DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the AWS Exam Easily with Updated SAA-C03 Practice Questions

Preparing for the AWS Certified Solutions Architect Associate (SAA-C03) exam can be a daunting task, but SPOTO's AWS SAA-C03 Exam Questions offer a comprehensive solution to help you succeed. These exam questions and answers provide an extensive collection of test questions that accurately reflect the actual exam content, enabling you to thoroughly assess your knowledge and identify areas that require further study. SPOTO's exam resources are meticulously crafted by industry experts, ensuring the highest quality and relevance to the latest exam objectives. With a vast array of exam questions covering various topics, you can effectively prepare and gain confidence in your abilities. Additionally, SPOTO offers mock exams that simulate the real exam environment, allowing you to practice and increase your chances of passing successfully on your first attempt.
Take other online exams

Question #1
A company owns an asynchronous API that is used to ingest user requests and, based on the request type, dispatch requests to the appropriate microservice for processing. The company is using Amazon API Gateway to deploy the API front end, and an AWS Lambda function that invokes Amazon DynamoDB to store user requests before dispatching them to the processing microservices.The company provisioned as much DynamoDB throughput as its budget allows, but the company is still experiencing availability issues and is
A. dd throttling on the API Gateway with server-side throttling limits
B. se DynamoDB Accelerator (DAX) and Lambda to buffer writes to DynamoD
C. reate a secondary index in DynamoDB for the table with the user requests
D. se the Amazon Simple Queue Service (Amazon SQS) queue and Lambda to buffer writes to DynamoDB
View answer
Correct Answer: D

View The Updated SAA-C03 Exam Questions

SPOTO Provides 100% Real SAA-C03 Exam Questions for You to Pass Your SAA-C03 Exam!

Question #2
An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale for a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.Which solution will meet these requirements with the LEAST operational overhead?
A. se Amazon S3 to host the full website in different S3 buckets
B. eploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones
C. igrate the full application to run in containers
D. se an Amazon S3 bucket to host the website's static content
View answer
Correct Answer: D
Question #3
A company is running several business applications in three separate VPCs within the us-east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds of gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.A solutions architect needs to design a network connectivity solution that maximizes cost-effectiveness.Which solution meets these requirements?
A. onfigure three AWS Site-to-Site VPN connections from the data center to AWS
B. aunch a third-party virtual network appliance in each VPC
C. et up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1
D. et up one AWS Direct Connect connection from the data center to AWS
View answer
Correct Answer: D
Question #4
A solutions architect needs to optimize storage costs. The solutions architect must identify any Amazon S3 buckets that are no longer being accessed or are rarely accessed.Which solution will accomplish this goal with the LEAST operational overhead?
A. nalyze bucket access patterns by using the S3 Storage Lens dashboard for advanced activity metrics
B. nalyze bucket access patterns by using the S3 dashboard in the AWS Management Console
C. urn on the Amazon CloudWatch BucketSizeBytes metric for buckets
D. urn on AWS CloudTrail for S3 object monitoring
View answer
Correct Answer: A
Question #5
A company hosts a three-tier web application that includes a PostgreSQL database. The database stores the metadata from documents. The company searches the metadata for key terms to retrieve documents that the company reviews in a report each month. The documents are stored in Amazon S3. The documents are usually written only once, but they are updated frequently.The reporting process takes a few hours with the use of relational queries. The reporting process must not prevent any document modifications or t
A. et up a new Amazon DocumentDB (with MongoDB compatibility) cluster that includes a read replica
B. et up a new Amazon Aurora PostgreSQL DB cluster that includes an Aurora Replica
C. et up a new Amazon RDS for PostgreSQL Multi-AZ DB instance
D. et up a new Amazon DynamoDB table to store the documents
View answer
Correct Answer: B
Question #6
A company has deployed a web application on AWS. The company hosts the backend database on Amazon RDS for MySQL with a primary DB instance and five read replicas to support scaling needs. The read replicas must lag no more than 1 second behind the primary DB instance. The database routinely runs scheduled stored procedures.As traffic on the website increases, the replicas experience additional lag during periods of peak load. A solutions architect must reduce the replication lag as much as possible. The sol
A. igrate the database to Amazon Aurora MySQL
B. eploy an Amazon ElastiCache for Redis cluster in front of the database
C. igrate the database to a MySQL database that runs on Amazon EC2 instances
D. igrate the database to Amazon DynamoDB
View answer
Correct Answer: A
Question #7
A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.What should
A. se Amazon ElastiCache to manage and store session data
B. se session affinity (sticky sessions) of the ALB to manage session data
C. se Session Manager from AWS Systems Manager to manage the session
D. se the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session
View answer
Correct Answer: A
Question #8
A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data. The solution must be fully managed.Which AWS solution meets these requirements?
A. reate an AWS DataSync task that shares the data as a mountable file system
B. reate an Amazon EC2 Windows instance
C. reate an Amazon FSx for Windows File Server file system
D. reate an Amazon S3 bucket
View answer
Correct Answer: C
Question #9
A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance.The database's performance degrades quickly as application load increases. The application handles more read requests than write transaction
A. se Amazon Redshift with a single node for leader and compute functionality
B. se Amazon RDS with a Single-AZ deployment
C. se Amazon Aurora with a Multi-AZ deployment
D. se Amazon ElastiCache for Memcached with EC2 Spot Instances
View answer
Correct Answer: C
Question #10
A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.Which solution will meet these requirements?
A. mazon DynamoDB
B. mazon RDS for MySQL
C. ySQL-compatible Amazon Aurora Serverless
D. ySQL deployed on Amazon EC2 in an Auto Scaling group
View answer
Correct Answer: C
Question #11
An image-hosting company stores its objects in Amazon S3 buckets. The company wants to avoid accidental exposure of the objects in the S3 buckets to the public. All S3 objects in the entire AWS account need to remain private.Which solution will meet these requirements?
A. se Amazon GuardDuty to monitor S3 bucket policies
B. se AWS Trusted Advisor to find publicly accessible S3 buckets
C. se AWS Resource Access Manager to find publicly accessible S3 buckets
D. se the S3 Block Public Access feature on the account level
View answer
Correct Answer: D
Question #12
A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.What should a solutions architect do to meet this requirement?
A. pdate the ALB's network ACL to accept only HTTPS traffic
B. reate a rule that replaces the HTTP in the URL with HTTPS
C. reate a listener rule on the ALB to redirect HTTP traffic to HTTPS
D. eplace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI)
View answer
Correct Answer: C
Question #13
An application runs on Amazon EC2 instances across multiple Availability Zonas. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%.What should a solutions architect do to maintain the desired performance across all instances in the group?
A. rite individual policies for each S3 bucket to grant read permission for only CloudFront access
B. reate an IAM user
C. rite an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN)
D. reate an origin access identity (OAI)
View answer
Correct Answer: B
Question #14
A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS).Which combination of actions will meet this requirement with the LEAST operational overhead? (Choose two.)
A. tore the images and geographic codes in a database table
B. tore the images in Amazon S3 buckets
C. tore the images and geographic codes in an Amazon DynamoDB table
D. tore the images in Amazon S3 buckets
View answer
Correct Answer: BD
Question #15
A company runs a shopping application that uses Amazon DynamoDB to store customer information. In case of data corruption, a solutions architect needs to design a solution that meets a recovery point objective (RPO) of 15 minutes and a recovery time objective (RTO) of 1 hour.What should the solutions architect recommend to meet these requirements?
A. onfigure DynamoDB global tables
B. onfigure DynamoDB point-in-time recovery
C. xport the DynamoDB data to Amazon S3 Glacier on a daily basis
D. chedule Amazon Elastic Block Store (Amazon EBS) snapshots for the DynamoDB table every 15 minutes
View answer
Correct Answer: B
Question #16
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet.Which solution will provide private network connectivity to Amazon S3?
A. reate a gateway VPC endpoint to the S3 bucket
B. tream the logs to Amazon CloudWatch Logs
C. reate an instance profile on Amazon EC2 to allow S3 access
D. reate an Amazon API Gateway API with a private link to access the S3 endpoint
View answer
Correct Answer: A
Question #17
A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.Which solution will meet these requirements?
A. ost static content in Amazon S3
B. ost static content in Amazon S3
C. ost all the website content on Amazon EC2 instances
D. ost all the website content on Amazon EC2 instances
View answer
Correct Answer: A
Question #18
A company hosts a multi-tier web application on Amazon Linux Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The company observes that the Auto Scaling group launches more On-Demand Instances when the application's end users access high volumes of static web content. The company wants to optimize cost.What should a solutions architect do to redesign the application MOST cost-effectively?
A. pdate the Auto Scaling group to use Reserved Instances instead of On-Demand Instances
B. pdate the Auto Scaling group to scale by launching Spot Instances instead of On-Demand Instances
C. reate an Amazon CloudFront distribution to host the static web contents from an Amazon S3 bucket
D. reate an AWS Lambda function behind an Amazon API Gateway API to host the static website contents
View answer
Correct Answer: C
Question #19
A company runs multiple Windows workloads on AWS. The company's employees use Windows file shares that are hosted on two Amazon EC2 instances. The file shares synchronize data between themselves and maintain duplicate copies. The company wants a highly available and durable storage solution that preserves how users currently access the files.What should a solutions architect do to meet these requirements?
A. igrate all the data to Amazon S3
B. et up an Amazon S3 File Gateway
C. xtend the file share environment to Amazon FSx for Windows File Server with a Multi-AZ configuration
D. xtend the file share environment to Amazon Elastic File System (Amazon EFS) with a Multi-AZ configuration
View answer
Correct Answer: C
Question #20
A company has deployed a database in Amazon RDS for MySQL. Due to increased transactions, the database support team is reporting slow reads against the DB instance and recommends adding a read replica.Which combination of actions should a solutions architect take before implementing this change? (Choose two.)
A. reate a copy of the instance
B. reate an S3 VPC endpoint for Amazon S3
C. top the EC2 instances
D. oute incoming requests to Amazon Simple Queue Service (Amazon SQS)
View answer
Correct Answer: CE
Question #21
A company has a popular gaming platform running on AWS. The application is sensitive to latency because latency can impact the user experience and introduce unfair advantages to some players. The application is deployed in every AWS Region. It runs on Amazon EC2 instances that are part of Auto Scaling groups configured behind Application Load Balancers (ALBs). A solutions architect needs to implement a mechanism to monitor the health of the application and redirect traffic to healthy endpoints.Which solutio
A. onfigure an accelerator in AWS Global Accelerator
B. reate an Amazon CloudFront distribution and specify the ALB as the origin server
C. reate an Amazon CloudFront distribution and specify Amazon S3 as the origin server
D. onfigure an Amazon DynamoDB database to serve as the data store for the application
View answer
Correct Answer: A
Question #22
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users:What is the effect of this policy?
A. sers can terminate an EC2 instance in any AWS Region except us-east-1
B. sers can terminate an EC2 instance with the IP address 10
C. sers can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10
D. sers cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10
View answer
Correct Answer: C
Question #23
An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Traffic must not traverse the internet.How should a solutions architect configure access to meet these requirements?
A. reate a private hosted zone by using Amazon Route 53
B. et up a gateway VPC endpoint for Amazon S3 in the VPC
C. onfigure the EC2 instances to use a NAT gateway to access the S3 bucket
D. stablish an AWS Site-to-Site VPN connection between the VPC and the S3 bucket
View answer
Correct Answer: B
Question #24
A company needs to migrate a legacy application from an on-premises data center to the AWS Cloud because of hardware capacity constraints. The application runs 24 hours a day, 7 days a week. The application’s database storage continues to grow over time.What should a solutions architect do to meet these requirements MOST cost-effectively?
A. igrate the application layer to Amazon EC2 Spot Instances
B. igrate the application layer to Amazon EC2 Reserved Instances
C. igrate the application layer to Amazon EC2 Reserved Instances
D. igrate the application layer to Amazon EC2 On-Demand Instances
View answer
Correct Answer: C
Question #25
A company is building a solution that will report Amazon EC2 Auto Scaling events across all the applications in an AWS account. The company needs to use a serverless solution to store the EC2 Auto Scaling status data in Amazon S3. The company then will use the data in Amazon S3 to provide near-real-time updates in a dashboard. The solution must not affect the speed of EC2 instance launches.How should the company move the data to Amazon S3 to meet these requirements?
A. se an Amazon CloudWatch metric stream to send the EC2 Auto Scaling status data to Amazon Kinesis Data Firehose
B. aunch an Amazon EMR cluster to collect the EC2 Auto Scaling status data and send the data to Amazon Kinesis Data Firehose
C. reate an Amazon EventBridge rule to invoke an AWS Lambda function on a schedule
D. se a bootstrap script during the launch of an EC2 instance to install Amazon Kinesis Agent
View answer
Correct Answer: A
Question #26
A company is migrating applications to AWS. The applications are deployed in different accounts. The company manages the accounts centrally by using AWS Organizations. The company's security team needs a single sign-on (SSO) solution across all the company's accounts. The company must continue managing the users and groups in its on-premises self-managed Microsoft Active Directory.Which solution will meet these requirements?
A. nable AWS Single Sign-On (AWS SSO) from the AWS SSO console
B. nable AWS Single Sign-On (AWS SSO) from the AWS SSO console
C. se AWS Directory Service
D. eploy an identity provider (IdP) on premises
View answer
Correct Answer: B
Question #27
A company hosts a web application on multiple Amazon EC2 instances. The EC2 instances are in an Auto Scaling group that scales in response to user demand. The company wants to optimize cost savings without making a long-term commitment.Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements?
A. edicated Instances only
B. n-Demand Instances only
C. mix of On-Demand Instances and Spot Instances
D. mix of On-Demand Instances and Reserved Instances
View answer
Correct Answer: C
Question #28
A company has a dynamic web application hosted on two Amazon EC2 instances. The company has its own SSL certificate, which is on each instance to perform SSL termination.There has been an increase in traffic recently, and the operations team determined that SSL encryption and decryption is causing the compute capacity of the web servers to reach their maximum limit.What should a solutions architect do to increase the application's performance?
