Updated AWS SAA-C03 Exam Dumps – Your Path to Success

Question #1

A company hosts multiple production applications. One of the applications consists of resources from Amazon EC2, AWS Lambda, Amazon RDS, Amazon Simple Notification Service (Amazon SNS), and Amazon Simple Queue Service (Amazon SQS) across multiple AWS Regions. All company resources are tagged with a tag name of “application” and a value that corresponds to each application. A solutions architect must provide the quickest solution for identifying all of the tagged components.Which solution meets these require

A. se AWS CloudTrail to generate a list of resources with the application tag

B. se the AWS CLI to query each service across all Regions to report the tagged components

C. un a query in Amazon CloudWatch Logs Insights to report on the components with the application tag

D. un a query with the AWS Resource Groups Tag Editor to report on the resources globally with the application tag

View answer

Correct Answer: D

Question #2

A company has a Java application that uses Amazon Simple Queue Service (Amazon SQS) to parse messages. The application cannot parse messages that are larger than 256 KB in size. The company wants to implement a solution to give the application the ability to parse messages as large as 50 MB.Which solution will meet these requirements with the FEWEST changes to the code?

A. se the Amazon SQS Extended Client Library for Java to host messages that are larger than 256 KB in Amazon S3

B. se Amazon EventBridge to post large messages from the application instead of Amazon SQS

C. hange the limit in Amazon SQS to handle messages that are larger than 256 KB

D. tore messages that are larger than 256 KB in Amazon Elastic File System (Amazon EFS)

View answer

Correct Answer: A

Question #3

A company wants to run an in-memory database for a latency-sensitive application that runs on Amazon EC2 instances. The application processes more than 100,000 transactions each minute and requires high network throughput. A solutions architect needs to provide a cost-effective network design that minimizes data transfer charges.Which solution meets these requirements?

A. aunch all EC2 instances in the same Availability Zone within the same AWS Region

B. aunch all EC2 instances in different Availability Zones within the same AWS Region

C. eploy an Auto Scaling group to launch EC2 instances in different Availability Zones based on a network utilization target

D. eploy an Auto Scaling group with a step scaling policy to launch EC2 instances in different Availability Zones

View answer

Correct Answer: D

Question #4

A solutions architect needs to securely store a database user name and password that an application uses to access an Amazon RDS DB instance. The application that accesses the database runs on an Amazon EC2 instance. The solutions architect wants to create a secure parameter in AWS Systems Manager Parameter Store.What should the solutions architect do to meet this requirement?

A. reate an IAM role that has read access to the Parameter Store parameter

B. reate an IAM policy that allows read access to the Parameter Store parameter

C. reate an IAM trust relationship between the Parameter Store parameter and the EC2 instance

D. reate an IAM trust relationship between the DB instance and the EC2 instance

View answer

Correct Answer: A

Question #5

An application runs on Amazon EC2 instances across multiple Availability Zonas. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%.What should a solutions architect do to maintain the desired performance across all instances in the group?

A. rite individual policies for each S3 bucket to grant read permission for only CloudFront access

B. reate an IAM user

C. rite an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN)

D. reate an origin access identity (OAI)

View answer

Correct Answer: B

Question #6

A development team has launched a new application that is hosted on Amazon EC2 instances inside a development VPC. A solutions architect needs to create a new VPC in the same account. The new VPC will be peered with the development VPC. The VPC CIDR block for the development VPC is 192.168.0.0/24. The solutions architect needs to create a CIDR block for the new VPC. The CIDR block must be valid for a VPC peering connection to the development VPC.What is the SMALLEST CIDR block that meets these requirements?

A. 0

B. 92

C. 92

D. 0

View answer

Correct Answer: D

Question #7

A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process. A solutions architect must devise a strategy to track and audit these inventory and configuration changes.Which actions should the solutions architect take to meet these requirements? (Choose two.)

A. se AWS Systems Manager Session Manager to connect to the EC2 instances

B. se AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand

C. llow shared SSH access to a set of bastion instances

D. se an Amazon Cognito custom authorizer to authenticate users

View answer

Correct Answer: AD

Question #8

A company has 700 TB of backup data stored in network attached storage (NAS) in its data center. This backup data need to be accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.What should a solutions architect do to migrate and store the data at the

A. rder AWS Snowball devices to transfer the data

B. eploy a VPN connection between the data center and Amazon VPC

C. rovision a 500 Mbps AWS Direct Connect connection and transfer the data to Amazon S3

D. se AWS DataSync to transfer the data and deploy a DataSync agent on premises

View answer

Correct Answer: A

Question #9

A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed. The solution also must offer improved performance, scaling, and durability with minimal effort from operations.Which solution meets these requirements?

A. igrate the databases to Amazon Aurora Serverless for Aurora MySQL

B. igrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL

C. ombine the databases into one larger MySQL database

D. reate an EC2 Auto Scaling group for the database tier

View answer

Correct Answer: A

Question #10

An ecommerce company stores terabytes of customer data in the AWS Cloud. The data contains personally identifiable information (PII). The company wants to use the data in three applications. Only one of the applications needs to process the PII. The PII must be removed before the other two applications process the data.Which solution will meet these requirements with the LEAST operational overhead?

A. tore the data in an Amazon DynamoDB table

B. tore the data in an Amazon S3 bucket

C. rocess the data and store the transformed data in three separate Amazon S3 buckets so that each application has its own custom dataset

D. rocess the data and store the transformed data in three separate Amazon DynamoDB tables so that each application has its own custom dataset

View answer

Correct Answer: B

Question #11

A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed. The solution also must offer improved performance, scaling, and durability with minimal effort from operations.Which solution meets these requirements?

A. igrate the databases to Amazon Aurora Serverless for Aurora MySQL

B. igrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL

C. ombine the databases into one larger MySQL database

D. reate an EC2 Auto Scaling group for the database tier

View answer

Correct Answer: A

Question #12

A company needs to ingest and handle large amounts of streaming data that its application generates. The application runs on Amazon EC2 instances and sends data to Amazon Kinesis Data Streams, which is configured with default settings. Every other day, the application consumes the data and writes the data to an Amazon S3 bucket for business intelligence (BI) processing. The company observes that Amazon S3 is not receiving all the data that the application sends to Kinesis Data Streams.What should a solution

A. pdate the Kinesis Data Streams default settings by modifying the data retention period

B. pdate the application to use the Kinesis Producer Library (KPL) to send the data to Kinesis Data Streams

C. pdate the number of Kinesis shards to handle the throughput of the data that is sent to Kinesis Data Streams

D. urn on S3 Versioning within the S3 bucket to preserve every version of every object that is ingested in the S3 bucket

View answer

Correct Answer: A

Question #13

A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.Which solutions will meet these requirements? (Choose two.)

A. onfigure an IAM policy for AWS Systems Manager Session Manager

B. reate an Amazon ElastiCache for Redis cache cluster that gives users the ability to access the data from the cache when the DB instance is stopped

C. aunch an Amazon EC2 instance

D. reate AWS Lambda functions to start and stop the DB instance

View answer

Correct Answer: AC

Question #14

An IoT company is releasing a mattress that has sensors to collect data about a user’s sleep. The sensors will send data to an Amazon S3 bucket. The sensors collect approximately 2 MB of data every night for each mattress. The company must process and summarize the data for each mattress. The results need to be available as soon as possible. Data processing will require 1 GB of memory and will finish within 30 seconds.Which solution will meet these requirements MOST cost-effectively?

A. se AWS Glue with a Scala job

B. se Amazon EMR with an Apache Spark script

C. se AWS Lambda with a Python script

D. se AWS Glue with a PySpark job

View answer

Correct Answer: C

Question #15

A company stores data in PDF format in an Amazon S3 bucket. The company must follow a legal requirement to retain all new and existing data in Amazon S3 for 7 years.Which solution will meet these requirements with the LEAST operational overhead?

A. urn on the S3 Versioning feature for the S3 bucket

B. urn on S3 Object Lock with governance retention mode for the S3 bucket

C. urn on S3 Object Lock with compliance retention mode for the S3 bucket

D. urn on S3 Object Lock with compliance retention mode for the S3 bucket

View answer

Correct Answer: D

Question #16

A company is concerned that two NAT instances in use will no longer be able to support the traffic needed for the company’s application. A solutions architect wants to implement a solution that is highly available, fault tolerant, and automatically scalable.What should the solutions architect recommend?

A. emove the two NAT instances and replace them with two NAT gateways in the same Availability Zone

B. se Auto Scaling groups with Network Load Balancers for the NAT instances in different Availability Zones

C. emove the two NAT instances and replace them with two NAT gateways in different Availability Zones

D. eplace the two NAT instances with Spot Instances in different Availability Zones and deploy a Network Load Balancer

View answer

Correct Answer: C

Question #17

A telemarketing company is designing its customer call center functionality on AWS. The company needs a solution that provides multiple speaker recognition and generates transcript files. The company wants to query the transcript files to analyze the business patterns. The transcript files must be stored for 7 years for auditing purposes.Which solution will meet these requirements?

A. onfigure an AWS Lambda function to be an authorizer in API Gateway to validate which user made the request

B. or each user, create and assign an API key that must be sent with each request

C. end the user’s email address in the header with every request

D. onfigure an Amazon Cognito user pool authorizer in API Gateway to allow Amazon Cognito to validate each request

View answer

Correct Answer: B

Question #18

An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Traffic must not traverse the internet.How should a solutions architect configure access to meet these requirements?

A. reate a private hosted zone by using Amazon Route 53

B. et up a gateway VPC endpoint for Amazon S3 in the VPC

C. onfigure the EC2 instances to use a NAT gateway to access the S3 bucket

D. stablish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket

View answer

Correct Answer: B

Question #19

A company is developing a marketing communications service that targets mobile app users. The company needs to send confirmation messages with Short Message Service (SMS) to its users. The users must be able to reply to the SMS messages. The company must store the responses for a year for analysis.What should a solutions architect do to meet these requirements?

A. reate an Amazon Connect contact flow to send the SMS messages

B. uild an Amazon Pinpoint journey

C. se Amazon Simple Queue Service (Amazon SQS) to distribute the SMS messages

D. reate an Amazon Simple Notification Service (Amazon SNS) FIFO topic

View answer

Correct Answer: B

Question #20

A company needs to migrate a MySQL database from its on-premises data center to AWS within 2 weeks. The database is 20 TB in size. The company wants to complete the migration with minimal downtime.Which solution will migrate the database MOST cost-effectively?

A. rder an AWS Snowball Edge Storage Optimized device

B. rder an AWS Snowmobile vehicle

C. rder an AWS Snowball Edge Compute Optimized with GPU device

D. rder a 1 GB dedicated AWS Direct Connect connection to establish a connection with the data center

View answer

Correct Answer: A

Question #21

An online learning company is migrating to the AWS Cloud. The company maintains its student records in a PostgreSQL database. The company needs a solution in which its data is available and online across multiple AWS Regions at all times.Which solution will meet these requirements with the LEAST amount of operational overhead?

A. igrate the PostgreSQL database to a PostgreSQL cluster on Amazon EC2 instances

B. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance with the Multi-AZ feature turned on

C. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance

D. igrate the PostgreSQL database to an Amazon RDS for PostgreSQL DB instance

View answer

Correct Answer: C

Question #22

A company has deployed a serverless application that invokes an AWS Lambda function when new documents are uploaded to an Amazon S3 bucket. The application uses the Lambda function to process the documents. After a recent marketing campaign, the company noticed that the application did not process many of the documents.What should a solutions architect do to improve the architecture of this application?

A. et the Lambda function's runtime timeout value to 15 minutes

B. onfigure an S3 bucket replication policy

C. eploy an additional Lambda function

D. reate an Amazon Simple Queue Service (Amazon SQS) queue

View answer

Correct Answer: D

Question #23

A company collects data from a large number of participants who use wearable devices. The company stores the data in an Amazon DynamoDB table and uses applications to analyze the data. The data workload is constant and predictable. The company wants to stay at or below its forecasted budget for DynamoDB.Which solution will meet these requirements MOST cost-effectively?

A. se provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA)

B. se provisioned mode

C. se on-demand mode

D. se on-demand mode

View answer

Correct Answer: B

Question #24

A company wants to create a mobile app that allows users to stream slow-motion video clips on their mobile devices. Currently, the app captures video clips and uploads the video clips in raw format into an Amazon S3 bucket. The app retrieves these video clips directly from the S3 bucket. However, the videos are large in their raw format.Users are experiencing issues with buffering and playback on mobile devices. The company wants to implement solutions to maximize the performance and scalability of the app

A. eploy Amazon CloudFront for content delivery and caching

B. se AWS DataSync to replicate the video files across AW'S Regions in other S3 buckets

C. se Amazon Elastic Transcoder to convert the video files to more appropriate formats

D. eploy an Auto Sealing group of Amazon EC2 instances in Local Zones for content delivery and caching

E. eploy an Auto Scaling group of Amazon EC2 instances to convert the video files to more appropriate formats

View answer

Correct Answer: A

Question #25

A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.How should a solutions architect grant this access to the vendor?

