. ave the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics
C. nable Amazon DynamoDB Streams on the table
D. dd a custom attribute to each record to flag new items
View answer
Correct Answer: C
Question #39
A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent. Otherwise, the payments might be processed incorrectly.Which actions should a solutions architect take to meet this requirement? (Choose two.)
A. mazon EventBridge event bus
B. mazon Simple Notification Service (Amazon SNS) FIFO topics
C. mazon Simple Notification Service (Amazon SNS) standard topics
D. mazon Simple Queue Service (Amazon SQS) FIFO queues
View answer
Correct Answer: AE
Question #40
A company runs workloads on AWS. The company needs to connect to a service from an external provider. The service is hosted in the provider's VPC. According to the company’s security team, the connectivity must be private and must be restricted to the target service. The connection must be initiated only from the company’s VPC.Which solution will meet these requirements?
A. reate a VPC peering connection between the company's VPC and the provider's VPC
B. sk the provider to create a virtual private gateway in its VPC
C. reate a NAT gateway in a public subnet of the company’s VP Update the route table to connect to the target service
D. sk the provider to create a VPC endpoint for the target service
View answer
Correct Answer: D
Question #41
A company runs a public three-tier web application in a VPC. The application runs on Amazon EC2 instances across multiple Availability Zones. The EC2 instances that run in private subnets need to communicate with a license server over the internet. The company needs a managed solution that minimizes operational maintenance.Which solution meets these requirements?
A. rovision a NAT instance in a public subnet
B. rovision a NAT instance in a private subnet
C. rovision a NAT gateway in a public subnet
D. rovision a NAT gateway in a private subnet
View answer
Correct Answer: C
Question #42
A company has a static website that is hosted on Amazon CloudFront in front of Amazon S3. The static website uses a database backend. The company notices that the website does not reflect updates that have been made in the website’s Git repository. The company checks the continuous integration and continuous delivery (CI/CD) pipeline between the Git repository and Amazon S3. The company verifies that the webhooks are configured properly and that the CI/CD pipeline is sending messages that indicate successfu
A. dd an Application Load Balancer
B. dd Amazon ElastiCache for Redis or Memcached to the database layer of the web application
C. nvalidate the CloudFront cache
D. se AWS Certificate Manager (ACM) to validate the website’s SSL certificate
View answer
Correct Answer: C
Question #43
A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)
A. dd an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances
B. dd a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier
C. eploy the web tier's EC2 instances and the database tier’s RDS instance into two separate VPCs, and configure VPC peering
D. dd an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group
View answer
Correct Answer: DE
Question #44
A media company collects and analyzes user activity data on premises. The company wants to migrate this capability to AWS. The user activity data store will continue to grow and will be petabytes in size. The company needs to build a highly available data ingestion solution that facilitates on-demand analytics of existing data and new data with SQL.Which solution will meet these requirements with the LEAST operational overhead?
A. end activity data to an Amazon Kinesis data stream
B. end activity data to an Amazon Kinesis Data Firehose delivery stream
C. lace activity data in an Amazon S3 bucket
D. reate an ingestion service on Amazon EC2 instances that are spread across multiple Availability Zones
View answer
Correct Answer: B
Question #45
A company uses a legacy application to produce data in CSV format. The legacy application stores the output data in Amazon S3. The company is deploying a new commercial off-the-shelf (COTS) application that can perform complex SQL queries to analyze data that is stored in Amazon Redshift and Amazon S3 only. However, the COTS application cannot process the .csv files that the legacy application produces.The company cannot update the legacy application to produce data in another format. The company needs to i
A. reate an AWS Glue extract, transform, and load (ETL) job that runs on a schedule
B. evelop a Python script that runs on Amazon EC2 instances to convert the
C. reate an AWS Lambda function and an Amazon DynamoDB table
D. se Amazon EventBridge to launch an Amazon EMR cluster on a weekly schedule
View answer
Correct Answer: A
Question #46
A company needs a backup strategy for its three-tier stateless web application. The web application runs on Amazon EC2 instances in an Auto Scaling group with a dynamic scaling policy that is configured to respond to scaling events. The database tier runs on Amazon RDS for PostgreSQL. The web application does not require temporary local storage on the EC2 instances. The company’s recovery point objective (RPO) is 2 hours.The backup strategy must maximize scalability and optimize resource utilization for thi
A. onfigure the security group for the web servers to allow inbound traffic on port 443 from 0
B. onfigure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers
C. onfigure the security group for the web servers to allow inbound traffic on port 443 from the IP addresses of the customers
D. onfigure the security group for the web servers to allow inbound traffic on port 443 from 0
View answer
Correct Answer: C
Question #47
A company is developing a microservices application that will provide a search catalog for customers. The company must use REST APIs to present the frontend of the application to users. The REST APIs must access the backend services that the company hosts in containers in private VPC subnets.Which solution will meet these requirements?
A. esign a WebSocket API by using Amazon API Gateway
B. esign a REST API by using Amazon API Gateway
C. esign a WebSocket API by using Amazon API Gateway
D. esign a REST API by using Amazon API Gateway
View answer
Correct Answer: B
Question #48
A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3.What should a solutions architect do to grant the permissions?
A. dd required IAM permissions in the resource policy of the Lambda function
B. reate a signed request using the existing IAM credentials in the Lambda function
C. reate a new IAM user and use the existing IAM credentials in the Lambda function
D. reate an IAM execution role with the required permissions and attach the IAM role to the Lambda function
View answer
Correct Answer: D
Question #49
A company runs its two-tier ecommerce website on AWS. The web tier consists of a load balancer that sends traffic to Amazon EC2 instances. The database tier uses an Amazon RDS DB instance. The EC2 instances and the RDS DB instance should not be exposed to the public internet. The EC2 instances require internet access to complete payment processing of orders through a third-party web service. The application must be highly available.Which combination of configuration options will meet these requirements? (Ch
A. et up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive immediately
B. et up an S3 Lifecycle policy to transition objects to S3 Glacier Deep Archive after 2 years
C. se S3 Intelligent-Tiering
D. et up an S3 Lifecycle policy to transition objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately and to S3 Glacier Deep Archive after 2 years
View answer
Correct Answer: CE
Question #50
A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access.Which solution will meet these requirements?
A. reate an analysis in Amazon QuickSight
B. reate an analysis in Amazon QuickSight
C. reate an AWS Glue table and crawler for the data in Amazon S3
D. reate an AWS Glue table and crawler for the data in Amazon S3
View answer
Correct Answer: B
Question #51
A solutions architect is designing a multi-tier application for a company. The application's users upload images from a mobile device. The application generates a thumbnail of each image and returns a message to the user to confirm that the image was uploaded successfully.The thumbnail generation can take up to 60 seconds, but the company wants to provide a faster response time to its users to notify them that the original image was received. The solutions architect must design the application to asynchrono
A. rite a custom AWS Lambda function to generate the thumbnail and alert the user
B. reate an AWS Step Functions workflow
C. reate an Amazon Simple Queue Service (Amazon SQS) message queue
D. reate Amazon Simple Notification Service (Amazon SNS) notification topics and subscriptions
View answer
Correct Answer: C
Question #52
A solutions architect is developing a VPC architecture that includes multiple subnets. The architecture will host applications that use Amazon EC2 instances and Amazon RDS DB instances. The architecture consists of six subnets in two Availability Zones. Each Availability Zone includes a public subnet, a private subnet, and a dedicated subnet for databases. Only EC2 instances that run in the private subnets can have access to the RDS databases.Which solution will meet these requirements?
A. reate a new route table that excludes the route to the public subnets' CIDR blocks
B. reate a security group that denies inbound traffic from the security group that is assigned to instances in the public subnets
C. reate a security group that allows inbound traffic from the security group that is assigned to instances in the private subnets
D. reate a new peering connection between the public subnets and the private subnets
View answer
Correct Answer: C
Question #53
A company has an Amazon S3 data lake that is governed by AWS Lake Formation. The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database. The company wants to enforce column-level authorization so that the company’s marketing team can access only a subset of columns in the database.Which solution will meet these requirements with the LEAST operational overhead?
A. se Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine
B. se AWS Glue Studio to ingest the data from the database to the S3 data lake
C. se AWS Glue Elastic Views to create a materialized view for the database in Amazon S3
D. se a Lake Formation blueprint to ingest the data from the database to the S3 data lake
View answer
Correct Answer: D
Question #54
A company uses AWS Organizations to create dedicated AWS accounts for each business unit to manage each business unit's account independently upon request. The root email recipient missed a notification that was sent to the root user email address of one account. The company wants to ensure that all future notifications are not missed. Future notifications must be limited to account administrators.Which solution will meet these requirements?
A. onfigure the company’s email server to forward notification email messages that are sent to the AWS account root user email address to all users in the organization
B. onfigure all AWS account root user email addresses as distribution lists that go to a few administrators who can respond to alerts
C. onfigure all AWS account root user email messages to be sent to one administrator who is responsible for monitoring alerts and forwarding those alerts to the appropriate groups
D. onfigure all existing AWS accounts and all newly created accounts to use the same root user email address
View answer
Correct Answer: B
Question #55
A company plans to use Amazon ElastiCache for its multi-tier web application. A solutions architect creates a Cache VPC for the ElastiCache cluster and an App VPC for the application’s Amazon EC2 instances. Both VPCs are in the us-east-1 Region.The solutions architect must implement a solution to provide the application’s EC2 instances with access to the ElastiCache cluster.Which solution will meet these requirements MOST cost-effectively?