A. reate a new SSL certificate using AWS Certificate Manager (ACM)
B. reate an Amazon S3 bucket Migrate the SSL certificate to the S3 bucket
C. reate another EC2 instance as a proxy server
D. mport the SSL certificate into AWS Certificate Manager (ACM)
View answer
Correct Answer: D
Question #29
A transaction processing company has weekly scripted batch jobs that run on Amazon EC2 instances. The EC2 instances are in an Auto Scaling group. The number of transactions can vary, but the baseline CPU utilization that is noted on each run is at least 60%. The company needs to provision the capacity 30 minutes before the jobs run.Currently, engineers complete this task by manually modifying the Auto Scaling group parameters. The company does not have the resources to analyze the required capacity trends f
A. reate a dynamic scaling policy for the Auto Scaling group
B. reate a scheduled scaling policy for the Auto Scaling group
C. reate a predictive scaling policy for the Auto Scaling group
D. reate an Amazon EventBridge event to invoke an AWS Lambda function when the CPU utilization metric value for the Auto Scaling group reaches 60%
View answer
Correct Answer: C
Question #30
A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.Which combination of steps will accomplish this task? (Choose two.)
A. eplace the EC2 instances with T3 EC2 instances that run in an Auto Scaling group
B. odify the CloudFormation templates to run the EC2 instances in an Auto Scaling group
C. odify the CloudFormation templates
D. odify the CloudFormation templates
View answer
Correct Answer: AE
Question #31
A company recently signed a contract with an AWS Managed Service Provider (MSP) Partner for help with an application migration initiative. A solutions architect needs ta share an Amazon Machine Image (AMI) from an existing AWS account with the MSP Partner's AWS account. The AMI is backed by Amazon Elastic Block Store (Amazon EBS) and uses an AWS Key Management Service (AWS KMS) customer managed key to encrypt EBS volume snapshots.What is the MOST secure way for the solutions architect to share the AMI with
A. ake the encrypted AMI and snapshots publicly available
B. odify the launchPermission property of the AMI
C. odify the launchPermission property of the AMI
D. xport the AMI from the source account to an Amazon S3 bucket in the MSP Partner's AWS account, Encrypt the S3 bucket with a new KMS key that is owned by the MSP Partner
View answer
Correct Answer: B
Question #32
A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity.Which solution meets these requirements?
A. urn on S3 Transfer Acceleration on the destination S3 bucket
B. pload the data from each site to an S3 bucket in the closest Region
C. chedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region
D. pload the data from each site to an Amazon EC2 instance in the closest Region
View answer
Correct Answer: A
Question #33
A company has one million users that use its mobile app. The company must analyze the data usage in near-real time. The company also must encrypt the data in near-real time and must store the data in a centralized location in Apache Parquet format for further processing.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an Amazon Kinesis data stream to store the data in Amazon S3
B. reate an Amazon Kinesis data stream to store the data in Amazon S3
C. reate an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3
D. reate an Amazon Kinesis Data Firehose delivery stream to store the data in Amazon S3
View answer
Correct Answer: D
Question #34
A company is implementing new data retention policies for all databases that run on Amazon RDS DB instances. The company must retain daily backups for a minimum period of 2 years. The backups must be consistent and restorable.Which solution should a solutions architect recommend to meet these requirements?
A. reate a backup vault in AWS Backup to retain RDS backups
B. onfigure a backup window for the RDS DB instances for daily snapshots
C. onfigure database transaction logs to be automatically backed up to Amazon CloudWatch Logs with an expiration period of 2 years
D. onfigure an AWS Database Migration Service (AWS DMS) replication task
View answer
Correct Answer: A
Question #35
A company serves a dynamic website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). The website needs to support multiple languages to serve customers around the world. The website’s architecture is running in the us-west-1 Region and is exhibiting high request latency for users that are located in other parts of the world.The website needs to serve requests quickly and efficiently regardless of a user’s location. However, the company does not want to recreate the existing arc
A. eplace the existing architecture with a website that is served from an Amazon S3 bucket
B. onfigure an Amazon CloudFront distribution with the ALB as the origin
C. reate an Amazon API Gateway API that is integrated with the ALB
D. aunch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region
View answer
Correct Answer: B
Question #36
A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants adminis
A. urchase Reserved Instances that specify the Region needed
B. reate an On-Demand Capacity Reservation that specifies the Region needed
C. urchase Reserved Instances that specify the Region and three Availability Zones needed
D. reate an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed
View answer
Correct Answer: B
Question #37
A company has an on-premises application that generates a large amount of time-sensitive data that is backed up to Amazon S3. The application has grown and there are user complaints about internet bandwidth limitations. A solutions architect needs to design a long-term solution that allows for both timely backups to Amazon S3 and with minimal impact on internet connectivity for internal users.Which solution meets these requirements?
A. stablish AWS VPN connections and proxy all traffic through a VPC gateway endpoint
B. stablish a new AWS Direct Connect connection and direct backup traffic through this new connection
C. rder daily AWS Snowball devices
D. ubmit a support ticket through the AWS Management Console
View answer
Correct Answer: B
Question #38
A company hosts a web application on multiple Amazon EC2 instances. The EC2 instances are in an Auto Scaling group that scales in response to user demand. The company wants to optimize cost savings without making a long-term commitment.Which EC2 instance purchasing option should a solutions architect recommend to meet these requirements?
A. edicated Instances only
B. n-Demand Instances only
C. mix of On-Demand Instances and Spot Instances
D. mix of On-Demand Instances and Reserved Instances
View answer
Correct Answer: C
Question #39
A company that uses AWS is building an application to transfer data to a product manufacturer. The company has its own identity provider (IdP). The company wants the IdP to authenticate application users while the users use the application to transfer data. The company must use Applicability Statement 2 (AS2) protocol.Which solution will meet these requirements?
A. se AWS DataSync to transfer the data
B. se Amazon AppFlow flows to transfer the data
C. se AWS Transfer Family to transfer the data
D. se AWS Storage Gateway to transfer the data
View answer
Correct Answer: C
Question #40
A company has more than 5 TB of file data on Windows file servers that run on premises. Users and applications interact with the data each day.The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency. The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection f
A. eploy and configure Amazon FSx for Windows File Server on AWS
B. eploy and configure an Amazon S3 File Gateway on premises
C. eploy and configure an Amazon S3 File Gateway on premises
D. eploy and configure Amazon FSx for Windows File Server on AWS
View answer
Correct Answer: D
Question #41
What should a solutions architect do to ensure that all objects uploaded to an Amazon S3 bucket are encrypted?
A. pdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set
B. pdate the bucket policy to deny if the PutObject does not have an s3:x-amz-acl header set to private
C. pdate the bucket policy to deny if the PutObject does not have an aws:SecureTransport header set to true
D. pdate the bucket policy to deny if the PutObject does not have an x-amz-server-side-encryption header set
View answer
Correct Answer: D
Question #42
A company uses AWS Organizations. The company wants to operate some of its AWS accounts with different budgets. The company wants to receive alerts and automatically prevent provisioning of additional resources on AWS accounts when the allocated budget threshold is met during a specific period.Which combination of solutions will meet these requirements? (Choose three.)
A. reate a disaster recovery (DR) plan that has a similar number of EC2 instances in the second Region
B. reate point-in-time Amazon Elastic Block Store (Amazon EBS) snapshots of the EC2 instances
C. reate a backup plan by using AWS Backup
D. eploy a similar number of EC2 instances in the second Region
View answer
Correct Answer: BDF
Question #43
A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets.A solutions architect needs to integrate the web application with the appliance to inspect all traffic to t
A. ake EBS snapshots of the production EBS volumes
B. onfigure the production EBS volumes to use the EBS Multi-Attach feature
C. ake EBS snapshots of the production EBS volumes
D. ake EBS snapshots of the production EBS volumes
View answer
Correct Answer: D
Question #44
A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.Which solution will meet these requirements?
A. mazon DynamoDB
B. mazon RDS for MySQL
C. ySQL-compatible Amazon Aurora Serverless
D. ySQL deployed on Amazon EC2 in an Auto Scaling group
View answer
Correct Answer: C
Question #45
A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture.What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?
A. se Amazon Redshift to load all the content into one place and run the SQL queries as needed
B. se Amazon CloudWatch Logs to store the logs
C. se Amazon Athena directly with Amazon S3 to run the queries as needed
D. se AWS Glue to catalog the logs
View answer
Correct Answer: C
Question #46
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
A. eleting IAM users
B. eleting directories
C. eleting Amazon EC2 instances
D. eleting logs from Amazon CloudWatch Logs
View answer
Correct Answer: C
Question #47
A company is migrating an old application to AWS. The application runs a batch job every hour and is CPU intensive. The batch job takes 15 minutes on average with an on-premises server. The server has 64 virtual CPU (vCPU) and 512 GiB of memory.Which solution will run the batch job within 15 minutes with the LEAST operational overhead?
A. se AWS Lambda with functional scaling
B. se Amazon Elastic Container Service (Amazon ECS) with AWS Fargate
C. se Amazon Lightsail with AWS Auto Scaling
D. se AWS Batch on Amazon EC2
View answer
Correct Answer: D
Question #48
A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443.Which combination of steps will accomplish this task? (Choose two.)
A. eplace the EC2 instances with T3 EC2 instances that run in an Auto Scaling group
B. odify the CloudFormation templates to run the EC2 instances in an Auto Scaling group
C. odify the CloudFormation templates
D. odify the CloudFormation templates
View answer
Correct Answer: AE
Question #49
A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type for ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch. However, the company wants to reduce costs when utilization decreases.What should a solutions architect recommend?
A. se Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns
B. se an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm
C. se Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm
D. se AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm
View answer
Correct Answer: D
Question #50
An application development team is designing a microservice that will convert large images to smaller, compressed images. When a user uploads an image through the web interface, the microservice should store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function, and store the image in its compressed form in a different S3 bucket.A solutions architect needs to design a solution that uses durable, stateless components to process the images automatically.Which combination
A. reate a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection
B. reate an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection
C. eploy a transit gateway in the inspection VP Configure route tables to route the incoming packets through the transit gateway
D. eploy a Gateway Load Balancer in the inspection VPC
View answer
Correct Answer: AB
Question #51
A company’s reporting system delivers hundreds of .csv files to an Amazon S3 bucket each day. The company must convert these files to Apache Parquet format and must store the files in a transformed data bucket.Which solution will meet these requirements with the LEAST development effort?
A. reate an Amazon EMR cluster with Apache Spark installed
B. reate an AWS Glue crawler to discover the data
C. se AWS Batch to create a job definition with Bash syntax to transform the data and output the data to the transformed data bucket
D. reate an AWS Lambda function to transform the data and output the data to the transformed data bucket
View answer
Correct Answer: B
Question #52
A company’s infrastructure consists of Amazon EC2 instances and an Amazon RDS DB instance in a single AWS Region. The company wants to back up its data in a separate Region.Which solution will meet these requirements with the LEAST operational overhead?
A. se AWS Backup to copy EC2 backups and RDS backups to the separate Region
B. se Amazon Data Lifecycle Manager (Amazon DLM) to copy EC2 backups and RDS backups to the separate Region
C. reate Amazon Machine Images (AMIs) of the EC2 instances
D. reate Amazon Elastic Block Store (Amazon EBS) snapshots
View answer
Correct Answer: A
Question #53
A company has two VPCs named Management and Production. The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections. The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.What should a solutions architect do to mitigate any single point of failure in this architecture?
A. dd a set of VPNs between the Management and Production VPCs
B. dd a second virtual private gateway and attach it to the Management VPC
C. dd a second set of VPNs to the Management VPC from a second customer gateway device
D. dd a second VPC peering connection between the Management VPC and the Production VPC
View answer
Correct Answer: C
Question #54
A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS. A custom application in the company’s data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible.The data center does not have any available network bandwidth for additional workloads. A solutions architect must transfer the data and must configure the transformation job to c
A. se AWS DataSync to move the data
B. rder an AWS Snowcone device to move the data
C. rder an AWS Snowball Edge Storage Optimized device
D. rder an AWS Snowball Edge Storage Optimized device that includes Amazon EC2 compute
View answer
Correct Answer: D
Question #55
A company is developing a new mobile app. The company must implement proper traffic filtering to protect its Application Load Balancer (ALB) against common application-level attacks, such as cross-site scripting or SQL injection. The company has minimal infrastructure and operational staff. The company needs to reduce its share of the responsibility in managing, updating, and securing servers for its AWS environment.What should a solutions architect recommend to meet these requirements?
A. onfigure AWS WAF rules and associate them with the ALB
B. eploy the application using Amazon S3 with public hosting enabled
C. eploy AWS Shield Advanced and add the ALB as a protected resource
D. reate a new ALB that directs traffic to an Amazon EC2 instance running a third-party firewall, which then passes the traffic to the current ALB
View answer
Correct Answer: A
Question #56
A solutions architect needs to optimize storage costs. The solutions architect must identify any Amazon S3 buckets that are no longer being accessed or are rarely accessed.Which solution will accomplish this goal with the LEAST operational overhead?
A. nalyze bucket access patterns by using the S3 Storage Lens dashboard for advanced activity metrics
B. nalyze bucket access patterns by using the S3 dashboard in the AWS Management Console
C. urn on the Amazon CloudWatch BucketSizeBytes metric for buckets
D. urn on AWS CloudTrail for S3 object monitoring
View answer
Correct Answer: A
Question #57
A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.Which solution meets these requirements with the LEAST amount of operational overhead?
A. dd the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy
B. reate an organizational unit (OU) for each department
C. se AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events
D. ag each user that needs access to the S3 bucket
View answer
Correct Answer: A
Question #58
A company wants to build a scalable key management infrastructure to support developers who need to encrypt data in their applications.What should a solutions architect do to reduce the operational burden?
A. se multi-factor authentication (MFA) to protect the encryption keys
B. se AWS Key Management Service (AWS KMS) to protect the encryption keys
C. se AWS Certificate Manager (ACM) to create, store, and assign the encryption keys
D. se an IAM policy to limit the scope of users who have access permissions to protect the encryption keys
View answer
Correct Answer: B
Question #59
A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.What should a solutions architect do to meet these requirements?