A. reate an IAM role in the company’s account to delegate access to the vendor’s IAM role

B. reate an IAM user in the company’s account with a password that meets the password complexity requirements

C. reate an IAM group in the company’s account

D. reate a new identity provider by choosing “AWS account” as the provider type in the IAM console

View answer

Correct Answer: A

Question #26

A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB). A solutions architect needs to modify the infrastructure to be highly available without modifying the application.Which architecture should the solutions architect choose that provides high availability?

A. reate an Auto Scaling group that uses three instances across each of two Regions

B. odify the Auto Scaling group to use three instances across each of two Availability Zones

C. reate an Auto Scaling template that can be used to quickly create more instances in another Region

D. hange the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier

View answer

Correct Answer: B

Question #27

A media company collects and analyzes user activity data on premises. The company wants to migrate this capability to AWS. The user activity data store will continue to grow and will be petabytes in size. The company needs to build a highly available data ingestion solution that facilitates on-demand analytics of existing data and new data with SQL.Which solution will meet these requirements with the LEAST operational overhead?

A. end activity data to an Amazon Kinesis data stream

B. end activity data to an Amazon Kinesis Data Firehose delivery stream

C. lace activity data in an Amazon S3 bucket

D. reate an ingestion service on Amazon EC2 instances that are spread across multiple Availability Zones

View answer

Correct Answer: B

Question #28

A company is running a business-critical web application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database that is deployed in a single Availability Zone. The company wants the application to be highly available with minimum downtime and minimum loss of data.Which solution will meet these requirements with the LEAST operational effort?

A. lace the EC2 instances in different AWS Regions

B. onfigure the Auto Scaling group to use multiple Availability Zones

C. onfigure the Auto Scaling group to use one Availability Zone

D. onfigure the Auto Scaling group to use multiple AWS Regions

View answer

Correct Answer: B

Question #29

A security team wants to limit access to specific services or actions in all of the team’s AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.What should a solutions architect do to accomplish this?

A. reate an ACL to provide access to the services or actions

B. reate a security group to allow accounts and attach it to user groups

C. reate cross-account roles in each account to deny access to the services or actions

D. reate a service control policy in the root organizational unit to deny access to the services or actions

View answer

Correct Answer: D

Question #30

A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.Which solution meets these requirements?

A. nable Amazon GuardDuty on the account

B. nable Amazon Inspector on the EC2 instances

C. nable AWS Shield and assign Amazon Route 53 to it

D. nable AWS Shield Advanced and assign the ELB to it

View answer

Correct Answer: D

Question #31

An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events, the job can take up to an hour to complete. The CPU and memory usage of the job are constant and are known in advance.A solutions architect needs to minimize the amount of operational effort that is needed for the job to run.Which solution meets these requirements?

A. reate an AWS Lambda function that has an Amazon EventBridge notification

B. reate an AWS Lambda function

C. reate an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type

D. reate an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least one EC2 instance

View answer

Correct Answer: C

Question #32

A research company runs experiments that are powered by a simulation application and a visualization application. The simulation application runs on Linux and outputs intermediate data to an NFS share every 5 minutes. The visualization application is a Windows desktop application that displays the simulation output and requires an SMB file system.The company maintains two synchronized file systems. This strategy is causing data duplication and inefficient resource usage. The company needs to migrate the app

A. igrate both applications to AWS Lambda

B. igrate both applications to Amazon Elastic Container Service (Amazon ECS)

C. igrate the simulation application to Linux Amazon EC2 instances

D. igrate the simulation application to Linux Amazon EC2 instances

View answer

Correct Answer: D

Question #33

A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL.What should a solutions architect do to meet these requirements?

A. mazon CloudFront and Amazon S3

B. WS Lambda and Amazon DynamoDB

C. pplication Load Balancer with Amazon EC2 Auto Scaling

D. mazon Route 53 with internal Application Load Balancers

View answer

Correct Answer: D

Question #34

An ecommerce company is building a distributed application that involves several serverless functions and AWS services to complete order-processing tasks. These tasks require manual approvals as part of the workflow. A solutions architect needs to design an architecture for the order-processing application. The solution must be able to combine multiple AWS Lambda functions into responsive serverless applications. The solution also must orchestrate data and services that run on Amazon EC2 instances, containe

A. se AWS Step Functions to build the application

B. ntegrate all the application components in an AWS Glue job

C. se Amazon Simple Queue Service (Amazon SQS) to build the application

D. se AWS Lambda functions and Amazon EventBridge events to build the application

View answer

Correct Answer: A

Question #35

A company wants to migrate its existing on-premises monolithic application to AWS. The company wants to keep as much of the front-end code and the backend code as possible. However, the company wants to break the application into smaller applications. A different team will manage each application. The company needs a highly scalable solution that minimizes operational overhead.Which solution will meet these requirements?

A. ost the application on AWS Lambda

B. ost the application with AWS Amplify

C. ost the application on Amazon EC2 instances

D. ost the application on Amazon Elastic Container Service (Amazon ECS)

View answer

Correct Answer: D

Question #36

A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.Which solution meets these requirements?

A. dd an execution role to the function with lambda:InvokeFunction as the action and * as the principal

B. dd an execution role to the function with lambda:InvokeFunction as the action and Service: lambda

C. dd a resource-based policy to the function with lambda:* as the action and Service: events

D. dd a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events

View answer

Correct Answer: D

Question #37

A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.What should a solutions architect do to meet these requirements when configuring the logs?

A. se Amazon CloudWatch as the target

B. se Amazon Kinesis as the target

C. se AWS CloudTrail as the target

D. se Amazon S3 as the target

View answer

Correct Answer: D

Question #38

A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet. However the company’s security policy states that any external service cannot initiate a connection to the EC2 instances.What should a solutions architect recommend to resolve this issue?

A. reate a NAT gateway and make it the destination of the subnet's route table

B. reate an internet gateway and make it the destination of the subnet's route table

C. reate a virtual private gateway and make it the destination of the subnet's route table

D. reate an egress-only internet gateway and make it the destination of the subnet's route table

View answer

Correct Answer: D

Question #39

A company deploys an application on five Amazon EC2 instances. An Application Load Balancer (ALB) distributes traffic to the instances by using a target group. The average CPU usage on each of the instances is below 10% most of the time, with occasional surges to 65%.A solutions architect needs to implement a solution to automate the scalability of the application. The solution must optimize the cost of the architecture and must ensure that the application has enough CPU resources when surges occur.Which so

A. reate an Amazon CloudWatch alarm that enters the ALARM state when the CPUUtilization metric is less than 20%

B. reate an EC2 Auto Scaling group

C. reate an EC2 Auto Scaling group

D. reate two Amazon CloudWatch alarms

View answer

Correct Answer: B

Question #40

A company has an automobile sales website that stores its listings in a database on Amazon RDS. When an automobile is sold, the listing needs to be removed from the website and the data must be sent to multiple target systems.Which design should a solutions architect recommend?

A. reate an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) queue for the targets to consume

B. reate an AWS Lambda function triggered when the database on Amazon RDS is updated to send the information to an Amazon Simple Queue Service (Amazon SQS) FIFO queue for the targets to consume

C. ubscribe to an RDS event notification and send an Amazon Simple Queue Service (Amazon SQS) queue fanned out to multiple Amazon Simple Notification Service (Amazon SNS) topics

D. ubscribe to an RDS event notification and send an Amazon Simple Notification Service (Amazon SNS) topic fanned out to multiple Amazon Simple Queue Service (Amazon SQS) queues

View answer

Correct Answer: C

Question #41

A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.What should the solutions architect do to enable Internet access for the private subnets?

A. reate three NAT gateways, one for each public subnet in each AZ

B. reate three NAT instances, one for each private subnet in each AZ

C. reate a second internet gateway on one of the private subnets

D. reate an egress-only internet gateway on one of the public subnets

View answer

Correct Answer: A

Question #42

A media company hosts its website on AWS. The website application’s architecture includes a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) and a database that is hosted on Amazon Aurora. The company’s cybersecurity team reports that the application is vulnerable to SQL injection.How should the company resolve this issue?

A. se AWS WAF in front of the ALB

B. reate an ALB listener rule to reply to SQL injections with a fixed response

C. ubscribe to AWS Shield Advanced to block all SQL injection attempts automatically

D. et up Amazon Inspector to block all SQL injection attempts automatically

View answer

Correct Answer: A

Question #43

A company previously migrated its data warehouse solution to AWS. The company also has an AWS Direct Connect connection. Corporate office users query the data warehouse using a visualization tool. The average size of a query returned by the data warehouse is 50 MB and each webpage sent by the visualization tool is approximately 500 KB. Result sets returned by the data warehouse are not cached.Which solution provides the LOWEST data transfer egress cost for the company?

A. ost the visualization tool on premises and query the data warehouse directly over the internet

B. ost the visualization tool in the same AWS Region as the data warehouse

C. ost the visualization tool on premises and query the data warehouse directly over a Direct Connect connection at a location in the same AWS Region

D. ost the visualization tool in the same AWS Region as the data warehouse and access it over a Direct Connect connection at a location in the same Region

View answer

Correct Answer: D

Question #44

A rapidly growing ecommerce company is running its workloads in a single AWS Region. A solutions architect must create a disaster recovery (DR) strategy that includes a different AWS Region. The company wants its database to be up to date in the DR Region with the least possible latency. The remaining infrastructure in the DR Region needs to run at reduced capacity and must be able to scale up if necessary.Which solution will meet these requirements with the LOWEST recovery time objective (RTO)?

A. se an Amazon Aurora global database with a pilot light deployment

B. se an Amazon Aurora global database with a warm standby deployment

C. se an Amazon RDS Multi-AZ DB instance with a pilot light deployment

D. se an Amazon RDS Multi-AZ DB instance with a warm standby deployment

View answer

Correct Answer: B

Question #45

A company is creating an application that runs on containers in a VPC. The application stores and accesses data in an Amazon S3 bucket. During the development phase, the application will store and access 1 TB of data in Amazon S3 each day. The company wants to minimize costs and wants to prevent traffic from traversing the internet whenever possible.Which solution will meet these requirements?

A. nable S3 Intelligent-Tiering for the S3 bucket

B. nable S3 Transfer Acceleration for the S3 bucket

C. reate a gateway VPC endpoint for Amazon S3

D. reate an interface endpoint for Amazon S3 in the VPC

View answer

Correct Answer: C

Question #46

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.What should a solutions architect do to meet these requirements?

A. reate an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins

B. reate an Amazon CloudFront distribution that has the ALB as an origin

C. reate an Amazon CloudFront distribution that has the S3 bucket as an origin

D. reate an Amazon CloudFront distribution that has the ALB as an origin

View answer

Correct Answer: A

Question #47

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

A. se a simple scaling policy to dynamically scale the Auto Scaling group

B. se a target tracking policy to dynamically scale the Auto Scaling group

C. se an AWS Lambda function ta update the desired Auto Scaling group capacity

D. se scheduled scaling actions to scale up and scale down the Auto Scaling group

View answer

Correct Answer: AE

Question #48

A company is using AWS to design a web application that will process insurance quotes. Users will request quotes from the application. Quotes must be separated by quote type, must be responded to within 24 hours, and must not get lost. The solution must maximize operational efficiency and must minimize maintenance.Which solution meets these requirements?

A. reate multiple Amazon Kinesis data streams based on the quote type

B. reate an AWS Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic for each quote type

C. reate a single Amazon Simple Notification Service (Amazon SNS) topic

D. reate multiple Amazon Kinesis Data Firehose delivery streams based on the quote type to deliver data streams to an Amazon OpenSearch Service cluster

View answer

Correct Answer: C

Question #49

An ecommerce company is experiencing an increase in user traffic. The company’s store is deployed on Amazon EC2 instances as a two-tier web application consisting of a web tier and a separate database tier. As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users. The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead.What should a solutions

A. reate a separate application tier using EC2 instances dedicated to email processing

B. onfigure the web instance to send email through Amazon Simple Email Service (Amazon SES)

C. onfigure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)

D. reate a separate application tier using EC2 instances dedicated to email processing

View answer

Correct Answer: B

Question #50

A gaming company has a web application that displays scores. The application runs on Amazon EC2 instances behind an Application Load Balancer. The application stores data in an Amazon RDS for MySQL database. Users are starting to experience long delays and interruptions that are caused by database read performance. The company wants to improve the user experience while minimizing changes to the application’s architecture.What should a solutions architect do to meet these requirements?

A. se Amazon ElastiCache in front of the database

B. se RDS Proxy between the application and the database

C. igrate the application from EC2 instances to AWS Lambda

D. igrate the database from Amazon RDS for MySQL to Amazon DynamoDB

View answer

Correct Answer: A

Question #51

A company operates an ecommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users.What should a solutions architect recommend?

A. eploy Amazon Inspector and associate it with the ALB

B. eploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule

C. eploy rules to the network ACLs associated with the ALB to block the incomingtraffic

D. eploy Amazon GuardDuty and enable rate-limiting protection when configuring GuardDuty

View answer

Correct Answer: B

Question #52

A company is creating an application that runs on containers in a VPC. The application stores and accesses data in an Amazon S3 bucket. During the development phase, the application will store and access 1 TB of data in Amazon S3 each day. The company wants to minimize costs and wants to prevent traffic from traversing the internet whenever possible.Which solution will meet these requirements?

A. nable S3 Intelligent-Tiering for the S3 bucket

B. nable S3 Transfer Acceleration for the S3 bucket

C. reate a gateway VPC endpoint for Amazon S3

D. reate an interface endpoint for Amazon S3 in the VPC

View answer

Correct Answer: C

Question #53

A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.Which combination of actions should the solutions architect take to accomplish this goal? (Choose two.)

A. dd an explicit rule to the private subnet’s network ACL to allow traffic from the web tier’s EC2 instances

B. dd a route in the VPC route table to allow traffic between the web tier’s EC2 instances and the database tier

C. eploy the web tier's EC2 instances and the database tier’s RDS instance into two separate VPCs, and configure VPC peering

D. dd an inbound rule to the security group of the database tier’s RDS instance to allow traffic from the web tiers security group

View answer

Correct Answer: DE

Question #54

A social media company runs its application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. The application has more than a billion images stored in an Amazon S3 bucket and processes thousands of images each second. The company wants to resize the images dynamically and serve appropriate formats to clients.Which solution will meet these requirements with the LEAST operational overhead?

A. reate a public SSL/TLS certificate in AWS Certificate Manager (ACM)

B. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)

C. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)

D. se the aws:SecureTransport condition on S3 bucket policies to allow only encrypted connections over HTTPS (TLS)

View answer

Correct Answer: C

Question #55

A gaming company is designing a highly available architecture. The application runs on a modified Linux kernel and supports only UDP-based traffic. The company needs the front-end tier to provide the best possible user experience. That tier must have low latency, route traffic to the nearest edge location, and provide static IP addresses for entry into the application endpoints.What should a solutions architect do to meet these requirements?

A. onfigure Amazon Route 53 to forward requests to an Application Load Balancer

B. onfigure Amazon CloudFront to forward requests to a Network Load Balancer

C. onfigure AWS Global Accelerator to forward requests to a Network Load Balancer

D. onfigure Amazon API Gateway to forward requests to an Application Load Balancer

View answer

Correct Answer: C

Question #56

A company is storing backup files by using Amazon S3 Standard storage. The files are accessed frequently for 1 month. However, the files are not accessed after 1 month. The company must keep the files indefinitely.Which storage solution will meet these requirements MOST cost-effectively?

A. onfigure S3 Intelligent-Tiering to automatically migrate objects

B. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Glacier Deep Archive after 1 month

C. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) after 1 month

D. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 month

View answer

Correct Answer: B

Question #57

An ecommerce company has noticed performance degradation of its Amazon RDS based web application. The performance degradation is attributed to an increase in the number of read-only SQL queries triggered by business analysts. A solutions architect needs to solve the problem with minimal changes to the existing web application.What should the solutions architect recommend?

A. xport the data to Amazon DynamoDB and have the business analysts run their queries

B. oad the data into Amazon ElastiCache and have the business analysts run their queries

C. reate a read replica of the primary database and have the business analysts run their queries

D. opy the data into an Amazon Redshift cluster and have the business analysts run their queries

View answer

Correct Answer: C

Question #58

A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing. As the popularity of the service has grown over time, the storage costs have become too expensive.Which storage solution is MOST cost-effective?

A. se AWS Storage Gateway for files to store and process the video content

B. se AWS Storage Gateway for volumes to store and process the video content

C. se Amazon EFS for storing the video content

D. se Amazon S3 for storing the video content

View answer

Correct Answer: D

Question #59

A company’s order system sends requests from clients to Amazon EC2 instances. The EC2 instances process the orders and then store the orders in a database on Amazon RDS. Users report that they must reprocess orders when the system fails. The company wants a resilient solution that can process orders automatically if a system outage occurs.What should a solutions architect do to meet these requirements?

A. ove the EC2 instances into an Auto Scaling group

B. ove the EC2 instances into an Auto Scaling group behind an Application Load Balancer (ALB)

C. ove the EC2 instances into an Auto Scaling group

D. reate an Amazon Simple Notification Service (Amazon SNS) topic

View answer

Correct Answer: C

Question #60

A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance.The database's performance degrades quickly as application load increases. The application handles more read requests than write transaction

A. se Amazon Redshift with a single node for leader and compute functionality

B. se Amazon RDS with a Single-AZ deployment

C. se Amazon Aurora with a Multi-AZ deployment

D. se Amazon ElastiCache for Memcached with EC2 Spot Instances

View answer

Correct Answer: C

Question #61

A company runs an application on Amazon EC2 instances. The company needs to implement a disaster recovery (DR) solution for the application. The DR solution needs to have a recovery time objective (RTO) of less than 4 hours. The DR solution also needs to use the fewest possible AWS resources during normal operations.Which solution will meet these requirements in the MOST operationally efficient way?

A. reate Amazon Machine Images (AMIs) to back up the EC2 instances

B. reate Amazon Machine Images (AMIs) to back up the EC2 instances

C. aunch EC2 instances in a secondary AWS Region

D. aunch EC2 instances in a secondary Availability Zone

View answer

Correct Answer: B

Question #62

A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east-1 Region to store customer transactions. The company needs high availability and automatic recovery for the DB instance.The company must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customers’ accounts. The company needs a solution that will improve the performance of the report process.Which combination of steps will m

A. uild out the workflow in AWS Glue

B. uild out the workflow in AWS Step Functions

C. uild out the workflow in Amazon EventBridge

D. uild out the workflow in AWS Step Functions

View answer

Correct Answer: AC

Question #63

A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.Which storage solution meets these requirements MOST cost-effectively?

A. mazon Elastic Block Store (Amazon EBS)

B. mazon Elastic File System (Amazon EFS)

C. mazon EC2 instance store

D. mazon S3

View answer

Correct Answer: D

Question #64

A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for IAM user passwords.What should the solutions architect do to accomplish this?

A. et an overall password policy for the entire AWS account

B. et a password policy for each IAM user in the AWS account

C. se third-party vendor software to set password requirements

D. ttach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements

View answer

Correct Answer: A

Question #65

A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images.Which method is the MOST cost-effective for hosting the website?

A. ontainerize the website and host it in AWS Fargate

B. reate an Amazon S3 bucket and host the website there

C. eploy a web server on an Amazon EC2 instance to host the website

D. onfigure an Application Load Balancer with an AWS Lambda target that uses the Express

View answer

Correct Answer: B

Question #66

An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.Which service should the solutions architect use to find the desired information?

A. mazon GuardDuty

B. mazon Inspector

C. WS CloudTrail

D. WS Config

View answer

Correct Answer: C

Question #67

A company provides an API to its users that automates inquiries for tax computations based on item prices. The company experiences a larger number of inquiries during the holiday season only that cause slower response times. A solutions architect needs to design a solution that is scalable and elastic.What should the solutions architect do to accomplish this?

A. rovide an API hosted on an Amazon EC2 instance

B. esign a REST API using Amazon API Gateway that accepts the item names

C. reate an Application Load Balancer that has two Amazon EC2 instances behind it

D. esign a REST API using Amazon API Gateway that connects with an API hosted on an Amazon EC2 instance

View answer

Correct Answer: B

Question #68

A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.Which solution will meet these requirements?

A. reate stage variables in API Gateway with Name="Endpoint-URL" and Value="Company Domain Name" to overwrite the default URL

B. reate Route 53 DNS records with the company's domain name

C. reate a Regional API Gateway endpoint

D. reate a Regional API Gateway endpoint

View answer

Correct Answer: C

Question #69

A company stores data in an Amazon Aurora PostgreSQL DB cluster. The company must store all the data for 5 years and must delete all the data after 5 years. The company also must indefinitely keep audit logs of actions that are performed within the database. Currently, the company has automated backups configured for Aurora.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A. mazon CloudFront

B. WS Global Accelerator

C. mazon Route 53

D. mazon S3 Transfer Acceleration

View answer

Correct Answer: BE

Question #70

A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL DB instance in the database subnet must be accessible only to the web servers on port 3306.Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

A. onfigure an Amazon Route 53 failover routing policy

B. se AWS Global Accelerator

C. se AWS Global Accelerator

D. onfigure an Amazon Route 53 failover routing policy

View answer

Correct Answer: CD

Question #71

A company is migrating its on-premises workload to the AWS Cloud. The company already uses several Amazon EC2 instances and Amazon RDS DB instances. The company wants a solution that automatically starts and stops the EC2 instances and DB instances outside of business hours. The solution must minimize cost and infrastructure maintenance.Which solution will meet these requirements?

A. cale the EC2 instances by using elastic resize

B. xplore AWS Marketplace for partner solutions that will automatically start and stop the EC2 instances and DB instances on a schedule

C. aunch another EC2 instance

D. reate an AWS Lambda function that will start and stop the EC2 instances and DB instances

View answer

Correct Answer: D

Question #72

A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.What should a solutions architect do to accomplish this?

A. se Amazon S3 with Transfer Acceleration to host the application

B. se Amazon S3 with CacheControl headers to host the application

C. se Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application

D. se Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application

View answer

Correct Answer: A

Question #73

An ecommerce company is experiencing an increase in user traffic. The company’s store is deployed on Amazon EC2 instances as a two-tier web application consisting of a web tier and a separate database tier. As traffic increases, the company notices that the architecture is causing significant delays in sending timely marketing and order confirmation email to users. The company wants to reduce the time it spends resolving complex email delivery issues and minimize operational overhead.What should a solutions

A. reate a separate application tier using EC2 instances dedicated to email processing

B. onfigure the web instance to send email through Amazon Simple Email Service (Amazon SES)

C. onfigure the web instance to send email through Amazon Simple Notification Service (Amazon SNS)

D. reate a separate application tier using EC2 instances dedicated to email processing

View answer

Correct Answer: B

Question #74

A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new files and must restrict all other users to read-only access. No users can have the ability to modify or delete any files in the repository. The company must keep every file in the repository for a minimum of 1 year after its creation date.Which solution will meet these requirements?

A. se S3 Object Lock in governance mode with a legal hold of 1 year

B. se S3 Object Lock in compliance mode with a retention period of 365 days

C. se an IAM role to restrict all users from deleting or changing objects in the S3 bucket

D. onfigure the S3 bucket to invoke an AWS Lambda function every time an object is added

View answer

Correct Answer: B

Question #75

A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company’s account.Which solution will meet these requirements with the LEAST operational overhead?

A. reate an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected

B. onfigure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3

C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call

D. onfigure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs

View answer

Correct Answer: D

Question #76

A company experienced a breach that affected several applications in its on-premises data center. The attacker took advantage of vulnerabilities in the custom applications that were running on the servers. The company is now migrating its applications to run on Amazon EC2 instances. The company wants to implement a solution that actively scans for vulnerabilities on the EC2 instances and sends a report that details the findings.Which solution will meet these requirements?

A. eploy AWS Shield to scan the EC2 instances for vulnerabilities

B. eploy Amazon Macie and AWS Lambda functions to scan the EC2 instances for vulnerabilities

C. urn on Amazon GuardDuty

D. urn on Amazon Inspector

View answer

Correct Answer: D

Question #77

A company’s application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month-end financial calculation batch runs. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.What should a solutions architect recommend to ensure the application is able t

A. onfigure an Amazon CloudFront distribution in front of the ALB

B. onfigure an EC2 Auto Scaling simple scaling policy based on CPU utilization

C. onfigure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule

D. onfigure Amazon ElastiCache to remove some of the workload from the EC2 instances

View answer

Correct Answer: C

Question #78

A rapidly growing ecommerce company is running its workloads in a single AWS Region. A solutions architect must create a disaster recovery (DR) strategy that includes a different AWS Region. The company wants its database to be up to date in the DR Region with the least possible latency. The remaining infrastructure in the DR Region needs to run at reduced capacity and must be able to scale up if necessary.Which solution will meet these requirements with the LOWEST recovery time objective (RTO)?

A. se an Amazon Aurora global database with a pilot light deployment

B. se an Amazon Aurora global database with a warm standby deployment

C. se an Amazon RDS Multi-AZ DB instance with a pilot light deployment

D. se an Amazon RDS Multi-AZ DB instance with a warm standby deployment

View answer

Correct Answer: B

Question #79

A company is migrating a Linux-based web server group to AWS. The web servers must access files in a shared file store for some content. The company must not make any changes to the application.What should a solutions architect do to meet these requirements?

A. reate an Amazon S3 Standard bucket with access to the web servers

B. onfigure an Amazon CloudFront distribution with an Amazon S3 bucket as the origin

C. reate an Amazon Elastic File System (Amazon EFS) file system

D. onfigure a General Purpose SSD (gp3) Amazon Elastic Block Store (Amazon EBS) volume

View answer

Correct Answer: C

Question #80

A company is using a SQL database to store movie data that is publicly accessible. The database runs on an Amazon RDS Single-AZ DB instance. A script runs queries at random intervals each day to record the number of new movies that have been added to the database. The script must report a final total during business hours.The company's development team notices that the database performance is inadequate for development tasks when the script is running. A solutions architect must recommend a solution to reso

A. odify the DB instance to be a Multi-AZ deployment

B. reate a read replica of the database

C. nstruct the development team to manually export the entries in the database at the end of each day

D. se Amazon ElastiCache to cache the common queries that the script runs against the database

View answer

Correct Answer: B

Question #81

A company stores its data objects in Amazon S3 Standard storage. A solutions architect has found that 75% of the data is rarely accessed after 30 days. The company needs all the data to remain immediately accessible with the same high availability and resiliency, but the company wants to minimize storage costs.Which storage solution will meet these requirements?

A. ove the data objects to S3 Glacier Deep Archive after 30 days

B. ove the data objects to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days

C. ove the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days

D. ove the data objects to S3 One Zone-Infrequent Access (S3 One Zone-IA) immediately

View answer

Correct Answer: B

Question #82

A company runs an application on Amazon EC2 Linux instances across multiple Availability Zones. The application needs a storage layer that is highly available and Portable Operating System Interface (POSIX)-compliant. The storage layer must provide maximum data durability and must be shareable across the EC2 instances. The data in the storage layer will be accessed frequently for the first 30 days and will be accessed infrequently after that time.Which solution will meet these requirements MOST cost-effecti

A. se the Amazon S3 Standard storage class

B. se the Amazon S3 Standard storage class

C. se the Amazon Elastic File System (Amazon EFS) Standard storage class

D. se the Amazon Elastic File System (Amazon EFS) One Zone storage class

View answer

Correct Answer: C

Question #83

A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company must ensure that no API calls and no data are routed through public internet routes. Only the EC2 instance can have access to upload data to the S3 bucket.Which solution will meet these requirements?

A. reate an interface VPC endpoint for Amazon S3 in the subnet where the EC2 instance is located

B. reate a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located

C. un the nslookup tool from inside the EC2 instance to obtain the private IP address of the S3 bucket’s service API endpoint

D. se the AWS provided, publicly available ip-ranges

View answer

Correct Answer: B

Question #84

A company has a business system that generates hundreds of reports each day. The business system saves the reports to a network share in CSV format. The company needs to store this data in the AWS Cloud in near-real time for analysis.Which solution will meet these requirements with the LEAST administrative overhead?

A. se AWS DataSync to transfer the files to Amazon S3

B. reate an Amazon S3 File Gateway

C. se AWS DataSync to transfer the files to Amazon S3

D. eploy an AWS Transfer for SFTP endpoint

View answer

Correct Answer: B

Question #85

A company uses AWS Organizations. The company wants to operate some of its AWS accounts with different budgets. The company wants to receive alerts and automatically prevent provisioning of additional resources on AWS accounts when the allocated budget threshold is met during a specific period.Which combination of solutions will meet these requirements? (Choose three.)

A. reate a disaster recovery (DR) plan that has a similar number of EC2 instances in the second Region

B. reate point-in-time Amazon Elastic Block Store (Amazon EBS) snapshots of the EC2 instances

C. reate a backup plan by using AWS Backup

D. eploy a similar number of EC2 instances in the second Region

View answer

Correct Answer: BDF

Question #86

A company has a legacy data processing application that runs on Amazon EC2 instances. Data is processed sequentially, but the order of results does not matter. The application uses a monolithic architecture. The only way that the company can scale the application to meet increased demand is to increase the size of the instances.The company’s developers have decided to rewrite the application to use a microservices architecture on Amazon Elastic Container Service (Amazon ECS).What should a solutions architec

A. reate an Amazon Simple Queue Service (Amazon SQS) queue

B. reate an Amazon Simple Notification Service (Amazon SNS) topic

C. reate an AWS Lambda function to pass messages

D. reate an Amazon DynamoDB table

View answer

Correct Answer: A

Question #87

A company has 700 TB of backup data stored in network attached storage (NAS) in its data center. This backup data need to be accessible for infrequent regulatory requests and must be retained 7 years. The company has decided to migrate this backup data from its data center to AWS. The migration must be complete within 1 month. The company has 500 Mbps of dedicated bandwidth on its public internet connection available for data transfer.What should a solutions architect do to migrate and store the data at the

A. rder AWS Snowball devices to transfer the data

B. eploy a VPN connection between the data center and Amazon VPC

C. rovision a 500 Mbps AWS Direct Connect connection and transfer the data to Amazon S3

D. se AWS DataSync to transfer the data and deploy a DataSync agent on premises

View answer

Correct Answer: A

Question #88

A company’s web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.Which configuration will meet this requirement?

A. onfigure the security group for the EC2 instances

B. onfigure the security group on the Application Load Balancer

C. onfigure AWS WAF on the Application Load Balancer in a VP

D. onfigure the network ACL for the subnet that contains the EC2 instances

View answer

Correct Answer: C

Question #89

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never al

A. opy the data so both EBS volumes contain all the documents

B. onfigure the Application Load Balancer to direct a user to the server with the documents

C. opy the data from both EBS volumes to Amazon EFS

D. onfigure the Application Load Balancer to send the request to both servers

View answer

Correct Answer: C

Question #90

A company is building an application in the AWS Cloud. The application will store data in Amazon S3 buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt all data that is stored in the S3 buckets. The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.Which solution will meet these requirements with the LEAST operational overhead?

A. reate an S3 bucket in each Region

B. reate a customer managed multi-Region KMS key

C. reate a customer managed KMS key and an S3 bucket in each Region

D. reate a customer managed KMS key and an S3 bucket in each Region

View answer

Correct Answer: C

Question #91

A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company’s security policy requires that all website traffic be inspected by AWS WAF.How should the solutions architect comply with these requirements?

A. onfigure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only

B. onfigure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin

C. onfigure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only

D. onfigure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket

View answer

Correct Answer: D

Question #92

A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires minimal application changes.Which method should the solutions architect select?

A. onfigure Amazon DynamoDB Accelerator (DAX) for the new messages table

B. dd DynamoDB read replicas to handle the increased read load

C. ouble the number of read capacity units for the new messages table in DynamoDB

D. dd an Amazon ElastiCache for Redis cache to the application stack

View answer

Correct Answer: A

Question #93

A company is developing a real-time multiplayer game that uses UDP for communications between the client and servers in an Auto Scaling group. Spikes in demand are anticipated during the day, so the game server platform must adapt accordingly. Developers want to store gamer scores and other non-relational data in a database solution that will scale without intervention.Which solution should a solutions architect recommend?

A. se Amazon Route 53 for traffic distribution and Amazon Aurora Serverless for data storage

B. se a Network Load Balancer for traffic distribution and Amazon DynamoDB on-demand for data storage

C. se a Network Load Balancer for traffic distribution and Amazon Aurora Global Database for data storage

D. se an Application Load Balancer for traffic distribution and Amazon DynamoDB global tables for data storage

View answer

Correct Answer: B

Question #94

A company runs an application using Amazon ECS. The application creates resized versions of an original image and then makes Amazon S3 API calls to store the resized images in Amazon S3.How can a solutions architect ensure that the application has permission to access Amazon S3?

A. pdate the S3 role in AWS IAM to allow read/write access from Amazon ECS, and then relaunch the container

B. reate an IAM role with S3 permissions, and then specify that role as the taskRoleArn in the task definition

C. reate a security group that allows access from Amazon ECS to Amazon S3, and update the launch configuration used by the ECS cluster

D. reate an IAM user with S3 permissions, and then relaunch the Amazon EC2 instances for the ECS cluster while logged in as this account

View answer

Correct Answer: B

Question #95

A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time.Which solution will meet this requirement with the LEAST operational overhead?

A. onfigure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service)

B. reate an AWS Lambda function

C. reate an Amazon Kinesis Data Firehose delivery stream

D. nstall and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams

View answer

Correct Answer: A

Question #96

A company runs its application on an Oracle database. The company plans to quickly migrate to AWS because of limited resources for the database, backup administration, and data center maintenance. The application uses third-party database features that require privileged access.Which solution will help the company migrate the database to AWS MOST cost-effectively?

A. igrate the database to Amazon RDS for Oracle

B. igrate the database to Amazon RDS Custom for Oracle

C. igrate the database to an Amazon EC2 Amazon Machine Image (AMI) for Oracle

D. igrate the database to Amazon RDS for PostgreSQL by rewriting the application code to remove dependency on Oracle APEX

View answer

Correct Answer: B

Question #97

A company needs to transfer 600 TB of data from its on-premises network-attached storage (NAS) system to the AWS Cloud. The data transfer must be complete within 2 weeks. The data is sensitive and must be encrypted in transit. The company’s internet connection can support an upload speed of 100 Mbps.Which solution meets these requirements MOST cost-effectively?

A. se Amazon S3 multi-part upload functionality to transfer the files over HTTPS

B. reate a VPN connection between the on-premises NAS system and the nearest AWS Region

C. se the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices

D. et up a 10 Gbps AWS Direct Connect connection between the company location and the nearest AWS Region

View answer

Correct Answer: C

Question #98

A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company's product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solutions architect must provide access to the product manager by following the principle of least privilege.Which solution will meet these requirements?

A. hare the dashboard from the CloudWatch console

B. reate an IAM user specifically for the product manager

C. reate an IAM user for the company's employees

D. eploy a bastion server in a public subnet

View answer

Correct Answer: A

Question #99

A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region. Most of the company's users are located in the United States and Europe. The company wants to improve the performance and availability of the solution. The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB.Which solution can the company use to route traffic to all the EC2 instances?

A. reate an Amazon Route 53 geolocation routing policy to route requests to one of the two NLBs

B. reate a standard accelerator in AWS Global Accelerator

C. ttach Elastic IP addresses to the six EC2 instances

D. eplace the two NLBs with two Application Load Balancers (ALBs)

View answer

Correct Answer: B

Question #100

A transaction processing company has weekly scripted batch jobs that run on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group. The number of transactions can vary, but the baseline CPU utilization that is noted on each run is at least 60%. The company needs to provision the capacity 30 minutes before the jobs run.Currently, engineers complete this task by manually modifying the Auto Scaling group parameters. The company does not have the resources to analyze the required capacity trends f

A. reate a dynamic scaling policy for the Auto Scaling group

B. reate a scheduled scaling policy for the Auto Scaling group

C. reate a predictive scaling policy for the Auto Scaling group

D. reate an Amazon EventBridge event to invoke an AWS Lambda function when the CPU utilization metric value for the Auto Scaling group reaches 60%

View answer

Correct Answer: C

Question #101

A company has an application that places hundreds of .csv files into an Amazon S3 bucket every hour. The files are 1 GB in size. Each time a file is uploaded, the company needs to convert the file to Apache Parquet format and place the output file into an S3 bucket.Which solution will meet these requirements with the LEAST operational overhead?

A. reate an AWS Lambda function to download the

B. reate an Apache Spark job to read the

C. reate an AWS Glue table and an AWS Glue crawler for the S3 bucket where the application places the

D. reate an AWS Glue extract, transform, and load (ETL) job to convert the

View answer

Correct Answer: D

Question #102

A company observes an increase in Amazon EC2 costs in its most recent bill. The billing team notices unwanted vertical scaling of instance types for a couple of EC2 instances. A solutions architect needs to create a graph comparing the last 2 months of EC2 costs and perform an in-depth analysis to identify the root cause of the vertical scaling.How should the solutions architect generate the information with the LEAST operational overhead?

A. se AWS Budgets to create a budget report and compare EC2 costs based on instance types

B. se Cost Explorer's granular filtering feature to perform an in-depth analysis of EC2 costs based on instance types

C. se graphs from the AWS Billing and Cost Management dashboard to compare EC2 costs based on instance types for the last 2 months

D. se AWS Cost and Usage Reports to create a report and send it to an Amazon S3 bucket

View answer

Correct Answer: C

Question #103

A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function.Which solution meets these requirements?

A. dd an execution role to the function with lambda:InvokeFunction as the action and * as the principal

B. dd an execution role to the function with lambda:InvokeFunction as the action and Service: lambda

C. dd a resource-based policy to the function with lambda:* as the action and Service: events

D. dd a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events

View answer

Correct Answer: D

Question #104

A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after the files are created. After 7 days the files are rarely accessed.The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle man

A. se AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS

B. reate an Amazon S3 File Gateway to extend the company's storage space

C. reate an Amazon FSx for Windows File Server file system to extend the company's storage space

D. nstall a utility on each user's computer to access Amazon S3

View answer

Correct Answer: D

Question #105

A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). All ecommerce data is stored in an Amazon RDS for MariaDB Multi-AZ DB instance.The company wants to optimize customer session management during transactions. The application must store session data durably.Which solutions will meet these requirements? (Choose two.)

A. ake snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances and database every 2 hours to meet the RPO

B. onfigure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots

C. etain the latest Amazon Machine Images (AMIs) of the web and application tiers

D. ake snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances every 2 hours

View answer

Correct Answer: AD

Question #106

A company is running a multi-tier web application on premises. The web application is containerized and runs on a number of Linux hosts connected to a PostgreSQL database that contains user records. The operational overhead of maintaining the infrastructure and capacity planning is limiting the company's growth. A solutions architect must improve the application's infrastructure.Which combination of actions should the solutions architect take to accomplish this? (Choose two.)

A. se a simple scaling policy to dynamically scale the Auto Scaling group

B. se a target tracking policy to dynamically scale the Auto Scaling group

C. se an AWS Lambda function ta update the desired Auto Scaling group capacity

D. se scheduled scaling actions to scale up and scale down the Auto Scaling group

View answer

Correct Answer: AE

Question #107

A reporting team receives files each day in an Amazon S3 bucket. The reporting team manually reviews and copies the files from this initial S3 bucket to an analysis S3 bucket each day at the same time to use with Amazon QuickSight. Additional teams are starting to send more files in larger sizes to the initial S3 bucket.The reporting team wants to move the files automatically analysis S3 bucket as the files enter the initial S3 bucket. The reporting team also wants to use AWS Lambda functions to run pattern

A. reate a Lambda function to copy the files to the analysis S3 bucket

B. reate a Lambda function to copy the files to the analysis S3 bucket

C. onfigure S3 replication between the S3 buckets

D. onfigure S3 replication between the S3 buckets

View answer

Correct Answer: D

Question #108

A company has an Amazon S3 data lake that is governed by AWS Lake Formation. The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database. The company wants to enforce column-level authorization so that the company’s marketing team can access only a subset of columns in the database.Which solution will meet these requirements with the LEAST operational overhead?

A. se Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine

B. se AWS Glue Studio to ingest the data from the database to the S3 data lake

C. se AWS Glue Elastic Views to create a materialized view for the database in Amazon S3

D. se a Lake Formation blueprint to ingest the data from the database to the S3 data lake

View answer

Correct Answer: D

Question #109

A company runs an on-premises application that is powered by a MySQL database. The company is migrating the application to AWS to increase the application's elasticity and availability.The current architecture shows heavy read activity on the database during times of normal operation. Every 4 hours, the company's development team pulls a full export of the production database to populate a database in the staging environment. During this period, users experience unacceptable application latency. The develop

A. se Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production

B. se Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production

C. se Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production

D. se Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production

View answer

Correct Answer: B

Question #110

A company is using a centralized AWS account to store log data in various Amazon S3 buckets. A solutions architect needs to ensure that the data is encrypted at rest before the data is uploaded to the S3 buckets. The data also must be encrypted in transit.Which solution meets these requirements?

A. se client-side encryption to encrypt the data that is being uploaded to the S3 buckets

B. se server-side encryption to encrypt the data that is being uploaded to the S3 buckets

C. reate bucket policies that require the use of server-side encryption with S3 managed encryption keys (SSE-S3) for S3 uploads

D. nable the security option to encrypt the S3 buckets through the use of a default AWS Key Management Service (AWS KMS) key

View answer

Correct Answer: A

Question #111

A company owns an asynchronous API that is used to ingest user requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processing microservices.The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is

A. dd throttling on the API Gateway with server-side throttling limits

B. se DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoD

C. reate a secondary index in DynamoDB for the table with the user requests

D. se the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB

View answer

Correct Answer: D

Question #112

A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year.Which solution meets these requirements and is the MOST operationally efficient?

A. erver-side encryption with customer-provided keys (SSE-C)

B. erver-side encryption with Amazon S3 managed keys (SSE-S3)

C. erver-side encryption with AWS KMS keys (SSE-KMS) with manual rotation

D. erver-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation

View answer

Correct Answer: D

Question #113

A company is developing a two-tier web application on AWS. The company's developers have deployed the application on an Amazon EC2 instance that connects directly to a backend Amazon RDS database. The company must not hardcode database credentials in the application. The company must also implement a solution to automatically rotate the database credentials on a regular basis.Which solution will meet these requirements with the LEAST operational overhead?

A. tore the database credentials in the instance metadata

B. tore the database credentials in a configuration file in an encrypted Amazon S3 bucket

C. tore the database credentials as a secret in AWS Secrets Manager

D. tore the database credentials as encrypted parameters in AWS Systems Manager Parameter Store

View answer

Correct Answer: C

Question #114

The following IAM policy is attached to an IAM group. This is the only policy applied to the group.What are the effective IAM permissions of this policy for group members?

A. roup members are permitted any Amazon EC2 action within the us-east-1 Region

B. roup members are denied any Amazon EC2 permissions in the us-east-1 Region unless they are logged in with multi-factor authentication (MFA)

C. roup members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for all Regions when logged in with multi-factor authentication (MFA)

D. roup members are allowed the ec2:StopInstances and ec2:TerminateInstances permissions for the us-east-1 Region only when logged in with multi-factor authentication (MFA)

View answer

Correct Answer: D

Question #115

A company’s infrastructure consists of Amazon EC2 instances and an Amazon RDS DB instance in a single AWS Region. The company wants to back up its data in a separate Region.Which solution will meet these requirements with the LEAST operational overhead?

A. se AWS Backup to copy EC2 backups and RDS backups to the separate Region

B. se Amazon Data Lifecycle Manager (Amazon DLM) to copy EC2 backups and RDS backups to the separate Region

C. reate Amazon Machine Images (AMIs) of the EC2 instances

D. reate Amazon Elastic Block Store (Amazon EBS) snapshots

View answer

Correct Answer: A

Question #116

A company wants to run its critical applications in containers to meet requirements for scalability and availability. The company prefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.What should a solutions architect do to meet these requirements?

A. se Amazon EC2 instances, and install Docker on the instances

B. se Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes

C. se Amazon Elastic Container Service (Amazon ECS) on AWS Fargate

D. se Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)-optimized Amazon Machine Image (AMI)

View answer

Correct Answer: C

Question #117

A company is using Amazon Route 53 latency-based routing to route requests to its UDP-based application for users around the world. The application is hosted on redundant servers in the company's on-premises data centers in the United States, Asia, and Europe. The company’s compliance requirements state that the application must be hosted on premises. The company wants to improve the performance and availability of the application.What should a solutions architect do to meet these requirements?

A. onfigure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints

B. onfigure three Application Load Balancers (ALBs) in the three AWS Regions to address the on-premises endpoints

C. onfigure three Network Load Balancers (NLBs) in the three AWS Regions to address the on-premises endpoints

D. onfigure three Application Load Balancers (ALBs) in the three AWS Regions to address the on-premises endpoints

View answer

Correct Answer: A

Question #118

A company’s facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company’s security team to analyze.Which system architecture should the solutions architect recommend?

A. aunch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages

B. reate an HTTPS endpoint in Amazon API Gateway

C. se Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function

D. reate a gateway VPC endpoint for Amazon S3

View answer

Correct Answer: B

Question #119

A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.Which solution will meet these requirements with the LEAST operational overhead?

A. opy the required data to a common account

B. se the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data

C. se AWS Data Exchange to privately publish the required data to the required engineering team accounts

D. se Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts

View answer

Correct Answer: D

Question #120

A solutions architect is designing the architecture for a software demonstration environment. The environment will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The system will experience significant increases in traffic during working hours but is not required to operate on weekends.Which combination of actions should the solutions architect take to ensure that the system can scale to meet demand? (Choose two.)

A. reate an AWS DataSync task that shares the data as a mountable file system

B. reate an AWS Storage Gateway file gateway

C. reate an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre

D. reate an Amazon FSx for Lustre file system

View answer

Correct Answer: DE

Question #121

A manufacturing company has machine sensors that upload .csv files to an Amazon S3 bucket. These .csv files must be converted into images and must be made available as soon as possible for the automatic generation of graphical reports.The images become irrelevant after 1 month, but the .csv files must be kept to train machine learning (ML) models twice a year. The ML trainings and audits are planned weeks in advance.Which combination of steps will meet these requirements MOST cost-effectively? (Choose two.)

A. et up an Amazon ElastiCache for Memcached cluster to cache the scores for the web application to display

B. et up an Amazon ElastiCache for Redis cluster to compute and cache the scores for the web application to display

C. lace an Amazon CloudFront distribution in front of the web application to cache the scoreboard in a section of the application

D. reate a read replica on Amazon RDS for MySQL to run queries to compute the scoreboard and serve the read traffic to the web application

View answer

Correct Answer: BC

Question #122

A company plans to use Amazon ElastiCache for its multi-tier web application. A solutions architect creates a Cache VPC for the ElastiCache cluster and an App VPC for the application’s Amazon EC2 instances. Both VPCs are in the us-east-1 Region.The solutions architect must implement a solution to provide the application’s EC2 instances with access to the ElastiCache cluster.Which solution will meet these requirements MOST cost-effectively?

A. reate a Route 53 simple routing policy record for each EC2 instance

B. reate a Route 53 failover routing policy record for each EC2 instance

C. reate an Amazon CloudFront distribution with EC2 instances as its origin

D. reate an Application Load Balancer (ALB) with a health check in front of the EC2 instances

View answer

Correct Answer: A

Question #123

A company has an aging network-attached storage (NAS) array in its data center. The NAS array presents SMB shares and NFS shares to client workstations. The company does not want to purchase a new NAS array. The company also does not want to incur the cost of renewing the NAS array’s support contract. Some of the data is accessed frequently, but much of the data is inactive.A solutions architect needs to implement a solution that migrates the data to Amazon S3, uses S3 Lifecycle policies, and maintains the

A. olume Gateway

B. ape Gateway

C. mazon FSx File Gateway

D. mazon S3 File Gateway

View answer

Correct Answer: D

Question #124

A company stores call transcript files on a monthly basis. Users access the files randomly within 1 year of the call, but users access the files infrequently after 1 year. The company wants to optimize its solution by giving users the ability to query and retrieve files that are less than 1-year-old as quickly as possible. A delay in retrieving older files is acceptable.Which solution will meet these requirements MOST cost-effectively?

A. tore individual files with tags in Amazon S3 Glacier Instant Retrieval

B. tore individual files in Amazon S3 Intelligent-Tiering

C. tore individual files with tags in Amazon S3 Standard storage

D. tore individual files in Amazon S3 Standard storage

View answer

Correct Answer: B

Question #125

A company has hundreds of Amazon EC2 Linux-based instances in the AWS Cloud. Systems administrators have used shared SSH keys to manage the instances. After a recent audit, the company’s security team is mandating the removal of all shared keys. A solutions architect must design a solution that provides secure access to the EC2 instances.Which solution will meet this requirement with the LEAST amount of administrative overhead?

A. ublish data to Amazon Kinesis Data Streams

B. ublish data to Amazon Kinesis Data Firehose with Amazon Redshift as the destination

C. tore ingested data in an EC2 instance store

D. tore ingested data in an Amazon Elastic Block Store (Amazon EBS) volume

View answer

Correct Answer: A

Question #126

A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.Which design should the solutions architect use?

A. reate an Amazon SNS topic to send the jobs that need to be processed

B. reate an Amazon SQS queue to hold the jobs that need to be processed

C. reate an Amazon SQS queue to hold the jobs that need to be processed

D. reate an Amazon SNS topic to send the jobs that need to be processed

View answer

Correct Answer: C

Question #127

A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.Which solution meets these requirements?

A. stablish AWS VPN connections and proxy all traffic through a VPC gateway endpoint

B. stablish a new AWS Direct Connect connection and direct backup traffic through this new connection

C. rder daily AWS Snowball devices

D. ubmit a support ticket through the AWS Management Console

View answer

Correct Answer: B

Question #128

A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificates that are imported into AWS Certificate Manager (ACM). The company's security team must be notified 30 days before the expiration of each certificate.What should a solutions architect recommend to meet this requirement?

A. dd a rule in ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day, beginning 30 days before any certificate will expire

B. reate an AWS Config rule that checks for certificates that will expire within 30 days

C. se AWS Trusted Advisor to check for certificates that will expire within 30 days

D. reate an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 days

View answer

Correct Answer: D

Question #129

A company needs to store data from its healthcare application. The application’s data frequently changes. A new regulation requires audit access at all levels of the stored data.The company hosts the application on an on-premises infrastructure that is running out of storage capacity. A solutions architect must securely migrate the existing data to AWS while satisfying the new regulation.Which solution will meet these requirements?

A. se AWS DataSync to move the existing data to Amazon S3

B. se AWS Snowcone to move the existing data to Amazon S3

C. se Amazon S3 Transfer Acceleration to move the existing data to Amazon S3

D. se AWS Storage Gateway to move the existing data to Amazon S3

View answer

Correct Answer: B

Question #130

A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week.What should the company do to guarantee the EC2 capacity?

A. ove the catalog to Amazon ElastiCache for Redis

B. eploy a larger EC2 instance with a larger instance store

C. ove the catalog from the instance store to Amazon S3 Glacier Deep Archive

D. ove the catalog to an Amazon Elastic File System (Amazon EFS) file system

View answer

Correct Answer: D

Question #131

A company has more than 5 TB of file data on Windows file servers that run on premises. Users and applications interact with the data each day.The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency. The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection f

A. eploy and configure Amazon FSx for Windows File Server on AWS

B. eploy and configure an Amazon S3 File Gateway on premises

C. eploy and configure an Amazon S3 File Gateway on premises

D. eploy and configure Amazon FSx for Windows File Server on AWS

View answer

Correct Answer: D

Question #132

A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand.What should a solutions architect recommend to meet these requirements?

A. ove the database to Amazon RDS, and enable automatic backups

B. igrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance

C. ove the database to Amazon Aurora with a read replica in another Availability Zone

D. ove the database to a separate EC2 instance, and schedule backups to Amazon S3

View answer

Correct Answer: C

Question #133

An ecommerce company stores terabytes of customer data in the AWS Cloud. The data contains personally identifiable information (PII). The company wants to use the data in three applications. Only one of the applications needs to process the PII. The PII must be removed before the other two applications process the data.Which solution will meet these requirements with the LEAST operational overhead?

A. tore the data in an Amazon DynamoDB table

B. tore the data in an Amazon S3 bucket

C. rocess the data and store the transformed data in three separate Amazon S3 buckets so that each application has its own custom dataset

D. rocess the data and store the transformed data in three separate Amazon DynamoDB tables so that each application has its own custom dataset

View answer

Correct Answer: B

Question #134

A company needs to save the results from a medical trial to an Amazon S3 repository. The repository must allow a few scientists to add new files and must restrict all other users to read-only access. No users can have the ability to modify or delete any files in the repository. The company must keep every file in the repository for a minimum of 1 year after its creation date.Which solution will meet these requirements?

A. se S3 Object Lock in governance mode with a legal hold of 1 year

B. se S3 Object Lock in compliance mode with a retention period of 365 days

C. se an IAM role to restrict all users from deleting or changing objects in the S3 bucket

D. onfigure the S3 bucket to invoke an AWS Lambda function every time an object is added

View answer

Correct Answer: B

Question #135

An entertainment company is using Amazon DynamoDB to store media metadata. The application is read intensive and experiencing delays. The company does not have staff to handle additional operational overhead and needs to improve the performance efficiency of DynamoDB without reconfiguring the application.What should a solutions architect recommend to meet this requirement?

A. se Amazon ElastiCache for Redis

B. se Amazon DynamoDB Accelerator (DAX)

C. eplicate data by using DynamoDB global tables

D. se Amazon ElastiCache for Memcached with Auto Discovery enabled

View answer

Correct Answer: B

Question #136

A company hosts its web application on AWS using seven Amazon EC2 instances. The company requires that the IP addresses of all healthy EC2 instances be returned in response to DNS queries.Which policy should be used to meet this requirement?

A. imple routing policy

B. atency routing policy

C. ultivalue routing policy

D. eolocation routing policy

View answer

Correct Answer: C

Question #137

A company runs a stateless web application in production on a group of Amazon EC2 On-Demand Instances behind an Application Load Balancer. The application experiences heavy usage during an 8-hour period each business day. Application usage is moderate and steady overnight. Application usage is low during weekends.The company wants to minimize its EC2 costs without affecting the availability of the application.Which solution will meet these requirements?

A. se Spot Instances for the entire workload

B. se Reserved Instances for the baseline level of usage

C. se On-Demand Instances for the baseline level of usage

D. se Dedicated Instances for the baseline level of usage

View answer

Correct Answer: B

Question #138

A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture the text from the audio files. The company must remove from the text any personally identifiable information (PII) that belongs to customers.What should a solutions architect do to meet these requirements?

A. rocess the audio files by using Amazon Kinesis Video Streams

B. hen an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings

C. onfigure an Amazon Transcribe transcription job with PII redaction turned on

D. reate an Amazon Connect contact flow that ingests the audio files with transcription turned on

View answer

Correct Answer: C

Question #139

A company hosts a three-tier ecommerce application on a fleet of Amazon EC2 instances. The instances run in an Auto Scaling group behind an Application Load Balancer (ALB). All ecommerce data is stored in an Amazon RDS for MariaDB Multi-AZ DB instance.The company wants to optimize customer session management during transactions. The application must store session data durably.Which solutions will meet these requirements? (Choose two.)

A. ake snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances and database every 2 hours to meet the RPO

B. onfigure a snapshot lifecycle policy to take Amazon Elastic Block Store (Amazon EBS) snapshots

C. etain the latest Amazon Machine Images (AMIs) of the web and application tiers

D. ake snapshots of Amazon Elastic Block Store (Amazon EBS) volumes of the EC2 instances every 2 hours

View answer

Correct Answer: AD

Question #140

A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.What should a solutions architect do to meet

A. nable HTTP health checks on the NLB, supplying the URL of the company's application

B. dd a cron job to the EC2 instances to check the local application's logs once each minute

C. eplace the NLB with an Application Load Balancer

D. reate an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB

View answer

Correct Answer: C

Question #141

A company runs a highly available SFTP service. The SFTP service uses two Amazon EC2 Linux instances that run with elastic IP addresses to accept traffic from trusted IP sources on the internet. The SFTP service is backed by shared storage that is attached to the instances. User accounts are created and managed as Linux users in the SFTP servers.The company wants a serverless option that provides high IOPS performance and highly configurable security. The company also wants to maintain control over user per

A. reate an encrypted Amazon Elastic Block Store (Amazon EBS) volume

B. reate an encrypted Amazon Elastic File System (Amazon EFS) volume

C. reate an Amazon S3 bucket with default encryption enabled

D. reate an Amazon S3 bucket with default encryption enabled

View answer

Correct Answer: B

Question #142

A company recently launched Linux-based application instances on Amazon EC2 in a private subnet and launched a Linux-based bastion host on an Amazon EC2 instance in a public subnet of a VPC. A solutions architect needs to connect from the on-premises network, through the company's internet connection, to the bastion host, and to the application servers. The solutions architect must make sure that the security groups of all the EC2 instances will allow that access.Which combination of steps should the soluti

A. se Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer

B. se Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures

C. se Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group

D. se Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group

View answer

Correct Answer: CD

Question #143

A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.Which solution will

A. efactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances

B. hange the platform from Aurora to Amazon DynamoD Provision a DynamoDB Accelerator (DAX) cluster

C. et up two Lambda functions

D. et up two Lambda functions

View answer

Correct Answer: D

Question #144

A company is building a mobile app on AWS. The company wants to expand its reach to millions of users. The company needs to build a platform so that authorized users can watch the company’s content on their mobile devices.What should a solutions architect recommend to meet these requirements?

A. ublish content to a public Amazon S3 bucket

B. et up IPsec VPN between the mobile app and the AWS environment to stream content

C. se Amazon CloudFront

D. et up AWS Client VPN between the mobile app and the AWS environment to stream content

View answer

Correct Answer: C

Question #145

A company has a data ingestion workflow that includes the following components:-An Amazon Simple Notification Service (Amazon SNS) topic that receives notifications about new data deliveries-An AWS Lambda function that processes and stores the dataThe ingestion workflow occasionally fails because of network connectivity issues. When failure occurs, the corresponding data is not ingested unless the company manually reruns the job.What should a solutions architect do to ensure that all notifications are event

A. onfigure the Lambda function for deployment across multiple Availability Zones

B. odify the Lambda function's configuration to increase the CPU and memory allocations for the function

C. onfigure the SNS topic’s retry strategy to increase both the number of retries and the wait time between retries

D. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as the on-failure destination

View answer

Correct Answer: D

Question #146

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management.What should a solutions architect do to accomplish this goal?

A. se AWS Secrets Manager

B. se AWS Systems Manager Parameter Store

C. reate an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key

D. reate an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance

View answer

Correct Answer: A

Question #147

A company is planning to migrate a commercial off-the-shelf application from its on-premises data center to AWS. The software has a software licensing model using sockets and cores with predictable capacity and uptime requirements. The company wants to use its existing licenses, which were purchased earlier this year.Which Amazon EC2 pricing option is the MOST cost-effective?

A. edicated Reserved Hosts

B. edicated On-Demand Hosts

C. edicated Reserved Instances

D. edicated On-Demand Instances

View answer

Correct Answer: A

Question #148

A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zone.What should a solutions architect do to meet this requirement?

A. onfigure AWS Storage Gateway in volume gateway mode

B. onfigure Amazon FSx for Windows File Server

C. onfigure a file system by using Amazon Elastic File System (Amazon EFS)

D. onfigure an Amazon Elastic Block Store (Amazon EBS) volume with the required size

View answer

Correct Answer: B

Question #149

A large media company hosts a web application on AWS. The company wants to start caching confidential media files so that users around the world will have reliable access to the files. The content is stored in Amazon S3 buckets. The company must deliver the content quickly, regardless of where the requests originate geographically.Which solution will meet these requirements?

A. se AWS DataSync to connect the S3 buckets to the web application

B. eploy AWS Global Accelerator to connect the S3 buckets to the web application

C. eploy Amazon CloudFront to connect the S3 buckets to CloudFront edge servers

D. se Amazon Simple Queue Service (Amazon SQS) to connect the S3 buckets to the web application

View answer

Correct Answer: C

Question #150

A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.What should the solutions architect recommend?

A. aunch an Amazon EC2 instance in us-east-1 and migrate the site to it

B. ove the website to Amazon S3

C. se Amazon CloudFront with a custom origin pointing to the on-premises servers

D. se an Amazon Route 53 geoproximity routing policy pointing to on-premises servers

View answer

Correct Answer: C

Question #151

A company has an AWS Lambda function that needs read access to an Amazon S3 bucket that is located in the same AWS account.Which solution will meet these requirements in the MOST secure manner?

A. pply an S3 bucket policy that grants read access to the S3 bucket

B. pply an IAM role to the Lambda function

C. mbed an access key and a secret key in the Lambda function’s code to grant the required IAM permissions for read access to the S3 bucket

D. pply an IAM role to the Lambda function

View answer

Correct Answer: B

Question #152

A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.Which solution meets these requirements with the LEAST amount of operational overhead?

A. dd the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy

B. reate an organizational unit (OU) for each department

C. se AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events

D. ag each user that needs access to the S3 bucket

View answer

Correct Answer: A

Question #153

A company's HTTP application is behind a Network Load Balancer (NLB). The NLB's target group is configured to use an Amazon EC2 Auto Scaling group with multiple EC2 instances that run the web service.The company notices that the NLB is not detecting HTTP errors for the application. These errors require a manual restart of the EC2 instances that run the web service. The company needs to improve the application's availability without writing custom scripts or code.What should a solutions architect do to meet

A. nable HTTP health checks on the NLB, supplying the URL of the company's application

B. dd a cron job to the EC2 instances to check the local application's logs once each minute

C. eplace the NLB with an Application Load Balancer

D. reate an Amazon CloudWatch alarm that monitors the UnhealthyHostCount metric for the NLB

View answer

Correct Answer: C

Question #154

A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.Which solution will satisfy these requirements?

A. onfigure Amazon EFS storage and set the Active Directory domain for authentication

B. reate an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones

C. reate an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume

D. reate an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication

View answer

Correct Answer: D

Question #155

A gaming company is moving its public scoreboard from a data center to the AWS Cloud. The company uses Amazon EC2 Windows Server instances behind an Application Load Balancer to host its dynamic application. The company needs a highly available storage solution for the application. The application consists of static files and dynamic server-side code.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

A. nstall an external image management library on an EC2 instance

B. reate a CloudFront origin request policy

C. se a Lambda@Edge function with an external image management library

D. reate a CloudFront response headers policy

View answer

Correct Answer: AD

Question #156

A company wants to migrate a Windows-based application from on premises to the AWS Cloud. The application has three tiers: an application tier, a business tier, and a database tier with Microsoft SQL Server. The company wants to use specific features of SQL Server such as native backups and Data Quality Services. The company also needs to share files for processing between the tiers.How should a solutions architect design the architecture to meet these requirements?

A. ost all three tiers on Amazon EC2 instances

B. ost all three tiers on Amazon EC2 instances

C. ost the application tier and the business tier on Amazon EC2 instances

D. ost the application tier and the business tier on Amazon EC2 instances

View answer

Correct Answer: B

Question #157

A company wants to reduce the cost of its existing three-tier web architecture. The web, application, and database servers are running on Amazon EC2 instances for the development, test, and production environments. The EC2 instances average 30% CPU utilization during peak hours and 10% CPU utilization during non-peak hours.The production EC2 instances run 24 hours a day. The development and test EC2 instances run for at least 8 hours each day. The company plans to implement automation to stop the developmen

A. se Spot Instances for the production EC2 instances

B. se Reserved Instances for the production EC2 instances

C. se Spot blocks for the production EC2 instances

D. se On-Demand Instances for the production EC2 instances

View answer

Correct Answer: B

Question #158

A company is migrating its on-premises workload to the AWS Cloud. The company already uses several Amazon EC2 instances and Amazon RDS DB instances. The company wants a solution that automatically starts and stops the EC2 instances and DB instances outside of business hours. The solution must minimize cost and infrastructure maintenance.Which solution will meet these requirements?

A. cale the EC2 instances by using elastic resize

B. xplore AWS Marketplace for partner solutions that will automatically start and stop the EC2 instances and DB instances on a schedule

C. aunch another EC2 instance

D. reate an AWS Lambda function that will start and stop the EC2 instances and DB instances

View answer

Correct Answer: D

Question #159

A company has deployed a web application on AWS. The company hosts the backend database on Amazon RDS for MySQL with a primary DB instance and five read replicas to support scaling needs. The read replicas must lag no more than 1 second behind the primary DB instance. The database routinely runs scheduled stored procedures.As traffic on the website increases, the replicas experience additional lag during periods of peak load. A solutions architect must reduce the replication lag as much as possible. The sol

A. igrate the database to Amazon Aurora MySQL

B. eploy an Amazon ElastiCache for Redis cluster in front of the database

C. igrate the database to a MySQL database that runs on Amazon EC2 instances

D. igrate the database to Amazon DynamoDB

View answer

Correct Answer: A

Question #160

A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda. The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format. The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports.Which solution will meet these requirements with the LEAST operational overhead?

A. se existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text

B. se Amazon Textract to extract the text from the reports

C. se Amazon Textract to extract the text from the reports

D. se Amazon Rekognition to extract the text from the reports

View answer

Correct Answer: C

Question #161

A company wants to implement a backup strategy for Amazon EC2 data and multiple Amazon S3 buckets. Because of regulatory requirements, the company must retain backup files for a specific time period. The company must not alter the files for the duration of the retention period.Which solution will meet these requirements?

A. se AWS Backup to create a backup vault that has a vault lock in governance mode

B. se Amazon Data Lifecycle Manager to create the required automated snapshot policy

C. se Amazon S3 File Gateway to create the backup

D. se AWS Backup to create a backup vault that has a vault lock in compliance mode

View answer

Correct Answer: D

Question #162

A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.What should a solutions architect do to accomplish this goal?

A. urn on AWS Config with the appropriate rules

B. urn on AWS Trusted Advisor with the appropriate checks

C. urn on Amazon Inspector with the appropriate assessment template

D. urn on Amazon S3 server access logging

View answer

Correct Answer: A

Question #163

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never al

A. opy the data so both EBS volumes contain all the documents

B. onfigure the Application Load Balancer to direct a user to the server with the documents

C. opy the data from both EBS volumes to Amazon EFS

D. onfigure the Application Load Balancer to send the request to both servers

View answer

Correct Answer: C

Question #164

A company runs an online marketplace web application on AWS. The application serves hundreds of thousands of users during peak hours. The company needs a scalable, near-real-time solution to share the details of millions of financial transactions with several other internal applications. Transactions also need to be processed to remove sensitive data before being stored in a document database for low-latency retrieval.What should a solutions architect recommend to meet these requirements?

A. tore the transactions data into Amazon DynamoDB

B. tream the transactions data into Amazon Kinesis Data Firehose to store data in Amazon DynamoDB and Amazon S3

C. tream the transactions data into Amazon Kinesis Data Streams

D. tore the batched transactions data in Amazon S3 as files

View answer

Correct Answer: C

Question #165

A research company runs experiments that are powered by a simulation application and a visualization application. The simulation application runs on Linux and outputs intermediate data to an NFS share every 5 minutes. The visualization application is a Windows desktop application that displays the simulation output and requires an SMB file system.The company maintains two synchronized file systems. This strategy is causing data duplication and inefficient resource usage. The company needs to migrate the app

A. igrate both applications to AWS Lambda

B. igrate both applications to Amazon Elastic Container Service (Amazon ECS)

C. igrate the simulation application to Linux Amazon EC2 instances

D. igrate the simulation application to Linux Amazon EC2 instances

View answer

Correct Answer: D

Question #166

A solutions architect needs to design a highly available application consisting of web, application, and database tiers. HTTPS content delivery should be as close to the edge as possible, with the least delivery time.Which solution meets these requirements and is MOST secure?

A. onfigure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in public subnets

B. onfigure a public Application Load Balancer with multiple redundant Amazon EC2 instances in private subnets

C. onfigure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets

D. onfigure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets

View answer

Correct Answer: C

Question #167

A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine Image (AMI). The instances will run in an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.Which solution meets these requirements?

A. se the aws ec2 register-image command to create an AMI from a snapshot

B. nable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot

C. nable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM)

D. se Amazon EventBridge to invoke AWS Backup lifecycle policies that provision AMIs

View answer

Correct Answer: B

Question #168

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.What should the solutions architect do to meet this requirement?

A. reate an IAM role that grants access to the S3 bucket

B. reate an IAM policy that grants access to the S3 bucket

C. reate an IAM group that grants access to the S3 bucket

D. reate an IAM user that grants access to the S3 bucket

View answer

Correct Answer: A

Question #169

A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon Elastic Block Store (Amazon EBS) volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.Which solution will meet these requirements?

A. se AWS DataSync for the initial migration

B. se AWS DataSync for the initial migration

C. se the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimized replication instance

D. se the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimized replication instance

View answer

Correct Answer: C

Question #170

What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?

A. pdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set

B. pdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private

C. pdate the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true

D. pdate the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set

View answer

Correct Answer: D

Question #171

A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent. Otherwise, the payments might be processed incorrectly.Which actions should a solutions architect take to meet this requirement? (Choose two.)

A. mazon EventBridge event bus

B. mazon Simple Notification Service (Amazon SNS) FIFO topics

C. mazon Simple Notification Service (Amazon SNS) standard topics

D. mazon Simple Queue Service (Amazon SQS) FIFO queues

View answer

Correct Answer: AE

Question #172

A company has a Java application that uses Amazon Simple Queue Service (Amazon SQS) to parse messages. The application cannot parse messages that are larger than 256 KB in size. The company wants to implement a solution to give the application the ability to parse messages as large as 50 MB.Which solution will meet these requirements with the FEWEST changes to the code?

A. se the Amazon SQS Extended Client Library for Java to host messages that are larger than 256 KB in Amazon S3

B. se Amazon EventBridge to post large messages from the application instead of Amazon SQS

C. hange the limit in Amazon SQS to handle messages that are larger than 256 KB

D. tore messages that are larger than 256 KB in Amazon Elastic File System (Amazon EFS)

View answer

Correct Answer: A

Question #173

A solutions architect must secure a VPC network that hosts Amazon EC2 instances. The EC2 instances contain highly sensitive data and run in a private subnet. According to company policy, the EC2 instances that run in the VPC can access only approved third-party software repositories on the internet for software product updates that use the third party’s URL. Other internet traffic must be blocked.Which solution meets these requirements?

A. dd an Amazon CloudFront distribution for the dynamic content

B. dd an Amazon CloudFront distribution for the static content

C. dd an Amazon CloudFront distribution for the dynamic content

D. dd an Amazon CloudFront distribution for the static content

View answer

Correct Answer: A

Question #174

A company is migrating an old application to AWS. The application runs a batch job every hour and is CPU intensive. The batch job takes 15 minutes on average with an on-premises server. The server has 64 virtual CPU (vCPU) and 512 GiB of memory.Which solution will run the batch job within 15 minutes with the LEAST operational overhead?

A. se AWS Lambda with functional scaling

B. se Amazon Elastic Container Service (Amazon ECS) with AWS Fargate

C. se Amazon Lightsail with AWS Auto Scaling

D. se AWS Batch on Amazon EC2

View answer

Correct Answer: D

Question #175

A company is hosting a static website on Amazon S3 and is using Amazon Route 53 for DNS. The website is experiencing increased demand from around the world. The company must decrease latency for users who access the website.Which solution meets these requirements MOST cost-effectively?

A. eplicate the S3 bucket that contains the website to all AWS Regions

B. rovision accelerators in AWS Global Accelerator

C. dd an Amazon CloudFront distribution in front of the S3 bucket

D. nable S3 Transfer Acceleration on the bucket

View answer

Correct Answer: C

Question #176

An IoT company is releasing a mattress that has sensors to collect data about a user’s sleep. The sensors will send data to an Amazon S3 bucket. The sensors collect approximately 2 MB of data every night for each mattress. The company must process and summarize the data for each mattress. The results need to be available as soon as possible. Data processing will require 1 GB of memory and will finish within 30 seconds.Which solution will meet these requirements MOST cost-effectively?

A. se AWS Glue with a Scala job

B. se Amazon EMR with an Apache Spark script

C. se AWS Lambda with a Python script

D. se AWS Glue with a PySpark job

View answer

Correct Answer: C

Question #177

A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volume is mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file storage volume holds hundreds of terabytes (TB) of data.The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.Which solution will meet these requirements with the LEAST amount of chang

A. rovision an Amazon S3 File Gateway as a virtual machine (VM) that is hosted on premises

B. rovision an AWS Storage Gateway tape gateway

C. rovision an AWS Storage Gateway Volume Gateway cached volume

D. rovision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existing file storage volume

View answer

Correct Answer: D

Question #178

A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.Which solution meets these requirements?

A. onfigure three AWS Site-to-Site VPN connections from the data center to AWS

B. aunch a third-party virtual network appliance in each VPC

C. et up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1

D. et up one AWS Direct Connect connection from the data center to AWS

View answer

Correct Answer: D

Question #179

A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.What should a solutions architect recommend?

A. se Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns

B. se an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm

C. se Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm

D. se AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm

View answer

Correct Answer: D

Question #180

A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company’s operations team needs to be notified when RDP or SSH access to an environment has been established.What should a solutions architect recommend to meet these requirements?

A. onfigure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected

B. onfigure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached

C. ublish VPC flow logs to Amazon CloudWatch Logs

D. onfigure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification

View answer

Correct Answer: C

Question #181

An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both VPCs are in separate AWS accounts. The network administrator needs to design a solution to configure secure access to EC2 instance in VPC-B from VPC-

A. The connectivity should not have a single point of failure or bandwidth concerns

A. et up a VPC peering connection between VPC-A and VPC-B

B. et up VPC gateway endpoints for the EC2 instance running in VPC-

C. ttach a virtual private gateway to VPC-B and set up routing from VPC-A

D. reate a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-A

View answer

Correct Answer: A

Question #182

A company needs to provide its employees with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded securely to the employees’ devices.The files are stored in an on-premises Windows file server. However, due to an increase in remote usage, the file server is running out of capacity..Which solution will meet these requirements?

A. igrate the file server to an Amazon EC2 instance in a public subnet

B. igrate the files to an Amazon FSx for Windows File Server file system

C. igrate the files to Amazon S3, and create a private VPC endpoint

D. igrate the files to Amazon S3, and create a public VPC endpoint

View answer

Correct Answer: B

Question #183

A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.Which solution will meet these requirements with the LEAST operational overhead?

A. opy the required data to a common account

B. se the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data

C. se AWS Data Exchange to privately publish the required data to the required engineering team accounts

D. se Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts

View answer

Correct Answer: D

Question #184

A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solutio

A. mazon Elastic Block Store (Amazon EBS)

B. mazon Elastic File System (Amazon EFS)

C. mazon OpenSearch Service (Amazon Elasticsearch Service)

D. mazon S3

View answer

Correct Answer: D

Question #185

A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.What should a solutions architect do to correct this issue?

A. reate security group rules using the instance ID as the source or destination

B. reate security group rules using the security group ID as the source or destination

C. reate security group rules using the VPC CIDR blocks as the source or destination

D. reate security group rules using the subnet CIDR blocks as the source or destination

View answer

Correct Answer: B

Question #186

A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance.The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone. A solutions architect must update the design to use a second Availability Zone.Which solution will make the application highly available?

A. rovision a subnet in each Availability Zone

B. rovision two subnets that extend across both Availability Zones

C. rovision a subnet in each Availability Zone

D. rovision a subnet that extends across both Availability Zones

View answer

Correct Answer: C

Question #187

An image hosting company uploads its large assets to Amazon S3 Standard buckets. The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again. For the first 30 days after upload, the objects will be accessed frequently. The objects will be used less frequently after 30 days, but the access patterns for each object will be inconsistent. The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.Which

A. pdate the route table for the private subnet to route the outbound traffic to an AWS Network Firewall firewall

B. et up an AWS WAF web ACL

C. mplement strict inbound security group rules

D. onfigure an Application Load Balancer (ALB) in front of the EC2 instances

View answer

Correct Answer: AB

Question #188

A company is migrating a distributed application to AWS. The application serves variable workloads. The legacy platform consists of a primary server that coordinates jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes resiliency and scalability.How should a solutions architect design the architecture to meet these requirements?

A. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs

B. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs

C. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group

D. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group

View answer

Correct Answer: B

Question #189

A company is developing an ecommerce application that will consist of a load-balanced front end, a container-based application, and a relational database. A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible.Which solutions meet these requirements? (Choose two.)

A. se AWS Transfer Family to configure an SFTP-enabled server with a publicly accessible endpoint

B. se Amazon S3 File Gateway as an SFTP server

C. aunch an Amazon EC2 instance in a private subnet in a VP Instruct the new partner to upload files to the EC2 instance by using a VPN

D. aunch Amazon EC2 instances in a private subnet in a VPC

View answer

Correct Answer: AD

Question #190

A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.What should a solutions architect do to reduce the operational burden?

A. se multi-factor authentication (MFA) to protect the encryption keys

B. se AWS Key Management Service (AWS KMS) to protect the encryption keys

C. se AWS Certificate Manager (ACM) to create, store, and assign the encryption keys

D. se an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

View answer

Correct Answer: B

Question #191

A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains more than 10 million rows. The database has 2 TB of General Purpose SSD storage. There are millions of updates against this data every day through the company's website.The company has noticed that some insert operations are taking 10 seconds or longer. The company has determined that the database storage performance is the problem.Which solution addresses this perf

A. hange the storage type to Provisioned IOPS SSD

B. hange the DB instance to a memory optimized instance class

C. hange the DB instance to a burstable performance instance class

D. nable Multi-AZ RDS read replicas with MySQL native asynchronous replication

View answer

Correct Answer: A

Question #192

A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.What should a solutions architect do to meet these requirements?

A. igrate all the data to Amazon S3

B. et up an Amazon S3 File Gateway

C. xtend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration

D. xtend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuration

View answer

Correct Answer: C

Question #193

A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day.What should a solutions architect do to transmit and process the clickstream data?

A. esign an AWS Data Pipeline to archive the data to an Amazon S3 bucket and run an Amazon EMR cluster with the data to generate analytics

B. reate an Auto Scaling group of Amazon EC2 instances to process the data and send it to an Amazon S3 data lake for Amazon Redshift to use for analysis

C. ache the data to Amazon CloudFront

D. ollect the data from Amazon Kinesis Data Streams

View answer

Correct Answer: D

Question #194

A company is moving its data management application to AWS. The company wants to transition to an event-driven architecture. The architecture needs to be more distributed and to use serverless concepts while performing the different aspects of the workflow. The company also wants to minimize operational overhead.Which solution will meet these requirements?

A. etup a transit gateway in each Region

B. et up AWS Global Accelerator with UDP listeners and endpoint groups in each Region

C. et up Amazon CloudFront with UDP turned on

D. et up a VPC peering mesh between each Region

View answer

Correct Answer: D

Question #195

A company has a mobile chat application with a data store based in Amazon DynamoDB. Users would like new messages to be read with as little latency as possible. A solutions architect needs to design an optimal solution that requires minimal application changes.Which method should the solutions architect select?

A. onfigure Amazon DynamoDB Accelerator (DAX) for the new messages table

B. dd DynamoDB read replicas to handle the increased read load

C. ouble the number of read capacity units for the new messages table in DynamoDB

D. dd an Amazon ElastiCache for Redis cache to the application stack

View answer

Correct Answer: A

Question #196

A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second. The company wants to decouple the solution and increase scalability.Which solution meets these requirements?

A. ersist the messages to Amazon Kinesis Data Analytics

B. eploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU metrics

C. rite the messages to Amazon Kinesis Data Streams with a single shard

D. ublish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SOS) subscriptions

View answer

Correct Answer: D

Question #197

A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.Which storage solution is MOST cost-effectiv

A. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation

B. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation

C. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation

D. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation

View answer

Correct Answer: C

Question #198

A development team runs monthly resource-intensive tests on its general purpose Amazon RDS for MySQL DB instance with Performance Insights enabled. The testing lasts for 48 hours once a month and is the only process that uses the database. The team wants to reduce the cost of running the tests without reducing the compute and memory attributes of the DB instance.Which solution meets these requirements MOST cost-effectively?

A. top the DB instance when tests are completed

B. se an Auto Scaling policy with the DB instance to automatically scale when tests are completed

C. reate a snapshot when tests are completed

D. odify the DB instance to a low-capacity instance when tests are completed

View answer

Correct Answer: C

Question #199

A company wants to give a customer the ability to use on-premises Microsoft Active Directory to download files that are stored in Amazon S3. The customer’s application uses an SFTP client to download the files.Which solution will meet these requirements with the LEAST operational overhead and no changes to the customer’s application?

A. et up AWS Transfer Family with SFTP for Amazon S3

B. et up AWS Database Migration Service (AWS DMS) to synchronize the on-premises client with Amazon S3

C. et up AWS DataSync to synchronize between the on-premises location and the S3 location by using AWS IAM Identity Center (AWS Single Sign-On)

D. et up a Windows Amazon EC2 instance with SFTP to connect the on-premises client with Amazon S3

View answer

Correct Answer: A

Question #200

A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine Image (AMI). The instances will run in an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.Which solution meets these requirements?

A. se the aws ec2 register-image command to create an AMI from a snapshot

B. nable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot

C. nable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM)

D. se Amazon EventBridge to invoke AWS Backup lifecycle policies that provision AMIs

View answer

Correct Answer: B

Question #201

A company wants to migrate an on-premises data center to AWS. The data center hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system.Which combination of steps should a solutions architect take to automate this task? (Choose two.)

A. dit the job to use job bookmarks

B. dit the job to delete data after the data is processed

C. dit the job by setting the NumberOfWorkers field to 1

D. se a FindMatches machine learning (ML) transform

View answer

Correct Answer: AB

Question #202

An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table.What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

A. se a VPC endpoint for DynamoDB

B. se a NAT gateway in a public subnet

C. se a NAT instance in a private subnet

D. se the internet gateway attached to the VPC

View answer

Correct Answer: A

Question #203

A serverless application uses Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. The Lambda function needs permissions to read and write to the DynamoDB table.Which solution will give the Lambda function access to the DynamoDB table MOST securely?

A. reate an IAM user with programmatic access to the Lambda function

B. reate an IAM role that includes Lambda as a trusted service

C. reate an IAM user with programmatic access to the Lambda function

D. reate an IAM role that includes DynamoDB as a trusted service

View answer

Correct Answer: B

Question #204

A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.What should a solutions architect do to accomplish this?

A. se Amazon S3 with Transfer Acceleration to host the application

B. se Amazon S3 with CacheControl headers to host the application

C. se Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application

D. se Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application

View answer

Correct Answer: A

Question #205

A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.Which solution will satisfy these requirements?

A. onfigure Amazon EFS storage and set the Active Directory domain for authentication

B. reate an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones

C. reate an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume

D. reate an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication

View answer

Correct Answer: D

Question #206

A solutions architect observes that a nightly batch processing job is automatically scaled up for 1 hour before the desired Amazon EC2 capacity is reached. The peak capacity is the ‘same every night and the batch jobs always start at 1 AM. The solutions architect needs to find a cost-effective solution that will allow for the desired EC2 capacity to be reached quickly and allow the Auto Scaling group to scale down after the batch jobs are complete.What should the solutions architect do to meet these require

A. ncrease the minimum capacity for the Auto Scaling group

B. ncrease the maximum capacity for the Auto Scaling group

C. onfigure scheduled scaling to scale up to the desired compute level

D. hange the scaling policy to add more EC2 instances during each scaling operation

View answer

Correct Answer: C

Question #207

A company is moving its on-premises Oracle database to Amazon Aurora PostgreSQL. The database has several applications that write to the same tables. The applications need to be migrated one by one with a month in between each migration. Management has expressed concerns that the database has a high number of reads and writes. The data must be kept in sync across both databases throughout the migration.What should a solutions architect recommend?

A. se Amazon S3 to host the front-end layer

B. se load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer

C. se Amazon S3 to host the front-end layer

D. se load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end layer and the application layer

View answer

Correct Answer: C

Question #208

A company wants to restrict access to the content of one of its main web applications and to protect the content by using authorization techniques available on AWS. The company wants to implement a serverless architecture and an authentication solution for fewer than 100 users. The solution needs to integrate with the main web application and serve web content globally. The solution must also scale as the company's user base grows while providing the lowest login latency possible.Which solution will meet th

A. se Amazon Cognito for authentication

B. se AWS Directory Service for Microsoft Active Directory for authentication

C. se Amazon Cognito for authentication

D. se AWS Directory Service for Microsoft Active Directory for authentication

View answer

Correct Answer: A

Question #209

A company has an aging network-attached storage (NAS) array in its data center. The NAS array presents SMB shares and NFS shares to client workstations. The company does not want to purchase a new NAS array. The company also does not want to incur the cost of renewing the NAS array’s support contract. Some of the data is accessed frequently, but much of the data is inactive.A solutions architect needs to implement a solution that migrates the data to Amazon S3, uses S3 Lifecycle policies, and maintains the

A. olume Gateway

B. ape Gateway

C. mazon FSx File Gateway

D. mazon S3 File Gateway

View answer

Correct Answer: D

Question #210

A company has a serverless website with millions of objects in an Amazon S3 bucket. The company uses the S3 bucket as the origin for an Amazon CloudFront distribution. The company did not set encryption on the S3 bucket before the objects were loaded. A solutions architect needs to enable encryption for all existing objects and for all objects that are added to the S3 bucket in the future.Which solution will meet these requirements with the LEAST amount of effort?

A. reate a new S3 bucket

B. urn on the default encryption settings for the S3 bucket

C. reate a new encryption key by using AWS Key Management Service (AWS KMS)

D. avigate to Amazon S3 in the AWS Management Console

View answer

Correct Answer: B

Question #211

A company is building a web-based application running on Amazon EC2 instances in multiple Availability Zones. The web application will provide access to a repository of text documents totaling about 900 TB in size. The company anticipates that the web application will experience periods of high demand. A solutions architect must ensure that the storage component for the text documents can scale to meet the demand of the application at all times. The company is concerned about the overall cost of the solutio

A. mazon Elastic Block Store (Amazon EBS)

B. mazon Elastic File System (Amazon EFS)

C. mazon OpenSearch Service (Amazon Elasticsearch Service)

D. mazon S3

View answer

Correct Answer: D

Question #212

A company wants to move its application to a serverless solution. The serverless solution needs to analyze existing and new data by using SL. The company stores the data in an Amazon S3 bucket. The data requires encryption and must be replicated to a different AWS Region.Which solution will meet these requirements with the LEAST operational overhead?

A. reate a new S3 bucket

B. reate a new S3 bucket

C. oad the data into the existing S3 bucket

D. oad the data into the existing S3 bucket

View answer

Correct Answer: A

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now

Updated AWS SAA-C03 Exam Dumps – Your Path to Success

View Answers after Submission

DON'T WANT TO MISS A THING?

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE! Get Now

Updated AWS SAA-C03 Exam Dumps – Your Path to Success

View Answers after Submission

100% Pass Cisco, PMP, CISA, CISM, AWS Practice test on SALE!
Get Now