A. reate a Route 53 simple routing policy record for each EC2 instance
B. reate a Route 53 failover routing policy record for each EC2 instance
C. reate an Amazon CloudFront distribution with EC2 instances as its origin
D. reate an Application Load Balancer (ALB) with a health check in front of the EC2 instances
View answer
Correct Answer: A
Question #56
A company hosts multiple production applications. One of the applications consists of resources from Amazon EC2, AWS Lambda, Amazon RDS, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) across multiple AWS Regions. All company resources are tagged with a tag name of “application” and a value that corresponds to each application. A solutions architect must provide the quickest solution for identifying all of the tagged components.Which solution meets these require
A. se AWS CloudTrail to generate a list of resources with the application tag
B. se the AWS CLI to query each service across all Regions to report the tagged components
C. un a query in Amazon CloudWatch Logs Insights to report on the components with the application tag
D. un a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag
View answer
Correct Answer: D
Question #57
A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.Which design should a solutions architect recommend?
A. reate an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume
B. reate an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume
C. ubscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics
D. ubscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues
View answer
Correct Answer: C
Question #58
A company provides an API to its users that automates inquiries for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.What should the solutions architect do to accomplish this?
A. rovide an API hosted on an Amazon EC2 instance
B. esign a REST API using Amazon API Gateway that accepts the item names
C. reate an Application Load Balancer that has two Amazon EC2 instances behind it
D. esign a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance
View answer
Correct Answer: B
Question #59
A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. The company must not make any changes to the application.What should a solutions architect do to meet these requirements?
A. reate an Amazon S3 Standard bucket with access to the web servers
B. onfigure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin
C. reate an Amazon Elastic File System (Amazon EFS) file system
D. onfigure a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume
View answer
Correct Answer: C
Question #60
A company is migrating an application from on-premises servers to Amazon EC2 instances. As part of the migration design requirements, a solutions architect must implement infrastructure metric alarms. The company does not need to take action if CPU utilization increases to more than 50% for a short burst of time. However, if the CPU utilization increases to more than 50% and read IOPS on the disk are high at the same time, the company needs to act as soon as possible. The solutions architect also must reduc
A. reate Amazon CloudWatch composite alarms where possible
B. reate Amazon CloudWatch dashboards to visualize the metrics and react to issues quickly
C. reate Amazon CloudWatch Synthetics canaries to monitor the application and raise an alarm
D. reate single Amazon CloudWatch metric alarms with multiple metric thresholds where possible
View answer
Correct Answer: A
Question #61
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents.The company decides to host its website on AWS and to use Amazon CloudFront. The company’s solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the
A. reate a virtual server by using Amazon Lightsail
B. reate an AWS Auto Scaling group for Amazon EC2 instances
C. reate a private Amazon S3 bucket
D. reate a public Amazon S3 bucket
View answer
Correct Answer: C
Question #62
A research laboratory needs to process approximately 8 TB of data. The laboratory requires sub-millisecond latencies and a minimum throughput of 6 GBps for the storage subsystem. Hundreds of Amazon EC2 instances that run Amazon Linux will distribute and process the data.Which solution will meet the performance requirements?
A. reate an Amazon FSx for NetApp ONTAP file system
B. reate an Amazon S3 bucket to store the raw data
C. reate an Amazon S3 bucket to store the raw data
D. reate an Amazon FSx for NetApp ONTAP file system
View answer
Correct Answer: B
Question #63
A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL DB instance in the database subnet must be accessible only to the web servers on port 3306.Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
A. onfigure an Amazon Route 53 failover routing policy
B. se AWS Global Accelerator
C. se AWS Global Accelerator
D. onfigure an Amazon Route 53 failover routing policy
View answer
Correct Answer: CD
Question #64
A company is using a SQL database to store movie data that is publicly accessible. The database runs on an Amazon RDS Single-AZ DB instance. A script runs queries at random intervals each day to record the number of new movies that have been added to the database. The script must report a final total during business hours.The company's development team notices that the database performance is inadequate for development tasks when the script is running. A solutions architect must recommend a solution to reso
A. odify the DB instance to be a Multi-AZ deployment
B. reate a read replica of the database
C. nstruct the development team to manually export the entries in the database at the end of each day
D. se Amazon ElastiCache to cache the common queries that the script runs against the database
View answer
Correct Answer: B
Question #65
A company has one million users that use its mobile app. The company must analyze the data usage in near-real time. The company also must encrypt the data in near-real time and must store the data in a centralized location in Apache Parquet format for further processing.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an Amazon Kinesis data stream to store the data in Amazon S3
B. reate an Amazon Kinesis data stream to store the data in Amazon S3
C. reate an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3
D. reate an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3
View answer
Correct Answer: D
Question #66
A company has deployed a serverless application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket. The application uses the Lambda function to process the documents. After a recent marketing campaign, the company noticed that the application did not process many of the documents.What should a solutions architect do to improve the architecture of this application?
A. et the Lambda function's runtime timeout value to 15 minutes
B. onfigure an S3 bucket replication policy
C. eploy an additional Lambda function
D. reate an Amazon Simple Queue Service (Amazon SQS) queue
View answer
Correct Answer: D
Question #67
A company is developing an application to support customer demands. The company wants to deploy the application on multiple Amazon EC2 Nitro-based instances within the same Availability Zone. The company also wants to give the application the ability to write to multiple block storage volumes in multiple EC2 Nitro-based instances simultaneously to achieve higher application availability.Which solution will meet these requirements?
A. se General Purpose SSD (gp3) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
B. se Throughput Optimized HDD (st1) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
C. se Provisioned IOPS SSD (io2) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
D. se General Purpose SSD (gp2) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
View answer
Correct Answer: C
Question #68
A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway. The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities.What should a solutions architect do to route traffic to multiple Regions?
A. reate Amazon Route 53 health checks for each Region
B. reate an Amazon CloudFront distribution with an origin for each Region
C. reate a transit gateway
D. reate an Application Load Balancer in the primary Region
View answer
Correct Answer: A
Question #69
A company wants to share accounting data with an external auditor. The data is stored in an Amazon RDS DB instance that resides in a private subnet. The auditor has its own AWS account and requires its own copy of the database.What is the MOST secure way for the company to share the database with the auditor?
A. reate a read replica of the database
B. xport the database contents to text files
C. opy a snapshot of the database to an Amazon S3 bucket
D. reate an encrypted snapshot of the database
View answer
Correct Answer: D
Question #70
A solutions architect needs to allow team members to access Amazon S3 buckets in two different AWS accounts: a development account and a production account. The team currently has access to S3 buckets in the development account by using unique IAM users that are assigned to an IAM group that has appropriate permissions in the account.The solutions architect has created an IAM role in the production account. The role has a policy that grants access to an S3 bucket in the production account.Which solution wil
A. ttach the Administrator Access policy to the development account users
B. dd the development account as a principal in the trust policy of the role in the production account
C. urn off the S3 Block Public Access feature on the S3 bucket in the production account
D. reate a user in the production account with unique credentials for each team member
View answer
Correct Answer: B
Question #71
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.Which solution will meet these requirements with the L
A. reate an Auto Scaling group so that EC2 instances can scale out
B. reate an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket
C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output data
D. reate a Docker container to use instead of an EC2 instance
View answer
Correct Answer: B
Question #72
A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the ‘same every night and the batch jobs always start at 1 AM. The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.What should the solutions architect do to meet these require
A. ncrease the minimum capacity for the Auto Scaling group
B. ncrease the maximum capacity for the Auto Scaling group
C. onfigure scheduled scaling to scale up to the desired compute level
D. hange the scaling policy to add more EC2 instances during each scaling operation
View answer
Correct Answer: C
Question #73
A company needs to store data in Amazon S3 and must prevent the data from being changed. The company wants new objects that are uploaded to Amazon S3 to remain unchangeable for a nonspecific amount of time until the company decides to modify the objects. Only specific users in the company's AWS account can have the ability to delete the objects.What should a solutions architect do to meet these requirements?
A. reate an S3 Glacier vault
B. reate an S3 bucket with S3 Object Lock enabled
C. reate an S3 bucket
D. reate an S3 bucket with S3 Object Lock enabled
View answer
Correct Answer: D
Question #74
A company has an application that places hundreds of .csv files into an Amazon S3 bucket every hour. The files are 1 GB in size. Each time a file is uploaded, the company needs to convert the file to Apache Parquet format and place the output file into an S3 bucket.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an AWS Lambda function to download the
B. reate an Apache Spark job to read the
C. reate an AWS Glue table and an AWS Glue crawler for the S3 bucket where the application places the
D. reate an AWS Glue extract, transform, and load (ETL) job to convert the
View answer
Correct Answer: D
Question #75
A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.A solutions architect needs to integrate the web application with the appliance to inspect all traffic to t
A. ake EBS snapshots of the production EBS volumes
B. onfigure the production EBS volumes to use the EBS Multi-Attach feature
C. ake EBS snapshots of the production EBS volumes
D. ake EBS snapshots of the production EBS volumes
View answer
Correct Answer: D
Question #76
A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company can scale the application to meet increased demand is to increase the size of the instances.The company’s developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).What should a solutions architec
A. reate an Amazon Simple Queue Service (Amazon SQS) queue
B. reate an Amazon Simple Notification Service (Amazon SNS) topic
C. reate an AWS Lambda function to pass messages
D. reate an Amazon DynamoDB table
View answer
Correct Answer: A
Question #77
A company runs an Oracle database on premises. As part of the company’s migration to AWS, the company wants to upgrade the database to the most recent available version. The company also wants to set up disaster recovery (DR) for the database. The company needs to minimize the operational overhead for normal operations and DR setup. The company also needs to maintain access to the database's underlying operating system.Which solution will meet these requirements?