A. reate an AWS Lambda function to apply the patch to all EC2 instances
B. onfigure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances
C. onfigure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances
D. se AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances
View answer
Correct Answer: D
Question #60
A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents.The company decides to host its website on AWS and to use Amazon CloudFront. The company’s solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the
A. reate a virtual server by using Amazon Lightsail
B. reate an AWS Auto Scaling group for Amazon EC2 instances
C. reate a private Amazon S3 bucket
D. reate a public Amazon S3 bucket
View answer
Correct Answer: C
Question #61
A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.What should a solutions architect do to meet this requirement?
A. pdate the ALB's network ACL to accept only HTTPS traffic
B. reate a rule that replaces the HTTP in the URL with HTTPS
C. reate a listener rule on the ALB to redirect HTTP traffic to HTTPS
D. eplace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI)
View answer
Correct Answer: C
Question #62
A company is developing a new machine learning (ML) model solution on AWS. The models are developed as independent microservices that fetch approximately 1 GB of model data from Amazon S3 at startup and load the data into memory. Users access the models through an asynchronous API. Users can send a request or a batch of requests and specify where the results should be sent.The company provides models to hundreds of users. The usage patterns for the models are irregular. Some models could be unused for days
A. irect the requests from the API to a Network Load Balancer (NLB)
B. irect the requests from the API to an Application Load Balancer (ALB)
C. irect the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue
D. irect the requests from the API into an Amazon Simple Queue Service (Amazon SQS) queue
View answer
Correct Answer: D
Question #63
A company has an application that collects data from IoT sensors on automobiles. The data is streamed and stored in Amazon S3 through Amazon Kinesis Data Firehose. The data produces trillions of S3 objects each year. Each morning, the company uses the data from the previous 30 days to retrain a suite of machine learning (ML) models.Four times each year, the company uses the data from the previous 12 months to perform analysis and train other ML models. The data must be available with minimal delay for up to
A. se the S3 Intelligent-Tiering storage class
B. se the S3 Intelligent-Tiering storage class
C. se the S3 Standard-Infrequent Access (S3 Standard-IA) storage class
D. se the S3 Standard storage class
View answer
Correct Answer: D
Question #64
A company stores its application logs in an Amazon CloudWatch Logs log group. A new policy requires the company to store all application logs in Amazon OpenSearch Service (Amazon Elasticsearch Service) in near-real time.Which solution will meet this requirement with the LEAST operational overhead?
A. onfigure a CloudWatch Logs subscription to stream the logs to Amazon OpenSearch Service (Amazon Elasticsearch Service)
B. reate an AWS Lambda function
C. reate an Amazon Kinesis Data Firehose delivery stream
D. nstall and configure Amazon Kinesis Agent on each application server to deliver the logs to Amazon Kinesis Data Streams
View answer
Correct Answer: A
Question #65
A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are deliver
A. ncrease the size of the DB instance to an instance type that has more available memory
B. odify the DB instance to be a Multi-AZ DB instance
C. odify the API to write incoming data to an Amazon Simple Queue Service (Amazon SQS) queue
D. odify the API to write incoming data to an Amazon Simple Notification Service (Amazon SNS) topic
View answer
Correct Answer: B
Question #66
A solutions architect configured a VPC that has a small range of IP addresses. The number of Amazon EC2 instances that are in the VPC is increasing, and there is an insufficient number of IP addresses for future workloads.Which solution resolves this issue with the LEAST operational overhead?
A. dd an additional IPv4 CIDR block to increase the number of IP addresses and create additional subnets in the VPC
B. reate a second VPC with additional subnets
C. se AWS Transit Gateway to add a transit gateway and connect a second VPC with the first VPUpdate the routes of the transit gateway and VPCs
D. reate a second VPC
View answer
Correct Answer: A
Question #67
An application allows users at a company's headquarters to access product data. The product data is stored in an Amazon RDS MySQL DB instance. The operations team has isolated an application performance slowdown and wants to separate read traffic from write traffic. A solutions architect needs to optimize the application's performance quickly.What should the solutions architect recommend?
A. hange the existing database to a Multi-AZ deployment
B. hange the existing database to a Multi-AZ deployment
C. reate read replicas for the database
D. reate read replicas for the database
View answer
Correct Answer: D
Question #68
A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.Which solution will meet these requirements with the LEAST operational overhead?
A. tore the credentials as secrets in AWS Secrets Manager
B. tore the credentials as secrets in AWS Systems Manager by creating a secure string parameter
C. tore the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled
D. ncrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys
View answer
Correct Answer: A
Question #69
A company is developing a microservices application that will provide a search catalog for customers. The company must use REST APIs to present the frontend of the application to users. The REST APIs must access the backend services that the company hosts in containers in private VPC subnets.Which solution will meet these requirements?
A. esign a WebSocket API by using Amazon API Gateway
B. esign a REST API by using Amazon API Gateway
C. esign a WebSocket API by using Amazon API Gateway
D. esign a REST API by using Amazon API Gateway
View answer
Correct Answer: B
Question #70
A company is migrating a distributed application to AWS. The application serves variable workloads. The legacy platform consists of a primary server that coordinates jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes resiliency and scalability.How should a solutions architect design the architecture to meet these requirements?
A. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs
B. onfigure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs
C. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group
D. mplement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group
View answer
Correct Answer: C
Question #71
A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1,000 messages each hour. The messages may take up to 2 days to be processed: If the messages fail to process, they must be retained so that they do not impact the processing of any remaining message
A. et up an Amazon EC2 instance running a Redis database
B. se an Amazon Kinesis data stream to receive the messages from the sender application
C. ntegrate the sender and processor applications with an Amazon Simple Queue Service (Amazon SQS) queue
D. ubscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to process
View answer
Correct Answer: C
Question #72
A developer has an application that uses an AWS Lambda function to upload files to Amazon S3 and needs the required permissions to perform the task. The developer already has an IAM user with valid IAM credentials required for Amazon S3.What should a solutions architect do to grant the permissions?
A. dd required IAM permissions in the resource policy of the Lambda function
B. reate a signed request using the existing IAM credentials in the Lambda function
C. reate a new IAM user and use the existing IAM credentials in the Lambda function
D. reate an IAM execution role with the required permissions and attach the IAM role to the Lambda function
View answer
Correct Answer: D
Question #73
A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity.Which solution meets these requirements?
A. urn on S3 Transfer Acceleration on the destination S3 bucket
B. pload the data from each site to an S3 bucket in the closest Region
C. chedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region
D. pload the data from each site to an Amazon EC2 instance in the closest Region
View answer
Correct Answer: A
Question #74
A company that primarily runs its application servers on premises has decided to migrate to AWS. The company wants to minimize its need to scale its Internet Small Computer Systems Interface (iSCSI) storage on premises. The company wants only its recently accessed data to remain stored locally.Which AWS solution should the company use to meet these requirements?
A. mazon S3 File Gateway
B. WS Storage Gateway Tape Gateway
C. WS Storage Gateway Volume Gateway stored volumes
D. WS Storage Gateway Volume Gateway cached volumes
View answer
Correct Answer: D
Question #75
A company has implemented a self-managed DNS solution on three Amazon EC2 instances behind a Network Load Balancer (NLB) in the us-west-2 Region. Most of the company's users are located in the United States and Europe. The company wants to improve the performance and availability of the solution. The company launches and configures three EC2 instances in the eu-west-1 Region and adds the EC2 instances as targets for a new NLB.Which solution can the company use to route traffic to all the EC2 instances?
A. reate an Amazon Route 53 geolocation routing policy to route requests to one of the two NLBs
B. reate a standard accelerator in AWS Global Accelerator
C. ttach Elastic IP addresses to the six EC2 instances
D. eplace the two NLBs with two Application Load Balancers (ALBs)
View answer
Correct Answer: B
Question #76
A media company is evaluating the possibility of moving its systems to the AWS Cloud. The company needs at least 10 TB of storage with the maximum possible I/O performance for video processing, 300 TB of very durable storage for storing media content, and 900 TB of storage to meet requirements for archival media that is not in use anymore.Which set of services should a solutions architect recommend to meet these requirements?
A. se Spot Instances in an Amazon EC2 Auto Scaling group to run the application containers
B. se Spot Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group
C. se On-Demand Instances in an Amazon EC2 Auto Scaling group to run the application containers
D. se On-Demand Instances in an Amazon Elastic Kubernetes Service (Amazon EKS) managed node group
View answer
Correct Answer: A
Question #77
A company has a stateless web application that runs on AWS Lambda functions that are invoked by Amazon API Gateway. The company wants to deploy the application across multiple AWS Regions to provide Regional failover capabilities.What should a solutions architect do to route traffic to multiple Regions?
A. reate Amazon Route 53 health checks for each Region
B. reate an Amazon CloudFront distribution with an origin for each Region
C. reate a transit gateway
D. reate an Application Load Balancer in the primary Region
View answer
Correct Answer: A
Question #78
A company has an on-premises volume backup solution that has reached its end of life. The company wants to use AWS as part of a new backup solution and wants to maintain local access to all the data while it is backed up on AWS. The company wants to ensure that the data backed up on AWS is automatically and securely transferred.Which solution meets these requirements?
A. se AWS Snowball to migrate data out of the on-premises solution to Amazon S3
B. se AWS Snowball Edge to migrate data out of the on-premises solution to Amazon S3
C. se AWS Storage Gateway and configure a cached volume gateway
D. se AWS Storage Gateway and configure a stored volume gateway
View answer
Correct Answer: D
Question #79
An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.Which solution will meet these re
A. igrate the purchase data to write directly to Amazon RDS
B. chedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3
C. reate a data lake by using AWS Lake Formation
D. reate an Amazon Redshift cluster
View answer
Correct Answer: C
Question #80
A company hosts an application on AWS Lambda functions that are invoked by an Amazon API Gateway API. The Lambda functions save customer data to an Amazon Aurora MySQL database. Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete. The result is that customer data is not recorded for some of the event.A solutions architect needs to design a solution that stores customer data that is created during database upgrades.Which soluti
A. rovision an Amazon RDS proxy to sit between the Lambda functions and the database
B. ncrease the run time of the Lambda functions to the maximum
C. ersist the customer data to Lambda local storage
D. tore the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue
View answer
Correct Answer: A
Question #81
A company needs to run a critical application on AWS. The company needs to use Amazon EC2 for the application’s database. The database must be highly available and must fail over automatically if a disruptive event occurs.Which solution will meet these requirements?
A. aunch two EC2 instances, each in a different Availability Zone in the same AWS Region
B. aunch an EC2 instance in an Availability Zone
C. aunch two EC2 instances, each in a different AWS Region
D. aunch an EC2 instance in an Availability Zone
View answer
Correct Answer: C
Question #82
A company is running a business-critical web application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database that is deployed in a single Availability Zone. The company wants the application to be highly available with minimum downtime and minimum loss of data.Which solution will meet these requirements with the LEAST operational effort?
A. lace the EC2 instances in different AWS Regions
B. onfigure the Auto Scaling group to use multiple Availability Zones
C. onfigure the Auto Scaling group to use one Availability Zone
D. onfigure the Auto Scaling group to use multiple AWS Regions
View answer
Correct Answer: B
Question #83
A company has a small Python application that processes JSON documents and outputs the results to an on-premises SQL database. The application runs thousands of times each day. The company wants to move the application to the AWS Cloud. The company needs a highly available solution that maximizes scalability and minimizes operational overhead.Which solution will meet these requirements?
A. lace the JSON documents in an Amazon S3 bucket
B. lace the JSON documents in an Amazon S3 bucket
C. lace the JSON documents in an Amazon Elastic Block Store (Amazon EBS) volume
D. lace the JSON documents in an Amazon Simple Queue Service (Amazon SQS) queue as messages
View answer
Correct Answer: B
Question #84
A company stores call transcript files on a monthly basis. Users access the files randomly within 1 year of the call, but users access the files infrequently after 1 year. The company wants to optimize its solution by giving users the ability to query and retrieve files that are less than 1-year-old as quickly as possible. A delay in retrieving older files is acceptable.Which solution will meet these requirements MOST cost-effectively?
A. tore individual files with tags in Amazon S3 Glacier Instant Retrieval
B. tore individual files in Amazon S3 Intelligent-Tiering
C. tore individual files with tags in Amazon S3 Standard storage
D. tore individual files in Amazon S3 Standard storage
View answer
Correct Answer: B
Question #85
A company wants to migrate its existing on-premises monolithic application to AWS. The company wants to keep as much of the front-end code and the backend code as possible. However, the company wants to break the application into smaller applications. A different team will manage each application. The company needs a highly scalable solution that minimizes operational overhead.Which solution will meet these requirements?
A. ost the application on AWS Lambda
B. ost the application with AWS Amplify
C. ost the application on Amazon EC2 instances
D. ost the application on Amazon Elastic Container Service (Amazon ECS)
View answer
Correct Answer: D
Question #86
A company has developed a new video game as a web application. The application is in a three-tier architecture in a VPC with Amazon RDS for MySQL in the database layer. Several players will compete concurrently online. The game’s developers want to display a top-10 scoreboard in near-real time and offer the ability to stop and restore the game while preserving the current scores.What should a solutions architect do to meet these requirements?
A. se AWS Glue to create an ML transform to build and train models
B. se Amazon SageMaker to build and train models
C. se a pre-built ML Amazon Machine Image (AMI) from the AWS Marketplace to build and train models
D. se Amazon QuickSight to build and train models by using calculated fields
View answer
Correct Answer: B
Question #87
A company hosts an online shopping application that stores all orders in an Amazon RDS for PostgreSQL Single-AZ DB instance. Management wants to eliminate single points of failure and has asked a solutions architect to recommend an approach to minimize database downtime without requiring any changes to the application code.Which solution meets these requirements?
A. onvert the existing database instance to a Multi-AZ deployment by modifying the database instance and specifying the Multi-AZ option
B. reate a new RDS Multi-AZ deployment
C. reate a read-only replica of the PostgreSQL database in another Availability Zone
D. lace the RDS for PostgreSQL database in an Amazon EC2 Auto Scaling group with a minimum group size of two
View answer
Correct Answer: A
Question #88
A company wants to create an application to store employee data in a hierarchical structured relationship. The company needs a minimum-latency response to high-traffic queries for the employee data and must protect any sensitive data. The company also needs to receive monthly email messages if any financial information is present in the employee data.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. reate an AWS Backup plan to back up the DynamoDB table on the first day of each month
B. reate a DynamoDB on-demand backup of the DynamoDB table on the first day of each month
C. se the AWS SDK to develop a script that creates an on-demand backup of the DynamoDB table
D. se the AWS CLI to create an on-demand backup of the DynamoDB table
View answer
Correct Answer: BE
Question #89
A company has a highly dynamic batch processing job that uses many Amazon EC2 instances to complete it. The job is stateless in nature, can be started and stopped at any given time with no negative impact, and typically takes upwards of 60 minutes total to complete. The company has asked a solutions architect to design a scalable and cost-effective solution that meets the requirements of the job.What should the solutions architect recommend?
A. mplement EC2 Spot Instances
B. urchase EC2 Reserved Instances
C. mplement EC2 On-Demand Instances
D. mplement the processing on AWS Lambda
View answer
Correct Answer: A
Question #90
A company uses a 100 GB Amazon RDS for Microsoft SQL Server Single-AZ DB instance in the us-east-1 Region to store customer transactions. The company needs high availability and automatic recovery for the DB instance.The company must also run reports on the RDS database several times a year. The report process causes transactions to take longer than usual to post to the customers’ accounts. The company needs a solution that will improve the performance of the report process.Which combination of steps will m
A. uild out the workflow in AWS Glue
B. uild out the workflow in AWS Step Functions
C. uild out the workflow in Amazon EventBridge
D. uild out the workflow in AWS Step Functions
View answer
Correct Answer: AC
Question #91
A solutions architect has created a new AWS account and must secure AWS account root user access. Which combination of actions will accomplish this? (Choose two.)
A. se AWS Key Management Service (AWS KMS) certificates on the ALB to encrypt data in transit
B. se the AWS root account to log in to the AWS Management Console
C. se AWS Key Management Service (AWS KMS) to encrypt the EBS volumes and Aurora database storage at rest
D. se BitLocker to encrypt all data at rest
View answer
Correct Answer: AB
Question #92
A company uses 50 TB of data for reporting. The company wants to move this data from on premises to AWS. A custom application in the company’s data center runs a weekly data transformation job. The company plans to pause the application until the data transfer is complete and needs to begin the transfer process as soon as possible.The data center does not have any available network bandwidth for additional workloads. A solutions architect must transfer the data and must configure the transformation job to c
A. se AWS DataSync to move the data
B. rder an AWS Snowcone device to move the data
C. rder an AWS Snowball Edge Storage Optimized device
D. rder an AWS Snowball Edge Storage Optimized device that includes Amazon EC2 compute
View answer
Correct Answer: D
Question #93
A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations.Which solution meets these requirements with the LEAST amount of operational overhead?
A. dd the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy
B. reate an organizational unit (OU) for each department
C. se AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events
D. ag each user that needs access to the S3 bucket
View answer
Correct Answer: A
Question #94
A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture the text from the audio files. The company must remove from the text any personally identifiable information (PII) that belongs to customers.What should a solutions architect do to meet these requirements?
A. rocess the audio files by using Amazon Kinesis Video Streams
B. hen an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings
C. onfigure an Amazon Transcribe transcription job with PII redaction turned on
D. reate an Amazon Connect contact flow that ingests the audio files with transcription turned on
View answer
Correct Answer: C
Question #95
A company recently started using Amazon Aurora as the data store for its global ecommerce application. When large reports are run, developers report that the ecommerce application is performing poorly. After reviewing metrics in Amazon CloudWatch, a solutions architect finds that the ReadIOPS and CPUUtilization metrics are spiking when monthly reports run.What is the MOST cost-effective solution?
A. igrate the monthly reporting to Amazon Redshift
B. igrate the monthly reporting to an Aurora Replica
C. igrate the Aurora database to a larger instance class
D. ncrease the Provisioned IOPS on the Aurora instance
View answer
Correct Answer: B
Question #96
A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has deployments across multiple AWS Regions.The company needs to route users to the Region with the lowest latency. The company also needs automated failover between Regions.Which solution will meet these requirements?
A. eploy a Network Load Balancer (NLB) and an associated target group
B. eploy an Application Load Balancer (ALB) and an associated target group
C. eploy a Network Load Balancer (NLB) and an associated target group
View answer
Correct Answer: A
Question #97
A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL.What should a solutions architect do to meet these requirements?
A. mazon CloudFront and Amazon S3
B. WS Lambda and Amazon DynamoDB
C. pplication Load Balancer with Amazon EC2 Auto Scaling
D. mazon Route 53 with internal Application Load Balancers
View answer
Correct Answer: D
Question #98
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.Which solution will meet these requirements with the LEAST operational overhead?
A. se the EC2 serial console to directly access the terminal interface of each instance for administration
B. ttach the appropriate IAM role to each existing instance and new instance
C. reate an administrative SSH key pair
D. stablish an AWS Site-to-Site VPN connection
View answer
Correct Answer: B
Question #99
A company runs its infrastructure on AWS and has a registered base of 700,000 users for its document management application. The company intends to create a product that converts large .pdf files to .jpg image files. The .pdf files average 5 MB in size. The company needs to store the original files and the converted files. A solutions architect must design a scalable solution to accommodate demand that will grow rapidly over time.Which solution meets these requirements MOST cost-effectively?
A. ave the
B. ave the
C. pload the
D. pload the
View answer
Correct Answer: A
Question #100
A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.Which action should the solutions architect take?
A. onfigure a CloudFront signed URL
B. onfigure a CloudFront signed cookie
C. onfigure a CloudFront field-level encryption profile
D. onfigure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy
View answer
Correct Answer: C
Question #101
A company runs an on-premises application that is powered by a MySQL database. The company is migrating the application to AWS to increase the application's elasticity and availability.The current architecture shows heavy read activity on the database during times of normal operation. Every 4 hours, the company's development team pulls a full export of the production database to populate a database in the staging environment. During this period, users experience unacceptable application latency. The develop
A. se Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production
B. se Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production
C. se Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production
D. se Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for production
View answer
Correct Answer: B
Question #102
A company wants to migrate an on-premises data center to AWS. The data center hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system.Which combination of steps should a solutions architect take to automate this task? (Choose two.)
A. dit the job to use job bookmarks
B. dit the job to delete data after the data is processed
C. dit the job by setting the NumberOfWorkers field to 1
D. se a FindMatches machine learning (ML) transform
View answer
Correct Answer: AB
Question #103
An Amazon EC2 instance is located in a private subnet in a new VPC. This subnet does not have outbound internet access, but the EC2 instance needs the ability to download monthly security updates from an outside vendor.What should a solutions architect do to meet these requirements?
A. reate an internet gateway, and attach it to the VPC
B. reate a NAT gateway, and place it in a public subnet
C. reate a NAT instance, and place it in the same subnet where the EC2 instance is located
D. reate an internet gateway, and attach it to the VPC
View answer
Correct Answer: B
Question #104
A company’s security team requests that network traffic be captured in VPC Flow Logs. The logs will be frequently accessed for 90 days and then accessed intermittently.What should a solutions architect do to meet these requirements when configuring the logs?
A. se Amazon CloudWatch as the target
B. se Amazon Kinesis as the target
C. se AWS CloudTrail as the target
D. se Amazon S3 as the target
View answer
Correct Answer: D
Question #105
A company is developing a marketing communications service that targets mobile app users. The company needs to send confirmation messages with Short Message Service (SMS) to its users. The users must be able to reply to the SMS messages. The company must store the responses for a year for analysis.What should a solutions architect do to meet these requirements?
A. reate an Amazon Connect contact flow to send the SMS messages
B. uild an Amazon Pinpoint journey
C. se Amazon Simple Queue Service (Amazon SQS) to distribute the SMS messages
D. reate an Amazon Simple Notification Service (Amazon SNS) FIFO topic
View answer
Correct Answer: B
Question #106
A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company’s HPC workloads run on Linux. Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is short-lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long-term future use.The company seeks a cloud storage solution that permits the copying of on-premises data to long-term persistent storage to make data available for process
A. mazon FSx for Lustre integrated with Amazon S3
B. mazon FSx for Windows File Server integrated with Amazon S3
C. mazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)
D. mazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume
View answer
Correct Answer: A
Question #107
A company runs a web application that is backed by Amazon RDS. A new database administrator caused data loss by accidentally editing information in a database table. To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.Which feature should the solutions architect include in the design to meet this requirement?
A. ead replicas
B. anual snapshots
C. utomated backups
D. ulti-AZ deployments
View answer
Correct Answer: C
Question #108
A company has an application that runs on several Amazon EC2 instances. Each EC2 instance has multiple Amazon Elastic Block Store (Amazon EBS) data volumes attached to it. The application’s EC2 instance configuration and data need to be backed up nightly. The application also needs to be recoverable in a different AWS Region.Which solution will meet these requirements in the MOST operationally efficient way?
A. rite an AWS Lambda function that schedules nightly snapshots of the application’s EBS volumes and copies the snapshots to a different Region
B. reate a backup plan by using AWS Backup to perform nightly backups
C. reate a backup plan by using AWS Backup to perform nightly backups
D. rite an AWS Lambda function that schedules nightly snapshots of the application's EBS volumes and copies the snapshots to a different Availability Zone
View answer
Correct Answer: B
Question #109
An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.The company wants to make all the data available to various teams so that the teams can perform analytics. The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.Which solution will meet these re
A. igrate the purchase data to write directly to Amazon RDS
B. chedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3
C. reate a data lake by using AWS Lake Formation
D. reate an Amazon Redshift cluster
View answer
Correct Answer: C
Question #110
A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.Which solution will meet this requirement?
A. reate an IAM role that specifies EBS encryption
B. reate the EBS volumes as encrypted volumes
C. reate an EC2 instance tag that has a key of Encrypt and a value of True
D. reate an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account
View answer
Correct Answer: B
Question #111
A medical research lab produces data that is related to a new study. The lab wants to make the data available with minimum latency to clinics across the country for their on-premises, file-based applications. The data files are stored in an Amazon S3 bucket that has read-only permissions for each clinic.What should a solutions architect recommend to meet these requirements?
A. eploy an AWS Storage Gateway file gateway as a virtual machine (VM) on premises at each clinic
B. igrate the files to each clinic’s on-premises applications by using AWS DataSync for processing
C. eploy an AWS Storage Gateway volume gateway as a virtual machine (VM) on premises at each clinic
D. ttach an Amazon Elastic File System (Amazon EFS) file system to each clinic’s on-premises servers
View answer
Correct Answer: A
Question #112
A company is using a content management system that runs on a single Amazon EC2 instance. The EC2 instance contains both the web server and the database software. The company must make its website platform highly available and must enable the website to scale to meet user demand.What should a solutions architect recommend to meet these requirements?
A. ove the database to Amazon RDS, and enable automatic backups
B. igrate the database to an Amazon Aurora instance with a read replica in the same Availability Zone as the existing EC2 instance
C. ove the database to Amazon Aurora with a read replica in another Availability Zone
D. ove the database to a separate EC2 instance, and schedule backups to Amazon S3
View answer
Correct Answer: C
Question #113
A company runs a production application on a fleet of Amazon EC2 instances. The application reads the data from an Amazon SQS queue and processes the messages in parallel. The message volume is unpredictable and often has intermittent traffic. This application should continually process messages without any downtime.Which solution meets these requirements MOST cost-effectively?
A. se Spot Instances exclusively to handle the maximum capacity required
B. se Reserved Instances exclusively to handle the maximum capacity required
C. se Reserved Instances for the baseline capacity and use Spot Instances to handle additional capacity
D. se Reserved Instances for the baseline capacity and use On-Demand Instances to handle additional capacity
View answer
Correct Answer: C
Question #114
A company is planning to store data on Amazon RDS DB instances. The company must encrypt the data at rest. What should a solutions architect do to meet this requirement?
A. reate a key in AWS Key Management Service (AWS KMS)
B. reate an encryption key
C. enerate a certificate in AWS Certificate Manager (ACM)
D. enerate a certificate in AWS Identity and Access Management (IAM)
View answer
Correct Answer: A
Question #115
A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing. As the popularity of the service has grown over time, the storage costs have become too expensive.Which storage solution is MOST cost-effective?
A. se AWS Storage Gateway for files to store and process the video content
B. se AWS Storage Gateway for volumes to store and process the video content
C. se Amazon EFS for storing the video content
D. se Amazon S3 for storing the video content
View answer
Correct Answer: D
Question #116
A company is building an application in the AWS Cloud. The application will store data in Amazon S3 buckets in two AWS Regions. The company must use an AWS Key Management Service (AWS KMS) customer managed key to encrypt all data that is stored in the S3 buckets. The data in both S3 buckets must be encrypted and decrypted with the same KMS key. The data and the key must be stored in each of the two Regions.Which solution will meet these requirements with the LEAST operational overhead?
A. reate an S3 bucket in each Region
B. reate a customer managed multi-Region KMS key
C. reate a customer managed KMS key and an S3 bucket in each Region
D. reate a customer managed KMS key and an S3 bucket in each Region
View answer
Correct Answer: C
Question #117
A company needs to configure a real-time data ingestion architecture for its application. The company needs an API, a process that transforms data as the data is streamed, and a storage solution for the data.Which solution will meet these requirements with the LEAST operational overhead?
A. eploy an Amazon EC2 instance to host an API that sends data to an Amazon Kinesis data stream
B. eploy an Amazon EC2 instance to host an API that sends data to AWS Glue
C. onfigure an Amazon API Gateway API to send data to an Amazon Kinesis data stream
D. onfigure an Amazon API Gateway API to send data to AWS Glue
View answer
Correct Answer: C
Question #118
A company is implementing a shared storage solution for a gaming application that is hosted in an on-premises data center. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.Which solution meets these requirements?
A. reate an AWS Storage Gateway file gateway
B. reate an Amazon EC2 Windows instance
C. reate an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre
D. reate an Amazon FSx for Lustre file system
View answer
Correct Answer: D
Question #119
A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers that the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.What should a solutions architect do to correct this issue?
A. reate security group rules using the instance ID as the source or destination
B. reate security group rules using the security group ID as the source or destination
C. reate security group rules using the VPC CIDR blocks as the source or destination
D. reate security group rules using the subnet CIDR blocks as the source or destination
View answer
Correct Answer: B
Question #120
A company’s application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight, the application becomes much slower when the month-end financial calculation batch runs. This causes the CPU utilization of the EC2 instances to immediately peak to 100%, which disrupts the application.What should a solutions architect recommend to ensure the application is able t
A. onfigure an Amazon CloudFront distribution in front of the ALB
B. onfigure an EC2 Auto Scaling simple scaling policy based on CPU utilization
C. onfigure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule
D. onfigure Amazon ElastiCache to remove some of the workload from the EC2 instances
View answer
Correct Answer: C
Question #121
A company designed a stateless two-tier application that uses Amazon EC2 in a single Availability Zone and an Amazon RDS Multi-AZ DB instance. New company management wants to ensure the application is highly available.What should a solutions architect do to meet this requirement?
A. onfigure the application to use Multi-AZ EC2 Auto Scaling and create an Application Load Balancer
B. onfigure the application to take snapshots of the EC2 instances and send them to a different AWS Region
C. onfigure the application to use Amazon Route 53 latency-based routing to feed requests to the application
D. onfigure Amazon Route 53 rules to handle incoming requests and create a Multi-AZ Application Load Balancer
View answer
Correct Answer: A
Question #122
A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances. Amazon RDS DB instances. and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check.What should a solutions architect do to accomplish this?
A. se AWS Config rules to define and detect resources that are not properly tagged
B. se Cost Explorer to display resources that are not properly tagged
C. rite API calls to check all resources for proper tag allocation
D. rite API calls to check all resources for proper tag allocation
View answer
Correct Answer: A
Question #123
A company recently deployed a new auditing system to centralize information about operating system versions, patching, and installed software for Amazon EC2 instances. A solutions architect must ensure all instances provisioned through EC2 Auto Scaling groups successfully send reports to the auditing system as soon as they are launched and terminated.Which solution achieves these goals MOST efficiently?
A. se a scheduled AWS Lambda function and run a script remotely on all EC2 instances to send data to the audit system
B. se EC2 Auto Scaling lifecycle hooks to run a custom script to send data to the audit system when instances are launched and terminated
C. se an EC2 Auto Scaling launch configuration to run a custom script through user data to send data to the audit system when instances are launched and terminated
D. un a custom script on the instance operating system to send data to the audit system
View answer
Correct Answer: B
Question #124
A gaming company has a web application that displays scores. The application runs on Amazon EC2 instances behind an Application Load Balancer. The application stores data in an Amazon RDS for MySQL database. Users are starting to experience long delays and interruptions that are caused by database read performance. The company wants to improve the user experience while minimizing changes to the application’s architecture.What should a solutions architect do to meet these requirements?
A. se Amazon ElastiCache in front of the database
B. se RDS Proxy between the application and the database
C. igrate the application from EC2 instances to AWS Lambda
D. igrate the database from Amazon RDS for MySQL to Amazon DynamoDB
View answer
Correct Answer: A
Question #125
A company has resources across multiple AWS Regions and accounts. A newly hired solutions architect discovers a previous employee did not provide details about the resources inventory. The solutions architect needs to build and map the relationship details of the various workloads across all accounts.Which solution will meet these requirements in the MOST operationally efficient way?
A. se AWS Systems Manager Inventory to generate a map view from the detailed view report
B. se AWS Step Functions to collect workload details
C. se Workload Discovery on AWS to generate architecture diagrams of the workloads
D. se AWS X-Ray to view the workload details
View answer
Correct Answer: C
Question #126
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.What should a solutions architect do to meet these requirements?
A. se AWS Certificate Manager (ACM) to issue an SSL/TLS certificate
B. se AWS Certificate Manager (ACM) to issue an SSL/TLS certificate
C. se AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA
D. se AWS Certificate Manager (ACM) to import an SSL/TLS certificate
View answer
Correct Answer: D
Question #127
A company hosts a serverless application on AWS. The application uses Amazon API Gateway, AWS Lambda, and an Amazon RDS for PostgreSQL database. The company notices an increase in application errors that result from database connection timeouts during times of peak traffic or unpredictable traffic. The company needs a solution that reduces the application failures with the least amount of change to the code.What should a solutions architect do to meet these requirements?
A. educe the Lambda concurrency rate
B. nable RDS Proxy on the RDS DB instance
C. esize the RDS DB instance class to accept more connections
D. igrate the database to Amazon DynamoDB with on-demand scaling
View answer
Correct Answer: B
Question #128
A company has implemented a self-managed DNS service on AWS. The solution consists of the following:•Amazon EC2 instances in different AWS Regions•Endpoints of a standard accelerator in AWS Global AcceleratorThe company wants to protect the solution against DDoS attacks.What should a solutions architect do to meet this requirement?
A. ubscribe to AWS Shield Advanced
B. ubscribe to AWS Shield Advanced
C. reate an AWS WAF web ACL that includes a rate-based rule
D. reate an AWS WAF web ACL that includes a rate-based rule
View answer
Correct Answer: A
Question #129
A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company’s security team has noticed an increase in the number of API requests. The security team is concerned that HTTP flood attacks might take the application offline.A solutions architect must design a solution to protect the application from this type of attack.Which solution meets these requirements with the LEAST operationa
A. reate an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours
B. reate a Regional AWS WAF web ACL with a rate-based rule
C. se Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached
D. reate an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint
View answer
Correct Answer: B
Question #130
A financial company hosts a web application on AWS. The application uses an Amazon API Gateway Regional API endpoint to give users the ability to retrieve current stock prices. The company’s security team has noticed an increase in the number of API requests. The security team is concerned that HTTP flood attacks might take the application offline.A solutions architect must design a solution to protect the application from this type of attack.Which solution meets these requirements with the LEAST operationa
A. reate an Amazon CloudFront distribution in front of the API Gateway Regional API endpoint with a maximum TTL of 24 hours
B. reate a Regional AWS WAF web ACL with a rate-based rule
C. se Amazon CloudWatch metrics to monitor the Count metric and alert the security team when the predefined rate is reached
D. reate an Amazon CloudFront distribution with Lambda@Edge in front of the API Gateway Regional API endpoint
View answer
Correct Answer: B
Question #131
A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings. In the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur, they will happen very quickly.What should a solutions architect recommend?
A. reate a DynamoDB table in on-demand capacity mode
B. reate a DynamoDB table with a global secondary index
C. reate a DynamoDB table with provisioned capacity and auto scaling
D. reate a DynamoDB table in provisioned capacity mode, and configure it as a global table
View answer
Correct Answer: A
Question #132
A company maintains a searchable repository of items on its website. The data is stored in an Amazon RDS for MySQL database table that contains more than 10 million rows. The database has 2 TB of General Purpose SSD storage. There are millions of updates against this data every day through the company's website.The company has noticed that some insert operations are taking 10 seconds or longer. The company has determined that the database storage performance is the problem.Which solution addresses this perf
A. hange the storage type to Provisioned IOPS SSD
B. hange the DB instance to a memory optimized instance class
C. hange the DB instance to a burstable performance instance class
D. nable Multi-AZ RDS read replicas with MySQL native asynchronous replication
View answer
Correct Answer: A
Question #133
A media company hosts its website on AWS. The website application’s architecture includes a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) and a database that is hosted on Amazon Aurora. The company’s cybersecurity team reports that the application is vulnerable to SQL injection.How should the company resolve this issue?
A. se AWS WAF in front of the ALB
B. reate an ALB listener rule to reply to SQL injections with a fixed response
C. ubscribe to AWS Shield Advanced to block all SQL injection attempts automatically
D. et up Amazon Inspector to block all SQL injection attempts automatically
View answer
Correct Answer: A
Question #134
A company is implementing a shared storage solution for a media application that is hosted in the AWS Cloud. The company needs the ability to use SMB clients to access data. The solution must be fully managed.Which AWS solution meets these requirements?
A. reate an AWS Storage Gateway volume gateway
B. reate an AWS Storage Gateway tape gateway
C. reate an Amazon EC2 Windows instance
D. reate an Amazon FSx for Windows File Server file system
View answer
Correct Answer: D
Question #135
A company has an on-premises MySQL database used by the global sales team with infrequent access patterns. The sales team requires the database to have minimal downtime. A database administrator wants to migrate this database to AWS without selecting a particular instance type in anticipation of more users in the future.Which service should a solutions architect recommend?
A. mazon Aurora MySQL
B. mazon Aurora Serverless for MySQL
C. mazon Redshift Spectrum
D. mazon RDS for MySQL
View answer
Correct Answer: B
Question #136
A research laboratory needs to process approximately 8 TB of data. The laboratory requires sub-millisecond latencies and a minimum throughput of 6 GBps for the storage subsystem. Hundreds of Amazon EC2 instances that run Amazon Linux will distribute and process the data.Which solution will meet the performance requirements?
A. reate an Amazon FSx for NetApp ONTAP file system
B. reate an Amazon S3 bucket to store the raw data
C. reate an Amazon S3 bucket to store the raw data
D. reate an Amazon FSx for NetApp ONTAP file system
View answer
Correct Answer: B
Question #137
A company’s compliance team needs to move its file shares to AWS. The shares run on a Windows Server SMB file share. A self-managed on-premises Active Directory controls access to the files and folders.The company wants to use Amazon FSx for Windows File Server as part of the solution. The company must ensure that the on-premises Active Directory groups restrict access to the FSx for Windows File Server SMB compliance shares, folders, and files after the move to AWS. The company has created an FSx for Windo
A. reate an Active Directory Connector to connect to the Active Directory
B. ssign a tag with a Restrict tag key and a Compliance tag value
C. reate an IAM service-linked role that is linked directly to FSx for Windows File Server to restrict access
D. oin the file system to the Active Directory to restrict access
View answer
Correct Answer: D
Question #138
A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.What should the solutions architect do to meet this requirement?
A. dd an Amazon Inspector agent to the ALB
B. onfigure Amazon Macie to prevent attacks
C. nable AWS Shield Advanced to prevent attacks
D. onfigure Amazon GuardDuty to monitor the ALB
View answer
Correct Answer: C
Question #139
An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an Amazon Simple Queue Service (Amazon SQS) standard queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.Users report that they are receiving multiple email messages for every uploaded im
A. et up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds
B. hange the SQS standard queue to an SQS FIFO queue
C. ncrease the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout
D. odify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing
View answer
Correct Answer: C
Question #140
An image hosting company uploads its large assets to Amazon S3 Standard buckets. The company uses multipart upload in parallel by using S3 APIs and overwrites if the same object is uploaded again. For the first 30 days after upload, the objects will be accessed frequently. The objects will be used less frequently after 30 days, but the access patterns for each object will be inconsistent. The company must optimize its S3 storage costs while maintaining high availability and resiliency of stored assets.Which
A. pdate the route table for the private subnet to route the outbound traffic to an AWS Network Firewall firewall
B. et up an AWS WAF web ACL
C. mplement strict inbound security group rules
D. onfigure an Application Load Balancer (ALB) in front of the EC2 instances
View answer
Correct Answer: AB
Question #141
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.Which solution will meet these requirements with the L
A. reate an Auto Scaling group so that EC2 instances can scale out
B. reate an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket
C. reate an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output data
D. reate a Docker container to use instead of an EC2 instance
View answer
Correct Answer: B
Question #142
A company needs to transfer 600 TB of data from its on-premises network-attached storage (NAS) system to the AWS Cloud. The data transfer must be complete within 2 weeks. The data is sensitive and must be encrypted in transit. The company’s internet connection can support an upload speed of 100 Mbps.Which solution meets these requirements MOST cost-effectively?
A. se Amazon S3 multi-part upload functionality to transfer the files over HTTPS
B. reate a VPN connection between the on-premises NAS system and the nearest AWS Region
C. se the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices
D. et up a 10 Gbps AWS Direct Connect connection between the company location and the nearest AWS Region
View answer
Correct Answer: C
Question #143
A company wants to implement a disaster recovery plan for its primary on-premises file storage volume. The file storage volume is mounted from an Internet Small Computer Systems Interface (iSCSI) device on a local storage server. The file storage volume holds hundreds of terabytes (TB) of data.The company wants to ensure that end users retain immediate access to all file types from the on-premises systems without experiencing latency.Which solution will meet these requirements with the LEAST amount of chang
A. rovision an Amazon S3 File Gateway as a virtual machine (VM) that is hosted on premises
B. rovision an AWS Storage Gateway tape gateway
C. rovision an AWS Storage Gateway Volume Gateway cached volume
D. rovision an AWS Storage Gateway Volume Gateway stored volume with the same amount of disk space as the existing file storage volume
View answer
Correct Answer: D
Question #144
A company hosts its static website by using Amazon S3. The company wants to add a contact form to its webpage. The contact form will have dynamic server-side components for users to input their name, email address, phone number, and user message. The company anticipates that there will be fewer than 100 site visits each month.Which solution will meet these requirements MOST cost-effectively?
A. ost a dynamic contact form page in Amazon Elastic Container Service (Amazon ECS)
B. reate an Amazon API Gateway endpoint with an AWS Lambda backend that makes a call to Amazon Simple Email Service (Amazon SES)
C. onvert the static webpage to dynamic by deploying Amazon Lightsail
D. reate a t2
View answer
Correct Answer: B
Question #145
A company needs to store contract documents. A contract lasts for 5 years. During the 5-year period, the company must ensure that the documents cannot be overwritten or deleted. The company needs to encrypt the documents at rest and rotate the encryption keys automatically every year.Which combination of steps should a solutions architect take to meet these requirements with the LEAST operational overhead? (Choose two.)
A. reate an Amazon S3 bucket
B. eploy the web application to an AWS Elastic Beanstalk environment
C. eploy the web application to Amazon EC2 instances that are configured with Java and PHP
D. ontainerize the web application
View answer
Correct Answer: BD
Question #146
A company needs to export its database once a day to Amazon S3 for other teams to access. The exported object size varies between 2 GB and 5 GB. The S3 access pattern for the data is variable and changes rapidly. The data must be immediately available and must remain accessible for up to 3 months. The company needs the most cost-effective solution that will not increase retrieval time.Which S3 storage class should the company use to meet these requirements?
A. 3 Intelligent-Tiering
B. 3 Glacier Instant Retrieval
C. 3 Standard
D. 3 Standard-Infrequent Access (S3 Standard-IA)
View answer
Correct Answer: A
Question #147
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.Which action meets these requirements for storing and retrieving location data?
A. se Amazon Athena with Amazon S3
B. se Amazon API Gateway with AWS Lambda
C. se Amazon QuickSight with Amazon Redshift
D. se Amazon API Gateway with Amazon Kinesis Data Analytics
View answer
Correct Answer: D
Question #148
A company needs to review its AWS Cloud deployment to ensure that its Amazon S3 buckets do not have unauthorized configuration changes.What should a solutions architect do to accomplish this goal?
A. urn on AWS Config with the appropriate rules
B. urn on AWS Trusted Advisor with the appropriate checks
C. urn on Amazon Inspector with the appropriate assessment template
D. urn on Amazon S3 server access logging
View answer
Correct Answer: A
Question #149
A company’s facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company’s security team to analyze.Which system architecture should the solutions architect recommend?
A. aunch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages
B. reate an HTTPS endpoint in Amazon API Gateway
C. se Amazon Route 53 to direct incoming sensor messages to an AWS Lambda function
D. reate a gateway VPC endpoint for Amazon S3
View answer
Correct Answer: B
Question #150
A company runs an application on Amazon EC2 Linux instances across multiple Availability Zones. The application needs a storage layer that is highly available and Portable Operating System Interface (POSIX)-compliant. The storage layer must provide maximum data durability and must be shareable across the EC2 instances. The data in the storage layer will be accessed frequently for the first 30 days and will be accessed infrequently after that time.Which solution will meet these requirements MOST cost-effecti
A. se the Amazon S3 Standard storage class
B. se the Amazon S3 Standard storage class
C. se the Amazon Elastic File System (Amazon EFS) Standard storage class
D. se the Amazon Elastic File System (Amazon EFS) One Zone storage class
View answer
Correct Answer: C
Question #151
A company has registered its domain name with Amazon Route 53. The company uses Amazon API Gateway in the ca-central-1 Region as a public interface for its backend microservice APIs. Third-party services consume the APIs securely. The company wants to design its API Gateway URL with the company's domain name and corresponding certificate so that the third-party services can use HTTPS.Which solution will meet these requirements?
A. reate stage variables in API Gateway with Name="Endpoint-URL" and Value="Company Domain Name" to overwrite the default URL
B. reate Route 53 DNS records with the company's domain name
C. reate a Regional API Gateway endpoint
D. reate a Regional API Gateway endpoint
View answer
Correct Answer: C
Question #152
A company has an application that is running on Amazon EC2 instances. A solutions architect has standardized the company on a particular instance family and various instance sizes based on the current needs of the company.The company wants to maximize cost savings for the application over the next 3 years. The company needs to be able to change the instance family and sizes in the next 6 months based on application popularity and usage.Which solution will meet these requirements MOST cost-effectively?
A. ompute Savings Plan
B. C2 Instance Savings Plan
C. onal Reserved Instances
D. tandard Reserved Instances
View answer
Correct Answer: A
Question #153
Organizers for a global event want to put daily reports online as static HTML pages. The pages are expected to generate millions of views from users around the world. The files are stored in an Amazon S3 bucket. A solutions architect has been asked to design an efficient and effective solution.Which action should the solutions architect take to accomplish this?
A. enerate presigned URLs for the files
B. se cross-Region replication to all Regions
C. se the geoproximity feature of Amazon Route 53
D. se Amazon CloudFront with the S3 bucket as its origin
View answer
Correct Answer: D
Question #154
A company uses AWS Organizations to create dedicated AWS accounts for each business unit to manage each business unit's account independently upon request. The root email recipient missed a notification that was sent to the root user email address of one account. The company wants to ensure that all future notifications are not missed. Future notifications must be limited to account administrators.Which solution will meet these requirements?
A. onfigure the company’s email server to forward notification email messages that are sent to the AWS account root user email address to all users in the organization
B. onfigure all AWS account root user email addresses as distribution lists that go to a few administrators who can respond to alerts
C. onfigure all AWS account root user email messages to be sent to one administrator who is responsible for monitoring alerts and forwarding those alerts to the appropriate groups
D. onfigure all existing AWS accounts and all newly created accounts to use the same root user email address
View answer
Correct Answer: B
Question #155
A company hosts a three-tier web application on Amazon EC2 instances in a single Availability Zone. The web application uses a self-managed MySQL database that is hosted on an EC2 instance to store data in an Amazon Elastic Block Store (Amazon EBS) volume. The MySQL database currently uses a 1 TB Provisioned IOPS SSD (io2) EBS volume. The company expects traffic of 1,000 IOPS for both reads and writes at peak traffic.The company wants to minimize any disruptions, stabilize performance, and reduce costs whil
A. se a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with an io2 Block Express EBS volume
B. se a Multi-AZ deployment of an Amazon RDS for MySQL DB instance with a General Purpose SSD (gp2) EBS volume
C. se Amazon S3 Intelligent-Tiering access tiers
D. se two large EC2 instances to host the database in active-passive mode
View answer
Correct Answer: B
Question #156
A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images.Which method is the MOST cost-effective for hosting the website?
A. ontainerize the website and host it in AWS Fargate
B. reate an Amazon S3 bucket and host the website there
C. eploy a web server on an Amazon EC2 instance to host the website
D. onfigure an Application Load Balancer with an AWS Lambda target that uses the Express
View answer
Correct Answer: B
Question #157
A company stores confidential data in an Amazon Aurora PostgreSQL database in the ap-southeast-3 Region. The database is encrypted with an AWS Key Management Service (AWS KMS) customer managed key. The company was recently acquired and must securely share a backup of the database with the acquiring company’s AWS account in ap-southeast-3.What should a solutions architect do to meet these requirements?
A. reate a database snapshot
B. reate a database snapshot
C. reate a database snapshot that uses a different AWS managed KMS key
D. reate a database snapshot
View answer
Correct Answer: B
Question #158
A company that uses AWS is building an application to transfer data to a product manufacturer. The company has its own identity provider (IdP). The company wants the IdP to authenticate application users while the users use the application to transfer data. The company must use Applicability Statement 2 (AS2) protocol.Which solution will meet these requirements?
A. se AWS DataSync to transfer the data
B. se Amazon AppFlow flows to transfer the data
C. se AWS Transfer Family to transfer the data
D. se AWS Storage Gateway to transfer the data
View answer
Correct Answer: C
Question #159
A company stores data in an Amazon Aurora PostgreSQL DB cluster. The company must store all the data for 5 years and must delete all the data after 5 years. The company also must indefinitely keep audit logs of actions that are performed within the database. Currently, the company has automated backups configured for Aurora.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. mazon CloudFront
B. WS Global Accelerator
C. mazon Route 53
D. mazon S3 Transfer Acceleration
View answer
Correct Answer: BE
Question #160
A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company’s operations team needs to be notified when RDP or SSH access to an environment has been established.What should a solutions architect recommend to meet these requirements?
A. onfigure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected
B. onfigure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached
C. ublish VPC flow logs to Amazon CloudWatch Logs
D. onfigure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification
View answer
Correct Answer: C
Question #161
A solutions architect is optimizing a website for an upcoming musical event. Videos of the performances will be streamed in real time and then will be available on demand. The event is expected to attract a global online audience.Which service will improve the performance of both the real-time and on-demand streaming?
A. mazon OpenSearch Service (Amazon Elasticsearch Service)
B. mazon S3 Glacier
C. mazon S3 Standard
D. mazon RDS for PostgreSQL
View answer
Correct Answer: A
Question #162
A company needs to export its database once a day to Amazon S3 for other teams to access. The exported object size varies between 2 GB and 5 GB. The S3 access pattern for the data is variable and changes rapidly. The data must be immediately available and must remain accessible for up to 3 months. The company needs the most cost-effective solution that will not increase retrieval time.Which S3 storage class should the company use to meet these requirements?
A. 3 Intelligent-Tiering
B. 3 Glacier Instant Retrieval
C. 3 Standard
D. 3 Standard-Infrequent Access (S3 Standard-IA)
View answer
Correct Answer: A
Question #163
A company wants to give a customer the ability to use on-premises Microsoft Active Directory to download files that are stored in Amazon S3. The customer’s application uses an SFTP client to download the files.Which solution will meet these requirements with the LEAST operational overhead and no changes to the customer’s application?
A. et up AWS Transfer Family with SFTP for Amazon S3
B. et up AWS Database Migration Service (AWS DMS) to synchronize the on-premises client with Amazon S3
C. et up AWS DataSync to synchronize between the on-premises location and the S3 location by using AWS IAM Identity Center (AWS Single Sign-On)
D. et up a Windows Amazon EC2 instance with SFTP to connect the on-premises client with Amazon S3
View answer
Correct Answer: A
Question #164
A company has an application that collects data from IoT sensors on automobiles. The data is streamed and stored in Amazon S3 through Amazon Kinesis Data Firehose. The data produces trillions of S3 objects each year. Each morning, the company uses the data from the previous 30 days to retrain a suite of machine learning (ML) models.Four times each year, the company uses the data from the previous 12 months to perform analysis and train other ML models. The data must be available with minimal delay for up to
A. se the S3 Intelligent-Tiering storage class
B. se the S3 Intelligent-Tiering storage class
C. se the S3 Standard-Infrequent Access (S3 Standard-IA) storage class
D. se the S3 Standard storage class
View answer
Correct Answer: D
Question #165
A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.What should a solutions architect do to meet these requirements?
A. reate an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins
B. reate an Amazon CloudFront distribution that has the ALB as an origin
C. reate an Amazon CloudFront distribution that has the S3 bucket as an origin
D. reate an Amazon CloudFront distribution that has the ALB as an origin
View answer
Correct Answer: A
Question #166
A security audit reveals that Amazon EC2 instances are not being patched regularly. A solutions architect needs to provide a solution that will run regular security scans across a large fleet of EC2 instances. The solution should also patch the EC2 instances on a regular schedule and provide a report of each instance’s patch status.Which solution will meet these requirements?
A. et up Amazon Macie to scan the EC2 instances for software vulnerabilities
B. urn on Amazon GuardDuty in the account
C. et up Amazon Detective to scan the EC2 instances for software vulnerabilities
D. urn on Amazon Inspector in the account
View answer
Correct Answer: D
Question #167
A company recently migrated its entire IT environment to the AWS Cloud. The company discovers that users are provisioning oversized Amazon EC2 instances and modifying security group rules without using the appropriate change control process. A solutions architect must devise a strategy to track and audit these inventory and configuration changes.Which actions should the solutions architect take to meet these requirements? (Choose two.)
A. se AWS Systems Manager Session Manager to connect to the EC2 instances
B. se AWS Security Token Service (AWS STS) to generate one-time SSH keys on demand
C. llow shared SSH access to a set of bastion instances
D. se an Amazon Cognito custom authorizer to authenticate users
View answer
Correct Answer: AD
Question #168
A solutions architect must create a disaster recovery (DR) plan for a high-volume software as a service (SaaS) platform. All data for the platform is stored in an Amazon Aurora MySQL DB cluster.The DR plan must replicate data to a secondary AWS Region.Which solution will meet these requirements MOST cost-effectively?
A. se MySQL binary log replication to an Aurora cluster in the secondary Region
B. et up an Aurora global database for the DB cluster
C. se AWS Database Migration Service (AWS DMS) to continuously replicate data to an Aurora cluster in the secondary Region
D. et up an Aurora global database for the DB cluster
View answer
Correct Answer: D
Question #169
A company is planning to use an Amazon DynamoDB table for data storage. The company is concerned about cost optimization. The table will not be used on most mornings. In the evenings, the read and write traffic will often be unpredictable. When traffic spikes occur, they will happen very quickly.What should a solutions architect recommend?
A. reate a DynamoDB table in on-demand capacity mode
B. reate a DynamoDB table with a global secondary index
C. reate a DynamoDB table with provisioned capacity and auto scaling
D. reate a DynamoDB table in provisioned capacity mode, and configure it as a global table
View answer
Correct Answer: A
Question #170
A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.Which solution will meet these requirements?
A. reate an S3 bucket
B. reate an AWS Snowball Edge job
C. eploy an S3 File Gateway on premises
D. et up an AWS Direct Connect connection between the on-premises network and AWS
View answer
Correct Answer: B
Question #171
A company hosts a multi-tier web application that uses an Amazon Aurora MySQL DB cluster for storage. The application tier is hosted on Amazon EC2 instances. The company’s IT security guidelines mandate that the database credentials be encrypted and rotated every 14 days.What should a solutions architect do to meet this requirement with the LEAST operational effort?
A. reate a new AWS Key Management Service (AWS KMS) encryption key
B. reate two parameters in AWS Systems Manager Parameter Store: one for the user name as a string parameter and one that uses the SecureString type for the password
C. tore a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon Elastic File System (Amazon EFS) file system
D. tore a file that contains the credentials in an AWS Key Management Service (AWS KMS) encrypted Amazon S3 bucket that the application uses to load the credentials
View answer
Correct Answer: A
Question #172
A company wants to migrate its MySQL database from on premises to AWS. The company recently experienced a database outage that significantly impacted the business. To ensure this does not happen again, the company wants a reliable database solution on AWS that minimizes data loss and stores every transaction on at least two nodes.Which solution meets these requirements?
A. reate an Amazon RDS DB instance with synchronous replication to three nodes in three Availability Zones
B. reate an Amazon RDS MySQL DB instance with Multi-AZ functionality enabled to synchronously replicate the data
C. reate an Amazon RDS MySQL DB instance and then create a read replica in a separate AWS Region that synchronously replicates the data
D. reate an Amazon EC2 instance with a MySQL engine installed that triggers an AWS Lambda function to synchronously replicate the data to an Amazon RDS MySQL DB instance
View answer
Correct Answer: B
Question #173
A company is storing 700 terabytes of data on a large network-attached storage (NAS) system in its corporate data center. The company has a hybrid environment with a 10 Gbps AWS Direct Connect connection.After an audit from a regulator, the company has 90 days to move the data to the cloud. The company needs to move the data efficiently and without disruption. The company still needs to be able to access and update the data during the transfer window.Which solution will meet these requirements?
A. reate an AWS DataSync agent in the corporate data center
B. ack up the data to AWS Snowball Edge Storage Optimized devices
C. se rsync to copy the data directly from local storage to a designated Amazon S3 bucket over the Direct Connect connection
D. ack up the data on tapes
View answer
Correct Answer: A
Question #174
A solutions architect is designing a new hybrid architecture to extend a company's on-premises infrastructure to AWS. The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.What should the solutions architect do to meet these requirements?
A. rovision an AWS Direct Connect connection to a Region
B. rovision a VPN tunnel connection to a Region for private connectivity
C. rovision an AWS Direct Connect connection to a Region
D. rovision an AWS Direct Connect connection to a Region
View answer
Correct Answer: A
Question #175
A company is launching an application on AWS. The application uses an Application Load Balancer (ALB) to direct traffic to at least two Amazon EC2 instances in a single target group. The instances are in an Auto Scaling group for each environment. The company requires a development environment and a production environment. The production environment will have periods of high traffic.Which solution will configure the development environment MOST cost-effectively?
A. econfigure the target group in the development environment to have only one EC2 instance as a target
B. hange the ALB balancing algorithm to least outstanding requests
C. educe the size of the EC2 instances in both environments
D. educe the maximum number of EC2 instances in the development environment’s Auto Scaling group
View answer
Correct Answer: A
Question #176
A company has a Microsoft .NET application that runs on an on-premises Windows Server. The application stores data by using an Oracle Database Standard Edition server. The company is planning a migration to AWS and wants to minimize development changes while moving the application. The AWS application environment should be highly available.Which combination of actions should the company take to meet these requirements? (Choose two.)
A. se Amazon Elastic Container Service (Amazon ECS) with Amazon EC2 worker nodes for compute and MongoDB on EC2 for data storage
B. se Amazon Elastic Container Service (Amazon ECS) with AWS Fargate for compute and Amazon DynamoDB for data storage
C. se Amazon Elastic Kubernetes Service (Amazon EKS) with Amazon EC2 worker nodes for compute and Amazon DynamoDB for data storage
D. se Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate for compute and Amazon DocumentDB (with MongoDB compatibility) for data storage
View answer
Correct Answer: BE
Question #177
A solutions architect is designing a RESTAPI in Amazon API Gateway for a cash payback service. The application requires 1 GB of memory and 2 GB of storage for its computation resources. The application will require that the data is in a relational format.Which additional combination ofAWS services will meet these requirements with the LEAST administrative effort? (Choose two.)
A. rom the Organizations management account billing console, activate a user-defined cost allocation tag named department
B. rom the Organizations management account billing console, activate an AWS-defined cost allocation tag named department
C. rom the Organizations member account billing console, activate a user-defined cost allocation tag named department
D. rom the Organizations member account billing console, activate an AWS-defined cost allocation tag named department
View answer
Correct Answer: BC
Question #178
A company has a production web application in which users upload documents through a web interface or a mobile app. According to a new regulatory requirement. new documents cannot be modified or deleted after they are stored.What should a solutions architect do to meet this requirement?
A. tore the uploaded documents in an Amazon S3 bucket with S3 Versioning and S3 Object Lock enabled
B. tore the uploaded documents in an Amazon S3 bucket
C. tore the uploaded documents in an Amazon S3 bucket with S3 Versioning enabled
D. tore the uploaded documents on an Amazon Elastic File System (Amazon EFS) volume
View answer
Correct Answer: A
Question #179
A company has an application that is running on Amazon EC2 instances. A solutions architect has standardized the company on a particular instance family and various instance sizes based on the current needs of the company.The company wants to maximize cost savings for the application over the next 3 years. The company needs to be able to change the instance family and sizes in the next 6 months based on application popularity and usage.Which solution will meet these requirements MOST cost-effectively?
A. ompute Savings Plan
B. C2 Instance Savings Plan
C. onal Reserved Instances
D. tandard Reserved Instances
View answer
Correct Answer: A
Question #180
A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.Which storage solution meets these requirements MOST cost-effectively?
A. mazon Elastic Block Store (Amazon EBS)
B. mazon Elastic File System (Amazon EFS)
C. mazon EC2 instance store
D. mazon S3
View answer
Correct Answer: D
Question #181
A solutions architect needs to design a system to store client case files. The files are core company assets and are important. The number of files will grow over time.The files must be simultaneously accessible from multiple application servers that run on Amazon EC2 instances. The solution must have built-in redundancy.Which solution meets these requirements?
A. mazon Elastic File System (Amazon EFS)
B. mazon Elastic Block Store (Amazon EBS)
C. mazon S3 Glacier Deep Archive
D. WS Backup
View answer
Correct Answer: A
Question #182
A company uses high block storage capacity to runs its workloads on premises. The company's daily peak input and output transactions per second are not more than 15,000 IOPS. The company wants to migrate the workloads to Amazon EC2 and to provision disk performance independent of storage capacity.Which Amazon Elastic Block Store (Amazon EBS) volume type will meet these requirements MOST cost-effectively?
A. P2 volume type
B. o2 volume type
C. P3 volume type
D. o1 volume type
View answer
Correct Answer: C
Question #183
A company runs an application on a large fleet of Amazon EC2 instances. The application reads and writes entries into an Amazon DynamoDB table. The size of the DynamoDB table continuously grows, but the application needs only data from the last 30 days. The company needs a solution that minimizes cost and development effort.Which solution meets these requirements?
A. se an AWS CloudFormation template to deploy the complete solution
B. se an EC2 instance that runs a monitoring application from AWS Marketplace
C. onfigure Amazon DynamoDB Streams to invoke an AWS Lambda function when a new item is created in the table
D. xtend the application to add an attribute that has a value of the current timestamp plus 30 days to each new item that is created in the table
View answer
Correct Answer: D
Question #184
A company has an application that is backed by an Amazon DynamoDB table. The company’s compliance requirements specify that database backups must be taken every month, must be available for 6 months, and must be retained for 7 years.Which solution will meet these requirements?
A. se standard SQL queries in Amazon Athena to analyze the CloudFront logs in the S3 bucket
B. se standard SQL queries in Amazon Athena to analyze the CloudFront logs in the S3 bucket
C. se standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket
D. se standard SQL queries in Amazon DynamoDB to analyze the CloudFront logs in the S3 bucket
View answer
Correct Answer: A
Question #185
A gaming company is designing a highly available architecture. The application runs on a modified Linux kernel and supports only UDP-based traffic. The company needs the front-end tier to provide the best possible user experience. That tier must have low latency, route traffic to the nearest edge location, and provide static IP addresses for entry into the application endpoints.What should a solutions architect do to meet these requirements?
A. onfigure Amazon Route 53 to forward requests to an Application Load Balancer
B. onfigure Amazon CloudFront to forward requests to a Network Load Balancer
C. onfigure AWS Global Accelerator to forward requests to a Network Load Balancer
D. onfigure Amazon API Gateway to forward requests to an Application Load Balancer
View answer
Correct Answer: C
Question #186
A company runs an Oracle database on premises. As part of the company’s migration to AWS, the company wants to upgrade the database to the most recent available version. The company also wants to set up disaster recovery (DR) for the database. The company needs to minimize the operational overhead for normal operations and DR setup. The company also needs to maintain access to the database's underlying operating system.Which solution will meet these requirements?
A. igrate the Oracle database to an Amazon EC2 instance
B. igrate the Oracle database to Amazon RDS for Oracle
C. igrate the Oracle database to Amazon RDS Custom for Oracle
D. igrate the Oracle database to Amazon RDS for Oracle
View answer
Correct Answer: D
Question #187
A company hosts a multiplayer gaming application on AWS. The company wants the application to read data with sub-millisecond latency and run one-time queries on historical data.Which solution will meet these requirements with the LEAST operational overhead?
A. se Amazon RDS for data that is frequently accessed
B. tore the data directly in an Amazon S3 bucket
C. se Amazon DynamoDB with DynamoDB Accelerator (DAX) for data that is frequently accessed
D. se Amazon DynamoDB for data that is frequently accessed
View answer
Correct Answer: C
Question #188
A university research laboratory needs to migrate 30 TB of data from an on-premises Windows file server to Amazon FSx for Windows File Server. The laboratory has a 1 Gbps network link that many other departments in the university share.The laboratory wants to implement a data migration service that will maximize the performance of the data transfer. However, the laboratory needs to be able to control the amount of bandwidth that the service uses to minimize the impact on other departments. The data migratio
A. WS Snowcone
B. mazon FSx File Gateway
C. WS DataSync
D. WS Transfer Family
View answer
Correct Answer: C
Question #189
A company is deploying a new application on Amazon EC2 instances. The application writes data to Amazon Elastic Block Store (Amazon EBS) volumes. The company needs to ensure that all data that is written to the EBS volumes is encrypted at rest.Which solution will meet this requirement?
A. reate an IAM role that specifies EBS encryption
B. reate the EBS volumes as encrypted volumes
C. reate an EC2 instance tag that has a key of Encrypt and a value of True
D. reate an AWS Key Management Service (AWS KMS) key policy that enforces EBS encryption in the account
View answer
Correct Answer: B
Question #190
A solutions architect is implementing a complex Java application with a MySQL database. The Java application must be deployed on Apache Tomcat and must be highly available.What should the solutions architect do to meet these requirements?
A. eploy the application in AWS Lambda
B. eploy the application by using AWS Elastic Beanstalk
C. igrate the database to Amazon ElastiCache
D. aunch an Amazon EC2 instance
View answer
Correct Answer: B
Question #191
A company’s application is having performance issues. The application is stateful and needs to complete in-memory tasks on Amazon EC2 instances. The company used AWS CloudFormation to deploy infrastructure and used the M5 EC2 instance family. As traffic increased, the application performance degraded. Users are reporting delays when the users attempt to access the application.Which solution will resolve these issues in the MOST operationally efficient way?
A. n AWS Glue job
B. n AWS Lambda function
C. containerized service hosted in Amazon Elastic Kubernetes Service (Amazon EKS)
D. containerized service hosted in Amazon ECS with Amazon EC2
View answer
Correct Answer: D
Question #192
A company collects data from a large number of participants who use wearable devices. The company stores the data in an Amazon DynamoDB table and uses applications to analyze the data. The data workload is constant and predictable. The company wants to stay at or below its forecasted budget for DynamoDB.Which solution will meet these requirements MOST cost-effectively?
A. se provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA)
B. se provisioned mode
C. se on-demand mode
D. se on-demand mode
View answer
Correct Answer: B
Question #193
A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API.Which action meets these requirements for storing and retrieving location data?
A. se Amazon Athena with Amazon S3
B. se Amazon API Gateway with AWS Lambda
C. se Amazon QuickSight with Amazon Redshift
D. se Amazon API Gateway with Amazon Kinesis Data Analytics
View answer
Correct Answer: D
Question #194
A company wants to run its critical applications in containers to meet requirements for scalability and availability. The company prefers to focus on maintenance of the critical applications. The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload.What should a solutions architect do to meet these requirements?
A. se Amazon EC2 instances, and install Docker on the instances
B. se Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes
C. se Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
D. se Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)-optimized Amazon Machine Image (AMI)
View answer
Correct Answer: C
Question #195
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company's product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solutions architect must provide access to the product manager by following the principle of least privilege.Which solution will meet these requirements?
A. hare the dashboard from the CloudWatch console
B. reate an IAM user specifically for the product manager
C. reate an IAM user for the company's employees
D. eploy a bastion server in a public subnet
View answer
Correct Answer: A
Question #196
An ecommerce company needs to run a scheduled daily job to aggregate and filter sales records for analytics. The company stores the sales records in an Amazon S3 bucket. Each object can be up to 10 GB in size. Based on the number of sales events, the job can take up to an hour to complete. The CPU and memory usage of the job are constant and are known in advance.A solutions architect needs to minimize the amount of operational effort that is needed for the job to run.Which solution meets these requirements?
A. reate an AWS Lambda function that has an Amazon EventBridge notification
B. reate an AWS Lambda function
C. reate an Amazon Elastic Container Service (Amazon ECS) cluster with an AWS Fargate launch type
D. reate an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type and an Auto Scaling group with at least one EC2 instance
View answer
Correct Answer: C
Question #197
A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS. The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0. Company policy requires that each resource has the least access required to still be able to perform its tasks.Which additional configuration strategy should the solutions architect use t
A. reate a security group for the web servers and allow port 443 from 0
B. reate a network ACL for the web servers and allow port 443 from 0
C. reate a security group for the web servers and allow port 443 from the load balancer
D. reate a network ACL for the web servers and allow port 443 from the load balancer
View answer
Correct Answer: C
Question #198
A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants adminis
A. urchase Reserved Instances that specify the Region needed
B. reate an On-Demand Capacity Reservation that specifies the Region needed
C. urchase Reserved Instances that specify the Region and three Availability Zones needed
D. reate an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed
View answer
Correct Answer: B
Question #199
A company needs to migrate a MySQL database from its on-premises data center to AWS within 2 weeks. The database is 20 TB in size. The company wants to complete the migration with minimal downtime.Which solution will migrate the database MOST cost-effectively?
A. rder an AWS Snowball Edge Storage Optimized device
B. rder an AWS Snowmobile vehicle
C. rder an AWS Snowball Edge Compute Optimized with GPU device
D. rder a 1 GB dedicated AWS Direct Connect connection to establish a connection with the data center
View answer
Correct Answer: A
Question #200
A company hosts its application in the AWS Cloud. The application runs on Amazon EC2 instances behind an Elastic Load Balancer in an Auto Scaling group and with an Amazon DynamoDB table. The company wants to ensure the application can be made available in anotherAWS Region with minimal downtime.What should a solutions architect do to meet these requirements with the LEAST amount of downtime?
A. reate an Auto Scaling group and a load balancer in the disaster recovery Region
B. reate an AWS CloudFormation template to create EC2 instances, load balancers, and DynamoDB tables to be launched when needed Configure DNS failover to point to the new disaster recovery Region's load balancer
C. reate an AWS CloudFormation template to create EC2 instances and a load balancer to be launched when needed
D. reate an Auto Scaling group and load balancer in the disaster recovery Region
View answer
Correct Answer: A
Question #201
A company is developing an application that provides order shipping statistics for retrieval by a REST API. The company wants to extract the shipping statistics, organize the data into an easy-to-read HTML format, and send the report to several email addresses at the same time every morning.Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. igrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS)
B. igrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS)
C. igrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group
D. igrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling group
View answer
Correct Answer: BD
Question #202
A company needs to store its accounting records in Amazon S3. The records must be immediately accessible for 1 year and then must be archived for an additional 9 years. No one at the company, including administrative users and root users, can be able to delete the records during the entire 10-year period. The records must be stored with maximum resiliency.Which solution will meet these requirements?
A. tore the records in S3 Glacier for the entire 10-year period
B. tore the records by using S3 Intelligent-Tiering
C. se an S3 Lifecycle policy to transition the records from S3 Standard to S3 Glacier Deep Archive after 1 year
D. se an S3 Lifecycle policy to transition the records from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 year
View answer
Correct Answer: C
Question #203
A survey company has gathered data for several years from areas in the United States. The company hosts the data in an Amazon S3 bucket that is 3 TB in size and growing. The company has started to share the data with a European marketing firm that has S3 buckets. The company wants to ensure that its data transfer costs remain as low as possible.Which solution will meet these requirements?
A. onfigure the Requester Pays feature on the company's S3 bucket
B. onfigure S3 Cross-Region Replication from the company's S3 bucket to one of the marketing firm's S3 buckets
C. onfigure cross-account access for the marketing firm so that the marketing firm has access to the company's S3 bucket
D. onfigure the company's S3 bucket to use S3 Intelligent-Tiering
View answer
Correct Answer: B
Question #204
A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture.What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?
A. se Amazon Redshift to load all the content into one place and run the SQL queries as needed
B. se Amazon CloudWatch Logs to store the logs
C. se Amazon Athena directly with Amazon S3 to run the queries as needed
D. se AWS Glue to catalog the logs
View answer
Correct Answer: C
Question #205
A company uses Amazon EC2 instances and AWS Lambda functions to run its application. The company has VPCs with public subnets and private subnets in its AWS account. The EC2 instances run in a private subnet in one of the VPCs. The Lambda functions need direct network access to the EC2 instances for the application to work.The application will run for at least 1 year. The company expects the number of Lambda functions that the application uses to increase during that time. The company wants to maximize its
A. urchase an EC2 Instance Savings Plan Optimize the Lambda functions’ duration and memory usage and the number of invocations
B. urchase an EC2 Instance Savings Plan Optimize the Lambda functions' duration and memory usage, the number of invocations, and the amount of data that is transferred
C. urchase a Compute Savings Plan
D. urchase a Compute Savings Plan
View answer
Correct Answer: C
Question #206
A company has an application that generates a large number of files, each approximately 5 MB in size. The files are stored in Amazon S3. Company policy requires the files to be stored for 4 years before they can be deleted. Immediate accessibility is always required as the files contain critical business data that is not easy to reproduce. The files are frequently accessed in the first 30 days of the object creation but are rarely accessed after the first 30 days.Which storage solution is MOST cost-effectiv
A. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Glacier 30 days from object creation
B. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) 30 days from object creation
C. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation
D. reate an S3 bucket lifecycle policy to move files from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) 30 days from object creation
View answer
Correct Answer: C
Question #207
A company needs to migrate a legacy application from an on-premises data center to the AWS Cloud because of hardware capacity constraints. The application runs 24 hours a day, 7 days a week. The application’s database storage continues to grow over time.What should a solutions architect do to meet these requirements MOST cost-effectively?
A. igrate the application layer to Amazon EC2 Spot Instances
B. igrate the application layer to Amazon EC2 Reserved Instances
C. igrate the application layer to Amazon EC2 Reserved Instances
D. igrate the application layer to Amazon EC2 On-Demand Instances
View answer
Correct Answer: C
Question #208
A university research laboratory needs to migrate 30 TB of data from an on-premises Windows file server to Amazon FSx for Windows File Server. The laboratory has a 1 Gbps network link that many other departments in the university share.The laboratory wants to implement a data migration service that will maximize the performance of the data transfer. However, the laboratory needs to be able to control the amount of bandwidth that the service uses to minimize the impact on other departments. The data migratio
A. WS Snowcone
B. mazon FSx File Gateway
C. WS DataSync
D. WS Transfer Family
View answer
Correct Answer: C
Question #209
A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket.What should the solutions architect do to meet this requirement?
A. reate an IAM role that grants access to the S3 bucket
B. reate an IAM policy that grants access to the S3 bucket
C. reate an IAM group that grants access to the S3 bucket
D. reate an IAM user that grants access to the S3 bucket
View answer
Correct Answer: A
Question #210
A survey company has gathered data for several years from areas in the United States. The company hosts the data in an Amazon S3 bucket that is 3 TB in size and growing. The company has started to share the data with a European marketing firm that has S3 buckets. The company wants to ensure that its data transfer costs remain as low as possible.Which solution will meet these requirements?
A. onfigure the Requester Pays feature on the company's S3 bucket
B. onfigure S3 Cross-Region Replication from the company's S3 bucket to one of the marketing firm's S3 buckets
C. onfigure cross-account access for the marketing firm so that the marketing firm has access to the company's S3 bucket
D. onfigure the company's S3 bucket to use S3 Intelligent-Tiering
View answer
Correct Answer: B
Question #211
A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.How can the solutions architect meet this requirement?
A. eploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it
B. eploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets
C. eploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets
D. eploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets
View answer
Correct Answer: D
Question #212
A company is launching an application on AWS. The application uses an Application Load Balancer (ALB) to direct traffic to at least two Amazon EC2 instances in a single target group. The instances are in an Auto Scaling group for each environment. The company requires a development environment and a production environment. The production environment will have periods of high traffic.Which solution will configure the development environment MOST cost-effectively?
A. econfigure the target group in the development environment to have only one EC2 instance as a target
B. hange the ALB balancing algorithm to least outstanding requests
C. educe the size of the EC2 instances in both environments
D. educe the maximum number of EC2 instances in the development environment’s Auto Scaling group
View answer
Correct Answer: A
Question #213
A company is deploying a new public web application to AWS. The application will run behind an Application Load Balancer (ALB). The application needs to be encrypted at the edge with an SSL/TLS certificate that is issued by an external certificate authority (CA). The certificate must be rotated each year before the certificate expires.What should a solutions architect do to meet these requirements?
A. se AWS Certificate Manager (ACM) to issue an SSL/TLS certificate
B. se AWS Certificate Manager (ACM) to issue an SSL/TLS certificate
C. se AWS Certificate Manager (ACM) Private Certificate Authority to issue an SSL/TLS certificate from the root CA
D. se AWS Certificate Manager (ACM) to import an SSL/TLS certificate
View answer
Correct Answer: D
Question #214
A company has resources across multiple AWS Regions and accounts. A newly hired solutions architect discovers a previous employee did not provide details about the resources inventory. The solutions architect needs to build and map the relationship details of the various workloads across all accounts.Which solution will meet these requirements in the MOST operationally efficient way?
A. se AWS Systems Manager Inventory to generate a map view from the detailed view report
B. se AWS Step Functions to collect workload details
C. se Workload Discovery on AWS to generate architecture diagrams of the workloads
D. se AWS X-Ray to view the workload details
View answer
Correct Answer: C
Question #215
A company offers a food delivery service that is growing rapidly. Because of the growth, the company’s order processing system is experiencing scaling problems during peak traffic hours. The current architecture includes the following:-A group of Amazon EC2 instances that run in an Amazon EC2 Auto Scaling group to collect orders from the application-Another group of EC2 instances that run in an Amazon EC2 Auto Scaling group to fulfill ordersThe order collection process occurs quickly, but the order fulfillm
A. se Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups
B. se Amazon CloudWatch metrics to monitor the CPU of each instance in the Auto Scaling groups
C. rovision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment
D. rovision two Amazon Simple Queue Service (Amazon SQS) queues: one for order collection and another for order fulfillment
View answer
Correct Answer: D
Question #216
A company uses AWS Organizations to run workloads within multiple AWS accounts. A tagging policy adds department tags to AWS resources when the company creates tags.An accounting team needs to determine spending on Amazon EC2 consumption. The accounting team must determine which departments are responsible for the costs regardless ofAWS account. The accounting team has access to AWS Cost Explorer for all AWS accounts within the organization and needs to access all reports from Cost Explorer.Which solution m
A. reate AWS Lambda functions to transfer the data securely from Salesforce to Amazon S3
B. reate an AWS Step Functions workflow
C. reate Amazon AppFlow flows to transfer the data securely from Salesforce to Amazon S3
D. reate a custom connector for Salesforce to transfer the data securely from Salesforce to Amazon S3
View answer
Correct Answer: A
Question #217
A company is migrating an application from on-premises servers to Amazon EC2 instances. As part of the migration design requirements, a solutions architect must implement infrastructure metric alarms. The company does not need to take action if CPU utilization increases to more than 50% for a short burst of time. However, if the CPU utilization increases to more than 50% and read IOPS on the disk are high at the same time, the company needs to act as soon as possible. The solutions architect also must reduc
A. reate Amazon CloudWatch composite alarms where possible
B. reate Amazon CloudWatch dashboards to visualize the metrics and react to issues quickly
C. reate Amazon CloudWatch Synthetics canaries to monitor the application and raise an alarm
D. reate single Amazon CloudWatch metric alarms with multiple metric thresholds where possible
View answer
Correct Answer: A
Question #218
A company is storing backup files by using Amazon S3 Standard storage. The files are accessed frequently for 1 month. However, the files are not accessed after 1 month. The company must keep the files indefinitely.Which storage solution will meet these requirements MOST cost-effectively?
A. onfigure S3 Intelligent-Tiering to automatically migrate objects
B. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Glacier Deep Archive after 1 month
C. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 Standard-Infrequent Access (S3 Standard-IA) after 1 month
D. reate an S3 Lifecycle configuration to transition objects from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA) after 1 month
View answer
Correct Answer: B
Question #219
An ecommerce company has noticed performance degradation of its Amazon RDS based web application. The performance degradation is attributed to an increase in the number of read-only SQL queries triggered by business analysts. A solutions architect needs to solve the problem with minimal changes to the existing web application.What should the solutions architect recommend?
A. xport the data to Amazon DynamoDB and have the business analysts run their queries
B. oad the data into Amazon ElastiCache and have the business analysts run their queries
C. reate a read replica of the primary database and have the business analysts run their queries
D. opy the data into an Amazon Redshift cluster and have the business analysts run their queries
View answer
Correct Answer: C
Question #220
A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after the files are created. After 7 days the files are rarely accessed.The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle man
A. se AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS
B. reate an Amazon S3 File Gateway to extend the company's storage space
C. reate an Amazon FSx for Windows File Server file system to extend the company's storage space
D. nstall a utility on each user's computer to access Amazon S3
View answer
Correct Answer: B
Question #221
A company recently migrated a message processing system to AWS. The system receives messages into an ActiveMQ queue running on an Amazon EC2 instance. Messages are processed by a consumer application running on Amazon EC2. The consumer application processes the messages and writes results to a MySQL database running on Amazon EC2. The company wants this application to be highly available with low operational complexity.Which architecture offers the HIGHEST availability?
A. se AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scaling
B. se two Amazon EC2 instances to host the containerized web application
C. se AWS Lambda with a new code that uses one of the supported languages
D. se a high performance computing (HPC) solution such as AWS ParallelCluster to establish an HPC cluster that can process the incoming requests at the appropriate scale
View answer
Correct Answer: D
Question #222
A hospital recently deployed a RESTful API with Amazon API Gateway and AWS Lambda. The hospital uses API Gateway and Lambda to upload reports that are in PDF format and JPEG format. The hospital needs to modify the Lambda code to identify protected health information (PHI) in the reports.Which solution will meet these requirements with the LEAST operational overhead?
A. se existing Python libraries to extract the text from the reports and to identify the PHI from the extracted text
B. se Amazon Textract to extract the text from the reports
C. se Amazon Textract to extract the text from the reports
D. se Amazon Rekognition to extract the text from the reports
View answer
Correct Answer: C
Question #223
A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon Elastic Block Store (Amazon EBS) volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.Which solution will meet these requirements?
A. se AWS DataSync for the initial migration
B. se AWS DataSync for the initial migration
C. se the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a memory optimized replication instance
D. se the AWS Schema Conversion Tool with AWS Database Migration Service (AWS DMS) using a compute optimized replication instance
View answer
Correct Answer: C
Question #224
A solutions architect is designing the architecture of a new application being deployed to the AWS Cloud. The application will run on Amazon EC2 On-Demand Instances and will automatically scale across multiple Availability Zones. The EC2 instances will scale up and down frequently throughout the day. An Application Load Balancer (ALB) will handle the load distribution. The architecture needs to support distributed session data management. The company is willing to make changes to code if needed.What should
A. se Amazon ElastiCache to manage and store session data
B. se session affinity (sticky sessions) of the ALB to manage session data
C. se Session Manager from AWS Systems Manager to manage the session
D. se the GetSessionToken API operation in AWS Security Token Service (AWS STS) to manage the session
View answer
Correct Answer: A
Question #225
A solutions architect needs to design a new microservice for a company’s application. Clients must be able to call an HTTPS endpoint to reach the microservice. The microservice also must use AWS Identity and Access Management (IAM) to authenticate calls. The solutions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x.Which solution will deploy the function in the MOST operationally efficient way?
A. reate an Amazon API Gateway REST API
B. reate a Lambda function URL for the function
C. reate an Amazon CloudFront distribution
D. reate an Amazon CloudFront distribution
View answer
Correct Answer: A

View The Updated AWS Exam Questions

SPOTO Provides 100% Real AWS Exam Questions for You to Pass Your AWS Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: