NEW QUESTION 1
A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of fobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely copied and the job items are durably stored
Which design should the solutions architect use?

• A. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage
• B. Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch configuration that uses the AM' Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage
• C. Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue
• D. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic

Answer: C

Explanation:
"Create an Amazon SQS queue to hold the jobs that needs to be processed. Create an Amazon EC2 Auto Scaling group for the compute application. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue"
In this case we need to find a durable and loosely coupled solution for storing jobs. Amazon SQS is ideal for this use case and can be configured to use dynamic scaling based on the number of jobs waiting in the queue.To configure this scaling you can use the backlog per instance metric with the target value being the acceptable backlog per instance to maintain. You can calculate these numbers as follows: Backlog per instance: To calculate your backlog per instance, start with the ApproximateNumberOfMessages queue attribute to determine the length of the SQS queue

NEW QUESTION 2
A company wants to use Amazon S3 for the secondary copy of itdataset. The company would rarely need to access this copy. The storage solution’s
cost should be minimal.
Which storage solution meets these requirements?

• A. S3 Standard
• B. S3 Intelligent-Tiering
• C. S3 Standard-Infrequent Access (S3 Standard-IA)
• D. S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C

NEW QUESTION 3
A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes The application data must be stored in a standard file system structure The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.
Which solution will meet these requirements?

• A. Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage
• B. Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage
• C. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
• D. Use Amazon Elastic File System (Amazon EFS) for storage.
• E. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
• F. Use Amazon Elastic Block Store (Amazon EBS) for storage.

Answer: C

NEW QUESTION 4
A company is migrating its on-premises PostgreSQL database to Amazon Aurora PostgreSQL. The
on-premises database must remain online and accessible during the migration. The Aurora database must remain synchronized with the on-premises database.
Which combination of actions must a solutions architect take to meet these requirements? (Select TWO.)

• A. Create an ongoing replication task.
• B. Create a database backup of the on-premises database
• C. Create an AWS Database Migration Service (AWS DMS) replication server
• D. Convert the database schema by using the AWS Schema Conversion Tool (AWS SCT).
• E. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to monitor the database synchronization

Answer: CD

NEW QUESTION 5
A solutions architect is creating a new VPC design. There are two public subnets for the load balancer, two private subnets for web servers, and two private subnets for MySQL. The web servers use only HTTPS. The solutions architect has already created a security group for the load balancer allowing port 443 from 0.0.0.0/0.
Company policy requires that each resource has the least access required to still be able to perform its tasks. Which additional configuration strategy should the solutions architect use to meet these requirements?

• A. Create a security group for the web servers and allow port 443 from 0.0.0.0/0. Create a security group (or the MySQL servers and allow port 3306 from the web servers security group.
• B. Create a network ACL for the web servers and allow port 443 from 0.0.0.0/0. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.
• C. Create a security group for the web servers and allow port 443 from the load balance
• D. Create a security group for the MySQL servers and allow port 3306 from the web servers security group.
• E. Create a network ACL for the web servers and allow port 443 from the load balance
• F. Create a network ACL for the MySQL servers and allow port 3306 from the web servers security group.

Answer: C

NEW QUESTION 6
A company is hosting a website from an Amazon S3 bucket that is configured for public hosting. The company’s security team mandates the usage of secure connections for access to the website. However; HTTP-based URLS and HTTPS-based URLS mist be functional.
What should a solution architect recommend to meet these requirements?

• A. Create an S3 bucket policy to explicitly deny non-HTTPS traffic.
• B. Enable S3 Transfer Acceleratio
• C. Select the HTTPS Only bucket property.
• D. Place thee website behind an Elastic Load Balancer that is configured to redirect HTTP traffic to HTTTPS.
• E. Serve the website through an Amazon CloudFront distribution that is configured to redirect HTTP traffic to HTTPS.

Answer: D

NEW QUESTION 7
A company runs an on-premises application that is powered by a MySQL database The company is migrating the application to AWS to Increase the application's elasticity and availability
The current architecture shows heavy read activity on the database during times of normal operation Every 4 hours the company's development team pulls a full export of the production database to populate a database in the staging environment During this period, users experience unacceptable application latency The development team is unable to use the staging environment until the procedure completes
A solutions architect must recommend replacement architecture that alleviates the application latency issue The replacement architecture also must give the development team the ability to continue using the staging environment without delay
Which solution meets these requirements?

• A. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for productio
• B. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.
• C. Use Amazon Aurora MySQL with Multi-AZ Aurora Replicas for production Use database cloning to create the staging database on-demand
• D. Use Amazon RDS for MySQL with a Mufti AZ deployment and read replicas for production Use the standby instance tor the staging database.
• E. Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas for productio
• F. Populate the staging database by implementing a backup and restore process that uses the mysqldump utility.

Answer: C

NEW QUESTION 8
A company wants to build a scalable key management Infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

• A. Use multifactor authentication (MFA) to protect the encryption keys.
• B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
• C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys
• D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

Answer: B

NEW QUESTION 9
A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected, even from database administrators.
Which solution meets these requirements?

• A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volum
• B. Use EBS encryption to encrypt the dat
• C. Use an IAM instance role to restrict access.
• D. Store sensitive data in Amazon RDS for MySQ
• E. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
• F. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) service-side encryption the dat
• G. Use S3 bucket policies to restrict access.
• H. Store sensitive data in Amazon FSx for Windows Serve
• I. Mount the file share on application servers.Use Windows file permissions to restrict access.

Answer: C

NEW QUESTION 10
A company has developed a new content-sharing application that runs on Amazon Elastic Container Service (Amazon ECS). The application runs on Amazon Linux Docker tasks that use the Amazon EC2 launch type. The application requires a storage solution that has the following characteristics:
• Accessibility (or multiple ECS tasks through bind mounts
• Resiliency across Availability Zones
• Burstable throughput of up to 3 Gbps
• Ability to be scaled up over time
Which storage solution meets these requirements?

• A. Launch an Amazon FSx for Windows File Server Multi-AZ instanc
• B. Configure the ECS task definitions to mount the Amazon FSx instance volume at launch.
• C. Launch an Amazon Elastic File System (Amazon EFS) instanc
• D. Configure the ECS task definitions to mount the EFS Instance volume at launch.
• E. Create a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach set to enable
• F. Attach the EBS volume to the ECS EC2 instance Configure ECS task definitions to mount the EBS instance volume at launch.
• G. Launch an EC2 instance with several Provisioned IOPS SSD (k>2) Amazon Elastic Block Store (Amazon EBS) volumes attached m a RAID 0 configuratio
• H. Configure the EC2 instance as an NFS storage serve
• I. Configure ECS task definitions to mount the volumes at launch.

Answer: B

NEW QUESTION 11
A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL.
What should a solutions architect do to meet these requirements?

• A. Write individual policies for each S3 bucket to grant read permission for only CloudFront access.
• B. Create an IAM use
• C. Grant the user read permission to objects in the S3 bucke
• D. Assign the user to CloudFront.
• E. Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN).
• F. Create an origin access identity (OAI). Assign the OAI to the CloudFront distributio
• G. Configure the S3 bucket permissions so that only the OAI has read permission.

Answer: D

Explanation:
Explanation
https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-access-to-amazon-s3/
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3

NEW QUESTION 12
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificate that are imported into AWS Certificate Manager (ACM). The company’s security team must be notified 30 days before the expiration of each certificate.
What should a solutions architect recommend to meet the requirement?

• A. Add a rule m ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day beginning 30 days before any certificate will expire.
• B. Create an AWS Config rule that checks for certificates that will expire within 30 day
• C. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource
• D. Use AWS trusted Advisor to check for certificates that will expire within to day
• E. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes Configure the alarm to send a custom alert by way of Amazon Simple rectification Service (Amazon SNS)
• F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 day
• G. Configure the rule to invoke an AWS Lambda functio
• H. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).

Answer: B

NEW QUESTION 13
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an Auto Scaling group so that EC2 instances can scale ou
• B. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• C. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket.Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat
• E. Configure the S3 bucket as the rule's targe
• F. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet
• G. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
• H. Create a Docker container to use instead of an EC2 instanc
• I. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Answer: D

NEW QUESTION 14
A company has chosen to rehost its application on Amazon EC2 instances The application occasionally experiences errors that affect parts of its functionality The company was unaware of this issue until users reported the errors The company wants to address this problem during the migration and reduce the time it takes to detect issues with the application Log files for the application are stored on the local disk.
A solutions architect needs to design a solution that will alert staff if there are errors in the application after the application is migrated to AWS. The solution must not require additional changes to the application code.
What is the MOST operationally efficient solution that meets these requirements?

• A. Configure the application to generate custom metrics tor the errors Send these metric data points to Amazo
• B. CloudWatch by using the PutMetricData API call Create a CloudWatch alarm that is based on the custom metrics
• C. Create an hourly cron job on the instances to copy the application log data to an Amazon S3 bucket Configure an AWS Lambda function to scan the log file and publish a message to an Amazon Simple Notification Service (Amazon SNS) topic to alert staff rf errors are detected.
• D. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Logs Run a CloudWatch Logs insights query to search lor the relevant pattern in the log file Create a CloudWatch alarm that is based on the query output
• E. Install the Amazon CloudWatch agent on the instances Configure the CloudWatch agent to stream the application log file to Amazon CloudWatch Log
• F. Create a metric fitter for the relevant log grou
• G. Define the filter pattern that is required to determine that there are errors in the application Create a CloudWatch alarm that is based on the resulting metric.

Answer: B

NEW QUESTION 15
A solutions architect needs to design the architecture for an application that a vendor provides as a Docker container image. The container needs 50 GB of storage.
available for temporary files. The infrastructure must be serverless.
Which solution meets these requirements with the LEAST operational overhead?

• A. Create an AWS Lambda function that uses the Docker container image with an Amazon S3 mounted volume that has more than 50 GB of space.
• B. Create an AWS Lambda function that uses the Docker container image with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of space.
• C. Create an Amazon Elastic Container Service (Amazon ECS) cluster that uses the AWS Fargate launch typ
• D. Create a task definition for the container image with an Amazon Elastic File System (Amazon EFS) volum
• E. Create a service with that task definition.
• F. Create an Amazon Elastic Container Service (Amazon ECS) duster that uses the Amazon EC2 launch type with an Amazon Elastic Block Store (Amazon EBS) volume that has more than 50 GB of spac
• G. Create a task definition for the container imag
• H. Create a service with that task definition.

Answer: C

NEW QUESTION 16
A company provides a Voice over Internet Protocol (VoIP) service that uses UDP connections. The service consists of Amazon EC2 instances that run in an Auto Scaling group. The company has deployments across multiple AWS Regions.
The company needs to route users to the Region with the lowest latency. The company also needs automated failover between Regions.
Which solution will meet these requirements?

• A. Deploy a Network Load Balancer (NLB) and an associated target grou
• B. Associate the target group with the Auto Scaling grou
• C. Use the NLB as an AWS Global Accelerator endpoint in each Region.
• D. Deploy an Application Load Balancer (ALB) and an associated target grou
• E. Associate the target group with the Auto Scaling grou
• F. Use the ALB as an AWS Global Accelerator endpoint in each Region.
• G. Deploy a Network Load Balancer (NLB) and an associated target grou
• H. Associate the target group with the Auto Scaling grou
• I. Create an Amazon Route 53 latency record that points to aliases for each NL
• J. Create an AmazonCloudFront distribution that uses the latency record as an origin.
• K. Deploy an Application Load Balancer (ALB) and an associated target grou
• L. Associate the target group with the Auto Scaling grou
• M. Create an Amazon Route 53 weighted record that points to aliases for each AL
• N. Deploy an AmazonCloudFront distribution that uses the weighted record as an origin.

Answer: C

NEW QUESTION 17
A company wants an AWS Lambda function to call a third-party API and save the response to a private Amazon ROS DB instance in the same private subnet
What should a solutions architect do to meet these requirements?

• A. Create a NAT gatewa
• B. In the route table for the private subnet, add a route to the NAT gatewa
• C. Attach the Lambda function to the private subne
• D. Create an IAM role that includes the AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function
• E. Create an internet gateway In the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes me AWSLambdaBasicExecutionRole permissions policy Attach the role to the Lambda function
• F. Create a NAT gateway In the route table for the private subnet add a route to the NAT gateway Attach the Lambda function to the private subne
• G. Create an IAM role that includes the AWS LambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function
• H. Create an internet gateway in the route table for the private subnet, add a route to the internet gateway Attach the Lambda function to the private subnet Create an IAM role that includes the AWSLambdaVPCAccessExecutionRole permissions policy Attach the role to the Lambda function

Answer: B

NEW QUESTION 18
A company runs us two-tier ecommerce website on AWS The web tier consists of a load balancer that sends traffic to Amazon EC2 instances The database tier uses an Amazon RDS D8 instance The EC2 instances and the ROS DB instance should not be exposed to the public internet The EC2 instances require internet access to complete payment processing of orders through a third-party web service The application must be highly available
Which combination of configuration options will meet these requirements? (Select TWO.)

• A. Use an Auto Scaling group to launch the EC2 Instances in private subnets Deploy an RDS Mulli-AZ DB instance in private subnets
• B. Configure a VPC with two private subnets and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the private subnets
• C. Use an Auto Scaling group to launch the EC2 instances in public subnets across two Availability Zones Deploy an RDS Multi-AZ DB instance in private subnets
• D. Configure a VPC with one public subnet, one private subnet, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnet
• E. Configure a VPC with two public subnets, two private subnets, and two NAT gateways across two Availability Zones Deploy an Application Load Balancer in the public subnets

Answer: AE

NEW QUESTION 19
A gaming company has a web application that displays scores. The application runs on Amazon EC2 instances behind an Application Load Balancer. The application stores data in an Amazon RDS for MySQL database. Users are starting to experience long delays and interruptions that are caused by database read performance. The company wants to improve the user experience while minimizing changes to the application's architecture.
What should a solutions architect do to meet these requirements?

• A. Use Amazon ElastiCache in front of the database.
• B. Use RDS Proxy between the application and the database.
• C. Migrate the application from EC2 instances to AWS Lambda.
• D. Migrate the database from Amazon RDS for MySQL to Amazon DynamoDB.

Answer: C

NEW QUESTION 20
......