A. igrate the Oracle database to an Amazon EC2 instance
B. igrate the Oracle database to Amazon RDS for Oracle
C. igrate the Oracle database to Amazon RDS Custom for Oracle
D. igrate the Oracle database to Amazon RDS for Oracle
View answer
Correct Answer: D
Question #78
A company is running a popular social media website. The website gives users the ability to upload images to share with other users. The company wants to make sure that the images do not contain inappropriate content. The company needs a solution that minimizes development effort.What should a solutions architect do to meet these requirements?
A. se Amazon Comprehend to detect inappropriate content
B. se Amazon Rekognition to detect inappropriate content
C. se Amazon SageMaker to detect inappropriate content
D. se AWS Fargate to deploy a custom machine learning model to detect inappropriate content
View answer
Correct Answer: B
Question #79
A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.What should the solutions architect recommend?
A. aunch an Amazon EC2 instance in us-east-1 and migrate the site to it
B. ove the website to Amazon S3
C. se Amazon CloudFront with a custom origin pointing to the on-premises servers
D. se an Amazon Route 53 geoproximity routing policy pointing to on-premises servers
View answer
Correct Answer: C
Question #80
A company is developing a mobile gaming app in a single AWS Region. The app runs on multiple Amazon EC2 instances in an Auto Scaling group. The company stores the app data in Amazon DynamoDB. The app communicates by using TCP traffic and UDP traffic between the users and the servers. The application will be used globally. The company wants to ensure the lowest possible latency for all users.Which solution will meet these requirements?
A. se AWS Global Accelerator to create an accelerator
B. se AWS Global Accelerator to create an accelerator
C. reate an Amazon CloudFront content delivery network (CDN) endpoint
D. reate an Amazon CloudFront content delivery network (CDN) endpoint
View answer
Correct Answer: B
Question #81
A company hosts a website analytics application on a single Amazon EC2 On-Demand Instance. The analytics software is written in PHP and uses a MySQL database. The analytics software, the web server that provides PHP, and the database server are all hosted on the EC2 instance. The application is showing signs of performance degradation during busy times and is presenting 5xx errors. The company needs to make the application scale seamlessly.Which solution will meet these requirements MOST cost-effectively?
A. igrate the database to an Amazon RDS for MySQL DB instance
B. igrate the database to an Amazon RDS for MySQL DB instance
C. igrate the database to an Amazon Aurora MySQL DB instance
D. igrate the database to an Amazon Aurora MySQL DB instance
View answer
Correct Answer: D
Question #82
A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity.Which architecture offers the HIGHEST availability?
A. se AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scaling
B. se two Amazon EC2 instances to host the containerized web application
C. se AWS Lambda with a new code that uses one of the supported languages
D. se a high performance computing (HPC) solution such as AWS ParallelCluster to establish an HPC cluster that can process the incoming requests at the appropriate scale
View answer
Correct Answer: D
Question #83
A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company’s HPC workloads run on Linux. Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is short-lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long-term future use.The company seeks a cloud storage solution that permits the copying of on-premises data to long-term persistent storage to make data available for process
A. mazon FSx for Lustre integrated with Amazon S3
B. mazon FSx for Windows File Server integrated with Amazon S3
C. mazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)
D. mazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume
View answer
Correct Answer: A
Question #84
A company uses AWS Organizations with all features enabled and runs multiple Amazon EC2 workloads in the ap-southeast-2 Region. The company has a service control policy (SCP) that prevents any resources from being created in any other Region. A security policy requires the company to encrypt all data at rest.An audit discovers that employees have created Amazon Elastic Block Store (Amazon EBS) volumes for EC2 instances without encrypting the volumes. The company wants any new EC2 instances that any IAM user
A. se an Amazon RDS Multi-AZ DB instance deployment
B. se an Amazon RDS Multi-AZ DB duster deployment Create two read replicas and point the read workload to the read replicas
C. se an Amazon RDS Multi-AZ DB instance deployment
D. se an Amazon RDS Multi-AZ DB cluster deployment Point the read workload to the reader endpoint
View answer
Correct Answer: CE
Question #85
A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second. The company wants to decouple the solution and increase scalability.Which solution meets these requirements?
A. ersist the messages to Amazon Kinesis Data Analytics
B. eploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU metrics
C. rite the messages to Amazon Kinesis Data Streams with a single shard
D. ublish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SOS) subscriptions
View answer
Correct Answer: D
Question #86
A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.Which solution meets these requirements?
A. tore the database user credentials in AWS Secrets Manager
B. tore the database user credentials in AWS Systems Manager OpsCenter
C. tore the database user credentials in a secure Amazon S3 bucket
D. tore the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system
View answer
Correct Answer: A
Question #87
A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.Which solution will meet these requirements in the MOST secure manner?
A. pply an S3 bucket policy that grants read access to the S3 bucket
B. pply an IAM role to the Lambda function
C. mbed an access key and a secret key in the Lambda function’s code to grant the required IAM permissions for read access to the S3 bucket
D. pply an IAM role to the Lambda function
View answer
Correct Answer: B
Question #88
A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.Which solution meets these requirements?
A. aunch all EC2 instances in the same Availability Zone within the same AWS Region
B. aunch all EC2 instances in different Availability Zones within the same AWS Region
C. eploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target
D. eploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones
View answer
Correct Answer: D
Question #89
A company has applications that run on Amazon EC2 instances in a VPC. One of the applications needs to call the Amazon S3 API to store and read objects. According to the company's security regulations, no traffic from the applications is allowed to travel across the internet.Which solution will meet these requirements?
A. onfigure an S3 gateway endpoint
B. reate an S3 bucket in a private subnet
C. reate an S3 bucket in the same AWS Region as the EC2 instances
D. onfigure a NAT gateway in the same subnet as the EC2 instances
View answer
Correct Answer: A
Question #90
A company is using Amazon Route 53 latency-based routing to route requests to its UDP-based application for users around the world. The application is hosted on redundant servers in the company's on-premises data centers in the United States, Asia, and Europe. The company’s compliance requirements state that the application must be hosted on premises. The company wants to improve the performance and availability of the application.What should a solutions architect do to meet these requirements?
A. onfigure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints
B. onfigure three Application Load Balancers (ALBs) in the three AWS Regions to address the on-premises endpoints
C. onfigure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints
D. onfigure three Application Load Balancers (ALBs) in the three AWS Regions to address the on-premises endpoints
View answer
Correct Answer: A
Question #91
An ecommerce company is running a multi-tier application on AWS. The front-end and backend tiers both run on Amazon EC2, and the database runs on Amazon RDS for MySQL. The backend tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns.Which action should be taken to improve the performance of the backend?
A. mplement Amazon SNS to store the database calls
B. mplement Amazon ElastiCache to cache the large datasets
C. mplement an RDS for MySQL read replica to cache database calls
D. mplement Amazon Kinesis Data Firehose to stream the calls to the database
View answer
Correct Answer: B
Question #92
A company is deploying an application that processes streaming data in near-real time The company plans to use Amazon EC2 instances for the workload The network architecture must be configurable to provide the lowest possible latency between nodesWhich combination of network solutions will meet these requirements? (Select TWO)
A. nable and configure enhanced networking on each EC2 instance
B. roup the EC2 instances in separate accounts
C. un the EC2 instances in a cluster placement group
D. ttach multiple elastic network interfaces to each EC2 instance
E. se Amazon Elastic Block Store (Amazon EBS) optimized instance types
View answer
Correct Answer: AC
Question #93
A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider to authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that are stored in another S3 bucket.Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.Which solution meets
A. pdate the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content
B. pdate the S3 ACL to allow the application to access the protected content
C. edeploy the application to Amazon S3 to prevent eventually consistent reads in the S3 bucket from affecting the ability of users to access the protected content
D. pdate the Amazon Cognito pool to use custom attribute mappings within the identity pool and grant users the proper permissions to access the protected content
View answer
Correct Answer: A
Question #94
A company is running a batch application on Amazon EC2 instances. The application consists of a backend with multiple Amazon RDS databases. The application is causing a high number of reads on the databases. A solutions architect must reduce the number of database reads while ensuring high availability.What should the solutions architect do to meet this requirement?
A. dd Amazon RDS read replicas
B. se Amazon ElastiCache for Redis
C. se Amazon Route 53 DNS caching
D. se Amazon ElastiCache for Memcached
View answer
Correct Answer: A
Question #95
Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.Which action should the solutions architect take to accomplish this?
A. enerate presigned URLs for the files
B. se cross-Region replication to all Regions
C. se the geoproximity feature of Amazon Route 53
D. se Amazon CloudFront with the S3 bucket as its origin
View answer
Correct Answer: D
Question #96
A company needs to run a critical application on AWS. The company needs to use Amazon EC2 for the application’s database. The database must be highly available and must fail over automatically if a disruptive event occurs.Which solution will meet these requirements?
A. aunch two EC2 instances, each in a different Availability Zone in the same AWS Region
B. aunch an EC2 instance in an Availability Zone
C. aunch two EC2 instances, each in a different AWS Region
D. aunch an EC2 instance in an Availability Zone
View answer
Correct Answer: C
Question #97
A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.What should the solutions architect do to enable Internet access for the private subnets?
