A Company uses AWS KMS to encrypt sensitive data. Which statements regarding KMS CMK Are Correct ? (Select two)
One of the AWS Operational Excellence design principle is "performing operations as code. Which AWS solution should a Solutions Architect use to achieve this design principle when deploying your AWS infrastructure?
A company wants to minimize EC2 costs and is willing to commit to a three-year term when purchasing EC2 instances. In order to adapt to evolving needs, the company needs to be able to exchange EC2 instances for other instance types with more compute resources in the future. What type of instance should the company purchase?
A Solutions Architect needs to choose the best and most cost-effective performance solution to store heterogeneous data like the phone numbers of millions of customers. Read/write consistency and latency are critical metrics for the business. Which AWS service should the Solutions Architect recommend for this purpose?
A Solutions Architect needs to ensure the geographical replication of data located in an S3 bucket. To meet this requirement, he enables Amazon S3 CRR. but it fails to work, and the architect cannot enable replication. What is the most likely reason for the error?
An application deployed on an Amazon EC2 instance generates temporary files that are parsed and combined to generate final PDF files. Customers download these PDF files frequently during the first two days after creation. After these two days, the files are not needed anymore. Which storage strategy should the Solutions Architect recommend to meet the requirements?
- A. Upload the PDF files to S3 once they are generated and create a lifecycle policy to delete the files after two days.
- B. Use an EBS volume to save the PDF files once they are generated. Create a lifecycle policy to move the files to Glacier after two days.
A company uses costly, propriety software that has very strict licensing compliance requirements. The Chief Information Officer (CIO) wants to move these workloads to the cloud. Which EC2 instances should the Solutions Architect recommend to adhere to software licensing requirements?
A group of EC2 instances contains sensitive data that must be secured. The EBS volumes for these instances are currently unencrypted. Many new EC2 instances are planned in this AWS account, and the data on the associated EBS volumes should be encrypted by default. Which EBS encryption options should the Solutions Architect use? (Select TWO.)
Due to network security requirements of a customer, a Solutions Architect creates a VPC with a public subnet and a private subnet. An Amazon EC2 deployed in the public subnet acts as a proxy to redirect incoming requests to the backend application that is deployed on an Amazon EC2 instance in the private subnet. During some tests, the company notices that the application is throwing connection timeouts when calling third-party public APIs.
- A. Create a virtual private gateway and modify the route table associated with the private subnet to route outgoing traffic through the virtual private gateway.
- B. Create an Internet gateway and modify the route table associated with the private subnet to route outgoing traffic through the Internet gateway.
- C. Create a NAT gateway and modify the route table associated with the public subnet to route outgoing traffic through the NAT gateway.
10. A group of four redundant EC2 instances run the same application. Requests should be evenly distributed across these instances. The application must be highly available. Which options should the Solutions Architect use to accomplish these goals? (Select TWO.)
A company needs to design a highly available database running on the RDS instance. The database must be able to withstand the failure of an AZ. To accomplish this goal, a Multi-AZ RDS has been configured. Which statements regarding this design are correct? ( Select TWO.)
A Solutions Architect deploys an Amazon CloudFront distribution to serve content from a static website deployed on an Amazon S3 bucket. For security reasons, the Solutions Architect creates an AWS WAF rule to deny access in certain conditions. Due to a mistake in the rule syntax, AWS WAF is blocking all requests. What could the Solutions Architect do to avoid this problem?
- A. Apply the new AWS WAF rule to CloudFront and create a CloudWatch alarm to monitor how many requests are sent to origin. If the alarm is triggered, roll back the AWS WAF rule.
- B. Create a new CloudFront distribution with the new AWS WAF rule and use a weighted policy in Route 53 to serve a percentage of traffic from the new distribution
- C. Add a new condition to the AWS WAF rule to check a custom header. Send requests from local environments establishing this new custom header to check if the requests meet all rule conditions
An organization establishes an RTO of 2 hours or less and a RPO of 30 minutes or less for a database running on an EC2 instance. Which strategy should the Solutions Architect use to achieve the required RPO and RTO in the event of an AZ failure?
A company has a variety of departments. Each department manages specific EC2 instances. Which AWS feature should the Solutions Architect use to categorize and organize these resources?
A company has a backup solution that is nearing its end-of-life. Most of the company's servers run Microsoft Windows Server. Backups are saved to a virtual tape library (VTL) that is becoming too expensive to maintain. The company wants to design a solution that allows them to outsource the backups of the current servers to improve the current availability and durability of the backups. The company needs a solution that is fast to implement. Which solution meets the backup and storage requirements with minimal changes to the current solution?
- A. Continue using the current backup application and present AWS Storage Gateway as an industry-standard iSCSI-based VTL.
- B. Establish a DirectConnect tunnel between AWS and the local environment and perform a daily copy of the data to an S3 bucket.
- C. Establish a VPN tunnel between AWS and the local environment and mount an EFS instance shared between the servers and EC2 instances on AWS. Copy the data to the local mount point and create daily backups of the EFS.
A Solutions Architect finishes the deployment of a legacy Cobol application from on-premises to an Amazon EC2 instance of type t2.large. The application is used for batch processing and uses a local PostgreSQL database instance. After migration, the application suffers downtime due to CPU peaks. Which actions should the Solutions Architect perform to increase stability? (Select TWO.)
- A. Deploy the application on an AWS Elastic Beanstalk environment and migrate the PostgreSQL database to an Amazon RDS instance.
- B. Keep the application deployed on the Amazon EC2 instance and migrate the PostgreSQL local database instance to an Amazon RDS instance.
A company's EC2 instance must have Internet access. An Internet gateway is deployed for the VPC. The company has not created a NAT gateway or NAT instance in this VPC. The instance is associated with a security group. Which statements regarding this configuration are correct? (Select TWO.)
A company stores objects for different projects on Amazon 53 buckets. The bucket is structured with specific folders for each project. The company needs separate billing for each project. Which strategy should the Solutions Architect recommend to meet this requirement?
- A. Create an automation process that calculates project invoices based on the storage used by each folder.
A company has a group of on-premises VLANs. They need to extend this group into an AWS VPC and are considering using AWS Direct Connect. Which statements regarding this design are correct? (Select TWO.)
A Solutions Architect needs to move data located in the instance internal storage of a Linux EC2 instance from one Availability Zone (AZ) to another instance located in a different AZ within the same AWS Region. Which action should the Solutions Architect perform to achieve this goal?
- A. Create an Amazon Machine Image (AMI) from the first instance and create a new instance in the second AZ using this AMI.
- B. Configure security groups to allow traffic between instances and use the SCP command to copy data from one instance to another.
- C. Detach the instance internal storage from the first instance and attach it to the second instance.
A Solutions Architect needs to integrate the current virtual tape library with AWS to create a hybrid solution that lets this company scale storage without buying new hardware. Which type of AWS Storage Gateway should the Solutions Architect use?
A company is trying to minimize EC2 costs by powering off unused on-demand instances that are ineligible for the free tier. An example instance has a 50 GB EBS General Purpose SSD (gp2) volume attached. What is the billing impact of powering off this instance?
A Solutions Architect creates a design for an e-commerce application with web and application servers that run on a group of EC2 instances. The items that the users place in their shopping cart must be stored during the session. The application and web servers should automatically scale in and out based on demand, and all components must be highly available. Which design choice should the Solutions Architect recommend?
- A. Create a single Auto Scaling Group for both tiers with a minimum of one instance behind an Elastic Load Balancer. Store user state information in DynamoDB.
- B. Create Auto Scaling groups for both tiers with a minimum of two instances. Both Auto Scaling groups should be behind an Elastic Load Balancer. Store user session data in the EC2 application servers.
- C. Create a single Auto Scaling group for both tiers with a minimum of two instances behind an Elastic Load Balancer. Store user state information in the EC2 application servers.
A Solutions Architect wants to migrate a MySQL database to Amazon Web Services. Database storage is going to grow gradually and the Solutions Architect needs to find the most scalable solution. Which service should the Solutions Architect use for this purpose?
A Solutions Architect deploys an application on a current-generation Amazon EC2 Linux instance. The instance uses internal storage as the boot volume and an EBS volume of 16 GB for application data. After a month of usage, the application generates a lot of local files that cannot be deleted, and the file system is almost full. The Solutions Architect needs to perform a short-term workaround to avoid filling up the file system. What should the Solutions Architect do to avoid this lack of space?
- C. Make a snapshot of the EBS volume, create a new volume from the snapshot increasing its size, detach the oldest volume from the instance, and attach the new one
A Solutions Architect manages a web platform that is deployed with an AWS Elastic Beanstalk. The Solutions Architect is asked to create a cloned environment for a new development team. Which services CANNOT be cloned with the Elastic Beanstalk Environment? (Select TWO.)
A company migrates its on-premises infrastructure to AWS. However, a small database remains in the current environment without migration. Some applications deployed on Amazon EC2 instances need to retrieve information from this database. For security reasons, information in transit between the customer datacenter and AWS must be encrypted. Which solution should the Solutions Architect deploy for this purpose?
A Solutions Architect designs a VPC solution for a group of EC2 instances that are in private subnets. EC2 instances are located in multiple AZs. The application must continue to function if an AZ failure occurs. The instances must have internet access but must not have public IP addresses. Which statements regarding this design are correct? (Select TWO.)
An organization is deploying an application that will use databases running on EC2 instances in a private subnet. The EC2 instances will need to access the internet for software updates. What should be included in the VPC design to allow the EC2 instances to receive updates?
A Financial company migrates a MySQL database to an Amazon Aurora for MySQL database. After an audit the company realizes that, to comply with legal requirements, the database must be encrypted with self managed keys. Which action should the Solutions Architect perform to meet this requirement in a fast and cost-effective way?
- A. Migrate from Amazon Aurora to a MySQL instance deployed on an Amazon EC2 and install the managed key locally on this instance
- C. Start using AWS CloudHSM to create and manage their own encryption key and use it to encrypt data on Amazon Aurora.
About Individual Course:
Practice Certification Exam
|Learning Style||Self-Paced Learning|
|Course Duration||1 Hour|