A. reate three NAT gateways, one for each public subnet in each AZ
B. reate three NAT instances, one for each private subnet in each AZ
C. reate a second internet gateway on one of the private subnets
D. reate an egress-only internet gateway on one of the public subnets
View answer
Correct Answer: A
Question #98
A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.Which service will improve the performance of both the real-time and on-demand streaming?
A. mazon OpenSearch Service (Amazon Elasticsearch Service)
B. mazon S3 Glacier
C. mazon S3 Standard
D. mazon RDS for PostgreSQL
View answer
Correct Answer: A
Question #99
A company wants to migrate a Windows-based application from on premises to the AWS Cloud. The application has three tiers: an application tier, a business tier, and a database tier with Microsoft SQL Server. The company wants to use specific features of SQL Server such as native backups and Data Quality Services. The company also needs to share files for processing between the tiers.How should a solutions architect design the architecture to meet these requirements?
A. ost all three tiers on Amazon EC2 instances
B. ost all three tiers on Amazon EC2 instances
C. ost the application tier and the business tier on Amazon EC2 instances
D. ost the application tier and the business tier on Amazon EC2 instances
View answer
Correct Answer: B
Question #100
A solutions architect needs to allow team members to access Amazon S3 buckets in two different AWS accounts: a development account and a production account. The team currently has access to S3 buckets in the development account by using unique IAM users that are assigned to an IAM group that has appropriate permissions in the account.The solutions architect has created an IAM role in the production account. The role has a policy that grants access to an S3 bucket in the production account.Which solution wil
A. ttach the Administrator Access policy to the development account users
B. dd the development account as a principal in the trust policy of the role in the production account
C. urn off the S3 Block Public Access feature on the S3 bucket in the production account
D. reate a user in the production account with unique credentials for each team member
View answer
Correct Answer: B
Question #101
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.Which solution will meet these requirements?
A. tore the records in S3 Glacier for the entire 10-year period
B. tore the records by using S3 Intelligent-Tiering
C. se an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year
D. se an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year
View answer
Correct Answer: C
Question #102
A company needs to ingest and handle large amounts of streaming data that its application generates. The application runs on Amazon EC2 instances and sends data to Amazon Kinesis Data Streams, which is configured with default settings. Every other day, the application consumes the data and writes the data to an Amazon S3 bucket for business intelligence (BI) processing. The company observes that Amazon S3 is not receiving all the data that the application sends to Kinesis Data Streams.What should a solution
A. pdate the Kinesis Data Streams default settings by modifying the data retention period
B. pdate the application to use the Kinesis Producer Library (KPL) to send the data to Kinesis Data Streams
C. pdate the number of Kinesis shards to handle the throughput of the data that is sent to Kinesis Data Streams
D. urn on S3 Versioning within the S3 bucket to preserve every version of every object that is ingested in the S3 bucket
View answer
Correct Answer: A
Question #103
A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. igrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS)
B. igrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS)
C. igrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group
D. igrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group
View answer
Correct Answer: BD
Question #104
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.Which solution will meet these requirements with the LEAST operational overhead?
A. se the EC2 serial console to directly access the terminal interface of each instance for administration
B. ttach the appropriate IAM role to each existing instance and new instance
C. reate an administrative SSH key pair
D. stablish an AWS Site-to-Site VPN connection
View answer
Correct Answer: B
Question #105
A company has a web application that is based on Java and PHP. The company plans to move the application from on premises to AWS. The company needs the ability to test new site features frequently. The company also needs a highly available and managed solution that requires minimum operational overhead.Which solution will meet these requirements?
A. reate a read replica
B. reate a read replica
C. igrate the ordering application to Amazon DynamoDB with on-demand capacity
D. chedule the reporting queries for non-peak hours
View answer
Correct Answer: B
Question #106
An ecommerce company is building a distributed application that involves several serverless functions and AWS services to complete order-processing tasks. These tasks require manual approvals as part of the workflow. A solutions architect needs to design an architecture for the order-processing application. The solution must be able to combine multiple AWS Lambda functions into responsive serverless applications. The solution also must orchestrate data and services that run on Amazon EC2 instances, containe
A. se AWS Step Functions to build the application
B. ntegrate all the application components in an AWS Glue job
C. se Amazon Simple Queue Service (Amazon SQS) to build the application
D. se AWS Lambda functions and Amazon EventBridge events to build the application
View answer
Correct Answer: A
Question #107
A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS).Which combination of actions will meet this requirement with the LEAST operational overhead? (Choose two.)
A. tore the images and geographic codes in a database table
B. tore the images in Amazon S3 buckets
C. tore the images and geographic codes in an Amazon DynamoDB table
D. tore the images in Amazon S3 buckets
View answer
Correct Answer: BD
Question #108
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs ta share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses an AWS Key Management Service (AWS KMS) customer managed key to encrypt EBS volume snapshots.What is the MOST secure way for the solutions architect to share the AMI with
A. ake the encrypted AMI and snapshots publicly available
B. odify the launchPermission property of the AMI
C. odify the launchPermission property of the AMI
D. xport the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account, Encrypt the S3 bucket with a new KMS key that is owned by the MSP Partner
View answer
Correct Answer: B
Question #109
A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.How should security groups be configured in this situation? (Choose two.)
A. WS DataSync over public internet
B. WS DataSync over AWS Direct Connect
C. WS Database Migration Service (AWS DMS) over public internet
D. WS Database Migration Service (AWS DMS) over AWS Direct Connect
View answer
Correct Answer: AC
Question #110
A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances. and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check.What should a solutions architect do to accomplish this?
A. se AWS Config rules to define and detect resources that are not properly tagged
B. se Cost Explorer to display resources that are not properly tagged
C. rite API calls to check all resources for proper tag allocation
D. rite API calls to check all resources for proper tag allocation
View answer
Correct Answer: A
Question #111
A company has an application that processes customer orders. The company hosts the application on an Amazon EC2 instance that saves the orders to an Amazon Aurora database. Occasionally when traffic is high the workload does not process orders fast enough.What should a solutions architect do to write the orders reliably to the database as quickly as possible?
A. ncrease the instance size of the EC2 instance when traffic is high
B. rite orders to an Amazon Simple Queue Service (Amazon SQS) queue
C. rite orders to Amazon Simple Notification Service (Amazon SNS)
D. rite orders to an Amazon Simple Queue Service (Amazon SQS) queue when the EC2 instance reaches CPU threshold limits
View answer
Correct Answer: B
Question #112
An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor.What should a solutions architect do to meet these requirements?
A. reate an internet gateway, and attach it to the VPC
B. reate a NAT gateway, and place it in a public subnet
C. reate a NAT instance, and place it in the same subnet where the EC2 instance is located
D. reate an internet gateway, and attach it to the VPC
View answer
Correct Answer: B
Question #113
An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an Amazon Simple Queue Service (Amazon SQS) standard queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.Users report that they are receiving multiple email messages for every uploaded im
A. et up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds
B. hange the SQS standard queue to an SQS FIFO queue
C. ncrease the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout
D. odify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing
View answer
Correct Answer: C
Question #114
A company runs a shopping application that uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour.What should the solutions architect recommend to meet these requirements?
A. onfigure DynamoDB global tables
B. onfigure DynamoDB point-in-time recovery
C. xport the DynamoDB data to Amazon S3 Glacier on a daily basis
D. chedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes
View answer
Correct Answer: B
Question #115
A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data. The solution must be fully managed.Which AWS solution meets these requirements?
A. reate an AWS DataSync task that shares the data as a mountable file system
B. reate an Amazon EC2 Windows instance
C. reate an Amazon FSx for Windows File Server file system
D. reate an Amazon S3 bucket
View answer
Correct Answer: C
Question #116
A company hosts a multi-tier web application on Amazon Linux Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company observes that the Auto Scaling group launches more On-Demand Instances when the application's end users access high volumes of static web content. The company wants to optimize cost.What should a solutions architect do to redesign the application MOST cost-effectively?
A. pdate the Auto Scaling group to use Reserved Instances instead of On-Demand Instances
B. pdate the Auto Scaling group to scale by launching Spot Instances instead of On-Demand Instances
C. reate an Amazon CloudFront distribution to host the static web contents from an Amazon S3 bucket
D. reate an AWS Lambda function behind an Amazon API Gateway API to host the static website contents
View answer
Correct Answer: C
Question #117
A company is implementing a shared storage solution for a media application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data. The solution must be fully managed.Which AWS solution meets these requirements?
A. reate an AWS Storage Gateway volume gateway
B. reate an AWS Storage Gateway tape gateway
C. reate an Amazon EC2 Windows instance
D. reate an Amazon FSx for Windows File Server file system
View answer
Correct Answer: D
Question #118
A medical records company is hosting an application on Amazon EC2 instances. The application processes customer data files that are stored on Amazon S3. The EC2 instances are hosted in public subnets. The EC2 instances access Amazon S3 over the internet, but they do not require any other network access.A new requirement mandates that the network traffic for file transfers take a private route and not be sent over the internet.Which change to the network architecture should a solutions architect recommend to
A. reate a NAT gateway
B. onfigure the security group for the EC2 instances to restrict outbound traffic so that only traffic to the S3 prefix list is permitted
C. ove the EC2 instances to private subnets
D. emove the internet gateway from the VPC
View answer
Correct Answer: C
Question #119
A company uses AWS Organizations to run workloads within multiple AWS accounts. A tagging policy adds department tags to AWS resources when the company creates tags.An accounting team needs to determine spending on Amazon EC2 consumption. The accounting team must determine which departments are responsible for the costs regardless ofAWS account. The accounting team has access to AWS Cost Explorer for all AWS accounts within the organization and needs to access all reports from Cost Explorer.Which solution m
A. reate AWS Lambda functions to transfer the data securely from Salesforce to Amazon S3
B. reate an AWS Step Functions workflow
C. reate Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3
D. reate a custom connector for Salesforce to transfer the data securely from Salesforce to Amazon S3
View answer
Correct Answer: A
Question #120
A company is developing a two-tier web application on AWS. The company's developers have deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application. The company must also implement a solution to automatically rotate the database credentials on a regular basis.Which solution will meet these requirements with the LEAST operational overhead?
A. tore the database credentials in the instance metadata
B. tore the database credentials in a configuration file in an encrypted Amazon S3 bucket
C. tore the database credentials as a secret in AWS Secrets Manager
D. tore the database credentials as encrypted parameters in AWS Systems Manager Parameter Store
View answer
Correct Answer: C
Question #121
A company has a business system that generates hundreds of reports each day. The business system saves the reports to a network share in CSV format. The company needs to store this data in the AWS Cloud in near-real time for analysis.Which solution will meet these requirements with the LEAST administrative overhead?
A. se AWS DataSync to transfer the files to Amazon S3
B. reate an Amazon S3 File Gateway
C. se AWS DataSync to transfer the files to Amazon S3
D. eploy an AWS Transfer for SFTP endpoint
View answer
Correct Answer: B
Question #122
A company is running an online transaction processing (OLTP) workload on AWS. This workload uses an unencrypted Amazon RDS DB instance in a Multi-AZ deployment. Daily database snapshots are taken from this instance.What should a solutions architect do to ensure the database and snapshots are always encrypted moving forward?
A. ncrypt a copy of the latest DB snapshot
B. reate a new encrypted Amazon Elastic Block Store (Amazon EBS) volume and copy the snapshots to it
C. opy the snapshots and enable encryption using AWS Key Management Service (AWS KMS)
D. opy the snapshots to an Amazon S3 bucket that is encrypted using server-side encryption with AWS Key Management Service (AWS KMS) managed keys (SSE-KMS)
View answer
Correct Answer: A
Question #123
A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access.Which solution will meet these requirements?
A. reate an analysis in Amazon QuickSight
B. reate an analysis in Amazon QuickSight
C. reate an AWS Glue table and crawler for the data in Amazon S3
D. reate an AWS Glue table and crawler for the data in Amazon S3
View answer
Correct Answer: B
Question #124
A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources.What should a solutions architect do to meet these requirements?
A. se AWS CloudTrail to track configuration changes and AWS Config to record API calls
B. se AWS Config to track configuration changes and AWS CloudTrail to record API calls
C. se AWS Config to track configuration changes and Amazon CloudWatch to record API calls
D. se AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls
View answer
Correct Answer: B
Question #125
A company is storing petabytes of data in Amazon S3 Standard. The data is stored in multiple S3 buckets and is accessed with varying frequency. The company does not know access patterns for all the data. The company needs to implement a solution for each S3 bucket to optimize the cost of S3 usage.Which solution will meet these requirements with the MOST operational efficiency?
A. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Intelligent-Tiering
B. se the S3 storage class analysis tool to determine the correct tier for each object in the S3 bucket
C. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 Glacier Instant Retrieval
D. reate an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucket to S3 One Zone-Infrequent Access (S3 One Zone-IA)
View answer
Correct Answer: A
Question #126
A company runs workloads on AWS. The company needs to connect to a service from an external provider. The service is hosted in the provider's VPC. According to the company’s security team, the connectivity must be private and must be restricted to the target service. The connection must be initiated only from the company’s VPC.Which solution will meet these requirements?
A. reate a VPC peering connection between the company's VPC and the provider's VPC
B. sk the provider to create a virtual private gateway in its VPC
C. reate a NAT gateway in a public subnet of the company’s VP Update the route table to connect to the target service
D. sk the provider to create a VPC endpoint for the target service
View answer
Correct Answer: D
Question #127
A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.Which solution meets these requirements?
A. se client-side encryption to encrypt the data that is being uploaded to the S3 buckets
B. se server-side encryption to encrypt the data that is being uploaded to the S3 buckets
C. reate bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads
D. nable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key
View answer
Correct Answer: A
Question #128
The following IAM policy is attached to an IAM group. This is the only policy applied to the group.What are the effective IAM permissions of this policy for group members?
A. roup members are permitted any Amazon EC2 action within the us-east-1 Region
B. roup members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA)
C. roup members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA)
D. roup members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA)
View answer
Correct Answer: D
Question #129
A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads.Which combination of actions should th
A. dd a second ActiveMQ server to another Availability Zone
B. se Amazon MQ with active/standby brokers configured across two Availability Zones
C. se Amazon MQ with active/standby brokers configured across two Availability Zones
D. se Amazon MQ with active/standby brokers configured across two Availability Zones
View answer
Correct Answer: BD
Question #130
An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.What should a solutions architect recommend to meet this requirement?
A. se Amazon ElastiCache for Redis
B. se Amazon DynamoDB Accelerator (DAX)
C. eplicate data by using DynamoDB global tables
D. se Amazon ElastiCache for Memcached with Auto Discovery enabled
View answer
Correct Answer: B
Question #131
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:What is the effect of this policy?
A. sers can terminate an EC2 instance in any AWS Region except us-east-1
B. sers can terminate an EC2 instance with the IP address 10
C. sers can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10
D. sers cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10
View answer
Correct Answer: C
Question #132
A company runs a global web application on Amazon EC2 instances behind an Application Load Balancer. The application stores data in Amazon Aurora. The company needs to create a disaster recovery solution and can tolerate up to 30 minutes of downtime and potential data loss. The solution does not need to handle the load when the primary infrastructure is healthy.What should a solutions architect do to meet these requirements?
A. eploy the application with the required infrastructure elements in place
B. ost a scaled-down deployment of the application in a second AWS Region
C. eplicate the primary infrastructure in a second AWS Region
D. ack up data with AWS Backup
View answer
Correct Answer: A
Question #133
A company has a three-tier web application that is in a single server. The company wants to migrate the application to the AWS Cloud. The company also wants the application to align with the AWS Well-Architected Framework and to be consistent with AWS recommended best practices for security, scalability, and resiliency.Which combination of solutions will meet these requirements? (Choose three.)
A. se AWS App2Container (A2C) to containerize the job
B. opy the code into an AWS Lambda function that has 1 GB of memory
C. se AWS App2Container (A2C) to containerize the job
D. onfigure the existing schedule to stop the EC2 instance at the completion of the job and restart the EC2 instance when the next job starts
View answer
Correct Answer: CEF
Question #134
A company needs to store contract documents. A contract lasts for 5 years. During the 5-year period, the company must ensure that the documents cannot be overwritten or deleted. The company needs to encrypt the documents at rest and rotate the encryption keys automatically every year.Which combination of steps should a solutions architect take to meet these requirements with the LEAST operational overhead? (Choose two.)
A. reate an Amazon S3 bucket
B. eploy the web application to an AWS Elastic Beanstalk environment
C. eploy the web application to Amazon EC2 instances that are configured with Java and PHP
D. ontainerize the web application
View answer
Correct Answer: BD
Question #135
A solutions architect needs to securely store a database user name and password that an application uses to access an Amazon RDS DB instance. The application that accesses the database runs on an Amazon EC2 instance. The solutions architect wants to create a secure parameter in AWS Systems Manager Parameter Store.What should the solutions architect do to meet this requirement?
A. reate an IAM role that has read access to the Parameter Store parameter
B. reate an IAM policy that allows read access to the Parameter Store parameter
C. reate an IAM trust relationship between the Parameter Store parameter and the EC2 instance
D. reate an IAM trust relationship between the DB instance and the EC2 instance
View answer
Correct Answer: A
Question #136
A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.What should the solutions architect do to accomplish this?
A. et an overall password policy for the entire AWS account
B. et a password policy for each IAM user in the AWS account
C. se third-party vendor software to set password requirements
D. ttach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements
View answer
Correct Answer: A
Question #137
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance.The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone. A solutions architect must update the design to use a second Availability Zone.Which solution will make the application highly available?
A. rovision a subnet in each Availability Zone
B. rovision two subnets that extend across both Availability Zones
C. rovision a subnet in each Availability Zone
D. rovision a subnet that extends across both Availability Zones
View answer
Correct Answer: C
Question #138
A company runs a web-based portal that provides users with global breaking news, local alerts, and weather updates. The portal delivers each user a personalized view by using mixture of static and dynamic content. Content is served over HTTPS through an API server running on an Amazon EC2 instance behind an Application Load Balancer (ALB). The company wants the portal to provide this content to its users across the world as quickly as possible.How should a solutions architect design the application to ensur
A. eploy the application stack in a single AWS Region
B. eploy the application stack in two AWS Regions
C. eploy the application stack in a single AWS Region
D. eploy the application stack in two AWS Regions
View answer
Correct Answer: A
Question #139
A company has a large dataset for its online advertising business stored in an Amazon RDS for MySQL DB instance in a single Availability Zone. The company wants business reporting queries to run without impacting the write operations to the production DB instance.Which solution meets these requirements?
A. eploy RDS read replicas to process the business reporting queries
B. cale out the DB instance horizontally by placing it behind an Elastic Load Balancer
C. cale up the DB instance to a larger instance type to handle write operations and queries
D. eploy the DB instance in multiple Availability Zones to process the business reporting queries
View answer
Correct Answer: A
Question #140
A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet. However the company’s security policy states that any external service cannot initiate a connection to the EC2 instances.What should a solutions architect recommend to resolve this issue?
A. reate a NAT gateway and make it the destination of the subnet's route table
B. reate an internet gateway and make it the destination of the subnet's route table
C. reate a virtual private gateway and make it the destination of the subnet's route table
D. reate an egress-only internet gateway and make it the destination of the subnet's route table
View answer
Correct Answer: D
Question #141
A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company.How should security groups be configured in this situation? (Choose two.)
A. WS DataSync over public internet
B. WS DataSync over AWS Direct Connect
C. WS Database Migration Service (AWS DMS) over public internet
D. WS Database Migration Service (AWS DMS) over AWS Direct Connect
View answer
Correct Answer: AC
Question #142
A solutions architect is designing a RESTAPI in Amazon API Gateway for a cash payback service. The application requires 1 GB of memory and 2 GB of storage for its computation resources. The application will require that the data is in a relational format.Which additional combination ofAWS services will meet these requirements with the LEAST administrative effort? (Choose two.)
A. rom the Organizations management account billing console, activate a user-defined cost allocation tag named department
B. rom the Organizations management account billing console, activate an AWS-defined cost allocation tag named department
C. rom the Organizations member account billing console, activate a user-defined cost allocation tag named department
D. rom the Organizations member account billing console, activate an AWS-defined cost allocation tag named department
View answer
Correct Answer: BC
Question #143
A company stores raw collected data in an Amazon S3 bucket. The data is used for several types of analytics on behalf of the company's customers. The type of analytics requested determines the access pattern on the S3 objects.The company cannot predict or control the access pattern. The company wants to reduce its S3 costs.Which solution will meet these requirements?
A. se S3 replication to transition infrequently accessed objects to S3 Standard-Infrequent Access (S3 Standard-IA)
B. se S3 Lifecycle rules to transition objects from S3 Standard to Standard-Infrequent Access (S3 Standard-IA)
C. se S3 Lifecycle rules to transition objects from S3 Standard to S3 Intelligent-Tiering
D. se S3 Inventory to identify and transition objects that have not been accessed from S3 Standard to S3 Intelligent-Tiering
View answer
Correct Answer: C
Question #144
A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.Which action should the solutions architect take?
A. onfigure a CloudFront signed URL
B. onfigure a CloudFront signed cookie
C. onfigure a CloudFront field-level encryption profile
D. onfigure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy
View answer
Correct Answer: C
Question #145
A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing and new data by using SL. The company stores the data in an Amazon S3 bucket. The data requires encryption and must be replicated to a different AWS Region.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a new S3 bucket
B. reate a new S3 bucket
C. oad the data into the existing S3 bucket
D. oad the data into the existing S3 bucket
View answer
Correct Answer: A
Question #146
A solutions architect must migrate a Windows Internet Information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on-premises network-attached storage (NAS). The solutions architect has proposed migrating the IIS web servers to Amazon EC2 instances in multiple Availability Zones that are connected to the storage solution, and configuring an Elastic Load Balancer attached to the instances.Which replacement to the on-premises file share is MOST resi
A. igrate the file share to Amazon RDS
B. igrate the file share to AWS Storage Gateway
C. igrate the file share to Amazon FSx for Windows File Server
D. igrate the file share to Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: C
Question #147
A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.Which solution will meet these requirements with the LEAST amount of administrative effort?
A. et up AWS WAF in both Regions
B. et up AWS Firewall Manager in both Regions
C. et up AWS Shield in bath Regions
D. et up AWS Shield in one of the Regions
View answer
Correct Answer: B
Question #148
A company sells datasets to customers who do research in artificial intelligence and machine learning (AI/ML). The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region. The company hosts a web application that the customers use to purchase access to a given dataset. The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer. After a purchase is made, customers receive an S3 signed URL that allows access to the files.The
A. onfigure S3 Transfer Acceleration on the existing S3 bucket
B. eploy an Amazon CloudFront distribution with the existing S3 bucket as the origin
C. et up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets
D. odify the web application to enable streaming of the datasets to end users
View answer
Correct Answer: B
Question #149
A company is developing an application to support customer demands. The company wants to deploy the application on multiple Amazon EC2 Nitro-based instances within the same Availability Zone. The company also wants to give the application the ability to write to multiple block storage volumes in multiple EC2 Nitro-based instances simultaneously to achieve higher application availability.Which solution will meet these requirements?
A. se General Purpose SSD (gp3) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
B. se Throughput Optimized HDD (st1) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
C. se Provisioned IOPS SSD (io2) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
D. se General Purpose SSD (gp2) EBS volumes with Amazon Elastic Block Store (Amazon EBS) Multi-Attach
View answer
Correct Answer: C
Question #150
A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees’ devices.The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity..Which solution will meet these requirements?
A. igrate the file server to an Amazon EC2 instance in a public subnet
B. igrate the files to an Amazon FSx for Windows File Server file system
C. igrate the files to Amazon S3, and create a private VPC endpoint
D. igrate the files to Amazon S3, and create a public VPC endpoint
View answer
Correct Answer: B
Question #151
A company hosts a three-tier web application on Amazon EC2 instances in a single Availability Zone. The web application uses a self-managed MySQL database that is hosted on an EC2 instance to store data in an Amazon Elastic Block Store (Amazon EBS) volume. The MySQL database currently uses a 1 TB Provisioned IOPS SSD (io2) EBS volume. The company expects traffic of 1,000 IOPS for both reads and writes at peak traffic.The company wants to minimize any disruptions, stabilize performance, and reduce costs whil
A. se a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with an io2 Block Express EBS volume
B. se a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with a General Purpose SSD (gp2) EBS volume
C. se Amazon S3 Intelligent-Tiering access tiers
D. se two large EC2 instances to host the database in active-passive mode
View answer
Correct Answer: B
Question #152
A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day.What should a solutions architect do to transmit and process the clickstream data?
A. esign an AWS Data Pipeline to archive the data to an Amazon S3 bucket and run an Amazon EMR cluster with the data to generate analytics
B. reate an Auto Scaling group of Amazon EC2 instances to process the data and send it to an Amazon S3 data lake for Amazon Redshift to use for analysis
C. ache the data to Amazon CloudFront
D. ollect the data from Amazon Kinesis Data Streams
View answer
Correct Answer: D
Question #153
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zone.What should a solutions architect do to meet this requirement?
A. onfigure AWS Storage Gateway in volume gateway mode
B. onfigure Amazon FSx for Windows File Server
C. onfigure a file system by using Amazon Elastic File System (Amazon EFS)
D. onfigure an Amazon Elastic Block Store (Amazon EBS) volume with the required size
View answer
Correct Answer: B
Question #154
A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run, developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadIOPS and CPUUtilization metrics are spiking when monthly reports run.What is the MOST cost-effective solution?
A. igrate the monthly reporting to Amazon Redshift
B. igrate the monthly reporting to an Aurora Replica
C. igrate the Aurora database to a larger instance class
D. ncrease the Provisioned IOPS on the Aurora instance
View answer
Correct Answer: B
Question #155
A company needs to store data from its healthcare application. The application’s data frequently changes. A new regulation requires audit access at all levels of the stored data.The company hosts the application on an on-premises infrastructure that is running out of storage capacity. A solutions architect must securely migrate the existing data to AWS while satisfying the new regulation.Which solution will meet these requirements?
A. se AWS DataSync to move the existing data to Amazon S3
B. se AWS Snowcone to move the existing data to Amazon S3
C. se Amazon S3 Transfer Acceleration to move the existing data to Amazon S3
D. se AWS Storage Gateway to move the existing data to Amazon S3
View answer
Correct Answer: B
Question #156
A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks.Which solution will meet these requirements with the LEAST amount of administrative effort?
A. et up AWS WAF in both Regions
B. et up AWS Firewall Manager in both Regions
C. et up AWS Shield in bath Regions
D. et up AWS Shield in one of the Regions
View answer
Correct Answer: B
Question #157
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of w
A. se AWS Lambda to process the photos
B. se Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata
C. se AWS Lambda to process the photos
D. ncrease the number of EC2 instances to three
View answer
Correct Answer: C
Question #158
A social media company allows users to upload images to its website. The website runs on Amazon EC2 instances. During upload requests, the website resizes the images to a standard size and stores the resized images in Amazon S3. Users are experiencing slow upload requests to the website.The company needs to reduce coupling within the application and improve website performance. A solutions architect must design the most operationally efficient process for image uploads.Which combination of actions should th
A. dd a second ActiveMQ server to another Availability Zone
B. se Amazon MQ with active/standby brokers configured across two Availability Zones
C. se Amazon MQ with active/standby brokers configured across two Availability Zones
D. se Amazon MQ with active/standby brokers configured across two Availability Zones
View answer
Correct Answer: BD
Question #159
A company wants to create an application to store employee data in a hierarchical structured relationship. The company needs a minimum-latency response to high-traffic queries for the employee data and must protect any sensitive data. The company also needs to receive monthly email messages if any financial information is present in the employee data.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. reate an AWS Backup plan to back up the DynamoDB table on the first day of each month
B. reate a DynamoDB on-demand backup of the DynamoDB table on the first day of each month
C. se the AWS SDK to develop a script that creates an on-demand backup of the DynamoDB table
D. se the AWS CLI to create an on-demand backup of the DynamoDB table
View answer
Correct Answer: BE
Question #160
A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.Which solution will meet these requirements?
A. reate an S3 bucket
B. reate an AWS Snowball Edge job
C. eploy an S3 File Gateway on premises
D. et up an AWS Direct Connect connection between the on-premises network and AWS
View answer
Correct Answer: C
Question #161
A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime.Which solution meets these requirements MOST cost-effectively?
A. se Spot Instances exclusively to handle the maximum capacity required
B. se Reserved Instances exclusively to handle the maximum capacity required
C. se Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity
D. se Reserved Instances for the baseline capacity and use On-Demand Instances to handle additional capacity
View answer
Correct Answer: C
Question #162
A company uses high block storage capacity to runs its workloads on premises. The company's daily peak input and output transactions per second are not more than 15,000 IOPS. The company wants to migrate the workloads to Amazon EC2 and to provision disk performance independent of storage capacity.Which Amazon Elastic Block Store (Amazon EBS) volume type will meet these requirements MOST cost-effectively?
A. P2 volume type
B. o2 volume type
C. P3 volume type
D. o1 volume type
View answer
Correct Answer: C
Question #163
A company's containerized application runs on an Amazon EC2 instance. The application needs to download security certificates before it can communicate with other business applications. The company wants a highly secure solution to encrypt and decrypt the certificates in near real time. The solution also needs to store data in highly available storage after the data is encrypted.Which solution will meet these requirements with the LEAST operational overhead?
A. reate AWS Secrets Manager secrets for encrypted certificates
B. reate an AWS Lambda function that uses the Python cryptography library to receive and perform encryption operations
C. reate an AWS Key Management Service (AWS KMS) customer managed key
D. reate an AWS Key Management Service (AWS KMS) customer managed key
View answer
Correct Answer: C
Question #164
A solutions architect must create a disaster recovery (DR) plan for a high-volume software as a service (SaaS) platform. All data for the platform is stored in an Amazon Aurora MySQL DB cluster.The DR plan must replicate data to a secondary AWS Region.Which solution will meet these requirements MOST cost-effectively?
A. se MySQL binary log replication to an Aurora cluster in the secondary Region
B. et up an Aurora global database for the DB cluster
C. se AWS Database Migration Service (AWS DMS) to continuously replicate data to an Aurora cluster in the secondary Region
D. et up an Aurora global database for the DB cluster
View answer
Correct Answer: D
Question #165
A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received.Which solution will meet these requirements?
A. se an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application receives an order
B. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an order
C. se an API Gateway authorizer to block any requests while the application processes an order
D. se an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the application receives an order
View answer
Correct Answer: B
Question #166
A company has an AWS account used for software engineering. The AWS account has access to the company’s on-premises data center through a pair of AWS Direct Connect connections. All non-VPC traffic routes to the virtual private gateway.A development team recently created an AWS Lambda function through the console. The development team needs to allow the function to access a database that runs in a private subnet in the company’s data center.Which solution will meet these requirements?
A. onfigure the Lambda function to run in the VPC with the appropriate security group
B. et up a VPN connection from AWS to the data center
C. pdate the route tables in the VPC to allow the Lambda function to access the on-premises data center through Direct Connect
D. reate an Elastic IP address
View answer
Correct Answer: A
Question #167
A solutions architect is designing a company’s disaster recovery (DR) architecture. The company has a MySQL database that runs on an Amazon EC2 instance in a private subnet with scheduled backup. The DR design needs to include multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?
A. igrate the MySQL database to multiple EC2 instances
B. igrate the MySQL database to Amazon RDS
C. igrate the MySQL database to an Amazon Aurora global database
D. tore the scheduled backup of the MySQL database in an Amazon S3 bucket that is configured for S3 Cross-Region Replication (CRR)
View answer
Correct Answer: C
Question #168
A company runs a containerized application on a Kubernetes cluster in an on-premises data center. The company is using a MongoDB database for data storage. The company wants to migrate some of these environments to AWS, but no code changes or deployment method changes are possible at this time. The company needs a solution that minimizes operational overhead.Which solution meets these requirements?
A. se Amazon Rekognition for multiple speaker recognition
B. se Amazon Transcribe for multiple speaker recognition
C. se Amazon Translate for multiple speaker recognition
D. se Amazon Rekognition for multiple speaker recognition
View answer
Correct Answer: D
Question #169
A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.Which solution will meet these requirements?
A. ost static content in Amazon S3
B. ost static content in Amazon S3
C. ost all the website content on Amazon EC2 instances
D. ost all the website content on Amazon EC2 instances
View answer
Correct Answer: A
Question #170
A company wants to use the AWS Cloud to make an existing application highly available and resilient. The current version of the application resides in the company's data center. The application recently experienced data loss after a database server crashed because of an unexpected power outage.The company needs a solution that avoids any single points of failure. The solution must give the application the ability to scale to meet user demand.Which solution will meet these requirements?
A. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones
B. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group in a single Availability Zone
C. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones
D. eploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones
View answer
Correct Answer: A
Question #171
A company runs a highly available SFTP service. The SFTP service uses two Amazon EC2 Linux instances that run with elastic IP addresses to accept traffic from trusted IP sources on the internet. The SFTP service is backed by shared storage that is attached to the instances. User accounts are created and managed as Linux users in the SFTP servers.The company wants a serverless option that provides high IOPS performance and highly configurable security. The company also wants to maintain control over user per
A. reate an encrypted Amazon Elastic Block Store (Amazon EBS) volume
B. reate an encrypted Amazon Elastic File System (Amazon EFS) volume
C. reate an Amazon S3 bucket with default encryption enabled
D. reate an Amazon S3 bucket with default encryption enabled
View answer
Correct Answer: B
Question #172
A large media company hosts a web application on AWS. The company wants to start caching confidential media files so that users around the world will have reliable access to the files. The content is stored in Amazon S3 buckets. The company must deliver the content quickly, regardless of where the requests originate geographically.Which solution will meet these requirements?
A. se AWS DataSync to connect the S3 buckets to the web application
B. eploy AWS Global Accelerator to connect the S3 buckets to the web application
C. eploy Amazon CloudFront to connect the S3 buckets to CloudFront edge servers
D. se Amazon Simple Queue Service (Amazon SQS) to connect the S3 buckets to the web application
View answer
Correct Answer: C
Question #173
A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 128 KB in size. The company has millions of files, but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users.Which action should the company take to meet these requirements MOST cost-effectively?
A. onfigure S3 Standard-Infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects
B. ove the files to S3 Intelligent-Tiering and configure it to move objects to a less expensive storage tier after 90 days
C. onfigure S3 inventory to manage objects and move them to S3 Standard-Infrequent Access (S3 Standard-1A) after 90 days
D. mplement an S3 Lifecycle policy that moves the objects from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-1A) after 90 days
View answer
Correct Answer: D
Question #174
A company’s web application consists of an Amazon API Gateway API in front of an AWS Lambda function and an Amazon DynamoDB database. The Lambda function handles the business logic, and the DynamoDB table hosts the data. The application uses Amazon Cognito user pools to identify the individual users of the application. A solutions architect needs to update the application so that only users who have a subscription can access premium content.Which solution will meet this requirement with the LEAST operationa
A. nable API caching and throttling on the API Gateway API
B. et up AWS WAF on the API Gateway API
C. pply fine-grained IAM permissions to the premium content in the DynamoDB table
D. mplement API usage plans and API keys to limit the access of users who do not have a subscription
View answer
Correct Answer: D
Question #175
A company runs a stateless web application in production on a group of Amazon EC2 On-Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight. Application usage is low during weekends.The company wants to minimize its EC2 costs without affecting the availability of the application.Which solution will meet these requirements?
A. se Spot Instances for the entire workload
B. se Reserved Instances for the baseline level of usage
C. se On-Demand Instances for the baseline level of usage
D. se Dedicated Instances for the baseline level of usage
View answer
Correct Answer: B
Question #176
A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached.Which solution provides the LOWEST data transfer egress cost for the company?
A. ost the visualization tool on premises and query the data warehouse directly over the internet
B. ost the visualization tool in the same AWS Region as the data warehouse
C. ost the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region
D. ost the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region
View answer
Correct Answer: D
Question #177
An ecommerce company is running a multi-tier application on AWS. The front-end and backend tiers both run on Amazon EC2, and the database runs on Amazon RDS for MySQL. The backend tier communicates with the RDS instance. There are frequent calls to return identical datasets from the database that are causing performance slowdowns.Which action should be taken to improve the performance of the backend?
A. mplement Amazon SNS to store the database calls
B. mplement Amazon ElastiCache to cache the large datasets
C. mplement an RDS for MySQL read replica to cache database calls
D. mplement Amazon Kinesis Data Firehose to stream the calls to the database
View answer
Correct Answer: B
Question #178
A company has several web servers that need to frequently access a common Amazon RDS MySQL Multi-AZ DB instance. The company wants a secure method for the web servers to connect to the database while meeting a security requirement to rotate user credentials frequently.Which solution meets these requirements?
A. tore the database user credentials in AWS Secrets Manager
B. tore the database user credentials in AWS Systems Manager OpsCenter
C. tore the database user credentials in a secure Amazon S3 bucket
D. tore the database user credentials in files encrypted with AWS Key Management Service (AWS KMS) on the web server file system
View answer
Correct Answer: A
Question #179
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of w
A. se AWS Lambda to process the photos
B. se Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata
C. se AWS Lambda to process the photos
D. ncrease the number of EC2 instances to three
View answer
Correct Answer: C
Question #180
A company is developing a new machine learning (ML) model solution on AWS. The models are developed as independent microservices that fetch approximately 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days
A. irect the requests from the API to a Network Load Balancer (NLB)
B. irect the requests from the API to an Application Load Balancer (ALB)
C. irect the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue
D. irect the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue
View answer
Correct Answer: D
Question #181
A company stores data in PDF format in an Amazon S3 bucket. The company must follow a legal requirement to retain all new and existing data in Amazon S3 for 7 years.Which solution will meet these requirements with the LEAST operational overhead?
A. urn on the S3 Versioning feature for the S3 bucket
B. urn on S3 Object Lock with governance retention mode for the S3 bucket
C. urn on S3 Object Lock with compliance retention mode for the S3 bucket
D. urn on S3 Object Lock with compliance retention mode for the S3 bucket
View answer
Correct Answer: D
Question #182
A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.Which solutions will meet these requirements? (Choose two.)
A. onfigure an IAM policy for AWS Systems Manager Session Manager
B. reate an Amazon ElastiCache for Redis cache cluster that gives users the ability to access the data from the cache when the DB instance is stopped
C. aunch an Amazon EC2 instance
D. reate AWS Lambda functions to start and stop the DB instance
View answer
Correct Answer: AC
Question #183
A company sells ringtones created from clips of popular songs. The files containing the ringtones are stored in Amazon S3 Standard and are at least 128 KB in size. The company has millions of files, but downloads are infrequent for ringtones older than 90 days. The company needs to save money on storage while keeping the most accessed files readily available for its users.Which action should the company take to meet these requirements MOST cost-effectively?
A. onfigure S3 Standard-Infrequent Access (S3 Standard-IA) storage for the initial storage tier of the objects
B. ove the files to S3 Intelligent-Tiering and configure it to move objects to a less expensive storage tier after 90 days
C. onfigure S3 inventory to manage objects and move them to S3 Standard-Infrequent Access (S3 Standard-1A) after 90 days
D. mplement an S3 Lifecycle policy that moves the objects from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-1A) after 90 days
View answer
Correct Answer: D
Question #184
A telemarketing company is designing its customer call center functionality on AWS. The company needs a solution that provides multiple speaker recognition and generates transcript files. The company wants to query the transcript files to analyze the business patterns. The transcript files must be stored for 7 years for auditing purposes.Which solution will meet these requirements?
A. onfigure an AWS Lambda function to be an authorizer in API Gateway to validate which user made the request
B. or each user, create and assign an API key that must be sent with each request
C. end the user’s email address in the header with every request
D. onfigure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request
View answer
Correct Answer: B
Question #185
A company is moving its data management application to AWS. The company wants to transition to an event-driven architecture. The architecture needs to be more distributed and to use serverless concepts while performing the different aspects of the workflow. The company also wants to minimize operational overhead.Which solution will meet these requirements?
A. etup a transit gateway in each Region
B. et up AWS Global Accelerator with UDP listeners and endpoint groups in each Region
C. et up Amazon CloudFront with UDP turned on
D. et up a VPC peering mesh between each Region
View answer
Correct Answer: D
Question #186
A company hosts its multi-tier applications on AWS. For compliance, governance, auditing, and security, the company must track configuration changes on its AWS resources and record a history of API calls made to these resources.What should a solutions architect do to meet these requirements?
A. se AWS CloudTrail to track configuration changes and AWS Config to record API calls
B. se AWS Config to track configuration changes and AWS CloudTrail to record API calls
C. se AWS Config to track configuration changes and Amazon CloudWatch to record API calls
D. se AWS CloudTrail to track configuration changes and Amazon CloudWatch to record API calls
View answer
Correct Answer: B
Question #187
A company experienced a breach that affected several applications in its on-premises data center. The attacker took advantage of vulnerabilities in the custom applications that were running on the servers. The company is now migrating its applications to run on Amazon EC2 instances. The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.Which solution will meet these requirements?
A. eploy AWS Shield to scan the EC2 instances for vulnerabilities
B. eploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities
C. urn on Amazon GuardDuty
D. urn on Amazon Inspector
View answer
Correct Answer: D
Question #188
A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.What should the solutions architect do to meet this requirement?
A. dd an Amazon Inspector agent to the ALB
B. onfigure Amazon Macie to prevent attacks
C. nable AWS Shield Advanced to prevent attacks
D. onfigure Amazon GuardDuty to monitor the ALB
View answer
Correct Answer: C
Question #189
A social media company runs its application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. The application has more than a billion images stored in an Amazon S3 bucket and processes thousands of images each second. The company wants to resize the images dynamically and serve appropriate formats to clients.Which solution will meet these requirements with the LEAST operational overhead?
A. reate a public SSL/TLS certificate in AWS Certificate Manager (ACM)
B. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)
C. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)
D. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)
View answer
Correct Answer: C
Question #190
A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job.What should the solutions architect recommend?
A. mplement EC2 Spot Instances
B. urchase EC2 Reserved Instances
C. mplement EC2 On-Demand Instances
D. mplement the processing on AWS Lambda
View answer
Correct Answer: A
Question #191
A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team IAM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution.What should a solutions architect do to secure the audit documents?
A. nable the versioning and MFA Delete features on the S3 bucket
B. nable multi-factor authentication (MFA) on the IAM user credentials for each audit team IAM user account
C. dd an S3 Lifecycle policy to the audit team's IAM user accounts to deny the s3:DeleteObject action during audit dates
D. se AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and restrict audit team IAM user accounts from accessing the KMS key
View answer
Correct Answer: A
Question #192
A company has an application that processes customer orders. The company hosts the application on an Amazon EC2 instance that saves the orders to an Amazon Aurora database. Occasionally when traffic is high the workload does not process orders fast enough.What should a solutions architect do to write the orders reliably to the database as quickly as possible?
A. ncrease the instance size of the EC2 instance when traffic is high
B. rite orders to an Amazon Simple Queue Service (Amazon SQS) queue
C. rite orders to Amazon Simple Notification Service (Amazon SNS)
D. rite orders to an Amazon Simple Queue Service (Amazon SQS) queue when the EC2 instance reaches CPU threshold limits
View answer
Correct Answer: B
Question #193
A company has an on-premises volume backup solution that has reached its end of life. The company wants to use AWS as part of a new backup solution and wants to maintain local access to all the data while it is backed up on AWS. The company wants to ensure that the data backed up on AWS is automatically and securely transferred.Which solution meets these requirements?
A. se AWS Snowball to migrate data out of the on-premises solution to Amazon S3
B. se AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3
C. se AWS Storage Gateway and configure a cached volume gateway
D. se AWS Storage Gateway and configure a stored volume gateway
View answer
Correct Answer: D
Question #194
A company is hosting a web application from an Amazon S3 bucket. The application uses Amazon Cognito as an identity provider to authenticate users and return a JSON Web Token (JWT) that provides access to protected resources that are stored in another S3 bucket.Upon deployment of the application, users report errors and are unable to access the protected content. A solutions architect must resolve this issue by providing proper permissions so that users can access the protected content.Which solution meets
A. pdate the Amazon Cognito identity pool to assume the proper IAM role for access to the protected content
B. pdate the S3 ACL to allow the application to access the protected content
C. edeploy the application to Amazon S3 to prevent eventually consistent reads in the S3 bucket from affecting the ability of users to access the protected content
D. pdate the Amazon Cognito pool to use custom attribute mappings within the identity pool and grant users the proper permissions to access the protected content
View answer
Correct Answer: A
Question #195
A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance. Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code.Which solution meets these requirements?
A. onvert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option
B. reate a new RDS Multi-AZ deployment
C. reate a read-only replica of the PostgreSQL database in another Availability Zone
D. lace the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two
View answer
Correct Answer: A
Question #196
A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3.How can a solutions architect ensure that the application has permission to access Amazon S3?
A. pdate the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container
B. reate an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition
C. reate a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster
D. reate an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account
View answer
Correct Answer: B
Question #197
A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.How should a solutions architect grant this access to the vendor?
A. reate an IAM role in the company’s account to delegate access to the vendor’s IAM role
B. reate an IAM user in the company’s account with a password that meets the password complexity requirements
C. reate an IAM group in the company’s account
D. reate a new identity provider by choosing “AWS account” as the provider type in the IAM console
View answer
Correct Answer: A
Question #198
A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.How can the solutions architect meet this requirement?
A. eploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it
B. eploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets
C. eploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
D. eploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets
View answer
Correct Answer: D
Question #199
A company is building a containerized application on premises and decides to move the application to AWS. The application will have thousands of users soon after it is deployed. The company is unsure how to manage the deployment of containers at scale. The company needs to deploy the containerized application in a highly available architecture that minimizes operational overhead.Which solution will meet these requirements?
A. tore container images in an Amazon Elastic Container Registry (Amazon ECR) repository
B. tore container images in an Amazon Elastic Container Registry (Amazon ECR) repository
C. tore container images in a repository that runs on an Amazon EC2 instance
D. reate an Amazon EC2 Amazon Machine Image (AMI) that contains the container image
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: