Summer Certification Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

SAA-C03 AWS Certified Solutions Architect - Associate (SAA-C03) Questions and Answers

Questions 4

A company has an e-commerce site. The site is designed as a distributed web application hosted in multiple AWS accounts under one AWS Organizations organization. The web application is comprised of multiple microservices. All microservices expose their AWS services either through Amazon CloudFront distributions or public Application Load Balancers (ALBs). The company wants to protect public endpoints from malicious attacks and monitor security configurations. Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use AWS WAF to protect the public endpoints. Use AWS Firewall Manager from a dedicated security account to manage rules in AWS WAF. Use AWS Config rules to monitor the Regional and global WAF configurations.

B.

Use AWS WAF to protect the public endpoints. Apply AWS WAF rules in each account. Use AWS Config rules and AWS Security Hub to monitor the WAF configurations of the ALBs and the CloudFront distributions.

C.

Use AWS WAF to protect the public endpoints. Use AWS Firewall Manager from a dedicated security account to manage the rules in AWS WAF. Use Amazon Inspector and AWS Security Hub to monitor the WAF configurations of the ALBs and the CloudFront distributions.

D.

Use AWS Shield Advanced to protect the public endpoints. Use AWS Config rules to monitor the Shield Advanced configuration for each account.

Buy Now
Questions 5

A company wants to optimize costs for its AWS infrastructure. The company wants to receive notifications when actual costs or forecasted costs exceed a specified budget. The company does not want to develop a custom solution.

Which solution will meet these requirements?

Options:

A.

Use AWS Trusted Advisor to set up budget notifications. Configure Amazon CloudWatch to monitor costs. Export CloudWatch data to Amazon S3. Use machine learning ML to estimate future trends based on the CloudWatch data.

B.

Create a budget in AWS Budgets that has a specified cost threshold. Create an AWS Lambda function that sends a notification to the company when costs reach the specified threshold. Use AWS Billing and Cost Management reports to monitor costs.

C.

Use AWS Cost Explorer to set a specified budget threshold. Create an AWS Lambda function to calculate cost estimates. Configure the Lambda function to send a notification to an Amazon SNS topic if estimated costs exceed the specified threshold.

D.

Create a budget in AWS Budgets that has a specified cost threshold. Configure AWS Budgets to send budget alerts to an Amazon SNS topic. Use AWS Cost Explorer to monitor costs.

Buy Now
Questions 6

A company has migrated a two-tier application from its on-premises data center to the AWS Cloud. The data tier is a Multi-AZ deployment of Amazon RDS for Oracle with 12 TiB of General Purpose SSD Amazon EBS storage. The application is designed to read and store documents in the database as binary large objects (BLOBs) with an average document size of 6 MB.

The database size has grown over time, reducing performance and increasing the cost of storage. The company must improve the database performance and needs a solution that is highly available and resilient.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Reduce the RDS DB instance size. Increase the storage capacity to 24 TiB. Change the storage type to Magnetic.

B.

Increase the RDS DB instance size. Increase the storage capacity to 24 TiB. Change the storage type to Provisioned IOPS.

C.

Create an Amazon S3 bucket. Update the application to store documents in the S3 bucket. Store the object metadata in the existing database.

D.

Create an Amazon DynamoDB table. Update the application to use DynamoDB. Use AWS DMS to migrate data from the Oracle database to DynamoDB.

Buy Now
Questions 7

A solutions architect is designing the architecture for a company website that is composed of static content. The company ' s target customers are located in the United States and Europe.

Which architecture should the solutions architect recommend to MINIMIZE cost?

Options:

A.

Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to limit the edge locations in use.

B.

Store the website files on Amazon S3 in the us-east-2 Region. Use an Amazon CloudFront distribution with the price class configured to maximize the use of edge locations.

C.

Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront geolocation routing policy to route requests to the closest Region to the user.

D.

Store the website files on Amazon S3 in the us-east-2 Region and the eu-west-1 Region. Use an Amazon CloudFront distribution with an Amazon Route 53 latency routing policy to route requests to the closest Region to the user.

Buy Now
Questions 8

A solutions architect needs to host a high performance computing (HPC) workload in the AWS Cloud. The workload will run on hundreds of Amazon EC2 instances and will require parallel access to a shared file system to enable distributed processing of large datasets. Datasets will be accessed across multiple instances simultaneously. The workload requires access latency within 1 ms. After processing has completed, engineers will need access to the dataset for manual postprocessing.

Which solution will meet these requirements?

Options:

A.

Use Amazon Elastic File System (Amazon EFS) as a shared fie system. Access the dataset from Amazon EFS.

B.

Mount an Amazon S3 bucket to serve as the shared file system. Perform postprocessing directly from the S3 bucket.

C.

Use Amazon FSx for Lustre as a shared file system. Link the file system to an Amazon S3 bucket for postprocessing.

D.

Configure AWS Resource Access Manager to share an Amazon S3 bucket so that it can be mounted to all instances for processing and postprocessing.

Buy Now
Questions 9

A company has a single AWS account that contains resources belonging to several teams. The company needs to identify the costs associated with each team. The company wants to use a tag named CostCenter to identify resources that belong to each team.

Options:

A.

Tag all resources that belong to each team with the user-defined CostCenter tag.

B.

Create a tag for each team, and set the value to CostCenter.

C.

Activate the CostCenter tag to track cost allocation.

D.

Configure AWS Billing and Cost Management to send monthly invoices to the company through email messages.

E.

Set up consolidated billing in the existing AWS account.

Buy Now
Questions 10

A company is designing a new ecommerce application for a high-traffic retail website. The application needs to process a large volume of customer orders. The application must scale to handle spikes in order volume during peak shopping events.

Which solution will meet these requirements?

Options:

A.

Use a single large Amazon EC2 instance to run processing logic and to store order information. Run a relational database on the same EC2 instance.

B.

Use a single Amazon EC2 instance to run processing logic. Control the flow of orders into the EC2 instance by using an Amazon SQS queue. Use an Amazon S3 bucket to store order information.

C.

Use an Amazon API Gateway HTTP API and an AWS Lambda function to process orders. Use Amazon DynamoDB in on-demand mode to store order information.

D.

Use an Application Load Balancer ALB to distribute order processing traffic across multiple Amazon EC2 instances that run processing logic. Use Amazon Aurora with multiple reader nodes as the database.

Buy Now
Questions 11

A company is deploying a new application to a VPC on existing Amazon EC2 instances. The application has a presentation tier that uses an Auto Scaling group of EC2 instances. The application also has a database tier that uses an Amazon RDS Multi-AZ database.

The VPC has two public subnets that are split between two Availability Zones. A solutions architect adds one private subnet to each Availability Zone for the RDS database. The solutions architect wants to restrict network access to the RDS database to block access from EC2 instances that do not host the new application.

Which solution will meet this requirement?

Options:

A.

Modify the RDS database security group to allow traffic from a CIDR range that includes IP addresses of the EC2 instances that host the new application.

B.

Associate a new ACL with the private subnets. Deny all incoming traffic from IP addresses that belong to any EC2 instance that does not host the new application.

C.

Modify the RDS database security group to allow traffic from the security group that is associated with the EC2 instances that host the new application.

D.

Associate a new ACL with the private subnets. Deny all incoming traffic except for traffic from a CIDR range that includes IP addresses of the EC2 instances that host the new application.

Buy Now
Questions 12

A company wants to create a long-term storage solution that will allow users to upload terabytes of images and videos. The company will use the images and videos to train machine learning ML models. The storage solution must be scalable and cost-optimized.

Which solution will meet these requirements?

Options:

A.

Provision an Amazon S3 bucket for users to upload images and videos. Copy the data from the S3 bucket to an Amazon FSx for Lustre file system to make the data available for ML model training.

B.

Provision an Amazon S3 bucket for users to upload images and videos. Configure the S3 bucket to make the data available to Amazon SageMaker AI for ML model training. Store the data in the S3 Intelligent-Tiering storage class.

C.

Configure an Amazon SageMaker AI notebook instance with 16 GB of storage. Create a custom application to allow users to upload images and videos directly to the notebook instance.

D.

Provision an Amazon S3 bucket for users to upload images and videos. Copy the data from the S3 bucket to an Amazon EFS file system to make the data available for ML model training.

Buy Now
Questions 13

A company has an application that uses a MySQL database that runs on an Amazon EC2 instance. The instance currently runs in a single Availability Zone. The company requires a fault-tolerant database solution that provides a recovery time objective (RTO) and a recovery point objective (RPO) of 2 minutes or less. Which solution will meet these requirements?

Options:

A.

Migrate the MySQL database to Amazon RDS. Create a read replica in a second Availability Zone. Create a script that detects availability interruptions and promotes the read replica when needed.

B.

Migrate the MySQL database to Amazon RDS for MySQL. Configure the new RDS for MySQL database to use a Multi-AZ deployment.

C.

Create a second MySQL database in a second Availability Zone. Use native MySQL commands to sync the two databases every 2 minutes. Create a script that detects availability interruptions and promotes the second MySQL database when needed.

D.

Create a copy of the EC2 instance that runs the MySQL database. Deploy the copy in a second Availability Zone. Create a Network Load Balancer. Add both instances as targets.

Buy Now
Questions 14

A company stores user data in AWS. The data is used continuously with peak usage during business hours. Access patterns vary, with some data not being used for months at a time. A solutions architect must choose a cost-effective solution that maintains the highest level of durability while maintaining high availability.

Which storage solution meets these requirements?

Options:

A.

Amazon S3 Standard

B.

Amazon S3 Intelligent-Tiering

C.

Amazon S3 Glacier Deep Archive

D.

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Buy Now
Questions 15

A company serves its website by using an Auto Scaling group of Amazon EC2 instances in a single AWS Region. The website does not require a database

The company is expanding, and the company ' s engineering team deploys the website to a second Region. The company wants to distribute traffic across both Regions to accommodate growth and for disaster recovery purposes The solution should not serve traffic from a Region in which the website is unhealthy.

Which policy or resource should the company use to meet these requirements?

Options:

A.

An Amazon Route 53 simple routing policy

B.

An Amazon Route 53 multivalue answer routing policy

C.

An Application Load Balancer in one Region with a target group that specifies the EC2 instance IDs from both Regions

D.

An Application Load Balancer in one Region with a target group that specifies the IP addresses of the EC2 instances from both Regions

Buy Now
Questions 16

A company is migrating a data processing application to AWS. The application processes several short-lived batch jobs that cannot be disrupted. The process generates data after each batch job finishes running. The company accesses the data for 30 days following data generation. After 30 days, the company stores the data for 2 years.

The company wants to optimize costs for the application and data storage. Which solution will meet these requirements?

Options:

A.

Use Amazon EC2 Spot Instances to run the application. Store the data in Amazon S3 Standard. Move the data to S3 Glacier Instant Retrieval after 30 days. Configure a bucket policy to delete the data after 2 years.

B.

Use Amazon EC2 On-Demand Instances to run the application. Store the data in Amazon S3 Glacier Instant Retrieval. Move the data to S3 Glacier Deep Archive after 30 days. Configure an S3 Lifecycle configuration to delete the data after 2 years.

C.

Use Amazon EC2 Spot Instances to run the application. Store the data in Amazon S3 Standard. Move the data to S3 Glacier Flexible Retrieval after 30 days. Configure a bucket policy to delete the data after 2 years.

D.

Use Amazon EC2 On-Demand Instances to run the application. Store the data in Amazon S3 Standard. Move the data to S3 Glacier Deep Archive after 30 days. Configure an S3 Lifecycle configuration to delete the data after 2 years.

Buy Now
Questions 17

A company is developing a highly available natural language processing NLP application. The application handles large volumes of concurrent requests. The application performs NLP tasks such as entity recognition, sentiment analysis, and key phrase extraction on text data.

The company needs to store data that the application processes in a highly available and scalable database.

Which solution will meet these requirements?

Options:

A.

Create an Amazon API Gateway REST API endpoint to handle incoming requests. Configure the REST API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Comprehend to perform NLP tasks on the text data. Store the processed data in Amazon DynamoDB.

B.

Create an Amazon API Gateway HTTP API endpoint to handle incoming requests. Configure the HTTP API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Translate to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

C.

Create an Amazon SQS queue to buffer incoming requests. Deploy the NLP application on Amazon EC2 instances in an Auto Scaling group. Use Amazon Comprehend to perform NLP tasks. Store the processed data in an Amazon RDS database.

D.

Create an Amazon API Gateway WebSocket API endpoint to handle incoming requests. Configure the WebSocket API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Textract to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

Buy Now
Questions 18

A gaming company is developing a game that requires significant compute resources to process game logic, player interactions, and real-time updates. The company needs a compute solution that can dynamically scale based on fluctuating player demand while maintaining high performance. The company must use a relational database that can run complex queries.

Options:

A.

Deploy Amazon EC2 instances to supply compute capacity. Configure Auto Scaling groups to achieve dynamic scaling based on player count. Use Amazon RDS for MySQL as the database.

B.

Refactor the game logic into small, stateless functions. Use AWS Lambda to process the game logic. Use Amazon DynamoDB as the database.

C.

Deploy an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate to supply compute capacity. Scale the ECS tasks based on player demand. Use Amazon Aurora Serverless v2 as the database.

D.

Use AWS ParallelCluster for high performance computing (HPC). Provision compute nodes that have GPU instances to process the game logic and player interactions. Use Amazon RDS for MySQL as the database.

Buy Now
Questions 19

A gaming company has a web application that displays game scores. The application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores data in an Amazon RDS for MySQL database.

Users are experiencing long delays and interruptions caused by degraded database read performance. The company wants to improve the user experience.

Which solution will meet this requirement?

Options:

A.

Use an Amazon ElastiCache (Redis OSS) cache in front of the database.

B.

Use Amazon RDS Proxy between the application and the database.

C.

Migrate the application from EC2 instances to AWS Lambda functions.

D.

Use an Amazon Aurora Global Database to create multiple read replicas across multiple AWS Regions.

Buy Now
Questions 20

A company is deploying a business-critical application that requires durable storage with consistent, low-latency performance.

Which storage option should a solutions architect recommend?

Options:

A.

Instance store

B.

Amazon ElastiCache (Memcached)

C.

Provisioned IOPS SSD Amazon EBS volume

D.

Throughput Optimized HDD Amazon EBS volume

Buy Now
Questions 21

A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information (PII). The company recently discovered that S3 buckets have some objects that contain PII. The company needs to automatically detect PII in S3 buckets and to notify the company ' s security team. Which solution will meet these requirements?

Options:

A.

Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.

B.

Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.

C.

Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.

D.

Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.

Buy Now
Questions 22

A company has multiple AWS accounts with applications deployed in the us-west-2 Region. Application logs are stored within Amazon S3 buckets in each account. The company wants to build a centralized log analysis solution that uses a single S3 bucket. Logs must not leave us-west-2, and the company wants to incur minimal operational overhead.

Options:

A.

Create an S3 Lifecycle policy that copies the objects from one of the application S3 buckets to the centralized S3 bucket.

B.

Use S3 Same-Region Replication to replicate logs from the S3 buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

C.

Write a script that uses the PutObject API operation every day to copy the entire contents of the buckets to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

D.

Write AWS Lambda functions in these accounts that are triggered every time logs are delivered to the S3 buckets (s3:ObjectCreated:*) event. Copy the logs to another S3 bucket in us-west-2. Use this S3 bucket for log analysis.

Buy Now
Questions 23

A media company is migrating a Microsoft Windows-based application to the AWS Cloud. The company uses the application to analyze media files.

The company requires a resilient shared storage solution that the company can access by using the SMB protocol.

Which storage solution will meet these requirements?

Options:

A.

Use an Amazon S3 bucket to store the media files. Connect the application servers to the bucket.

B.

Use Amazon FSx for Windows File Server in a Multi-AZ deployment as shared storage for the application servers.

C.

Use an Amazon EBS volume as shared storage for the application servers.

D.

Use an Amazon FSx File Gateway as shared storage for the application servers.

Buy Now
Questions 24

A financial company is migrating banking applications to AWS accounts managed through AWS Organizations. The applications store sensitive customer data on Amazon EBS volumes, and the company takes regular snapshots for backups.

The company must implement controls across all accounts to prevent sharing EBS snapshots publicly, with the least operational overhead.

Which solution will meet these requirements?

Options:

A.

Enable AWS Config rules for each OU to monitor EBS snapshot permissions.

B.

Enable block public access for EBS snapshots at the organization level.

C.

Create an IAM policy in the root account that prevents users from modifying snapshot permissions.

D.

Use AWS CloudTrail to track snapshot permission changes.

Buy Now
Questions 25

A company stores sensitive customer data in an Amazon DynamoDB table. The company frequently updates the data. The company wants to use the data to personalize offers for customers.

The company ' s analytics team has its own AWS account. The analytics team runs an application on Amazon EC2 instances that needs to process data from the DynamoDB tables. The company needs to follow security best practices to create a process to regularly share data from DynamoDB to the analytics team.

Which solution will meet these requirements?

Options:

A.

Export the required data from the DynamoDB table to an Amazon S3 bucket as multiple JSON files. Provide the analytics team with the necessary IAM permissions to access the S3 bucket.

B.

Allow public access to the DynamoDB table. Create an IAM user that has permission to access DynamoDB. Share the IAM user with the analytics team.

C.

Allow public access to the DynamoDB table. Create an IAM user that has read-only permission for DynamoDB. Share the IAM user with the analytics team.

D.

Create a cross-account IAM role. Create an IAM policy that allows the AWS account ID of the analytics team to access the DynamoDB table. Attach the IAM policy to the IAM role. Establish a trust relationship between accounts.

Buy Now
Questions 26

A company wants to migrate a Microsoft SQL Server database server from an on-premises data center to AWS. The company needs access to the operating system of the SQL Server database.

Which solution will meet these requirements?

Options:

A.

Migrate the database to Amazon Aurora Serverless.

B.

Migrate the database to Amazon RDS for SQL Server.

C.

Migrate the database to Amazon EC2 instances that run SQL Server.

D.

Migrate the database to Amazon Redshift.

Buy Now
Questions 27

A company hosts an application on AWS that uses an Amazon S3 bucket and an Amazon Aurora database. The company wants to implement a multi-Region disaster recovery DR strategy that minimizes potential data loss.

Which solution will meet these requirements?

Options:

A.

Create an Aurora read replica in a second Availability Zone within the same AWS Region. Enable S3 Versioning for the bucket.

B.

Create an Aurora read replica in a second AWS Region. Configure AWS Backup to create continuous backups of the S3 bucket to a second bucket in a second Availability Zone.

C.

Enable Aurora native database backups across multiple AWS Regions. Use S3 cross-account backups within the company ' s local Region.

D.

Migrate the database to an Aurora global database. Create a second S3 bucket in a second Region. Configure Cross-Region Replication.

Buy Now
Questions 28

A company wants to run transient workloads in an Amazon EMR cluster that runs on Amazon EC2 instances. The company wants to use On-Demand Instances for core nodes and Spot Instances for task nodes. The company wants to use memory optimized EC2 instances to launch EMR clusters in the AWS Region where the company operates.

The company has configured multiple subnets in multiple Availability Zones. The company must ensure that the EMR clusters are launched only in Availability Zones where specified instance types and purchasing options are available.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

A.

Deploy Amazon EMR with an instance group configuration. Launch the EMR clusters into multiple subnets that are associated with multiple Availability Zones.

B.

Deploy Amazon EMR with an instance group configuration. Launch the EMR clusters into a single subnet. Configure Amazon EMR to determine whether an Availability Zone has the necessary capacity when an EMR cluster is launched.

C.

Deploy Amazon EMR with an instance fleet configuration. Launch the EMR clusters into multiple subnets that are associated with multiple Availability Zones.

D.

Deploy Amazon EMR with an instance fleet configuration. Launch the EMR clusters into a single subnet. Configure Amazon EMR to determine whether an Availability Zone has the necessary capacity when an EMR cluster is launched.

Buy Now
Questions 29

A company needs to implement a new data retention policy for regulatory compliance. As part of this policy, sensitive documents that are stored in an Amazon S3 bucket must be protected from deletion or modification for a fixed period of time.

Which solution will meet these requirements?

Options:

A.

Activate S3 Object Lock on the required objects and enable governance mode.

B.

Activate S3 Object Lock on the required objects and enable compliance mode.

C.

Enable versioning on the S3 bucket. Set a lifecycle policy to delete the objects after a specified period.

D.

Configure an S3 Lifecycle policy to transition objects to S3 Glacier Flexible Retrieval for the retention duration.

Buy Now
Questions 30

An ecommerce company experiences a surge in mobile application traffic every Monday at 8 AM during the company ' s weekly sales events. The application ' s backend uses an Amazon API Gateway HTTP API and AWS Lambda functions to process user requests. During peak sales periods, users report encountering TooManyRequestsException errors from the Lambda functions. The errors result in a degraded user experience. A solutions architect needs to design a scalable and resilient solution that minimizes the errors and ensures that the application ' s overall functionality remains unaffected.

Options:

A.

Create an Amazon Simple Queue Service (Amazon SQS) queue. Send user requests to the SQS queue. Configure the Lambda function with provisioned concurrency. Set the SQS queue as the event source trigger.

B.

Use AWS Step Functions to orchestrate and process user requests. Configure Step Functions to invoke the Lambda functions and to manage the request flow.

C.

Create an Amazon Simple Notification Service (Amazon SNS) topic. Send user requests to the SNS topic. Configure the Lambda functions with provisioned concurrency. Subscribe the functions to the SNS topic.

D.

Create an Amazon Simple Queue Service (Amazon SQS) queue. Send user requests to the SQS queue. Configure the Lambda functions with reserved concurrency. Set the SQS queue as the event source trigger for the functions.

Buy Now
Questions 31

A company needs to archive an on-premises relational database. The company wants to retain the data. The company needs to be able to run SQL queries on the archived data to create annual reports.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use AWS DMS to migrate the on-premises database to an Amazon RDS instance. Retire the on-premises database. Maintain the RDS instance in a stopped state until the data is needed for reports.

B.

Set up database replication from the on-premises database to an Amazon EC2 instance. Retire the on-premises database. Make a snapshot of the EC2 instance. Maintain the EC2 instance in a stopped state until the data is needed for reports.

C.

Create a database backup on premises. Use AWS DataSync to transfer the data to Amazon S3. Create an S3 Lifecycle configuration to move the data to S3 Glacier Deep Archive. Restore the backup to Amazon EC2 instances to run reports.

D.

Use AWS DMS to migrate the on-premises databases to Amazon S3 in Apache Parquet format. Store the data in S3 Glacier Flexible Retrieval. Use Amazon Athena to run reports.

Buy Now
Questions 32

A company runs its legacy web application on AWS. The web application server runs on an Amazon EC2 instance in the public subnet of a VPC. The web application server collects images from customers and stores the image files in a locally attached Amazon Elastic Block Store (Amazon EBS) volume. The image files are uploaded every night to an Amazon S3 bucket for backup.

A solutions architect discovers that the image files are being uploaded to Amazon S3 through the public endpoint. The solutions architect needs to ensure that traffic to Amazon S3 does not use the public endpoint.

Options:

A.

Create a gateway VPC endpoint for the S3 bucket that has the necessary permissions for the VPC. Configure the subnet route table to use the gateway VPC endpoint.

B.

Move the S3 bucket inside the VPC. Configure the subnet route table to access the S3 bucket through private IP addresses.

C.

Create an Amazon S3 access point for the Amazon EC2 instance inside the VPC. Configure the web application to upload by using the Amazon S3 access point.

D.

Configure an AWS Direct Connect connection between the VPC that has the Amazon EC2 instance and Amazon S3 to provide a dedicated network path.

Buy Now
Questions 33

A media streaming company is redesigning its infrastructure to accommodate increasing demand for video content that users consume daily. The company needs to process terabyte-sized videos to block some content in the videos. Video processing can take up to 20 minutes.

The company needs a solution that is cost-effective, highly available, and scalable.

Which solution will meet these requirements?

Options:

A.

Use AWS Lambda functions to process the videos. Store video metadata in Amazon DynamoDB. Store video content in Amazon S3 Intelligent-Tiering.

B.

Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type to implement microservices to process videos. Store video metadata in Amazon Aurora. Store video content in Amazon S3 Intelligent-Tiering.

C.

Use Amazon EMR to process the videos with Apache Spark. Store video content in Amazon FSx for Lustre. Use Amazon Kinesis Data Streams to ingest videos in real time.

D.

Deploy a containerized video processing application on Amazon Elastic Kubernetes Service (Amazon EKS) with the Amazon EC2 launch type. Store video metadata in Amazon RDS in a single Availability Zone. Store video content in Amazon S3 Glacier Deep Archive.

Buy Now
Questions 34

A data science team requires storage for nightly log processing. The size and number of logs is unknown and the logs will persist for 24 hours only.

What is the MOST cost-effective solution?

Options:

A.

Amazon S3 Glacier Deep Archive

B.

Amazon S3 Standard

C.

Amazon S3 Intelligent-Tiering

D.

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Buy Now
Questions 35

A company uses an Amazon S3 bucket as its data lake storage platform The S3 bucket contains a massive amount of data that is accessed randomly by multiple teams and hundreds of applications. The company wants to reduce the S3 storage costs and provide immediate availability for frequently accessed objects

What is the MOST operationally efficient solution that meets these requirements?

Options:

A.

Create an S3 Lifecycle rule to transition objects to the S3 Intelligent-Tiering storage class

B.

Store objects in Amazon S3 Glacier Use S3 Select to provide applications with access to the data.

C.

Use data from S3 storage class analysis to create S3 Lifecycle rules to automatically transition objects to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class.

D.

Transition objects to the S3 Standard-Infrequent Access (S3 Standard-IA) storage class Create an AWS Lambda function to transition objects to the S3 Standard storage class when they are accessed by an application

Buy Now
Questions 36

A company tracks customer satisfaction by using surveys that the company hosts on its website. The surveys sometimes reach thousands of customers every hour. Survey results are currently sent in email messages to the company so company employees can manually review results and assess customer sentiment.

The company wants to automate the customer survey process. Survey results must be available for the previous 12 months.

Which solution will meet these requirements in the MOST scalable way?

Options:

A.

Send the survey results data to an Amazon API Gateway endpoint that is connected to an Amazon Simple Queue Service (Amazon SQS) queue. Create an AWS Lambda function to poll the SQS queue, call Amazon Comprehend for sentiment analysis, and save the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the future.

B.

Send the survey results data to an API that is running on an Amazon EC2 instance. Configure the API to store the survey results as a new record in an Amazon DynamoDB table, call Amazon Comprehend for sentiment analysis, and save the results in a second DynamoDB table. Set the TTL for all records to 365 days in the future.

C.

Write the survey results data to an Amazon S3 bucket. Use S3 Event Notifications to invoke an AWS Lambda function to read the data and call Amazon Rekognition for sentiment analysis. Store the sentiment analysis results in a second S3 bucket. Use S3 Lifecycle policies on each bucket to expire objects after 365 days.

D.

Send the survey results data to an Amazon API Gateway endpoint that is connected to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the SQS queue to invoke an AWS Lambda function that calls Amazon Lex for sentiment analysis and saves the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the future.

Buy Now
Questions 37

A company wants to re-architect an application to use Amazon SQS queues. The company must ensure that the application can handle sudden increases in traffic.

Which Amazon SQS feature will help meet this requirement?

Options:

A.

FIFO queues

B.

Visibility timeout

C.

Message batching

D.

Long polling

Buy Now
Questions 38

A company runs an internet-facing web application on AWS and uses Amazon Route 53 with a public hosted zone.

The company wants to log DNS response codes to support future root cause analysis.

Which solution will meet these requirements?

Options:

A.

Use Route 53 to configure query logging.

B.

Use AWS CloudTrail to record all Route 53 queries.

C.

Use Amazon CloudWatch metrics for Route 53.

D.

Use AWS Trusted Advisor for root cause analysis.

Buy Now
Questions 39

A company hosts an application on Amazon EC2 instances that are part of a target group behind an Application Load Balancer (ALB). The company has attached a security group to the ALB.

During a recent review of application logs, the company found many unauthorized login attempts from IP addresses that belong to countries outside the company ' s normal user base. The company wants to allow traffic only from the United States and Australia.

Options:

A.

Edit the default network ACL to block IP addresses from outside of the allowed countries.

B.

Create a geographic match rule in AWS WAF. Attach the rule to the ALB.

C.

Configure the ALB security group to allow the IP addresses of company employees. Edit the default network ACL to block IP addresses from outside of the allowed countries.

D.

Use a host-based firewall on the EC2 instances to block IP addresses from outside of the allowed countries. Configure the ALB security group to allow the IP addresses of company employees.

Buy Now
Questions 40

A company has an on-premises volume backup solution that is end of life. The company wants to use AWS as part of a new backup solution while maintaining local access to all data. The data must be automatically and securely transferred to AWS.

Which solution meets these requirements?

Options:

A.

Use AWS Snowball to migrate data to Amazon S3. Mount the Snowball S3 endpoint for local access.

B.

Use AWS Snowball Edge to migrate data to Amazon S3. Use the Snowball Edge file interface to provide local access.

C.

Use AWS Storage Gateway and configure a cached volume gateway. Run the gateway appliance on premises, cache a percentage of data locally, and mount gateway volumes for local access.

D.

Use AWS Storage Gateway and configure a stored volume gateway. Run the appliance on premises, map the gateway storage to on-premises disks, and mount gateway volumes for local access.

Buy Now
Questions 41

How can DynamoDB data be made available for long-term analytics with minimal operational overhead?

Options:

A.

Configure DynamoDB incremental exports to S3.

B.

Configure DynamoDB Streams to write records to S3.

C.

Configure EMR to copy DynamoDB data to S3.

D.

Configure EMR to copy DynamoDB data to HDFS.

Buy Now
Questions 42

A company hosts a web application on an on-premises server that processes incoming requests. Processing time for each request varies from 5 minutes to 20 minutes.

The number of requests is growing. The company wants to move the application to AWS. The company wants to update the architecture to scale automatically.

Options:

A.

Convert the application to a microservices architecture that uses containers. Use Amazon Elastic Container Service (Amazon ECS) with the AWS Fargate launch type to run the containerized web application. Configure Service Auto Scaling. Use an Application Load Balancer to distribute incoming requests.

B.

Create an Amazon EC2 instance that has sufficient CPU and RAM capacity to run the application. Create metrics to track usage. Create alarms to notify the company when usage exceeds a specified threshold. Replace the EC2 instance with a larger instance size in the same family when usage is too high.

C.

Refactor the web application to use multiple AWS Lambda functions. Use an Amazon API Gateway REST API as an entry point to the Lambda functions.

D.

Refactor the web application to use a single AWS Lambda function. Use an Amazon API Gateway HTTP API as an entry point to the Lambda function.

Buy Now
Questions 43

A company is building an application on an Amazon ECS cluster that uses the AWS Fargate launch type. The application must read files from a private Amazon S3 bucket.

The company needs to design a security solution to allow ECS tasks to retrieve data from the S3 bucket.

Which solution will meet these requirements with the LEAST administrative effort?

Options:

A.

Assign an inline IAM policy to the task role that is configured in the ECS task definition. Configure the policy to grant access to the S3 bucket.

B.

Create an IAM user that has programmatic access to the S3 bucket. Store the IAM user credentials as a parameter in AWS Systems Manager Parameter Store. Configure the ECS task definition to read the parameter during runtime.

C.

Assign an IAM policy to the task execution role that is configured in the ECS task definition. Configure the policy to grant access to the S3 bucket.

D.

Create an IAM user and access keys for the S3 bucket. Store the access credentials as a secret in AWS Secrets Manager. Configure the ECS task definition to read the secret during runtime.

Buy Now
Questions 44

A company runs a multi-tier application on premises by using virtual machines (VMs). The application tiers communicate asynchronously through third-party middleware that guarantees exactly-once delivery. The company is planning to migrate the application to AWS and needs to replace the middleware solution. The solution must provide exactly-once delivery for messages from the application.

Which combination of actions will meet these requirements with the LEAST infrastructure management? (Select TWO.)

Options:

A.

Use AWS Lambda functions to provide compute layers in the architecture.

B.

Use Amazon EC2 instances to provide compute layers in the architecture.

C.

Use Amazon SNS as a messaging component between the compute layers.

D.

Use Amazon SQS FIFO queues as a messaging component between the compute layers.

E.

Run containers on Amazon EKS to provide compute layers in the architecture.

Buy Now
Questions 45

A company has an application that uses an Amazon RDS for PostgreSQL database. The company is developing an application feature that will store sensitive information for an individual in the database.

During a security review of the environment, the company discovers that the RDS DB instance is not encrypting data at rest. The company needs a solution that will provide encryption at rest for all the existing data and for any new data that is entered for an individual.

Which combination of steps should the company take to meet these requirements? Select TWO.

Options:

A.

Create a snapshot of the DB instance. Enable encryption on the snapshot. Use the encrypted snapshot to create a new DB instance. Adjust the application configuration to use the new DB instance.

B.

Create a snapshot of the DB instance. Create an encrypted copy of the snapshot. Use the encrypted snapshot to create a new DB instance. Adjust the application configuration to use the new DB instance.

C.

Modify the configuration of the DB instance by enabling encryption. Create a snapshot of the DB instance. Use the snapshot to create a new DB instance. Adjust the application configuration to use the new DB instance.

D.

Use AWS KMS to create a new default AWS managed aws/rds key. Select this key as the encryption key for operations with Amazon RDS.

E.

Use AWS KMS to create a new customer managed key. Select this key as the encryption key for operations with Amazon RDS.

Buy Now
Questions 46

A company needs to design a hybrid network architecture The company ' s workloads are currently stored in the AWS Cloud and in on-premises data centers The workloads require single-digit latencies to communicate The company uses an AWS Transit Gateway transit gateway to connect multiple VPCs

Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

Options:

A.

Establish an AWS Site-to-Site VPN connection to each VPC.

B.

Associate an AWS Direct Connect gateway with the transit gateway that is attached to the VPCs.

C.

Establish an AWS Site-to-Site VPN connection to an AWS Direct Connect gateway.

D.

Establish an AWS Direct Connect connection. Create a transit virtual interface (VIF) to a Direct Connect gateway.

E.

Associate AWS Site-to-Site VPN connections with the transit gateway that is attached to the VPCs

Buy Now
Questions 47

An insurance company is creating an application to record personal user data. The data includes users’ names, ages, and health data. The company wants to run the application in a private subnet on AWS.

Because of data security requirements, the company must have access to the operating system of the compute resources that run the application tier. The company must use a low-latency NoSQL database to store the data.

Which solution will meet these requirements?

Options:

A.

Use Amazon EC2 instances for the application tier. Use an Amazon DynamoDB table for the database tier. Create a VPC endpoint for DynamoDB. Assign the instances an instance profile that has permission to access DynamoDB.

B.

Use AWS Lambda functions for the application tier. Use an Amazon DynamoDB table for the database tier. Assign a Lambda function an appropriate IAM role to access the table.

C.

Use AWS Fargate for the application tier. Create an Amazon Aurora PostgreSQL instance inside a private subnet for the database tier.

D.

Use Amazon EC2 instances for the application tier. Use an Amazon S3 bucket to store the data in JSON format. Configure the application to use Amazon Athena to read and write the data to and from the S3 bucket.

Buy Now
Questions 48

A company needs to accommodate traffic for a web application that the company hosts on AWS, especially during peak usage hours.

The application uses Amazon EC2 instances as web servers, an Amazon RDS DB instance for database operations, and an Amazon S3 bucket to store transaction documents. The application struggles to scale effectively and experiences performance issues.

The company wants to improve the scalability of the application and prevent future performance issues. The company also wants to improve global access speeds to the transaction documents for the company ' s global users.

Which solution will meet these requirements?

Options:

A.

Place the EC2 instances in Auto Scaling groups to scale appropriately during peak usage hours. Use Amazon RDS read replicas to improve database read performance. Deploy an Amazon CloudFront distribution that uses Amazon S3 as the origin.

B.

Increase the size of the EC2 instances to provide more compute capacity. Use Amazon ElastiCache to reduce database read loads. Use AWS Global Accelerator to optimize the delivery of the transaction documents that are in the S3 bucket.

C.

Transition workloads from the EC2 instances to AWS Lambda functions to scale in response to the usage peaks. Migrate the database to an Amazon Aurora global database to provide cross-Region reads. Use AWS Global Accelerator to deliver the transaction documents that are in the S3 bucket.

D.

Convert the application architecture to use Amazon Elastic Container Service (Amazon ECS) containers. Configure a Multi-AZ deployment of Amazon RDS to support database operations. Replicate the transaction documents that are in the S3 bucket across multiple AWS Regions.

Buy Now
Questions 49

A company runs a three-tier web application in a VPC on AWS. The company deployed an application load balancer ALB in a public subnet. The web tier and application tier Amazon EC2 instances are deployed in a private subnet. The company uses a self-managed MySQL database that runs on EC2 instances in an isolated private subnet for the database tier.

The company wants a mechanism that will give a DevOps team the ability to use SSH to access all the servers. The company also wants to have a centrally managed log of all connections made to the servers.

Which combination of solutions will meet these requirements with the MOST operational efficiency? Select TWO.

Options:

A.

Create a bastion host in the public subnet. Configure security groups in the public, private, and isolated subnets to allow SSH access.

B.

Create an interface VPC endpoint for AWS Systems Manager Session Manager. Attach the endpoint to the VPC.

C.

Create an IAM policy that grants access to AWS Systems Manager Session Manager. Attach the IAM policy to the EC2 instances.

D.

Create a gateway VPC endpoint for AWS Systems Manager Session Manager. Attach the endpoint to the VPC.

E.

Attach an AmazonSSMManagedInstanceCore AWS managed IAM policy to all the EC2 instance roles.

Buy Now
Questions 50

A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the databases.

Which solution meets this requirement with the LEAST operational overhead?

Options:

A.

Store the password in AWS Secrets Manager. Enable automatic rotation on the secret.

B.

Store the password in AWS Systems Manager Parameter Store. Enable automatic rotation on the parameter.

C.

Store the password in AWS Systems Manager Parameter Store. Write an AWS Lambda function that rotates the password.

D.

Store the password in AWS Key Management Service (AWS KMS). Enable automatic rotation on the AWS KMS key.

Buy Now
Questions 51

A company hosts a public web application on AWS. The website has a three-tier architecture. The frontend web tier is comprised of Amazon EC2 instances in an Auto Scaling group. The application tier is a second Auto Scaling group. The database tier is an Amazon RDS database.

The company has configured the Auto Scaling groups to handle the application ' s normal level of demand. During an unexpected spike in demand, the company notices a long delay in the startup time when the frontend and application layers scale out. The company needs to improve the scaling performance of the application without negatively affecting the user experience.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Decrease the minimum number of EC2 instances for both Auto Scaling groups. Increase the desired number of instances to meet the peak demand requirement.

B.

Configure the maximum number of instances for both Auto Scaling groups to be the number required to meet the peak demand. Create a warm pool.

C.

Increase the maximum number of EC2 instances for both Auto Scaling groups to meet the normal demand requirement. Create a warm pool.

D.

Reconfigure both Auto Scaling groups to use a scheduled scaling policy. Increase the size of the EC2 instance types and the RDS instance types.

Buy Now
Questions 52

A company is building a serverless application to process orders from an e-commerce site. The application needs to handle bursts of traffic during peak usage hours and to maintain high availability. The orders must be processed asynchronously in the order the application receives them.

Options:

A.

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use an AWS Lambda function to process the orders.

B.

Use an Amazon Simple Queue Service (Amazon SQS) FIFO queue to receive orders. Use an AWS Lambda function to process the orders.

C.

Use an Amazon Simple Queue Service (Amazon SQS) standard queue to receive orders. Use AWS Batch jobs to process the orders.

D.

Use an Amazon Simple Notification Service (Amazon SNS) topic to receive orders. Use AWS Batch jobs to process the orders.

Buy Now
Questions 53

A company is deploying an application in three AWS Regions using an Application Load Balancer. Amazon Route 53 will be used to distribute traffic between these Regions.

Which Route 53 configuration should a solutions architect use to provide the MOST high-performing experience?

Options:

A.

Create an A record with a latency policy.

B.

Create an A record with a geolocation policy.

C.

Create a CNAME record with a failover policy.

D.

Create a CNAME record with a geoproximity policy.

Buy Now
Questions 54

A company needs a solution to back up and protect critical AWS resources. The company needs to regularly take backups of several Amazon EC2 instances and Amazon RDS for PostgreSQL databases. To ensure high resiliency, the company must have the ability to validate and restore backups.

Which solution meets the requirement with LEAST operational overhead?

Options:

A.

Use AWS Backup to create a backup schedule for the resources. Use AWS Backup to create a restoration testing plan for the required resources.

B.

Take snapshots of the EC2 instances and RDS DB instances. Create AWS Batch jobs to validate and restore the snapshots.

C.

Create a custom AWS Lambda function to take snapshots of the EC2 instances and RDS DB instances. Create a second Lambda function to restore the snapshots periodically to validate the backups.

D.

Take snapshots of the EC2 instances and RDS DB instances. Create an AWS Lambda function to restore the snapshots periodically to validate the backups.

Buy Now
Questions 55

A company hosts an application in a private subnet. The company has already integrated the application with Amazon Cognito. The company uses an Amazon Cognito user pool to authenticate users.

The company needs to modify the application so the application can securely store user documents in an Amazon S3 bucket.

Which combination of steps will securely integrate Amazon S3 with the application? (Select TWO.)

Options:

A.

Create an Amazon Cognito identity pool to generate secure Amazon S3 access tokens for users when they successfully log in.

B.

Use the existing Amazon Cognito user pool to generate Amazon S3 access tokens for users when they successfully log in.

C.

Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.

D.

Create a NAT gateway in the VPC where the company hosts the application. Assign a policy to the S3 bucket to deny any request that is not initiated from Amazon Cognito.

E.

Attach a policy to the S3 bucket that allows access only from the users ' IP addresses.

Buy Now
Questions 56

A company uses Amazon Redshift to store structured data and Amazon S3 to store unstructured data. The company wants to analyze the stored data and create business intelligence reports. The company needs a data visualization solution that is compatible with Amazon Redshift and Amazon S3.

Which solution will meet these requirements?

Options:

A.

Use Amazon Redshift query editor v2 to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

B.

Use Amazon Redshift Serverless to analyze data stored in Amazon Redshift. Use Amazon S3 Object Lambda to analyze data stored in Amazon S3. Use Amazon Managed Grafana to access Amazon Redshift and Object Lambda, visualize the data analyses, and create business intelligence reports.

C.

Use Amazon Redshift Spectrum to analyze data stored in Amazon Redshift. Use Amazon Athena to analyze data stored in Amazon S3. Use Amazon QuickSight to access Amazon Redshift and Athena, visualize the data analyses, and create business intelligence reports.

D.

Use Amazon OpenSearch Service to analyze data stored in Amazon Redshift and Amazon S3. Use Amazon Managed Grafana to access OpenSearch Service, visualize the data analyses, and create business intelligence reports.

Buy Now
Questions 57

A company runs database workloads on AWS that are the backend for the company ' s customer portals. The company runs a Multi-AZ database cluster on Amazon RDS for PostgreSQL.

The company needs to implement a 30-day backup retention policy. The company currently has both automated RDS backups and manual RDS backups. The company wants to maintain both types of existing RDS backups that are less than 30 days old.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Configure the RDS backup retention policy to 30 days tor automated backups by using AWS Backup. Manually delete manual backups that are older than 30 days.

B.

Disable RDS automated backups. Delete automated backups and manual backups that are older than 30 days. Configure the RDS backup retention policy to 30 days tor automated backups.

C.

Configure the RDS backup retention policy to 30 days for automated backups. Manually delete manual backups that are older than 30 days

D.

Disable RDS automated backups. Delete automated backups and manual backups that are older than 30 days automatically by using AWS CloudFormation. Configure the RDS backup retention policy to 30 days for automated backups.

Buy Now
Questions 58

A company deployed an application in two AWS Regions. If the application fails in one Region, traffic must fail over to the second Region. The failover must avoid stale DNS client caches, and the company requires one endpoint for both Regions.

Which solution meets these requirements?

Options:

A.

Use a CloudFront distribution with multiple origins.

B.

Use Route 53 weighted routing with equal weights.

C.

Use AWS Global Accelerator and assign static anycast IPs to the application.

D.

Use Route 53 IP-based routing to switch Regions.

Buy Now
Questions 59

A company provides devices to users. When a device is registered, its ID is added to DynamoDB. A daily job activates devices using two Lambda functions:

• The Retrieve function lists unregistered device IDs.

• The Retrieve function then calls the Activate function in a loop to register each device.

The number of activations is increasing, and the company wants to avoid Lambda timeouts without modifying existing functions.

Which solution will scale appropriately?

Options:

A.

Use EventBridge Scheduler to periodically invoke the Retrieve function.

B.

Invoke the Activate function from DynamoDB Streams when a device ID is added.

C.

Use Step Functions to call the Retrieve function and use a Map state to run the Activate function for each ID.

D.

Move the Retrieve function to EC2 for longer processing time.

Buy Now
Questions 60

A company wants to optimize costs for its AWS infrastructure. The company wants to receive notifications when actual costs or forecasted costs exceed a specified budget. The company does not want to develop a custom solution.

Which solution will meet these requirements?

Options:

A.

Use AWS Trusted Advisor to set up budget notifications. Configure Amazon CloudWatch to monitor costs. Export CloudWatch data to Amazon S3. Use machine learning (ML) to estimate future trends based on the CloudWatch data.

B.

Create a budget in AWS Budgets that has a specified cost threshold. Create an AWS Lambda function that sends a notification to the company when costs reach the specified threshold. Use AWS Billing and Cost Management reports to monitor costs.

C.

Use AWS Cost Explorer to set a specified budget threshold. Create an AWS Lambda function to calculate cost estimates. Configure the Lambda function to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic if estimated costs exceed the specified threshold.

D.

Create a budget in AWS Budgets that has a specified cost threshold. Configure AWS Budgets to send budget alerts to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Cost Explorer to monitor costs.

Buy Now
Questions 61

A company is developing a highly available natural language processing (NLP) application. The application handles large volumes of concurrent requests. The application performs NLP tasks such as entity recognition, sentiment analysis, and key phrase extraction on text data.

The company needs to store data that the application processes in a highly available and scalable database.

Options:

Options:

A.

Create an Amazon API Gateway REST API endpoint to handle incoming requests. Configure the REST API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Comprehend to perform NLP tasks on the text data. Store the processed data in Amazon DynamoDB.

B.

Create an Amazon API Gateway HTTP API endpoint to handle incoming requests. Configure the HTTP API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Translate to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

C.

Create an Amazon SQS queue to buffer incoming requests. Deploy the NLP application on Amazon EC2 instances in an Auto Scaling group. Use Amazon Comprehend to perform NLP tasks. Store the processed data in an Amazon RDS database.

D.

Create an Amazon API Gateway WebSocket API endpoint to handle incoming requests. Configure the WebSocket API to invoke an AWS Lambda function for each request. Configure the Lambda function to call Amazon Textract to perform NLP tasks on the text data. Store the processed data in Amazon ElastiCache.

Buy Now
Questions 62

A company runs an application that stores and shares photos. Users upload the photos to an Amazon S3 bucket. Every day, users upload approximately 150 photos. The company wants to design a solution that creates a thumbnail of each new photo and stores the thumbnail in a second S3 bucket.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a long-running Amazon EMR cluster. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket.

B.

Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a memory-optimized Amazon EC2 instance that is always on. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket.

C.

Configure an S3 event notification to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to the second S3 bucket.

D.

Configure S3 Storage Lens to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to a second S3 bucket.

Buy Now
Questions 63

A company has an ecommerce application that users access through multiple mobile apps and web applications. The company needs a solution that will receive requests from the mobile apps and web applications through an API.

Request traffic volume varies significantly throughout each day. Traffic spikes during sales events. The solution must be loosely coupled and ensure that no requests are lost.

Which solution will meet these requirements?

Options:

A.

Create an Application Load Balancer ALB. Create an AWS Elastic Beanstalk endpoint to process the requests. Add the Elastic Beanstalk endpoint to the target group of the ALB.

B.

Set up an Amazon API Gateway REST API with an integration to an Amazon SQS queue. Configure a dead-letter queue. Create an AWS Lambda function to poll the queue to process the requests.

C.

Create an Application Load Balancer ALB. Create an AWS Lambda function to process the requests. Add the Lambda function as a target of the ALB.

D.

Set up an Amazon API Gateway HTTP API with an integration to an Amazon SNS topic. Create an AWS Lambda function to process the requests. Subscribe the function to the SNS topic to process the requests.

Buy Now
Questions 64

A company runs an application on Amazon EC2 instances. The instances need to access an Amazon RDS database by using specific credentials. The company uses AWS Secrets Manager to contain the credentials the EC2 instances must use.

Which solution will meet this requirement?

Options:

A.

Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the new IAM role access to the secret that contains the database credentials.

B.

Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the new IAM user access to the secret that contains the database credentials.

C.

Create a resource-based policy for the secret that contains the database credentials. Use EC2 Instance Connect to access the secret.

D.

Create an identity-based policy for the secret that contains the database credentials. Grant direct access to the EC2 instances.

Buy Now
Questions 65

A company runs a latency-sensitive gaming service in the AWS Cloud. The gaming service runs on a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB). An Amazon DynamoDB table stores the gaming data. All the infrastructure is in a single AWS Region. The main user base is in that same Region.

A solutions architect needs to update the architecture to support a global expansion of the gaming service. The gaming service must operate with the least possible latency.

Which solution will meet these requirements?

Options:

A.

Create an Amazon CloudFront distribution in front of the ALB.

B.

Deploy an Amazon API Gateway regional API endpoint. Integrate the API endpoint with the ALB.

C.

Create an accelerator in AWS Global Accelerator. Add a listener. Configure the endpoint to point to the ALB.

D.

Deploy the ALB and the fleet of EC2 instances to another Region. Use Amazon Route 53 with geolocation routing.

Buy Now
Questions 66

A solutions architect is using Amazon EC2 instances to host an application. The solutions architect needs to grant permissions for the application to access an Amazon DynamoDB table.

Which solution will meet this requirement?

Options:

A.

Create access keys to access the DynamoDB table. Assign the access keys to the EC2 instance profile.

B.

Create an EC2 key pair to access the DynamoDB table. Assign the key pair to the EC2 instance profile.

C.

Create an IAM user to access the DynamoDB table. Assign the IAM user to the EC2 instance profile.

D.

Create an IAM role to access the DynamoDB table. Assign the IAM role to the EC2 instance profile.

Buy Now
Questions 67

A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.

Options:

A.

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

B.

Deploy an internet gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

C.

Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.

D.

Deploy an egress-only internet gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.

Buy Now
Questions 68

A company’s application is deployed on Amazon EC2 instances and uses AWS Lambda functions for an event-driven architecture. The company uses nonproduction development environments in a different AWS account to test new features before the company deploys the features to production.

The production instances show constant usage because of customers in different time zones. The company uses nonproduction instances only during business hours on weekdays. The company does not use the nonproduction instances on the weekends. The company wants to optimize the costs to run its application on AWS.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Use On-Demand Instances for the production instances. Use Dedicated Hosts for the nonproduction instances on weekends only.

B.

Use Reserved Instances for the production instances and the nonproduction instances. Shut down the nonproduction instances when not in use.

C.

Use Compute Savings Plans for the production instances. Use On-Demand Instances for the nonproduction instances. Shut down the nonproduction instances when not in use.

D.

Use Dedicated Hosts for the production instances. Use EC2 Instance Savings Plans for the nonproduction instances.

Buy Now
Questions 69

A company is creating a web application that will store a large number of images in Amazon S3. The images will be accessed by users over variable periods of time. The company wants to:

Retain all the images.

Incur no cost for retrieval.

Have minimal management overhead.

Have the images available with no impact on retrieval time.

Which solution meets these requirements?

Options:

A.

Implement S3 Intelligent-Tiering.

B.

Implement S3 storage class analysis.

C.

Implement an S3 Lifecycle policy to move data to S3 Standard-Infrequent Access (S3 Standard-IA).

D.

Implement an S3 Lifecycle policy to move data to S3 One Zone-Infrequent Access (S3 One Zone-IA).

Buy Now
Questions 70

A company hosts an application in an Amazon EC2 Auto Scaling group. The company has observed that during periods of high demand, new instances take too long to join the Auto Scaling group and serve the increased demand. The company determines that the root cause of the issue is the long boot time of the instances in the Auto Scaling group. The company needs to reduce the time required to launch new instances to respond to demand. Which solution will meet this requirement?

Options:

A.

Increase the maximum capacity of the Auto Scaling group by 50%.

B.

Create a warm pool for the Auto Scaling group. Use the default specification for the warm pool size.

C.

Increase the health check grace period for the Auto Scaling group by 50%.

D.

Create a scheduled scaling action. Set the desired capacity equal to the maximum capacity of the Auto Scaling group.

Buy Now
Questions 71

A company is using Amazon DocumentDB global clusters to support an ecommerce application. The application serves customers across multiple AWS Regions. To ensure business continuity, the company needs a solution to minimize downtime during maintenance windows or other disruptions.

Which solution will meet these requirements?

Options:

A.

Regularly create manual snapshots of the DocumentDB instance in the primary Region.

B.

Perform a managed failover to a secondary Region when needed.

C.

Perform a failover to a replica DocumentDB instance within the primary Region.

D.

Configure increased replication lag to manage cross-Region replication.

Buy Now
Questions 72

A company has an ordering application that stores customer information in Amazon RDS for MySQL. During regular business hours, employees run one-time queries for reporting purposes. Timeouts are occurring during order processing because the reporting queries are taking a long time to run. The company needs to eliminate the timeouts without preventing employees from performing queries.

Options:

A.

Create a read replica. Move reporting queries to the read replica.

B.

Create a read replica. Distribute the ordering application to the primary DB instance and the read replica.

C.

Migrate the ordering application to Amazon DynamoDB with on-demand capacity.

D.

Schedule the reporting queries for non-peak hours.

Buy Now
Questions 73

A company is migrating a daily Microsoft Windows batch job from the company ' s on-premises environment to AWS. The current batch job runs for up to 1 hour. The company wants to modernize the batch job process for the cloud environment.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create a fleet of Amazon EC2 instances in an Auto Scaling group to handle the Windows batch job processing.

B.

Implement an AWS Lambda function to process the Windows batch job. Use an Amazon EventBridge rule to invoke the Lambda function.

C.

Use AWS Fargate to deploy the Windows batch job as a container. Use AWS Batch to manage the batch job processing.

D.

Use Amazon Elastic Kubernetes Service (Amazon EKS) on Amazon EC2 instances to orchestrate Windows containers for the batch job processing.

Buy Now
Questions 74

A company has stored millions of objects across multiple prefixes in an Amazon S3 bucket by using the Amazon S3 Glacier Deep Archive storage class. The company needs to delete all data older than 3 years except for a subset of data that must be retained. The company has identified the data that must be retained and wants to implement a serverless solution.

Which solution will meet these requirements?

Options:

A.

Use S3 Inventory to list all objects. Use the AWS CLI to create a script that runs on an Amazon EC2 instance that deletes objects from the inventory list.

B.

Use AWS Batch to delete objects older than 3 years except for the data that must be retained

C.

Provision an AWS Glue crawler to query objects older than 3 years. Save the manifest file of old objects. Create a script to delete objects in the manifest.

D.

Enable S3 Inventory. Create an AWS Lambda function to filter and delete objects. Invoke the Lambda function with S3 Batch Operations to delete objects by using the inventory reports.

Buy Now
Questions 75

A company launches a new web application that uses an Amazon Aurora PostgreSQL database. The company wants to add new features to the application that rely on AI. The company requires vector storage capability to use AI tools.

Which solution will meet this requirement MOST cost-effectively?

Options:

A.

Use Amazon OpenSearch Service to create an OpenSearch service. Configure the application to write vector embeddings to a vector index.

B.

Create an Amazon DocumentDB cluster. Configure the application to write vector embeddings to a vector index.

C.

Create an Amazon Neptune ML cluster. Configure the application to write vector embeddings to a vector graph.

D.

Install the pgvector extension on the Aurora PostgreSQL database. Configure the application to write vector embeddings to a vector table.

Buy Now
Questions 76

A company runs its application by using Amazon EC2 instances and AWS Lambda functions. The EC2 instances run in private subnets of a VPC. The Lambda functions need direct network access to the EC2 instances for the application to work.

The application will run for 1 year. The number of Lambda functions that the application uses will increase during the 1-year period. The company must minimize costs on all application resources.

Which solution will meet these requirements?

Options:

A.

Purchase an EC2 Instance Savings Plan. Connect the Lambda functions to the private sub-nets that contain the EC2 instances.

B.

Purchase an EC2 Instance Savings Plan. Connect the Lambda functions to new public sub-nets in the same VPC where the EC2 instances run.

C.

Purchase a Compute Savings Plan. Connect the Lambda functions to the private subnets that contain the EC2 instances.

D.

Purchase a Compute Savings Plan. Keep the Lambda functions in the Lambda service VPC.

Buy Now
Questions 77

A company is creating a mobile financial app that gives users the ability to sign up and store personal information. The app uses an Amazon DynamoDB table to store user details and preferences.

The app generates a credit score report by using the data that is stored in DynamoDB. The app sends credit score reports to users once every month.

The company needs to provide users with an option to remove their data and preferences. The app must delete customer data within one month of receiving a request to delete the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create an AWS Lambda function to delete user information. Create an Amazon EventBridge rule that runs when a specified TTL expires. Configure the EventBridge rule to invoke the Lambda function.

B.

Create a DynamoDB stream. Create an AWS Lambda function to delete user information. When a specified TTL expires, write user information to the DynamoDB stream from the DynamoDB table. Configure the DynamoDB stream to invoke the Lambda function to delete user information.

C.

Enable TTL in DynamoDB. Set the expiration date as an attribute. Create an AWS Lambda function to set the TTL based on the expiration date value. Invoke the Lambda function when a user requests to delete personal data.

D.

Enable TTL in DynamoDB. Create an AWS Lambda function to delete user information. Configure AWS Config to detect the DynamoDB state change when TTL expires and to invoke the Lambda function.

Buy Now
Questions 78

A company is building a serverless application to process ecommerce orders. The application must handle bursts of traffic and process orders asynchronously in the order received.

Which solution will meet these requirements?

Options:

A.

Use Amazon SNS with AWS Lambda.

B.

Use Amazon SQS FIFO with AWS Lambda.

C.

Use Amazon SQS standard with AWS Batch.

D.

Use Amazon SNS with AWS Batch.

Buy Now
Questions 79

A company runs its application on Oracle Database Enterprise Edition The company needs to migrate the application and the database to AWS. The company can use the Bring Your Own License (BYOL) model while migrating to AWS The application uses third-party database features that require privileged access.

A solutions architect must design a solution for the database migration.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Migrate the database to Amazon RDS for Oracle by using native tools. Replace the third-party features with AWS Lambda.

B.

Migrate the database to Amazon RDS Custom for Oracle by using native tools Customize the new database settings to support the third-party features.

C.

Migrate the database to Amazon DynamoDB by using AWS Database Migration Service {AWS DMS). Customize the new database settings to support the third-party features.

D.

Migrate the database to Amazon RDS for PostgreSQL by using AWS Database Migration Service (AWS DMS). Rewrite the application code to remove the dependency on third-party features.

Buy Now
Questions 80

A company runs multiple applications on Amazon EC2 instances in a VPC. Application A runs in a private subnet that has a custom route table and network ACL. Application B runs in a second private subnet in the same VPC.

The company needs to prevent Application A from sending traffic to Application B.

Which solution will meet this requirement?

Options:

A.

Add a deny outbound rule to a security group that is associated with Application B. Configure the rule to prevent Application B from sending traffic to Application A.

B.

Add a deny outbound rule to a security group that is associated with Application A. Configure the rule to prevent Application A from sending traffic to Application B.

C.

Add a deny outbound rule to the custom network ACL for the Application B subnet. Configure the rule to prevent Application B from sending traffic to IP addresses that are associated with the Application A subnet.

D.

Add a deny outbound rule to the custom network ACL for the Application A subnet. Configure the rule to prevent Application A from sending traffic to IP addresses that are associated with the Application B subnet.

Buy Now
Questions 81

A company is developing a new application that uses Amazon EC2, Amazon S3, and AWS Lambda resources. The company wants to allow employees to access the AWS Management Console by using existing credentials that the company stores and manages in an on-premises Microsoft Active Directory. Each employee must have a specific level of access to the AWS resources that is based on the employee ' s role.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Configure AWS Directory Service to create an Active Directory in AWS Managed Microsoft AD. Establish a trust relationship with the on-premises Active Directory. Configure IAM roles and trust policies to give the employees access to the AWS resources.

B.

Use LDAP to directly integrate the on-premises Active Directory with IAM. Map Active Directory groups to IAM roles to control access to AWS resources.

C.

Implement a custom identity broker to authenticate users into the on-premises Active Directory. Configure the identity broker to use AWS STS to grant authorized users IAM role-based access to the AWS resources.

D.

Configure Amazon Cognito to federate users into the on-premises Active Directory. Use Cognito user pools to manage user identities and to manage user access to the AWS resources.

Buy Now
Questions 82

A consulting company provides professional services to customers worldwide. The company provides solutions and tools for customers to expedite gathering and analyzing data on AWS. The company needs to centrally manage and deploy a common set of solutions and tools for customers to use for self-service purposes.

Which solution will meet these requirements?

Options:

A.

Create AWS Cloud Formation templates for the customers.

B.

Create AWS Service Catalog products for the customers.

C.

Create AWS Systems Manager templates for the customers.

D.

Create AWS Config items for the customers.

Buy Now
Questions 83

A global company is migrating its workloads from an on-premises data center to AWS. The AWS environment includes multiple AWS accounts. IAM roles. AWS Config rules, and a VPC.

The company wants an automated process to provision new accounts on demand when the company ' s business units require new accounts.

Which solution will meet these requirements with LEAST effort?

Options:

A.

Use AWS Control Tower to set up an organization in AWS Organizations. Use AWS Control Tower Account Factory for Terraform (AFT) to provision new AWS accounts.

B.

Create an organization in AWS Organizations. Use the AWS CLI CreateAccount API action to provision new AWS accounts. Organize the business units with organizational units (OUs).

C.

Create an AWS Lambda function that uses the AWS Organizations API to create new accounts. Invoke the Lambda function from an AWS CloudFormation template in AWS Service Catalog.

D.

Create an organization in AWS Organizations. Use AWS Step Functions to orchestrate the account creation process. Send account creation requests to an Amazon API Gateway API endpoint to invoke an AWS Lambda function that creates new accounts.

Buy Now
Questions 84

A company needs to create a compliance management solution. The company wants to use a combination of AWS services to achieve the fine-grained visibility that the solution requires. The compliance management solution must provide a centralized method for company employees to review security findings and out-of-compliance findings.

Which solution will meet these requirements with the LEAST ongoing maintenance?

Options:

A.

Configure AWS Security Hub to centralize findings. Use conformance packs in Amazon Inspector to check for compliance framework misalignment.

B.

Use AWS Marketplace to purchase a security tool. Install the tool on an Amazon EC2 instance. Assign an EC2 Instance Profile for the tool to gather data from AWS resources.

C.

Configure AWS Security Hub to centralize findings. Use conformance packs in AWS Config to check for compliance framework misalignment.

D.

Configure AWS Systems Manager to provide a centralized dashboard. Use conformance packs in AWS Config to check for compliance framework misalignment.

Buy Now
Questions 85

A company uses a general-purpose instance class Amazon RDS for MySQL DB instance. The company has configured the DB instance in a Multi-AZ configuration across two Availability Zones as part of the company ' s production application.

The company ' s finance team needs to run SQL queries against the DB instance to generate reports. Customers have reported significant performance issues with the application during report generation.

A solutions architect needs to minimize the effect of the reporting job on the DB instance.

Which solution will meet these requirements?

Options:

A.

Create a proxy in Amazon RDS Proxy. Update the reporting job to query the proxy endpoint.

B.

Update the RDS DB instance configuration to use three Availability Zones.

C.

Add an RDS read replica. Update the reporting job to query the replica endpoint.

D.

Change the RDS configuration from a general-purpose instance class to a memory-optimized instance class.

Buy Now
Questions 86

A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing.

Which solution will meet these requirements?

Options:

A.

Use an AWS Storage Gateway file gateway to provide file storage to AWS, then perform analytics on this data in the AWS Cloud.

B.

Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS, then perform analytics on this data in the AWS Cloud.

C.

Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS.

D.

Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.

Buy Now
Questions 87

A company wants to migrate its accounting system from an on-premises data center to the AWS Cloud in a single AWS Region. Data security and an immutable audit log are the top priorities. The company must monitor all AWS activities for compliance auditing. The company has enabled AWS CloudTrail but wants to make sure it meets these requirements.

Which actions should a solutions architect take to protect and secure CloudTrail? (Select TWO.)

Options:

A.

Enable CloudTrail log file validation.

B.

Install the CloudTrail Processing Library.

C.

Enable logging of Insights events in CloudTrail.

D.

Enable custom logging from the on-premises resources.

E.

Create an AWS Config rule to monitor whether CloudTrail is configured to use server-side encryption with AWS KMS managed encryption keys (SSE-KMS).

Buy Now
Questions 88

A solutions architect is designing the network architecture for an application that runs on Amazon EC2 instances in an Auto Scaling group. The application needs to access data that is in Amazon S3 buckets.

Traffic to the S3 buckets must not use public IP addresses. The solutions architect will deploy the application in a VPC that has public and private subnets.

Which solutions will meet these requirements? (Select TWO.)

Options:

A.

Deploy the EC2 instances in a private subnet. Configure a default route to an egress-only internet gateway.

B.

Deploy the EC2 instances in a public subnet. Create a gateway endpoint for Amazon S3. Associate the endpoint with the subnet ' s route table.

C.

Deploy the EC2 instances in a public subnet. Create an interface endpoint for Amazon S3. Configure DNS hostnames and DNS resolution for the VPC.

D.

Deploy the EC2 instances in a private subnet. Configure a default route to a NAT gateway in a public subnet.

E.

Deploy the EC2 instances in a private subnet. Configure a default route to a customer gateway.

Buy Now
Questions 89

A company is implementing a new application on AWS. The company will run the application on multiple Amazon EC2 instances across multiple Availability Zones within multiple AWS Regions. The application will be available through the internet. Users will access the application from around the world.

The company wants to ensure that each user who accesses the application is sent to the EC2 instances that are closest to the user ' s location.

Which solution will meet these requirements?

Options:

A.

Implement an Amazon Route 53 geolocation routing policy. Use an internet-facing Application Load Balancer to distribute the traffic across all Availability Zones within the same Region.

B.

Implement an Amazon Route 53 geoproximity routing policy. Use an internet-facing Network Load Balancer to distribute the traffic across all Availability Zones within the same Region.

C.

Implement an Amazon Route 53 multivalue answer routing policy Use an internet-facing Application Load Balancer to distribute the traffic across all Availability Zones within the same Region.

D.

Implement an Amazon Route 53 weighted routing policy. Use an internet-facing Network Load Balancer to distribute the traffic across all Availability Zones within the same Region.

Buy Now
Questions 90

An ecommerce company wants to collect user clickstream data from the company ' s website for real-time analysis. The website experiences fluctuating traffic patterns throughout the day. The company needs a scalable solution that can adapt to varying levels of traffic.

Which solution will meet these requirements?

Options:

A.

Use a data stream in Amazon Kinesis Data Streams in on-demand mode to capture the clickstream data. Use AWS Lambda to process the data in real time.

B.

Use Amazon Data Firehose to capture the clickstream data. Use AWS Glue to process the data in real time.

C.

Use Amazon Kinesis Video Streams to capture the clickstream data. Use AWS Glue to process the data in real time.

D.

Use Amazon Managed Service for Apache Flink (previously known as Amazon Kinesis Data Analytics) to capture the clickstream data. Use AWS Lambda to process the data in real time.

Buy Now
Questions 91

A company wants to use AWS Direct Connect to connect the company ' s on-premises networks to the AWS Cloud. The company runs several VPCs in a single AWS Region. The company plans to expand its VPC fleet to include hundreds of VPCs.

A solutions architect needs to simplify and scale the company ' s network infrastructure to accommodate future VPCs.

Which service or resource will meet these requirements?

Options:

A.

VPC endpoints

B.

AWS Transit Gateway

C.

Amazon Route 53

D.

AWS Secrets Manager

Buy Now
Questions 92

A solutions architect is designing a customer-facing application for a company. The application ' s database will have a clearly defined access pattern throughout the year and will have a variable number of reads and writes that depend on the time of year. The company must retain audit records for the database for 7 days. The recovery point objective (RPO) must be less than 5 hours.

Which solution meets these requirements?

Options:

A.

Use Amazon DynamoDB with auto scaling. Use on-demand backups and Amazon DynamoDB Streams.

B.

Use Amazon Redshift. Configure concurrency scaling. Activate audit logging. Perform database snapshots every 4 hours.

C.

Use Amazon RDS with Provisioned IOPS. Activate the database auditing parameter. Perform database snapshots every 5 hours.

D.

Use Amazon Aurora MySQL with auto scaling. Activate the database auditing parameter.

Buy Now
Questions 93

A solutions architect needs to design a system to process incoming work items immediately. Processing can take up to 30 minutes and involves calling external APIs, executing multiple states, and storing intermediate states.

The solution must scale with variable workloads and minimize operational overhead.

Which combination of steps meets these requirements? (Select TWO.)

Options:

A.

Invoke an AWS Lambda function for each incoming work item. Configure each function to handle the work item completely. Store states in DynamoDB.

B.

Invoke an AWS Step Functions workflow to process incoming work items. Use Lambda functions for business logic. Store work item states in DynamoDB.

C.

Set up an API Gateway REST API to receive work items. Configure the API to invoke a Lambda function for each work item.

D.

Deploy two EC2 Reserved Instances behind an ALB and send requests to an SQS queue.

E.

Set up an API Gateway REST API to receive work items. Send the work items to an SQS queue.

Buy Now
Questions 94

A company is developing an ecommerce application that uses an Amazon API Gateway HTTP API. When a customer creates an order in the application, three downstream consumers must process the order event. The downstream consumers include a billing service that uses AWS Lambda functions, an email messaging service that uses AWS Lambda functions, and an inventory service that uses Amazon EC2 instances. Each consumer must receive every event. The service must absorb traffic bursts with durable buffering for each consumer. The company must be able to add new consumers without changing the producer or existing consumers. Which solution will meet these requirements?

Options:

A.

Publish order events to an Amazon SNS topic. Subscribe one Amazon SQS queue to the SNS topic for each consumer. Configure each consumer to process events from its own SQS queue.

B.

Send order events to a single Amazon SQS queue. Configure all the consumers to poll the SQS queue by using long polling.

C.

Send order events on an Amazon EventBridge event bus. Create one EventBridge rule for each consumer to target each consumer directly.

D.

Use an Application Load Balancer ALB to forward events to an Auto Scaling group of Amazon EC2 instances that call each consumer.

Buy Now
Questions 95

A media company stores customer-uploaded videos in an Amazon S3 bucket with the Standard storage class. The company wants to create an S3 Lifecycle configuration. The company will set the maximum retention time to 7 days. However, the configuration must delete any video that is more than 1 TB in size after 48 hours.

Options:

A.

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours with a filter of ObjectSizeGreaterThan and a value of 1 TB. Configure the second rule to expire objects after 7 days.

B.

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours by using a Prefix filter of LargeFiles. Include a rule in the second configuration to expire objects after 7 days.

C.

Create a single S3 Lifecycle configuration that has two rules. Configure the first rule to expire objects after 48 hours. Configure the second rule to expire objects after 7 days.

D.

Create two S3 Lifecycle configurations. Include a rule in the first configuration to expire objects after 48 hours. Include a rule in the second configuration to expire objects after 7 days by using a filter of ObjectSizeLessThan and a value of 1 TB.

Buy Now
Questions 96

A company is building a new web-based customer relationship management application. The application will use several Amazon EC2 instances that are backed by Amazon EBS volumes behind an Application Load Balancer (ALB). The application will also use an Amazon Aurora database. All data for the application must be encrypted at rest and in transit.

Which solution will meet these requirements?

Options:

A.

Use AWS KMS certificates on the ALB to encrypt data in transit. Use AWS Certificate Manager (ACM) to encrypt the EBS volumes and Aurora database storage at rest.

B.

Use the AWS root account to log in to the AWS Management Console. Upload the company ' s encryption certificates. While in the root account, select the option to turn on encryption for all data at rest and in transit for the account.

C.

Use AWS KMS to encrypt the EBS volumes and Aurora database storage at rest. Attach an AWS Certificate Manager (ACM) certificate to the ALB to encrypt data in transit.

D.

Use BitLocker to encrypt all data at rest. Import the company ' s TLS certificate keys to AWS KMS. Attach the KMS keys to the ALB to encrypt data in transit.

Buy Now
Questions 97

A company needs a cloud-based solution for backup, recovery, and archiving while retaining encryption key material control.

Which combination of solutions will meet these requirements? (Select TWO)

Options:

A.

Create an AWS Key Management Service (AWS KMS) key without key material. Import the company ' s key material into the KMS key.

B.

Create an AWS KMS encryption key that contains key material generated by AWS KMS.

C.

Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Use S3 Bucket Keyswith AWS KMS keys.

D.

Store the data in an Amazon S3 Glacier storage class. Use server-side encryption with customer-provided keys (SSE-C).

E.

Store the data in AWS Snowball devices. Use server-side encryption with AWS KMS keys (SSE-KMS).

Buy Now
Questions 98

A media streaming company needs to deploy its video processing application across multiple Availability Zones for high availability. The application consists of containerized microservices that process video files. The microservices must automatically recover from failures.

Which solution meets these requirements with the LEAST operational overhead?

Options:

A.

Deploy the containers to Amazon ECS with the EC2 launch type.

B.

Deploy the containers to Amazon EKS with self-managed nodes.

C.

Deploy the containers to Amazon ECS with the Fargate launch type.

D.

Deploy the containers directly to Amazon EC2 instances.

Buy Now
Questions 99

Question:

A company hosts a public application on AWS. The company uses an Application Load Balancer (ALB) to distribute application traffic to multiple Amazon EC2 instances that are hosted in private subnets.

The company wants to authenticate all the requests by using an on-premises Active Directory Federation Service (AD FS). The company uses AWS Direct Connect to connect its on-premises data center to AWS.

Which solution will meet this requirement?

Options:

A.

Configure an Amazon Cognito user pool. Integrate the user pool with the ALB for AD FS authentication.

B.

Configure an AWS Directory Service directory. Integrate the directory with the ALB for AD FS authentication.

C.

Replace the ALB with a Network Load Balancer (NLB). Use Amazon Connect Agent Workspace to integrate an agent workspace with the NLB.

D.

Configure an AWS Directory Service AD Connector. Integrate the AD Connector with the ALB for AD FS authentication.

Buy Now
Questions 100

A company uses on-premises virtual machines VMs to run a Kubernetes cluster. The company must operate network connectivity for the cluster on premises. The company wants to simplify overall management for the Kubernetes cluster while maintaining control over the underlying infrastructure. Which solution will meet these requirements?

Options:

A.

Deploy an Amazon EKS Anywhere cluster on the existing VMs.

B.

Deploy Amazon EKS Hybrid Nodes on the existing VMs.

C.

Deploy a self-hosted Kubernetes cluster on Amazon EC2 instances. Run the EC2 instances on AWS Outposts.

D.

Deploy a self-hosted Kubernetes cluster on Amazon EC2 instances. Host the EC2 instances in a VPC that does not have internet access.

Buy Now
Questions 101

A company runs applications and stores data in multiple AWS accounts. The company uses AWS Organizations to manage all its accounts.

The company needs a solution to efficiently and centrally manage data backups for the AWS services that the company uses. The solution must improve the company ' s disaster recovery posture. The solution must also protect data backups against accidental deletion or a malicious attack on an AWS account.

Which solution will meet these requirements?

Options:

A.

Use AWS Backup in each AWS account to store copies of the data backups in additional Availability Zones.

B.

Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS accounts.

C.

Use AWS Backup in each AWS account to store copies of the data backups in additional AWS Regions.

D.

Use AWS Backup policies in Organizations to store copies of the data backups in additional AWS Regions.

Buy Now
Questions 102

A company is building a new web application on AWS. The application needs to consume files from a legacy on-premises application that runs a batch process and outputs approximately 1 GB of data every night to an NFS file mount.

A solutions architect needs to design a storage solution that requires minimal changes to the legacy application and keeps costs low.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Deploy an Outpost in AWS Outposts to the on-premises location where the legacy application is stored. Configure the legacy application and the web application to store and retrieve the files in Amazon S3 on the Outpost.

B.

Deploy an AWS Storage Gateway Volume Gateway on premises. Point the legacy application to the Volume Gateway. Configure the web application to use the Amazon S3 bucket that the Volume Gateway uses.

C.

Deploy an Amazon S3 interface endpoint on AWS. Reconfigure the legacy application to store the files directly on an Amazon S3 endpoint. Configure the web application to retrieve the files from Amazon S3.

D.

Deploy an Amazon S3 File Gateway on premises. Point the legacy application to the File Gateway. Configure the web application to retrieve the files from the S3 bucket that the File Gateway uses.

Buy Now
Questions 103

A company uses AWS to run its ecommerce platform. The platform is critical to the company ' s operations and has a high volume of traffic and transactions. The company configures a multi-factor authentication (MFA) device to secure its AWS account root user credentials. The company wants to ensure that it will not lose access to the root user account if the MFA device is lost.

Which solution will meet these requirements?

Options:

A.

Set up a backup administrator account that the company can use to log in if the company loses the MFA device.

B.

Add multiple MFA devices for the root user account to handle the disaster scenario.

C.

Create a new administrator account when the company cannot access the root account.

D.

Attach the administrator policy to another IAM user when the company cannot access the root account.

Buy Now
Questions 104

A company needs a solution to process customer orders from a global ecommerce platform. The solution must automatically start processing new orders immediately and must maintain a history of all order processing attempts.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.

Create an Amazon EventBridge rule that invokes an AWS Lambda function once every minute to check for new orders. Configure the Lambda function to process orders and store results in Amazon Aurora.

B.

Create an Amazon EventBridge event pattern that monitors the ecommerce platform ' s order events. Configure an EventBridge rule to invoke an AWS Lambda function when the platform receives a new order. Configure the function to store the results in Amazon DynamoDB.

C.

Use an Amazon EC2 instance to poll the ecommerce platform for new orders. Configure the instance to invoke an AWS Lambda function to process new orders. Configure the function to log results to Amazon CloudWatch.

D.

Use an Amazon SQS queue to invoke an AWS Lambda function when the platform receives a new order. Configure the function to process batches of orders and to store results in an Amazon EFS file system.

Buy Now
Questions 105

A company has a multi-tier web application. The application ' s internal service components are deployed on Amazon EC2 instances. The internal service components need to access third-party software as a service (SaaS) APIs that are hosted on AWS.

The company needs to provide secure and private connectivity from the application ' s internal services to the third-party SaaS application. The company needs to ensure that there is minimal public internet exposure.

Which solution will meet these requirements?

Options:

A.

Implement an AWS Site-to-Site VPN to establish a secure connection with the third-party SaaS provider.

B.

Deploy AWS Transit Gateway to manage and route traffic between the application ' s VPC and the third-party SaaS provider.

C.

Configure AWS PrivateLink to allow only outbound traffic from the VPC without enabling the third-party SaaS provider to establish a return path to the network.

D.

Use AWS PrivateLink to create a private connection between the application ' s VPC and the third-party SaaS provider.

Buy Now
Questions 106

A company runs an enterprise resource planning (ERP) system on Amazon EC2 instances in a single AWS Region. Users connect to the ERP system by using a public API that is hosted on the EC2 instances. International users report slow API response times from their data centers.

A solutions architect needs to improve API response times for the international users.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Set up an AWS Direct Connect connection that has a public virtual interface (VIF) to connect each user ' s data center to the EC2 instances. Create a Direct Connect gateway for the ERP system API to route user API requests.

B.

Deploy Amazon API Gateway endpoints in multiple Regions. Use Amazon Route 53 latency-based routing to route requests to the nearest endpoint. Configure a VPC peering connection between the Regions to connect to the ERP system.

C.

Set up AWS Global Accelerator. Configure listeners for the necessary ports. Configure endpoint groups for the appropriate Regions to distribute traffic. Create an endpoint in each group for the API.

D.

Use AWS Site-to-Site VPN to establish dedicated VPN tunnels between multiple Regions and user networks. Route traffic to the API through the VPN connections.

Buy Now
Questions 107

A company is using an AWS Lambda function in a VPC. The Lambda function needs to access dependencies that exceed the size of the Lambda layer quota. The data that the Lambda function retrieves must be encrypted in transit.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Store the dependencies in an Amazon Elastic File System (Amazon EFS) file system. Mount the file system to the Lambda function. Retrieve the dependencies from the file system.

B.

Store the dependencies on an Amazon EC2 instance that has an instance store volume and web server software. Use HTTPS API calls to retrieve the dependencies each time the Lambda function runs.

C.

Store the dependencies on an Amazon EC2 instance that hosts an NFS file server. Read the files from the EC2 instance each time the Lambda function runs.

D.

Store the dependencies in two separate Lambda layers. Redesign the application to have two Lambda functions that use different Lambda layers.

Buy Now
Questions 108

A company is planning to migrate an on-premises online transaction processing (OLTP) database that uses MySQL to an AWS managed database management system. Several reporting and analytics applications use the on-premises database heavily on weekends and at the end of each month. The cloud-based solution must be able to handle read-heavy surges during weekends and at the end of each month.

Which solution will meet these requirements?

Options:

A.

Migrate the database to an Amazon Aurora MySQL cluster. Configure Aurora Auto Scaling to use replicas to handle surges.

B.

Migrate the database to an Amazon EC2 instance that runs MySQL. Use an EC2 instance type that has ephemeral storage. Attach Amazon EBS Provisioned IOPS SSD (io2) volumes to the instance.

C.

Migrate the database to an Amazon RDS for MySQL database. Configure the RDS for MySQL database for a Multi-AZ deployment, and set up auto scaling.

D.

Migrate from the database to Amazon Redshift. Use Amazon Redshift as the database for both OLTP and analytics applications.

Buy Now
Questions 109

A company operates multiple VPCs in a single AWS account. Account users need temporary access to Amazon S3 buckets. The S3 buckets are private and have no public endpoints.

The solution must follow the principle of least privilege for access to each environment and must avoid distributing permanent access keys.

Which solution will meet these requirements?

Options:

A.

Create a gateway VPC endpoint for Amazon S3 in each VPC. Attach an endpoint policy that allows only environment-scoped IAM roles to access the S3 buckets.

B.

Configure the S3 buckets to use SSE-S3. Create bucket policies that allow access only from the VPC CIDR blocks.

C.

Define separate S3 access points for each environment. Allow users to assume a role associated with the access points. Use the default Amazon S3 endpoints.

D.

Route S3 traffic through a NAT gateway. Configure bucket policies that allow traffic only from the NAT gateway’s public IP addresses.

Buy Now
Questions 110

A company stores a large dataset for an online advertising business in an Amazon RDS for MySQL DB instance. The company wants to run business reporting queries on the data without affecting write operations to the DB instance.

Which solution will meet these requirements?

Options:

A.

Deploy RDS read replicas to process the business reporting queries.

B.

Scale out the DB instance horizontally by placing the instance behind an Elastic Load Balancing (ELB) load balancer.

C.

Scale up the DB instance to a larger instance type to handle write operations and reporting queries.

D.

Configure Amazon CloudWatch to monitor the DB instance. Deploy standby DB instances when a latency metric threshold is exceeded.

Buy Now
Questions 111

An ecommerce company runs an application that uses an Amazon DynamoDB table in a single AWS Region. The company wants to deploy the application to a second Region. The company needs to support multi-active replication with low latency reads and writes to the existing DynamoDB table in both Regions.

Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Create a DynamoDB global secondary index (GSI) for the existing table. Create a new table in the second Region. Convert the existing DynamoDB table to a global table. Specify the new table as the secondary table.

B.

Enable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create a new application that uses the DynamoDB Streams Kinesis Adapter and the Amazon Kinesis Client Library (KCL). Configure the new application to read data from the DynamoDB table in the first Region and to write the data to the new table in the second Region.

C.

Convert the existing DynamoDB table to a global table. Choose the appropriate second Region to achieve active-active write capabilities in both Regions.

D.

Enable Amazon DynamoDB Streams for the existing table. Create a new table in the second Region. Create an AWS Lambda function in the first Region that reads data from the table in the first Region and writes the data to the new table in the second Region. Set a DynamoDB stream as the input trigger for the Lambda function.

Buy Now
Questions 112

A company manages an application that stores data on an Amazon RDS for PostgreSQL Multi-AZ DB instance. High traffic on the application is causing increased latency for many read queries.

A solutions architect must improve the performance of the application.

Which solution will meet this requirement?

Options:

A.

Enable Amazon RDS Performance Insights. Configure storage capacity to scale automatically.

B.

Configure the DB instance to use DynamoDB Accelerator (DAX).

C.

Create a read replica of the DB instance. Serve read traffic from the read replica.

D.

Use Amazon Data Firehose between the application and Amazon RDS to increase the concurrency of database requests.

Buy Now
Questions 113

A company is migrating its workloads to AWS. The company has sensitive and critical data in on-premises relational databases that run on SQL Server instances. The company wants to use the AWS Cloud to increase security and reduce operational overhead for the databases.

Which solution will meet these requirements?

Options:

A.

Migrate the databases to Amazon EC2 instances. Use an AWS Key Management Service (AWS KMS) AWS managed key for encryption.

B.

Migrate the databases to a Multi-AZ Amazon RDS for SQL Server DB instance. Use an AWS Key Management Service (AWS KMS) AWS managed key for encryption.

C.

Migrate the data to an Amazon S3 bucket. Use Amazon Macie to ensure data security.

D.

Migrate the databases to an Amazon DynamoDB table. Use Amazon CloudWatch Logs to ensure data security.

Buy Now
Questions 114

A company uses Amazon Elastic Container Service (Amazon ECS) to run workloads that belong to service teams. Each service team uses an owner tag to specify the ECS containers that the team owns. The company wants to generate an AWS Cost Explorer report that shows how much each service team spends on ECS containers on a monthly basis.

Which combination of steps will meet these requirements in the MOST operationally efficient way? (Select TWO.)

Options:

A.

Create a custom report in Cost Explorer. Apply a filter for Amazon ECS.

B.

Create a custom report in Cost Explorer. Apply a filter for the owner resource tag.

C.

Set up AWS Compute Optimizer. Review the rightsizing recommendations.

D.

Activate the owner tag as a cost allocation tag. Group the Cost Explorer report by linked account.

E.

Activate the owner tag as a cost allocation tag. Group the Cost Explorer report by the owner cost allocation tag.

Buy Now
Questions 115

A company needs to ensure that an IAM group that contains database administrators can perform operations only within Amazon RDS. The company must ensure that the members of the IAM group cannot access any other AWS services.

Options:

A.

Create an IAM policy that includes a statement that has the Effect " Allow " and the Action " rds: " . Attach the IAM policy to the IAM group.

B.

Create an IAM policy that includes two statements. Configure the first statement to have the Effect " Allow " and the Action " rds: " . Configure the second statement to have the Effect " Deny " and the Action " " . Attach the IAM policy to the IAM group.

C.

Create an IAM policy that includes a statement that has the Effect " Deny " and the NotAction " rds: " . Attach the IAM policy to the IAM group.

D.

Create an IAM policy with a statement that includes the Effect " Allow " and the Action " rds: " . Include a permissions boundary that has the Effect " Allow " and the Action " rds: " . Attach the IAM policy to the IAM group.

Buy Now
Questions 116

A company is migrating a new application from an on-premises data center to a new VPC in the AWS Cloud. The company has multiple AWS accounts and VPCs that share many subnets and applications. The company wants to have fine-grained access control for the new application.The company wants to ensure that all network resources across accounts and VPCs that are granted permission to access the new application can access the application.

Which solution will meet these requirements?

Options:

A.

Set up a VPC peering connection for each VPC that needs access to the new application VPC. Update route tables in each VPC to enable connectivity.

B.

Deploy a transit gateway in the account that hosts the new application. Share the transit gateway with each account that needs to connect to the application. Update route tables in the VPC that hosts the new application and in the transit gateway to enable connectivity.

C.

Use an AWS PrivateLink endpoint service to make the new application accessible to other VPCs. Control access to the application by using an endpoint policy.

D.

Use an Application Load Balancer (ALB) to expose the new application to the internet. Configure authentication and authorization processes to ensure that only specified VPCs can access the application.

Buy Now
Questions 117

A company runs a Java-based job on an Amazon EC2 instance. The job runs every hour and takes 10 seconds to run. The job runs on a scheduled interval and consumes 1 GB of memory. The CPU utilization of the instance is low except for short surges during which the job uses the maximum CPU available. The company wants to optimize the costs to run the job.

Options:

A.

Use AWS App2Container (A2C) to containerize the job. Run the job as an Amazon Elastic Container Service (Amazon ECS) task on AWS Fargate with 0.5 virtual CPU (vCPU) and 1 GB of memory.

B.

Copy the code into an AWS Lambda function that has 1 GB of memory. Create an Amazon EventBridge scheduled rule to run the code each hour.

C.

Use AWS App2Container (A2C) to containerize the job. Install the container in the existing Amazon Machine Image (AMI). Ensure that the schedule stops the container when the task finishes.

D.

Configure the existing schedule to stop the EC2 instance at the completion of the job and restart the EC2 instance when the next job starts.

Buy Now
Questions 118

A company is designing a website that displays stock market prices to users. The company wants to use Amazon ElastiCache Redis OSS for the data caching layer. The company needs to ensure that the website’s data caching layer can automatically fail over to another node if necessary.

Which solution will meet this requirement?

Options:

A.

Enable read replicas in ElastiCache Redis OSS. Promote the read replica when necessary.

B.

Enable Multi-AZ in ElastiCache Redis OSS. Fail over to a second node when necessary.

C.

Export a backup of the ElastiCache Redis OSS cache to an Amazon S3 bucket. Restore the cache to a second cluster when necessary.

D.

Export a backup of the ElastiCache Redis OSS cache by using AWS Backup. Restore the cache to a second cluster when necessary.

Buy Now
Questions 119

A company has a web application that uses several web servers that run on Amazon EC2 instances. The instances use a shared Amazon RDS for MySQL database.

The company requires a secure method to store database credentials. The credentials must be automatically rotated every 30 days without affecting application availability.

Which solution will meet these requirements?

Options:

A.

Store database credentials in AWS Secrets Manager. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to access Secrets Manager.

B.

Store database credentials in AWS Systems Manager OpsCenter. Grant the necessary IAM permissions to allow the web servers to access OpsCenter.

C.

Store database credentials in an Amazon S3 bucket. Create an AWS Lambda function to automatically rotate the credentials. Use Amazon EventBridge to run the Lambda function on a schedule. Grant the necessary IAM permissions to allow the web servers to retrieve credentials from the S3 bucket.

D.

Store the credentials in a local file on each of the web servers. Use an AWS KMS key to encrypt the credentials. Create a cron job on each server to rotate the credentials every 30 days.

Buy Now
Questions 120

An image-processing company has a web application that users use to upload images. The application uploads the images into an Amazon S3 bucket. The company has set up S3 event notifications to publish the object creation events to an Amazon SQS standard queue. The SQS queue serves as the event source for an AWS Lambda function that processes the images and sends the results to users through email.

Users report that they are receiving multiple email messages for every uploaded image. A solutions architect determines that SQS messages are invoking the Lambda function more than once, resulting in multiple email messages.

What should the solutions architect do to resolve this issue with the LEAST operational overhead?

Options:

A.

Set up long polling in the SQS queue by increasing the ReceiveMessage wait time to 30 seconds.

B.

Change the SQS standard queue to an SQS FIFO queue. Use the message deduplication ID to discard duplicate messages.

C.

Increase the visibility timeout in the SQS queue to a value that is greater than the total of the function timeout and the batch window timeout.

D.

Modify the Lambda function to delete each message from the SQS queue immediately after the message is read before processing.

Buy Now
Questions 121

A company is deploying a new gaming application on Amazon EC2 instances. The gaming application needs to have access to shared storage.

The company requires a high-performance solution to give the application the ability to use an existing custom protocol to access shared storage. The solution must ensure low latency and must be operationally efficient.

Which solution will meet these requirements?

Options:

A.

Create an Amazon FSx File Gateway. Create a file share that uses the existing custom protocol. Connect the EC2 instances that host the application to the file share.

B.

Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the EC2 instances that host the application to the file share.

C.

Create an Amazon Elastic File System (Amazon EFS) file system. Configure the file system to support Lustre. Connect the EC2 instances that host the application to the file system.

D.

Create an Amazon FSx for Lustre file system. Connect the EC2 instances that host the application to the file system.

Buy Now
Questions 122

A company wants to build a serverless application in which multiple microservices need to exchange messages. The company needs to ensure that messages that the microservices send to one another are processed exactly once in the exact order the messages are sent. Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Create an Amazon SQS FIFO queue. Configure the microservices to use the SQS queue to exchange messages.

B.

Use Amazon SNS topics to connect the microservices to one another. Subscribe the microservices to the SNS topics. Use the Amazon SNS API to send and receive notifications between microservices.

C.

Create an Amazon SQS standard queue. Connect the microservices to one another by using Amazon EventBridge events that the microservices exchange through the SQS queue.

D.

Use Amazon Managed Streaming for Apache Kafka Amazon MSK on Amazon EC2 instances to deploy the application.

Buy Now
Questions 123

A company is planning to deploy its application on an Amazon Aurora PostgreSQL Serverless v2 cluster. The application will receive large amounts of traffic. The company wants to optimize the storage performance of the cluster as the load on the application increases

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Configure the cluster to use the Aurora Standard storage configuration.

B.

Configure the cluster storage type as Provisioned IOPS.

C.

Configure the cluster storage type as General Purpose.

D.

Configure the cluster to use the Aurora l/O-Optimized storage configuration.

Buy Now
Questions 124

A company ' s application is deployed on Amazon EC2 instances and uses AWS Lambda functions for an event-driven architecture. The company uses nonproduction development environments in a different AWS account to test new features before the company deploys the features to production.

The production instances show constant usage because of customers in different time zones. The company uses nonproduction instances only during business hours on weekdays. The company does not use the nonproduction instances on the weekends. The company wants to optimize the costs to run its application on AWS.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Use On-Demand Instances (or the production instances. Use Dedicated Hosts for the nonproduction instances on weekends only.

B.

Use Reserved instances for the production instances and the nonproduction instances Shut down the nonproduction instances when not in use.

C.

Use Compute Savings Plans for the production instances. Use On-Demand Instances for the nonproduction instances Shut down the nonproduction instances when not in use.

D.

Use Dedicated Hosts for the production instances. Use EC2 Instance Savings Plans for the nonproduction instances.

Buy Now
Questions 125

A company recently launched a new product that is highly available in one AWS Region The product consists of an application that runs on Amazon Elastic Container Service (Amazon ECS), apublic Application Load Balancer (ALB), and an Amazon DynamoDB table. The company wants a solution that will make the application highly available across Regions.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.

In a different Region, deploy the application to a new ECS cluster that is accessible through a new ALB.

B.

Create an Amazon Route 53 failover record.

C.

Modify the DynamoDB table to create a DynamoDB global table.

D.

In the same Region, deploy the application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that is accessible through a new ALB.

E.

Modify the DynamoDB table to create global secondary indexes (GSIs).

F.

Create an AWS PrivateLink endpoint for the application.

Buy Now
Questions 126

A media company hosts its video processing workload on AWS. The workload uses Amazon EC2 instances in an Auto Scaling group to handle varying levels of demand. The workload stores the original videos and the processed videos in an Amazon S3 bucket.

The company wants to ensure that the video processing workload is scalable. The company wants to prevent failed processing attempts because of resource constraints. The architecturemust be able to handle sudden spikes in video uploads without impacting the processing capability.

Which solution will meet these requirements with the LEAST overhead?

Options:

A.

Migrate the workload from Amazon EC2 instances to AWS Lambda functions. Configure an Amazon S3 event notification to invoke the Lambda functions when a new video is uploaded. Configure the Lambda functions to process videos directly and to save processed videos back to the S3 bucket.

B.

Migrate the workload from Amazon EC2 instances to AWS Lambda functions. Use Amazon S3 to invoke an Amazon Simple Notification Service (Amazon SNS) topic when a new video is uploaded. Subscribe the Lambda functions to the SNS topic. Configure the Lambda functions to process the videos asynchronously and to save processed videos back to the S3 bucket.

C.

Configure an Amazon S3 event notification to send a message to an Amazon Simple Queue Service (Amazon SQS) queue when a new video is uploaded. Configure the existing Auto Scaling group to poll the SQS queue, process the videos, and save processed videos back to the S3 bucket.

D.

Configure an Amazon S3 upload trigger to invoke an AWS Step Functions state machine when a new video is uploaded. Configure the state machine to orchestrate the video processing workflow by placing a job message in the Amazon SQS queue. Configure the job message to invoke the EC2 instances to process the videos. Save processed videos back to the S3 bucket.

Buy Now
Questions 127

A financial services company needs to migrate an on-premises MySQL database workload to AWS. The database requires consistent low-latency performance with a baseline of 32,000 IOPS to process transactions.

Which solution will meet these requirements?

Options:

A.

Migrate the database to an Amazon S3 bucket. Enable S3 Transfer Acceleration.

B.

Migrate the data to a Provisioned IOPS SSD io2 Amazon EBS Express volume.

C.

Migrate the data to an Amazon EFS Standard file system.

D.

Migrate the data to a General Purpose SSD gp3 Amazon EBS volume.

Buy Now
Questions 128

A company runs a website that allows users to connect with lawyers. Users and lawyers upload documents to the website frequently. The company hosts the website on a single Amazon EC2 instance. The website stores documents directly on the instance.

The company scales the website by adding two more EC2 instances behind an Application Load Balancer ALB. Afterwards, users report 404 Resource Not Found errors when the users try to access their documents.

The company must restore access to the documents.

Which solution will meet this requirement MOST cost-effectively?

Options:

A.

Set up an Amazon EFS file system. Mount the file system on all the instances. Copy all files from each instance to the file system. Update the application to use the file system.

B.

Copy all documents to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class. Update the application to use the S3 bucket.

C.

Set up an Amazon EFS file system. Mount the file system on all the instances. Write a cron job that copies the documents from each instance to the file system every hour. Update the application to use the file system.

D.

Write a cron job that copies the documents from each instance to an Amazon S3 bucket every hour.

Buy Now
Questions 129

A company wants to protect resources that the company hosts on AWS, including Application Load Balancers and Amazon CloudFront distributions.

The company wants an AWS service that can provide near real-time visibility into attacks on the company ' s resources. The service must also have a dedicated AWS team to assist with DDoS attacks.

Which AWS service will meet these requirements?

Options:

A.

AWS WAF

B.

AWS Shield Standard

C.

Amazon Macie

D.

AWS Shield Advanced

Buy Now
Questions 130

A company needs a solution to enforce data encryption at rest on Amazon EC2 instances. The solution must automatically identify noncompliant resources and enforce compliance policies on findings.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.

Use an IAM policy that allows users to create only encrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Config and AWS Systems Manager to automate the detection and remediation of unencrypted EBS volumes.

B.

Use AWS Key Management Service (AWS KMS) to manage access to encrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Lambda and Amazon EventBridge to automate the detection and remediation of unencrypted EBS volumes.

C.

Use Amazon Macie to detect unencrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Systems Manager Automation rules to automatically encrypt existing and new EBS volumes.

D.

Use Amazon Inspector to detect unencrypted Amazon Elastic Block Store (Amazon EBS) volumes. Use AWS Systems Manager Automation rules to automatically encrypt existing and new EBS volumes.

Buy Now
Questions 131

How can trade data from DynamoDB be ingested into an S3 data lake for near real-time analysis?

Options:

A.

Use DynamoDB Streams to invoke a Lambda function that writes to S3.

B.

Use DynamoDB Streams to invoke a Lambda function that writes to Data Firehose, which writes to S3.

C.

Enable Kinesis Data Streams on DynamoDB. Configure it to invoke a Lambda function that writes to S3.

D.

Enable Kinesis Data Streams on DynamoDB. Use Data Firehose to write to S3.

Buy Now
Questions 132

A company discovers that an Amazon DynamoDB Accelerator (DAX) cluster for the company ' s web application workload is not encrypting data at rest. The company needs to resolve thesecurity issue.

Which solution will meet this requirement?

Options:

A.

Stop the existing DAX cluster. Enable encryption at rest for the existing DAX cluster, and start the cluster again.

B.

Delete the existing DAX cluster. Recreate the DAX cluster, and configure the new cluster to encrypt the data at rest.

C.

Update the configuration of the existing DAX cluster to encrypt the data at rest.

D.

Integrate the existing DAX cluster with AWS Security Hub to automatically enable encryption at rest.

Buy Now
Questions 133

A company has an online gaming application that has TCP and UDP multiplayer gaming capabilities. The company uses Amazon Route 53 to point the application traffic to multiple Network Load Balancers (NLBs) in different AWS Regions. The company needs to improve application performance and decrease latency for the online game in preparation for user growth.

Which solution will meet these requirements?

Options:

A.

Add an Amazon CloudFront distribution in front of the NLBs. Increase the Cache-Control: max-age parameter.

B.

Replace the NLBs with Application Load Balancers (ALBs). Configure Route 53 to use latency-based routing.

C.

Add AWS Global Accelerator in front of the NLBs. Configure a Global Accelerator endpoint to use the correct listener ports.

D.

Add an Amazon API Gateway endpoint behind the NLBs. Enable API caching. Override method caching for the different stages.

Buy Now
Questions 134

A media company hosts a mobile app backend in the AWS Cloud. The company is releasing a new feature to allow users to upload short videos and apply special effects by using the mobile app. The company uses AWS Amplify to store the videos that customers upload in an Amazon S3 bucket.

The videos must be processed immediately. Users must receive a notification when processing is finished.

Which solution will meet these requirements?

Options:

A.

Use Amazon EventBridge Scheduler to schedule an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

B.

Use Amazon EventBridge Scheduler to schedule AWS Fargate to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

C.

Use an S3 trigger to invoke an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use Amazon Simple Notification Service (Amazon SNS) to send push notifications to customers when processing is finished.

D.

Use an S3 trigger to invoke an AWS Lambda function to process the videos. Save the processed videos to the S3 bucket. Use AWS Amplify to send push notifications to customers when processing is finished.

Buy Now
Questions 135

A company plans to store sensitive user data on Amazon S3. Internal security compliance requirements mandate encryption of data before sending it to Amazon S3.

What should a solutions architect recommend to satisfy these requirements?

Options:

A.

Server-side encryption with customer-provided encryption keys

B.

Client-side encryption with Amazon S3 managed encryption keys

C.

Server-side encryption with keys stored in AWS Key Management Service (AWS KMS)

D.

Client-side encryption with a key stored in AWS Key Management Service (AWS KMS)

Buy Now
Questions 136

An ecommerce company is migrating its on-premises workload to the AWS Cloud. The workload currently consists of a web application and a backend Microsoft SQL database for storage.

The company expects a high volume of customers during a promotional event. The new infrastructure in the AWS Cloud must be highly available and scalable.

Which solution will meet these requirements with the LEAST administrative overhead?

Options:

A.

Migrate the web application to two Amazon EC2 instances across two Availability Zones behind an Application Load Balancer. Migrate the database to Amazon RDS for Microsoft SQL Server with read replicas in both Availability Zones.

B.

Migrate the web application to an Amazon EC2 instance that runs in an Auto Scaling group across two Availability Zones behind an Application Load Balancer. Migrate the database to two EC2 instances across separate AWS Regions with database replication.

C.

Migrate the web application to Amazon EC2 instances that run in an Auto Scaling group across two Availability Zones behind an Application Load Balancer. Migrate the database to Amazon RDS with Multi-AZ deployment.

D.

Migrate the web application to three Amazon EC2 instances across three Availability Zones behind an Application Load Balancer. Migrate the database to three EC2 instances across three Availability Zones.

Buy Now
Questions 137

A company is designing the architecture for a new mobile app that uses the AWS Cloud. The company uses organizational units (OUs) in AWS Organizations to manage its accounts. The company wants to tag Amazon EC2 instances with data sensitivity by using values of sensitive and nonsensitive IAM identities must not be able to delete a tag or create instances without a tag

Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

In Organizations, create a new tag policy that specifies the data sensitivity tag key and the required values. Enforce the tag values for the EC2 instances Attach the tag policy to the appropriate OU.

B.

In Organizations, create a new service control policy (SCP) that specifies the data sensitivity tag key and the required tag values Enforce the tag values for the EC2 instances. Attach the SCP to the appropriate OU.

C.

Create a tag policy to deny running instances when a tag key is not specified. Create another tag policy that prevents identities from deleting tags Attach the tag policies to the appropriate OU.

D.

Create a service control policy (SCP) to deny creating instances when a tag key is not specified. Create another SCP that prevents identities from deleting tags Attach the SCPs to the appropriate OU.

E.

Create an AWS Config rule to check if EC2 instances use the data sensitivity tag and the specified values. Configure an AWS Lambda function to delete the resource if a noncompliant resource is found.

Buy Now
Questions 138

A solutions architect is storing sensitive data generated by an application in Amazon S3. The solutions architect wants to encrypt the data at rest. A company policy requires an audit trail of when the AWS KMS key was used and by whom.

Which encryption option will meet these requirements?

Options:

A.

Server-side encryption with Amazon S3 managed keys (SSE-S3)

B.

Server-side encryption with AWS KMS managed keys (SSE-KMS)

C.

Server-side encryption with customer-provided keys (SSE-C)

D.

Server-side encryption with self-managed keys

Buy Now
Questions 139

A company is building a containerized application on AWS. The application uses the Linux operating system. The company needs to provide a persistent storage solution for the application.

The company expects the storage solution to have varying data access patterns. The solution must have native storage tiering capabilities and must be scalable. The solution must not require the company to provision storage upfront.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.

Use Amazon FSx for NetApp ONTAP to set up persistent file storage that uses SSD storage for performance. Use the capacity pool storage tier.

B.

Use an Amazon EFS file system in Elastic throughput mode. Use the Intelligent Tiering lifecycle management feature.

C.

Configure two Amazon FSx for Windows File Server file systems. Use an SSD-based file system for performance and an HDD-based file system for low-cost storage.

D.

Launch an Amazon EC2 instance that is backed by an Amazon EBS volume. Use the EBS volume to create a file share.

Buy Now
Questions 140

A company plans to use AWS to run high-performance computing (HPC) workloads and analytics workloads. The company will run HPC workloads on Amazon EC2 instances. The workloads require a high-performance file system that can scale to millions of input/output operations per second (IOPS). Which combination of steps will meet these requirements? (Select TWO.)

Options:

A.

Use Amazon Elastic File System (Amazon EFS) as a high-performance file system.

B.

Use Amazon FSx for Lustre as a high-performance file system.

C.

Create an Auto Scaling group of Amazon EC2 instances. Use Reserved Instances. Configure a spread placement group. Use AWS Batch to run the analytics workloads.

D.

Use Mountpoint for Amazon S3 as a high-performance file system.

E.

Create an Auto Scaling group of Amazon EC2 instances. Use a mix of On-Demand Instances, Reserved Instances, and Spot Instances. Configure a cluster placement group. Use Amazon EMR to run the analytics workloads.

Buy Now
Questions 141

A company hosts a single-page application in an Amazon S3 bucket. The company has replicated the application to a second S3 bucket in a separate AWS Region. The company has users in Asia and Europe.

A solutions architect must design a solution that redirects each user ' s requests to the Region that is closest to the user.

Which solution will meet this requirement?

Options:

A.

Create an AWS Lambda function in one Region. Configure the function to redirect traffic to the closest Region based on the user ' s IP address. Use S3 Event Notifications to invoke the function.

B.

Create an Application Load Balancer ALB to distribute and redirect requests to the S3 bucket that is in the closest Region based on the user ' s geolocation.

C.

Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Configure CloudFront behaviors to direct user requests to the closest Region based on user geolocation.

D.

Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Create an AWS Lambda@Edge function to set a specific header that indicates each user ' s location. Create behaviors for each S3 bucket origin to select the origin based on the added header.

Buy Now
Questions 142

A company is developing a microservices-based application to manage the company ' s delivery operations. The application consists of microservices that process orders, manage a fleet of delivery vehicles, and optimize delivery routes. The microservices must be able to scale independently and must be able to handle bursts of traffic without any data loss.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use Amazon API Gateway REST APIs to establish communication between microservices. Deploy the application on Amazon EC2 instances in Auto Scaling groups.

B.

Use Amazon SQS to establish communication between microservices. Deploy the application on Amazon ECS containers on AWS Fargate.

C.

Use WebSocket-based communication between microservices. Deploy the application on Amazon EC2 instances in Auto Scaling groups.

D.

Use Amazon SNS to establish communication between microservices. Deploy the application on Amazon ECS containers on Amazon EC2.

Buy Now
Questions 143

A company runs Amazon EC2 instances as web servers. Peak traffic occurs at two predictable times each day. The web servers remain mostly idle during the rest of the day.

A solutions architect must manage the web servers while maintaining fault tolerance in the most cost-effective way.

Which solution will meet these requirements?

Options:

A.

Use an EC2 Auto Scaling group to scale the instances based on demand.

B.

Purchase Reserved Instances to ensure peak capacity at all times.

C.

Use a cron job to stop the EC2 instances when traffic demand is low.

D.

Use a script to vertically scale the EC2 instances during peak demand.

Buy Now
Questions 144

A company needs a solution to give customers the ability to upload encrypted files to a directory in an Amazon S3 bucket by using SFTP. After customers upload files, the solution must automatically decrypt the files and move them to a second directory within the same S3 bucket for downstream processing.

The solution must not require authentication services. The solution must fully automate all post-upload operations and require minimal ongoing operational overhead.

Which solution will meet these requirements? (Select THREE.)

Options:

A.

Use AWS Transfer Family with the SFTP protocol. Configure the S3 bucket as the home directory for uploaded files.

B.

Use an S3 event notification to invoke an AWS Lambda function that moves uploaded files between folders.

C.

Use an AWS Transfer Family workflow and a DECRYPT action to decrypt uploaded files.

D.

Tag incoming S3 objects. Periodically query objects by using an external script that runs in a container.

E.

Use an AWS Transfer Family workflow and a COPY action to move files to a new directory within the S3 bucket after decryption.

F.

Use an AWS Batch job to poll the S3 bucket and run a decryption script on new files.

Buy Now
Questions 145

A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near-real-time reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB cluster.

Which solution meets these requirements?

Options:

A.

Create and use a custom endpoint for the workload.

B.

Create a three-node cluster clone and use the reader endpoint.

C.

Use any of the instance endpoints for the selected three nodes.

D.

Use the reader endpoint to automatically distribute the read-only workload.

Buy Now
Questions 146

A company is setting up a development environment on AWS for a team of developers. The team needs to access multiple Amazon S3 buckets to store project data. The team also needs to use Amazon EC2 to run development instances.

The company needs to ensure that the developers have access only to specific Amazon S3 buckets and EC2 instances. Access permissions must be assigned according to each developer ' s role on the team. The company wants to minimize the use of permanent credentials and to ensure access is securely managed according to the principle of least privilege.

Which solution will meet these requirements?

Options:

A.

Create IAM roles that have administrative-level permissions for Amazon S3 and Amazon EC2. Require developers to sign in by using Amazon Cognito to access Amazon S3 and Amazon EC2.

B.

Create IAM roles that have fine-grained permissions for Amazon S3 and Amazon EC2. Configure AWS IAM Identity Center to manage credentials for the developers.

C.

Create IAM users that have programmatic access to Amazon S3 and Amazon EC2. Generate individual access keys for each developer to access Amazon S3 and Amazon EC2.

D.

Create a VPC endpoint for Amazon S3. Require developers to access Amazon EC2 instances and Amazon S3 buckets through a bastion host.

Buy Now
Questions 147

A company has a single AWS account. The company runs workloads on Amazon EC2 instances in multiple VPCs in one AWS Region. The company also runs workloads in an on-premises data center that connects to the company ' s AWS account by using AWS Direct Connect.

The company needs all EC2 instances in the VPCs to resolve DNS queries for the internal.example.com domain to the authoritative DNS server that is located in the on-premises data center. The solution must use private communication between the VPCs and the on-premises network. All route tables, network ACLs, and security groups are configured correctly between AWS and the on-premises data center.

Which combination of actions will meet these requirements? (Select THREE.)

Options:

A.

Create an Amazon Route 53 inbound endpoint in all the workload VPCs.

B.

Create an Amazon Route 53 outbound endpoint in one of the workload VPCs.

C.

Create an Amazon Route 53 Resolver rule with the Forward type configured to forward queries for internal.example.com to the on-premises DNS server.

D.

Create an Amazon Route 53 Resolver rule with the System type configured to forward queries for internal.example.com to the on-premises DNS server.

E.

Associate the Amazon Route 53 Resolver rule with all the workload VPCs.

F.

Associate the Amazon Route 53 Resolver rule with the workload VPC with the new Route 53 endpoint.

Buy Now
Questions 148

A company runs an application that stores and shares photos. Users upload photos to an Amazon S3 bucket. Approximately 150 photos are uploaded daily. The company wants to create a thumbnail for each new photo and store it in a second S3 bucket.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Use an Amazon EMR cluster and scheduled scripts.

B.

Use an always-on EC2 instance with scheduled scripts.

C.

Configure an S3 event notification to invoke an AWS Lambda function on each upload.

D.

Use S3 Storage Lens to invoke a Lambda function.

Buy Now
Questions 149

A financial service company has a two-tier consumer banking application. The frontend serves static web content. The backend consists of APIs. The company needs to migrate the frontendcomponent to AWS. The backend of the application will remain on premises. The company must protect the application from common web vulnerabilities and attacks.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Migrate the frontend to Amazon EC2 instances. Deploy an Application Load Balancer (ALB) in front of the instances. Use the instances to invoke the on-premises APIs. Associate AWS WAF rules with the instances.

B.

Deploy the frontend as an Amazon CloudFront distribution that has multiple origins. Configure one origin to be an Amazon S3 bucket that serves the static web content. Configure a second origin to route traffic to the on-premises APIs based on the URL pattern. Associate AWS WAF rules with the distribution.

C.

Migrate the frontend to Amazon EC2 instances. Deploy a Network Load Balancer (NLB) in front of the instances. Use the instances to invoke the on-premises APIs. Create an AWS Network Firewall instance. Route all traffic through the Network Firewall instance.

D.

Deploy the frontend as a static website based on an Amazon S3 bucket. Use an Amazon API Gateway REST API and a set of Amazon EC2 instances to invoke the on-premises APIs. Associate AWS WAF rules with the REST API and the S3 bucket.

Buy Now
Questions 150

A company hosts an application on AWS. The application has generated approximately 2.5 TB of data over the previous 12 years. The company currently stores the data on Amazon EBS volumes.

The company wants a cost-effective backup solution for long-term storage. The company must be able to retrieve the data within minutes when required for audits.

Which solution will meet these requirements?

Options:

A.

Create EBS snapshots to back up the data.

B.

Create an Amazon S3 bucket. Use the S3 Glacier Deep Archive storage class to back up the data.

C.

Create an Amazon S3 bucket. Use the S3 Glacier Flexible Retrieval storage class to back up the data.

D.

Create an Amazon Elastic File System (Amazon EFS) file system to back up the data.

Buy Now
Questions 151

A healthcare company needs a storage solution for electronic health records EHRs. The company must store the EHRs for at least 10 years to comply with regulations. The company rarely accesses the records. The records must be secure, immutable, and retrievable within a few hours when needed. Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.

Store the records in Amazon S3 Standard. Enable server-side encryption with Amazon S3 managed keys SSE-S3 and S3 Versioning.

B.

Store the records in Amazon S3 Glacier Flexible Retrieval. Configure S3 Object Lock and set a retention period of 10 years.

C.

Store the records in Amazon S3 One Zone-Infrequent Access S3 One Zone-IA. Configure an S3 Lifecycle policy to remove records after 10 years.

D.

Store the records in Amazon S3 Intelligent-Tiering. Configure automatic archiving to the Archive Access tier.

Buy Now
Questions 152

A company is developing a public web application that needs to access multiple AWS services. The application will have hundreds of users who must log in to the application first before using the services.

The company needs to implement a secure and scalable method to grant the web application temporary access to the AWS resources.

Which solution will meet these requirements?

Options:

A.

Create an IAM role for each AWS service that the application needs to access. Assign the roles directly to the instances that the web application runs on.

B.

Create an IAM role that has the access permissions the web application requires. Configure the web application to use AWS Security Token Service (AWS STS) to assume the IAM role. Use STS tokens to access the required AWS services.

C.

Use AWS IAM Identity Center to create a user pool that includes the application users. Assign access credentials to the web application users. Use the credentials to access the required AWS services.

D.

Create an IAM user that has programmatic access keys for the AWS services. Store the access keys in AWS Systems Manager Parameter Store. Retrieve the access keys from Parameter Store. Use the keys in the web application.

Buy Now
Questions 153

A media company needs to migrate its Windows-based video editing environment to AWS. The company ' s current environment processes 4K video files that require sustained throughput of 2 GB per second across multiple concurrent users.

The company ' s storage needs increase by 1 TB each week. The company needs a shared file system that supports SMB protocol and can scale automatically based on storage demands.

Which solution will meet these requirements?

Options:

A.

Deploy an Amazon FSx for Windows File Server Multi-AZ file system with SSD storage.

B.

Deploy an Amazon Elastic File System (Amazon EFS) file system in Max I/O mode. Provision mount targets in multiple Availability Zones.

C.

Deploy an Amazon FSx for Lustre file system with a Persistent 2 deployment type. Provision the file system with 2 TB of storage.

D.

Deploy Amazon S3 File Gateway by using multiple cached gateway instances. Configure S3 Transfer Acceleration.

Buy Now
Questions 154

A genomic research company analyzes approximately 50 TB of raw DNA sequence data for each project that the company stores in Amazon S3. The company accesses data files frequently during the first 30 days of each project. The company rarely accesses the data after the first 30 days. However, the company must retain the data for 7 years.

The company needs a cost-effective storage solution for the data.

Which solution will meet these requirements?

Options:

A.

Store the data in Amazon EFS for the first 30 days. After 30 days, move the data to Amazon S3 Glacier Flexible Retrieval.

B.

Store the data in Amazon S3 Standard for the first 30 days. After 30 days, move the data to Amazon S3 Standard-Infrequent Access S3 Standard-IA.

C.

Store the data in Amazon S3 Standard for the first 30 days. After 30 days, move the data to Amazon S3 Glacier Deep Archive.

D.

Store the data in Amazon S3 Standard for the first 30 days. After 30 days, move the data to Amazon EBS volumes.

Buy Now
Questions 155

Question:

A healthcare company uses an Amazon EMR cluster to process patient data. The data must be encrypted in transit and at rest. Local volumes in the cluster also need to be encrypted. Which solution will meet these requirements?

Options:

Options:

A.

Create Amazon EBS volumes. Enable encryption. Attach the volumes to the existing EMR cluster.

B.

Create an EMR security configuration that encrypts the data and the volumes as required.

C.

Create an EC2 instance profile for the EMR instances. Configure the instance profile to enforce encryption.

D.

Create a runtime role that has a trust policy for the EMR cluster.

Buy Now
Questions 156

A company has Amazon EC2 instances that run nightly batch jobs to process data. The EC2 instances run in an Auto Scaling group that uses On-Demand billing. If a job fails on one instance, another instance will reprocess the job. The batch jobs run between 12:00 AM and 06:00 AM local time every day.

Which solution will provide EC2 instances to meet these requirements MOST cost-effectively?

Options:

A.

Purchase a 1-year Savings Plan for Amazon EC2 that covers the instance family of the Auto Scaling group that the batch job uses.

B.

Purchase a 1-year Reserved Instance for the specific instance type and operating system of the instances in the Auto Scaling group that the batch job uses.

C.

Create a new launch template for the Auto Scaling group. Set the instances to Spot Instances. Set a policy to scale out based on CPU usage.

D.

Create a new launch template for the Auto Scaling group. Increase the instance size. Set a policy to scale out based on CPU usage.

Buy Now
Questions 157

A company wants to share data between applications that run in separate AWS accounts. The company wants to use Amazon API Gateway REST APIs to expose private APIs. The company wants to ensure that only authorized accounts can invoke the private APIs.

Which solution will meet this requirement?

Options:

A.

Use an API Gateway interface endpoint policy to grant access to specific accounts.

B.

Use an API Gateway resource policy to grant access to specific accounts.

C.

Use cross-account IAM policies to grant access to the private APIs.

D.

Use AWS Lambda authorizers to grant access to specific accounts.

Buy Now
Questions 158

A company is planning to migrate to AWS. The network layout will include more than 1,000 VPCs in a single AWS Region. The resources in the VPCs need to communicate with each other.

What should a solutions architect recommend to meet these requirements?

Options:

A.

Create VPN tunnels from all the VPCs to each other. Enable route propagation.

B.

Create an AWS Direct Connect gateway, and attach a public virtual interface (VIF) to each VPC. Enable route propagation.

C.

Peer all the VPCs together by creating and accepting peering requests. Update route tables with the new routes.

D.

Create a transit gateway, and place attachments in subnets of all the VPCs. Configure a transit gateway route table with the new routes.

Buy Now
Questions 159

A company has applications that run on Amazon EC2 instances in a VPC One of the applications needs to call the Amazon S3 API to store and read objects. According to the company ' s security regulations, no traffic from the applications is allowed to travel across the internet.

Which solution will meet these requirements?

Options:

A.

Configure an S3 gateway endpoint.

B.

Create an S3 bucket in a private subnet.

C.

Create an S3 bucket in the same AWS Region as the EC2 instances.

D.

Configure a NAT gateway in the same subnet as the EC2 instances

Buy Now
Questions 160

A company runs a workload in an AWS Region. Users connect to the workload by using an Amazon API Gateway REST API.

The company uses Amazon Route 53 as its DNS provider and has created a Route 53 Hosted Zone. The company wants to provide unique and secure URLs for all workload users.

Which combination of steps will meet these requirements with the MOST operational efficiency? (Select THREE.)

Options:

A.

Create a wildcard custom domain name in the Route 53 hosted zone as an alias for the API Gateway endpoint.

B.

Use AWS Certificate Manager (ACM) to request a wildcard certificate that matches the custom domain in a second Region.

C.

Create a hosted zone for each user in Route 53. Create zone records that point to the API Gateway endpoint.

D.

Use AWS Certificate Manager (ACM) to request a wildcard certificate that matches the custom domain name in the same Region.

E.

Use API Gateway to create multiple API endpoints for each user.

F.

Create a custom domain name in API Gateway for the REST API. Import the certificate from AWS Certificate Manager (ACM).

Buy Now
Questions 161

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

Options:

A.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.

B.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.

C.

Create an Amazon S3 interface endpoint in the networking account.

D.

Create an Amazon S3 gateway endpoint in the networking account.

E.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.

Buy Now
Questions 162

A solutions architect is configuring a VPC that has public subnets and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs). An internet gateway is attached to the VPC.

The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.

Which solution will meet this requirement?

Options:

A.

Create a NAT gateway in one of the public subnets. Update the route tables that are attached to the private subnets to forward non-VPC traffic to the NAT gateway.

B.

Create three NAT instances in each private subnet. Create a private route table for each Availability Zone that forwards non-VPC traffic to the NAT instances.

C.

Attach an egress-only internet gateway in the VPC. Update the route tables of the private subnets to forward non-VPC traffic to the egress-only internet gateway.

D.

Create a NAT gateway in one of the private subnets. Update the route tables that are attached to the private subnets to forward non-VPC traffic to the NAT gateway.

Buy Now
Questions 163

A company currently runs an on-premises stock trading application by using Microsoft Windows Server. The company wants to migrate the application to the AWS Cloud. The company needs to design a highly available solution that provides low-latency access to block storage across multiple Availability Zones. Which solution will meet these requirements with the LEAST implementation effort?

Options:

A.

Configure a Windows Server cluster that spans two Availability Zones on Amazon EC2 instances. Install the application on both cluster nodes. Use Amazon FSx for Windows File Server as shared storage between the two cluster nodes.

B.

Configure a Windows Server cluster that spans two Availability Zones on Amazon EC2 instances. Install the application on both cluster nodes Use Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp3) volumes as storage attached to the EC2 instances. Set up application-level replication to sync data from one EBS volume in one Availability Zone to another EBS volume in the second Availability Zone.

C.

Deploy the application on Amazon EC2 instances in two Availability Zones Configure one EC2 instance as active and the second EC2 instance in standby mode. Use an Amazon FSx for NetApp ONTAP Multi-AZ file system to access the data by using Internet Small Computer Systems Interface (iSCSI) protocol.

D.

Deploy the application on Amazon EC2 instances in two Availability Zones. Configure one EC2 instance as active and the second EC2 instance in standby mode. Use Amazon Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io2) volumes as storage attached to the EC2 instances. Set up Amazon EBS level replication to sync data from one io2 volume in one Availability Zone to another io2 volume in the second Availability Zone.

Buy Now
Questions 164

Question:

A company operates an online photo-sharing service and stores data in AWS Account A in a centralized Amazon S3 bucket. The company wants to grant a second AWS account named Account B access to the centralized S3 bucket. The company owns Account B.

Options:

Options:

A.

Enable S3 Transfer Acceleration to provide Account B access to the centralized S3 bucket in Account A.

B.

Enable cross-Region replication between Account A and Account B to share the S3 bucket data.

C.

Use Amazon CloudFront to distribute the S3 bucket contents. Grant Account B access to the bucket contents through a signed URL.

D.

Create a bucket policy that grants Account B permission to access the centralized S3 bucket in Account A.

Buy Now
Questions 165

A company hosts an ecommerce application that stores all data in a single Amazon RDS for MySQL DB instance that is fully managed by AWS. The company needs to mitigate the risk of a single point of failure.

Which solution will meet these requirements with the LEAST implementation effort?

Options:

A.

Modify the RDS DB instance to use a Multi-AZ deployment. Apply the changes during the next maintenance window.

B.

Migrate the current database to a new Amazon DynamoDB Multi-AZ deployment. Use AWS Database Migration Service (AWS DMS) with a heterogeneous migration strategy to migrate the current RDS DB instance to DynamoDB tables.

C.

Create a new RDS DB instance in a Multi-AZ deployment. Manually restore the data from the existing RDS DB instance from the most recent snapshot.

D.

Configure the DB instance in an Amazon EC2 Auto Scaling group with a minimum group size of three. Use Amazon Route 53 simple routing to distribute requests to all DB instances.

Buy Now
Questions 166

A company hosts its applications in multiple private and public subnets in a VPC. The applications in the private subnets need to access an API. The API is available on the internet and is hosted in the company ' s on-premises data center. A solutions architect needs to establish connectivity for applications in the private subnets.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Create a transit gateway to connect the VPC to the on-premises network. Use the transit gateway to route API calls from the private subnets to the on-premises data center.

B.

Create a NAT gateway in the public subnet of the VPC. Use the NAT gateway to allow the private subnets to access the API over the internet.

C.

Establish an AWS PrivateLink connection to connect the VPC to the on-premises network. Use PrivateLink to make API calls from the private subnets to the on-premises data center.

D.

Implement an AWS Site-to-Site VPN connection between the VPC and the on-premises data center. Use the VPN connection to make API calls from the private subnets to the on-premises data center.

Buy Now
Questions 167

A company receives data transfers from a small number of external clients that use SFTP software on an Amazon EC2 instance. The clients use an SFTP client to upload data. The clients use SSH keys for authentication. Every hour, an automated script transfers new uploads to an Amazon S3 bucket for processing.

The company wants to move the transfer process to an AWS managed service and to reduce the time required to start data processing. The company wants to retain the existing user management and SSH key generation process. The solution must not require clients to make significant changes to their existing processes.

Which solution will meet these requirements?

Options:

A.

Reconfigure the script that runs on the EC2 instance to run every 15 minutes. Create an S3 Event Notifications rule for all new object creation events. Set an Amazon Simple Notification Service (Amazon SNS) topic as the destination.

B.

Create an AWS Transfer Family SFTP server that uses the existing S3 bucket as a target. Use service-managed users to enable authentication.

C.

Require clients to add the AWS DataSync agent into their local environments. Create an IAM user for each client that has permission to upload data to the target S3 bucket.

D.

Create an AWS Transfer Family SFTP connector that has permission to access the target S3 bucket for each client. Store credentials in AWS Systems Manager. Create an IAM role to allow the SFTP connector to securely use the credentials.

Buy Now
Questions 168

A company is building a serverless application to process clickstream data from its website. The clickstream data is sent to an Amazon Kinesis Data Streams data stream from the application web servers.

The company wants to enrich the clickstream data by joining the clickstream data with customer profile data from an Amazon Aurora Multi-AZ database. The company wants to use Amazon Redshift to analyze the enriched data. The solution must be highly available.

Which solution will meet these requirements?

Options:

A.

Use an AWS Lambda function to process and enrich the clickstream data. Use the same Lambda function to write the clickstream data to Amazon S3. Use Amazon Redshift Spectrum to query the enriched data in Amazon S3.

B.

Use an Amazon EC2 Spot Instance to poll the data stream and enrich the clickstream data. Configure the EC2 instance to use the COPY command to send the enriched results to Amazon Redshift.

C.

Use an Amazon Elastic Container Service (Amazon ECS) task with AWS Fargate Spot capacity to poll the data stream and enrich the clickstream data. Configure an Amazon EC2 instance to use the COPY command to send the enriched results to Amazon Redshift.

D.

Use Amazon Kinesis Data Firehose to load the clickstream data from Kinesis Data Streams to Amazon S3. Use AWS Glue crawlers to infer the schema and populate the AWS Glue Data Catalog. Use Amazon Athena to query the raw data in Amazon S3.

Buy Now
Questions 169

The company must encrypt finance reports that are stored in an Amazon S3 bucket. An AWS Lambda function must be able to decrypt the reports dynamically. An IAM group that the company ' s security administrators use must manage the encryption keys. The IAM group must manage key rotation, deletion, and creation. The company must grant access to the keys according to the principle of least privilege.

Which solution will meet these requirements?

Options:

A.

Use server-side encryption with Amazon S3 managed keys SSE-S3 to encrypt the reports in the S3 bucket. Use IAM policies to allow the Lambda function execution role to decrypt the reports.

B.

Use customer managed AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the files. Use IAM policies to grant the security administrator IAM group permissions to perform only kms:CreateKey, kms:DeleteKey, and kms:RotateKey actions on KMS keys.

C.

Use server-side encryption with AWS KMS keys to encrypt the reports in the S3 bucket. Use IAM policies to grant the Lambda function execution role permissions to decrypt the reports. Grant the security administrator IAM group permissions to generate KMS keys.

D.

Use customer-managed AWS KMS keys to encrypt the reports in the S3 bucket. Grant the Lambda function execution role and the security administrator IAM group full access to perform all transactions on KMS keys.

Buy Now
Questions 170

A company hosts a popular social networking application on premises. Both the web tier and the application tier run on the same server. The company wants to migrate the application to AWS to handle increased user traffic. The solution must minimize migration effort and ongoing operational costs. The solution must reuse the existing application code.

The application must scale to handle millions of requests. The application must be highly available.

Which solution will meet these requirements?

Options:

A.

Deploy the application on an Amazon ECS cluster. Configure AWS Application Auto Scaling. Create an Application Load Balancer (ALB). Set the ECS cluster as an ALB target. Create an Amazon CloudFront distribution that uses the ALB as an origin.

B.

Create a self-managed Kubernetes cluster on three Amazon EC2 instances in one Availability Zone. Configure scaling metrics within the cluster. Create an AWS Global Accelerator standard accelerator. Set the cluster as an endpoint.

C.

Create an Amazon API Gateway REST API. Reconfigure the application to use AWS Lambda functions. Configure the Lambda functions to use reserved concurrency.

D.

Configure an Amazon CloudFront distribution with a custom origin to serve traffic from the on-premises environment. Configure an AWS Site-to-Site VPN connection between the on-premises environment and AWS.

Buy Now
Questions 171

A company uses AWS Organizations to manage multiple AWS accounts. The company needs a secure, event-driven architecture in which specific Amazon SNS topics in Account A can publish messages to specific Amazon SQS queues in Account B.

Which solution meets these requirements while maintaining least privilege?

Options:

A.

Create a new IAM role in Account A that can publish to any SQS queue. Share the role ARN with Account B.

B.

Add SNS topic ARNs to SQS queue policies in Account B. Configure SNS topics to publish to any queue. Encrypt the queue with an AWS KMS key.

C.

Modify the SQS queue policies in Account B to allow only specific SNS topic ARNs from Account A to publish messages. Ensure the SNS topics have publish permissions for the specific queue ARN.

D.

Create a shared IAM role across both accounts with permission to publish to all SQS queues. Enable cross-account access.

Buy Now
Questions 172

A company runs an online order management system on AWS. The company stores order and inventory data for the previous 5 years in an Amazon Aurora MySQL database. The company deletes inventory data after 5 years.

The company wants to optimize costs to archive data.

Which solution will meet this requirement?

Options:

A.

Create an AWS Glue crawler to export data to Amazon S3. Create an AWS Lambda function to compress the data.

B.

Use the SELECT INTO OUTFILE S3 query on the Aurora database to export the data to Amazon S3. Configure S3 Lifecycle rules on the S3 bucket.

C.

Create an AWS Glue DataBrew job to migrate data from Aurora to Amazon S3. Configure S3 Lifecycle rules on the S3 bucket.

D.

Use the AWS Schema Conversion Tool (AWS SCT) to replicate data from Aurora to Amazon S3. Use the S3 Standard-Infrequent Access (S3 Standard-IA) storage class.

Buy Now
Questions 173

A security team needs to enforce rotation of all IAM users ' access keys every 90 days. Keys older than 90 days must be automatically deactivated and removed. A solutions architect must create a remediation solution with minimal operational effort.

Which solution meets these requirements?

Options:

A.

Create an AWS Config rule to check key age. Configure the rule to run an AWS Batch job to remove the key.

B.

Create an Amazon EventBridge rule to check key age. Configure it to run an AWS Batch job to remove the key.

C.

Create an AWS Config rule to check key age. Define an EventBridge rule that schedules an AWS Lambda function to remove the key.

D.

Create an EventBridge rule to check key age. Define a second EventBridge rule to run an AWS Batch job to remove the key.

Buy Now
Questions 174

A company wants to use AWS Direct Connect to connect on-premises networks to AWS. The company runs many VPCs in a single Region and plans to scale to hundreds of VPCs.

Which service will simplify and scale the network architecture?

Options:

A.

VPC endpoints

B.

AWS Transit Gateway

C.

Amazon Route 53

D.

AWS Secrets Manager

Buy Now
Questions 175

A company wants to enhance its ecommerce order-processing application that is deployed on AWS. The application must process each order exactly once without affecting the customer experience during unpredictable traffic surges.

Which solution will meet these requirements?

Options:

A.

Create an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Put all the orders in the SQS queue. Configure an AWS Lambda function as the target to process the orders.

B.

Create an Amazon Simple Notification Service (Amazon SNS) standard topic. Publish all the orders to the SNS standard topic. Configure the application as a notification target.

C.

Create a flow by using Amazon AppFlow. Send the orders to the flow. Configure an AWS Lambda function as the target to process the orders.

D.

Configure AWS X-Ray in the application to track the order requests. Configure the application to process the orders by pulling the orders from Amazon CloudWatch.

Buy Now
Questions 176

A company has an API that receives real-time data from a fleet of monitoring devices. The API stores this data in an Amazon RDS DB instance for later analysis. The amount of data that the monitoring devices send to the API fluctuates. During periods of heavy traffic, the API often returns timeout errors.

After an inspection of the logs, the company determines that the database is not capable of processing the volume of write traffic that comes from the API. A solutions architect must minimize the number of connections to the database and must ensure that data is not lost during periods of heavy traffic.

Options:

A.

Increase the size of the DB instance to an instance type that has more available memory.

B.

Modify the DB instance to be a Multi-AZ DB instance. Configure the application to write to all active RDS DB instances.

C.

Modify the API to write incoming data to an Amazon Simple Queue Service (Amazon SQS) queue. Use an AWS Lambda function that Amazon SQS invokes to write data from the queue to the database.

D.

Modify the API to write incoming data to an Amazon Simple Notification Service (Amazon SNS) topic. Use an AWS Lambda function that Amazon SNS invokes to write data from the topic to the database.

Buy Now
Questions 177

A company is planning to migrate customer records to an Amazon S3 bucket. The company needs to ensure that customer records are protected against unauthorized access and are encrypted in transit and at rest. The company must monitor all access to the S3 bucket.

Options:

A.

Use AWS Key Management Service (AWS KMS) to encrypt customer records at rest. Create an S3 bucket policy that includes the aws:SecureTransport condition. Use an IAM policy to control access to the records. Use AWS CloudTrail to monitor access to the records.

B.

Use AWS Nitro Enclaves to encrypt customer records at rest. Use AWS Key Management Service (AWS KMS) to encrypt the records in transit. Use an IAM policy to control access to the records. Use AWS CloudTrail and AWS Security Hub to monitor access to the records.

C.

Use AWS Key Management Service (AWS KMS) to encrypt customer records at rest. Create an Amazon Cognito user pool to control access to the records. Use AWS CloudTrail to monitor access to the records. Use Amazon GuardDuty to detect threats.

D.

Use server-side encryption with Amazon S3 managed keys (SSE-S3) with default settings to encrypt the records at rest. Access the records by using an Amazon CloudFront distribution that uses the S3 bucket as the origin. Use IAM roles to control access to the records. Use Amazon CloudWatch to monitor access to the records.

Buy Now
Questions 178

A company hosts an application on AWS and has generated approximately 2.5 TB of data over 12 years. The data is stored on Amazon EBS volumes.

The company wants a cost-effective backup solution for long-term storage and must be able to retrieve the data within minutes for audits.

Which solution will meet these requirements?

Options:

A.

Create EBS snapshots.

B.

Use Amazon S3 Glacier Deep Archive.

C.

Use Amazon S3 Glacier Flexible Retrieval.

D.

Use Amazon Elastic File System (Amazon EFS).

Buy Now
Questions 179

A company is planning to deploy a data processing platform on AWS. The data processingplatform is based on PostgreSQL. The company stores the data that the platform must process on premises.

To comply with regulations, the company must not migrate the data to the cloud. However, the company wants to use AWS managed data analytics solutions.

Which solution will meet these requirements?

Options:

A.

Create an Amazon RDS for PostgreSQL database in a VPC. Create an interface VPC endpoint to connect the on-premises PostgreSQL database to the RDS for PostgreSQL database.

B.

Create Amazon EC2 instances in an Auto Scaling group on AWS Outposts. Install PostgreSQL data analytics software on the instances.

C.

Create an Amazon EMR cluster on AWS Outposts. Connect the EMR cluster to the on-premises PostgreSQL database to perform data processing locally.

D.

Create an Amazon EMR cluster in a VPC. Connect the EMR cluster to Amazon RDS for SQL Server with a linked server to connect to the company ' s data processing platform.

Buy Now
Questions 180

A company uses Amazon EC2 instances and Amazon Elastic Block Store (Amazon EBS) volumes to run an application. The company creates one snapshot of each EBS volume every day.

The company needs to prevent users from accidentally deleting the EBS volume snapshots. The solution must not change the administrative rights of a storage administrator user.

Which solution will meet these requirements with the LEAST administrative effort?

Options:

A.

Create an IAM role that has permission to delete snapshots. Attach the role to a new EC2 instance. Use the AWS CLI from the new EC2 instance to delete snapshots.

B.

Create an IAM policy that denies snapshot deletion. Attach the policy to the storage administrator user.

C.

Add tags to the snapshots. Create tag-level retention rules in the Recycle Bin for EBS snapshots. Configure rule lock settings for the retention rules.

D.

Take EBS snapshots by using the EBS direct APIs. Copy the snapshots to an Amazon S3 bucket. Configure S3 Versioning and Object Lock on the bucket.

Buy Now
Questions 181

A company wants to provide a third-party system that runs in a private data center with access to its AWS account. The company wants to call AWS APIs directly from the third-party system. The company has an existing process for managing digital certificates. The company does not want to use SAML or OpenID Connect (OIDC) capabilities and does not want to store long-term AWS credentials.

Which solution will meet these requirements?

Options:

A.

Configure mutual TLS to allow authentication of the client and server sides of the communication channel.

B.

Configure AWS Signature Version 4 to authenticate incoming HTTPS requests to AWS APIs.

C.

Configure Kerberos to exchange tickets for assertions that can be validated by AWS APIs.

D.

Configure AWS Identity and Access Management (IAM) Roles Anywhere to exchange X.509 certificates for AWS credentials to interact with AWS APIs.

Buy Now
Questions 182

A company hosts an application on Amazon EC2 On-Demand Instances in an Auto Scaling group. Application peak hours occur at the same time each day. Application users experience slow application performance at the start of peak hours. The application performs normally 2–3 hours after peak hours begin. The company wants to ensure that the application works properly at the start of peak hours.

Which solution will meet these requirements?

Options:

A.

Configure an Application Load Balancer to distribute traffic properly to the instances.

B.

Configure a dynamic scaling policy for the Auto Scaling group to launch new instances based on memory utilization.

C.

Configure a dynamic scaling policy for the Auto Scaling group to launch new instances based on CPU utilization.

D.

Configure a scheduled scaling policy for the Auto Scaling group to launch new instances before peak hours.

Buy Now
Questions 183

A gaming company hosts a browser-based application on AWS. The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users.

The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin.

Which solution meets these requirements MOST cost-effectively?

Options:

A.

Deploy an AWS Global Accelerator accelerator in front of the web servers.

B.

Deploy an Amazon CloudFront web distribution in front of the S3 bucket.

C.

Deploy an Amazon ElastiCache (Redis OSS) instance in front of the web servers.

D.

Deploy an Amazon ElastiCache (Memcached) instance in front of the web servers.

Buy Now
Questions 184

A company is developing a content sharing platform that currently handles 500 GB of user-generated media files. The company expects the amount of content to grow significantly in the future. The company needs a storage solution that can automatically scale, provide high durability, and allow direct user uploads from web browsers.

Options:

A.

Store the data in an Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled.

B.

Store the data in an Amazon Elastic File System (Amazon EFS) Standard file system.

C.

Store the data in an Amazon S3 Standard bucket.

D.

Store the data in an Amazon S3 Express One Zone bucket.

Buy Now
Questions 185

A company is migrating a document management application to AWS. The application runs on Linux servers. The company will migrate the application to Amazon EC2 instances in an Auto Scaling group. The company stores 7 TiB of documents in a shared storage file system. An external relational database tracks the documents.

Documents are stored once and can be retrieved multiple times for reference at any time. The company cannot modify the application during the migration. The storage solution must be highly available and must support scaling over time.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Deploy an EC2 instance with enhanced networking as a shared NFS storage system. Export the NFS share. Mount the NFS share on the EC2 instances in the Auto Scaling group.

B.

Create an Amazon S3 bucket that uses the S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Mount the S3 bucket on the EC2 instances in the Auto Scaling group.

C.

Deploy an SFTP server endpoint by using AWS Transfer for SFTP and an Amazon S3 bucket. Configure the EC2 instances in the Auto Scaling group to connect to the SFTP server.

D.

Create an Amazon EFS file system with mount points in multiple Availability Zones. Use the EFS Standard-Infrequent Access (Standard-IA) storage class. Mount the NFS share on the EC2 instances in the Auto Scaling group.

Buy Now
Questions 186

An automobile company collects several terabytes of sensor data from vehicles every day and stores the data in Amazon S3. The company wants to use Amazon SageMaker AI and the sensor data to run an inference model.

The company needs to pre-process the data to remove noise or bias that interferes with inference. The company wants to run the inference model once each week.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use AWS Batch to pre-process the data. Use a SageMaker AI processing job to run the inference workloads.

B.

Use Amazon EMR to pre-process the data. Use a SageMaker AI processing job to run the inference workloads.

C.

Use a SageMaker AI batch transform job to pre-process the data and to run the inference workloads.

D.

Use AWS Glue to pre-process the data. Use a SageMaker AI processing job to run the inference workloads.

Buy Now
Questions 187

A retail company runs its application on AWS. The application uses Amazon EC2 for web servers, Amazon RDS for database services, and Amazon CloudFront for global content distribution.

The company needs a solution to mitigate DDoS attacks.

Which solution will meet this requirement?

Options:

A.

Implement AWS WAF custom rules to limit the length of query requests. Configure CloudFront to work with AWS WAF.

B.

Enable AWS Shield Advanced. Configure CloudFront to work with Shield Advanced.

C.

Use Amazon Inspector to scan the EC2 instances. Enable Amazon GuardDuty.

D.

Enable Amazon Macie. Configure CloudFront Origin Shield.

Buy Now
Questions 188

A company is building a serverless application to process large video files that users upload. The application performs multiple tasks to process each video file. Processing can take up to 30 minutes for the largest files.

The company needs a scalable architecture to support the processing application.

Which solution will meet these requirements?

Options:

A.

Store the uploaded video files in Amazon Elastic File System (Amazon EFS). Configure a schedule in Amazon EventBridge Scheduler to invoke an AWS Lambda function periodically to check for new files. Configure the Lambda function to perform all the processing tasks.

B.

Store the uploaded video files in Amazon Elastic File System (Amazon EFS). Configure an Amazon EFS event notification to start an AWS Step Functions workflow that uses AWS Fargate tasks to perform the processing tasks.

C.

Store the uploaded video files in Amazon S3. Configure an Amazon S3 event notification to send an event to Amazon EventBridge when a user uploads a new video file. Configure an AWS Step Functions workflow as a target for an EventBridge rule. Use the workflow to manage AWS Fargate tasks to perform the processing tasks.

D.

Store the uploaded video files in Amazon S3. Configure an Amazon S3 event notification to invoke an AWS Lambda function when a user uploads a new video file. Configure the Lambda function to perform all the processing tasks.

Buy Now
Questions 189

How can a company detect and notify security teams about PII in S3 buckets?

Options:

A.

Use Amazon Macie. Create an EventBridge rule for SensitiveData findings and send an SNS notification.

B.

Use Amazon GuardDuty. Create an EventBridge rule for CRITICAL findings and send an SNS notification.

C.

Use Amazon Macie. Create an EventBridge rule for SensitiveData:S3Object/Personal findings and send an SQS notification.

D.

Use Amazon GuardDuty. Create an EventBridge rule for CRITICAL findings and send an SQS notification.

Buy Now
Questions 190

A marketing team wants to build a campaign for an upcoming multi-sport event. The team has news reports from the past five years in PDF format. The team needs a solution to extract insights about the content and the sentiment of the news reports. The solution must use Amazon Textract to process the news reports.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Provide the extracted insights to Amazon Athena for analysis Store the extracted insights and analysis in an Amazon S3 bucket.

B.

Store the extracted insights in an Amazon DynamoDB table. Use Amazon SageMaker to build a sentiment model.

C.

Provide the extracted insights to Amazon Comprehend for analysis. Save the analysis to an Amazon S3 bucket.

D.

Store the extracted insights in an Amazon S3 bucket. Use Amazon QuickSight to visualize and analyze the data.

Buy Now
Questions 191

A company hosts its application on several Amazon EC2 instances inside a VPC. The company creates a dedicated Amazon S3 bucket for each customer to store their relevant information in Amazon S3.

The company wants to ensure that the application running on EC2 instances can securely access only the S3 buckets that belong to the company ' s AWS account.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance profile policy to provide access to only the specific buckets that the application needs.

B.

Create a NAT gateway in a public subnet with a security group that allows access to only Amazon S3 Update the route tables to use the NAT Gateway.

C.

Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance profile policy with a Deny action and the following condition key:

D.

Create a NAT Gateway in a public subnet Update route tables to use the NAT Gateway Assign bucket policies for all buckets with a Deny action and the following condition key:

Buy Now
Questions 192

A company is building a serverless web application that will serve customers globally by using REST API endpoints. The application must minimize latency regardless of the application us-er ' s geographic location. The initial amount of traffic that the application will handle is un-known.

Options:

A.

Deploy an Amazon API Gateway REST API with edge-optimized API endpoints for all cus-tomers. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory settings and configuring provisioned concurrency.

B.

Deploy an Amazon API Gateway REST API with Regional API endpoints for all customers. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory set-tings and configuring reserved concurrency.

C.

Deploy an Amazon API Gateway REST API with Regional API endpoints for all customers. Create AWS Lambda functions. Use an HTTP integration to optimize Lambda performance.

D.

Deploy a Network Load Balancer in each AWS Region where customers are located. Create AWS Lambda functions. Optimize Lambda performance by adjusting the memory settings and configuring provisioned concurrency.

Buy Now
Questions 193

A company is building a web application. The company needs a load balancing solution that supports HTTPS header-based routing. The company ' s security team also requires a rules-based method of blocking specific incoming requests to decrease the effects of malicious activity.

Which solution will meet these requirements?

Options:

A.

Create an Application Load Balancer (ALB). Configure an HTTPS listener with mutual TLS enabled.

B.

Create an Application Load Balancer (ALB). Integrate the ALB with AWS WAF. Configure the security team ' s required rules.

C.

Create an Application Load Balancer (ALB). Integrate the ALB with AWS Config. Apply custom rules to all ALB resources.

D.

Create a Network Load Balancer (NLB). Configure AWS Network Firewall with the security team ' s required rules.

Buy Now
Questions 194

A company wants DevOps teams to create IAM roles, but no role may have administrative permissions.

Which solution will meet these requirements?

Options:

A.

Use SCPs to deny AdministratorAccess policy usage.

B.

Use SCPs to require a permissions boundary when creating IAM roles.

C.

Allow all permissions and auto-delete noncompliant roles.

D.

Attach restrictive permissions boundaries directly to IAM users.

Buy Now
Questions 195

An ecommerce company runs a transaction processing system within a large application on a set of Amazon EC2 instances behind an Application Load Balancer ALB. The transaction process handles order creation, payment initiation, and inventory updates.

The company has observed performance issues in the transaction workflow as the volume of transactions has increased. The company wants to re-architect the transaction process to introduce horizontal scalability and to improve cost efficiency.

Which solution will meet these requirements?

Options:

A.

Decouple the transaction system into microservices that run on AWS Lambda functions. Expose the microservices through a central Amazon API Gateway REST API. Use Amazon SQS queues to decouple order creation and payment processing.

B.

Migrate the transaction system to an Amazon EKS cluster. Deploy the Kubernetes Vertical Pod Autoscaler to manage application scalability.

C.

Add caching layers to the transaction system by using an Amazon ElastiCache cluster. Scale the EC2 instances to the largest size available to handle the increased load.

D.

Decouple the transaction system into microservices. Deploy each microservice as a separate application to its own dedicated group of EC2 instances. Place each group of instances behind a separate ALB. Scale the application by launching larger EC2 instance sizes as needed.

Buy Now
Questions 196

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the Aurora database by using user names and passwords that the company stores locally in a file.

The company changes the user names and passwords every month. The company wants to minimize the operational overhead of credential management.

Which solution will meet these requirements?

Options:

A.

Store the credentials as a secret within AWS Secrets Manager. Assign IAM permissions to the secret. Reconfigure the application to call the secret. Enable rotation on the secret and configure rotation to occur on a monthly schedule.

B.

Use AWS Systems Manager Parameter Store to create a new parameter for the credentials. Use IAM policies to restrict access to the parameter. Reconfigure the application to access the parameter.

C.

Create an Amazon S3 bucket to store objects. Use an AWS Key Management Service (AWS KMS) key to encrypt the objects. Migrate the credentials file to the S3 bucket. Update the application to retrieve the credentials file from the S3 bucket.

D.

Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the encrypted EBS volumes to the EC2 instances. Migrate the credentials file to the new EBS volumes.

Buy Now
Questions 197

A data science team needs storage for nightly log processing. The size and number of logs is unknown, and the logs persist for only 24 hours.

What is the MOST cost-effective solution?

Options:

A.

Amazon S3 Glacier Deep Archive

B.

Amazon S3 Standard

C.

Amazon S3 Intelligent-Tiering

D.

Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Buy Now
Questions 198

A solutions architect needs to save a particular automated database snapshot from an Amazon RDS for Microsoft SQL Server DB instance for longer than the maximum number of days. Which solution will meet these requirements in the MOST operationally efficient way?

Options:

A.

Create a manual copy of the snapshot.

B.

Export the contents of the snapshot to an Amazon S3 bucket.

C.

Change the retention period of the snapshot to 45 days.

D.

Create a native SQL Server backup. Save the backup to an Amazon S3 bucket.

Buy Now
Questions 199

A company has a web application that stores user transactions in an Amazon DynamoDB table. To comply with regulations, the company must retain a copy of user transaction data for 7 years.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use DynamoDB point-in-time recovery to back up the table continuously.

B.

Use AWS Backup to create backup schedules and retention policies for the table.

C.

Create an on-demand backup of the table by using DynamoDB. Store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket.

D.

Create an Amazon EventBridge rule to invoke an AWS Lambda function. Configure the Lambda function to back up the table and to store the backup in an Amazon S3 bucket. Set an S3 Lifecycle configuration for the S3 bucket.

Buy Now
Questions 200

A company runs several custom applications on Amazon EC2 instances. Each team within the company manages its own set of applications and backups. To comply with regulations, the company must be able to report on the status of backups and ensure that backups are encrypted.

Which solution will meet these requirements with the LEAST effort?

Options:

A.

Create an AWS Lambda function that processes AWS Config events. Configure the Lambda function to query AWS Config for backup-related data and to generate daily reports.

B.

Check the backup status of the EC2 instances daily by reviewing the backup configurations in AWS Backup and Amazon Elastic Block Store (Amazon EBS) snapshots.

C.

Use an AWS Lambda function to query Amazon EBS snapshots, Amazon RDS snapshots, and AWS Backup jobs. Configure the Lambda function to process and report on the data. Schedule the function to run daily.

D.

Use AWS Config and AWS Backup Audit Manager to ensure compliance. Review generated reports daily.

Buy Now
Questions 201

Question:

A company wants to deploy an internal web application on AWS. The web application must be accessible only from the company ' s office. The company needs to download security patches for the web application from the internet. The company has created a VPC and has configured an AWS Site-to-Site VPN connection to the company ' s office. A solutions architect must design a secure architecture for the web application. Which solution will meet these requirements?

Options:

Options:

A.

Deploy the web application on Amazon EC2 instances in public subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the inbound source of the ALB ' s security group to 0.0.0.0/0.

B.

Deploy the web application on Amazon EC2 instances in private subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in public subnets. Attach an internet gateway to the VPC. Set the inbound source of the ALB ' s security group to the company ' s office network CIDR block.

C.

Deploy the web application on Amazon EC2 instances in public subnets behind an internal Application Load Balancer (ALB). Deploy NAT gateways in private subnets. Attach an internet gateway to the VPC. Set the outbound destination of the ALB ' s security group to the company ' s office network CIDR block.

D.

Deploy the web application on Amazon EC2 instances in private subnets behind a public Application Load Balancer (ALB). Attach an internet gateway to the VPC. Set the outbound destination of the ALB ' s security group to 0.0.0.0/0.

Buy Now
Questions 202

A research laboratory needs to process a multi-terabyte dataset multiple times each day. The laboratory requires sub-millisecond latency while processing the data. Hundreds of Amazon EC2 Linux instances will process the data from the source and store the data in a different location.

Which solution will meet these requirements?

Options:

A.

Create an Amazon FSx for NetApp ONTAP file system. Set each volume ' s tiering policy to All. Import the raw data into the file system. Mount the file system on the EC2 instances.

B.

Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent SSD storage. Configure the FSx for Lustre file system to import data from and export data to Amazon S3. Mount the file system on the EC2 instances.

C.

Create an Amazon S3 bucket to store the raw data. Create an Amazon FSx for Lustre file system that uses persistent HDD storage. Configure the FSx for Lustre file system to import data from and export data to Amazon S3. Access the file system by using a Gateway Load Balancer.

D.

Create an Amazon FSx for Windows File Server Multi-AZ file system with HDD storage. Enable shadow copies. Mount the file system on the EC2 instances by using SMB protocol.

Buy Now
Questions 203

An ecommerce company runs applications in AWS accounts that are part of an organization in AWS Organizations. The applications run on Amazon Aurora PostgreSQL databases across all the accounts. The company needs to prevent malicious activity and must identify abnormal failed and incomplete login attempts to the databases.

Options:

A.

Attach service control policies (SCPs) to the root of the organization to identify the failed login attempts.

B.

Enable the Amazon RDS Protection feature in Amazon GuardDuty for the member accounts of the organization.

C.

Publish the Aurora general logs to a log group in Amazon CloudWatch Logs. Export the log data to a central Amazon S3 bucket.

D.

Publish all the Aurora PostgreSQL database events in AWS CloudTrail to a central Amazon S3 bucket.

Buy Now
Questions 204

A company hosts dozens of multi-tier applications on AWS. The presentation layer and logic layer are Amazon EC2 Linux instances that use Amazon EBS volumes.

The company needs a solution to ensure that operating system vulnerabilities are not introduced to the EC2 instances when the company deploys new features. The company uses custom AMIs to deploy EC2 instances in an Auto Scaling group. The solution must scale to handle all applications that the company hosts.

Which solution will meet these requirements?

Options:

A.

Use Amazon Inspector to patch operating system vulnerabilities. Invoke Amazon Inspector when a new AMI is deployed.

B.

Use AWS Backup to back up the EBS volume of each updated instance. Use the EBS backup volumes to create new AMIs. Use the existing Auto Scaling group to deploy the new AMIs.

C.

Use AWS Systems Manager Patch Manager to patch operating system vulnerabilities in the custom AMIs.

D.

Use EC2 Image Builder to create new AMIs when the company deploys new features. Include the update-linux component in the build components of the new AMIs. Use the existing Auto Scaling group to deploy the new AMIs.

Buy Now
Questions 205

Question:

A company uses Apache Hadoop and Spark on-prem. The infrastructure is complex and not scalable. They want to reduce operational complexity but keep data processing on-premises.

Options:

Options:

A.

Use Site-to-Site VPN to access on-prem HDFS. Use Amazon EMR to process the data.

B.

Use AWS DataSync to connect to on-prem HDFS. Use Amazon EMR to process the data.

C.

Migrate to Amazon EMR on AWS Outposts.

D.

Use AWS Snowball to migrate data to S3. Use EMR to process.

Buy Now
Questions 206

A company is designing a serverless application to process a large number of events within an AWS account. The application saves the events to a data warehouse for further analysis. The application sends incoming events to an Amazon SQS queue. Traffic between the application and the SQS queue must not use public IP addresses.

Options:

A.

Create a VPC endpoint for Amazon SQS. Set the queue policy to deny all access except from the VPC endpoint.

B.

Configure server-side encryption with SQS-managed keys (SSE-SQS).

C.

Configure AWS Security Token Service (AWS STS) to generate temporary credentials for resources that access the queue.

D.

Configure VPC Flow Logs to detect SQS traffic that leaves the VPC.

Buy Now
Questions 207

A company is designing a new application that uploads files to an Amazon S3 bucket. The uploaded files are processed to extract metadata.

Processing must take less than 5 seconds. The volume and frequency of the uploads vary from a few files each hour to hundreds of concurrent uploads.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Configure AWS CloudTrail trails to log Amazon S3 API calls. Use AWS AppSync to process the files.

B.

Configure a new object created S3 event notification within the bucket to invoke an AWS Lambda function to process the files.

C.

Configure Amazon Kinesis Data Streams to deliver the files to the S3 bucket. Invoke an AWS Lambda function to process the files.

D.

Deploy an Amazon EC2 instance. Create a script that lists all files in the S3 bucket and processes new files. Use a cron job that runs every minute to run the script.

Buy Now
Questions 208

A company has a transaction-processing application that is backed by an Amazon RDS MySQL database. When the load on the application increases, a large number of database connections are opened and closed frequently, which causes latency for the database transactions.

A solutions architect determines that the root cause of the latency is poor connection handling by the application. The solutions architect cannot modify the application code. The solutions architect needs to manage database connections to improve the database performance during periods of high load.

Which solution will meet these requirements?

Options:

A.

Upgrade the database instance to a larger instance type to handle a large number of database connections.

B.

Configure Amazon RDS storage autoscaling to dynamically increase the provisioned IOPS.

C.

Use Amazon RDS Proxy to pool and share database connections.

D.

Convert the database instance to a Multi-AZ deployment.

Buy Now
Questions 209

A company wants to migrate a visual search application from an on-premises environment to AWS. The application uses NFS storage to cache images. The image cache is currently a few terabytes in size. The company needs to migrate to a cost-effective cloud alternative.

Which solution will meet these requirements in the MOST cost-effective way?

Options:

A.

Use an Amazon ElastiCache (Memcached) cluster as the image cache. Set the cache TTL according to the required image lifetime in the cache.

B.

Use compute-optimized Amazon EC2 instances with instance store volumes as the image cache. Recycle EC2 instances for cache invalidation.

C.

Use an Amazon EFS One Zone file system as the image cache. Configure the application to use the EFS mount target.

D.

Use Amazon S3 Express One Zone to store the images. Store the S3 object URLs in an Amazon DynamoDB table. Use DynamoDB TTL to invalidate image cache entries.

Buy Now
Questions 210

A company needs to save confidential medical results in an Amazon S3 bucket. The repository must allow a few approved users to add new files. The repository must restrict all other users to read-only access by using a write once, read many (WORM) approach. The company must keep every file in the repository for a minimum of 1 year after its creation date.

Which solution will meet these requirements with the LEAST implementation effort?

Options:

A.

Configure the S3 bucket with multi-factor authentication (MFA) delete. Do not share the MFA secret with users to avoid deletion.

B.

Use S3 Object Lock in compliance mode with a retention period of 1 year. Use an IAM policy that restricts file access to specified approved users.

C.

Use an IAM role to restrict all users from deleting or changing objects in the S3 bucket. Use an S3 bucket policy to only allow the IAM role.

D.

Configure the S3 bucket to invoke an AWS Lambda function every time an object is added. Configure the function to track the hash of the saved object so that modified objects can be marked accordingly.

Buy Now
Questions 211

A company needs to store confidential files on AWS. The company accesses the files every week. The company must encrypt the files by using envelope encryption, and the encryption keys must be rotated automatically. The company must have an audit trail to monitor encryption key usage.

Which combination of solutions will meet these requirements? (Select TWO.)

Options:

A.

Store the confidential files in Amazon S3.

B.

Store the confidential files in Amazon S3 Glacier Deep Archive.

C.

Use server-side encryption with customer-provided keys (SSE-C).

D.

Use server-side encryption with Amazon S3 managed keys (SSE-S3).

E.

Use server-side encryption with AWS KMS managed keys (SSE-KMS).

Buy Now
Questions 212

A company decides to use AWS Key Management Service (AWS KMS) for data encryption operations. The company must create a KMS key and automate the rotation of the key. The company also needs the ability to deactivate the key and schedule the key for deletion.

Which solution will meet these requirements?

Options:

A.

Create an asymmetric customer managed KMS key. Enable automatic key rotation.

B.

Create a symmetric customer managed KMS key. Disable the envelope encryption option.

C.

Create a symmetric customer managed KMS key. Enable automatic key rotation.

D.

Create an asymmetric customer managed KMS key. Disable the envelope encryption option.

Buy Now
Questions 213

A company uses a general-purpose instance class Amazon RDS for MySQL DB instance in a Multi-AZ configuration. The finance team runs SQL queries to generate reports. Customers experience performance issues during report generation.

A solutions architect needs to minimize the effect of the reporting job on the DB instance.

Which solution will meet these requirements?

Options:

A.

Create a proxy in Amazon RDS Proxy. Update the reporting job to query the proxy endpoint.

B.

Update the RDS DB instance configuration to use three Availability Zones.

C.

Add an RDS read replica. Update the reporting job to query the replica endpoint.

D.

Change the RDS configuration to a memory-optimized instance class.

Buy Now
Questions 214

A company has a website that handles dynamic traffic loads. The website architecture is based on Amazon EC2 instances in an Auto Scaling group that is configured to use scheduled scaling. Each EC2 instance runs code from an Amazon Elastic File System (Amazon EFS) volume and stores shared data back to the same volume.

The company wants to optimize costs for the website.

Which solution will meet this requirement?

Options:

A.

Reconfigure the Auto Scaling group to set a desired number of instances. Turn off scheduled scaling.

B.

Create a new launch template version for the Auto Scaling group that uses larger EC2 instances.

C.

Reconfigure the Auto Scaling group to use a target tracking scaling policy.

D.

Replace the EFS volume with instance store volumes.

Buy Now
Questions 215

A company needs a solution to prevent photos with unwanted content from being uploaded to the company’s web application. The solution must not involve training a machine learning (ML) model.

Which solution will meet these requirements?

Options:

A.

Create and deploy a model by using Amazon SageMaker Autopilot. Create a real-time endpoint that the web application invokes when new photos are uploaded.

B.

Create an AWS Lambda function that uses Amazon Rekognition to detect unwanted content. Create a Lambda function URL that the web application invokes when new photos are uploaded.

C.

Create an Amazon CloudFront function that uses Amazon Comprehend to detect unwanted content. Associate the function with the web application.

D.

Create an AWS Lambda function that uses Amazon Rekognition Video to detect unwanted content. Create a Lambda function URL that the web application invokes when new photos are uploaded.

Buy Now
Questions 216

A developer is creating an ecommerce workflow in an AWS Step Functions state machine that includes an HTTP Task state. The task passes shipping information and order details to an endpoint.

The developer needs to test the workflow to confirm that the HTTP headers and body are correct and that the responses meet expectations.

Which solution will meet these requirements?

Options:

A.

Use the TestState API to invoke only the HTTP Task. Set the inspection level to TRACE.

B.

Use the TestState API to invoke the state machine. Set the inspection level to DEBUG.

C.

Use the data flow simulator to invoke only the HTTP Task. View the request and response data.

D.

Change the log level of the state machine to ALL. Run the state machine.

Buy Now
Questions 217

A company wants to implement a data lake in the AWS Cloud. The company must ensure that only specific teams have access to sensitive data in the data lake. The company must have row-level access control for the data lake.

Options:

Options:

A.

Use Amazon RDS to store the data. Use IAM roles and permissions for data governance and access control.

B.

Use Amazon Redshift to store the data. Use IAM roles and permissions for data governance and access control.

C.

Use Amazon S3 to store the data. Use AWS Lake Formation for data governance and access control.

D.

Use AWS Glue Catalog to store the data. Use AWS Glue DataBrew for data governance and access control.

Buy Now
Questions 218

A company is building a serverless application that processes large volumes of data from a mobile app. The application uses an AWS Lambda function to process the data and store the data in an Amazon DynamoDB table.

The company needs to ensure that the application can recover from failures and continue processing data without losing any records.

Which solution will meet these requirements?

Options:

A.

Configure the Lambda function to use a dead-letter queue with an Amazon Simple Queue Service (Amazon SQS) queue. Configure Lambda to retry failed records from the dead-letter queue. Use a retry mechanism by implementing an exponential backoff algorithm.

B.

Configure the Lambda function to read records from Amazon Data Firehose. Replay the Firehose records in case of any failures.

C.

Use Amazon OpenSearch Service to store failed records. Configure AWS Lambda to retry failed records from OpenSearch Service. Use Amazon EventBridge to orchestrate the retry logic.

D.

Use Amazon Simple Notification Service (Amazon SNS) to store the failed records. Configure Lambda to retry failed records from the SNS topic. Use Amazon API Gateway to orchestrate the retry calls.

Buy Now
Questions 219

A company uses AWS Lake Formation to govern its S3 data lake. It wants to visualize data in QuickSight by joining S3 data with Aurora MySQL operational data. The marketing team must see only specific columns.

Which solution provides column-level authorization with the least operational overhead?

Options:

A.

Use EMR to ingest database data into SPICE with only required columns.

B.

Use AWS Glue Studio to ingest database data into S3 and use IAM policies for column control.

C.

Use AWS Glue Elastic Views to create materialized S3 views with column restrictions.

D.

Use a Lake Formation blueprint to ingest database data to S3. Use Lake Formation for column-level access control. Use Athena as the QuickSight data source.

Buy Now
Questions 220

A company is developing a new application that uses a relational database to store user data and application configurations. The company expects the application to have steady user growth. The company expects the database usage to be variable and read-heavy, with occasional writes.

The company wants to cost-optimize the database solution. The company wants to use an AWS managed database solution that will provide the necessary performance.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Deploy the database on Amazon RDS. Use Provisioned IOPS SSD storage to ensure consistent performance for read and write operations.

B.

Deploy the database on Amazon Aurora Serveriess to automatically scale the database capacity based on actual usage to accommodate the workload.

C.

Deploy the database on Amazon DynamoDB. Use on-demand capacity mode to automatically scale throughput to accommodate the workload.

D.

Deploy the database on Amazon RDS Use magnetic storage and use read replicas to accommodate the workload

Buy Now
Questions 221

A company runs an application on Microsoft SQL Server databases in an on-premises data center. The company wants to migrate to AWS and optimize costs for its infrastructure on AWS.

Which solution will meet these requirements?

Options:

A.

Migrate the databases to Amazon EC2 instances that use SQL Server Amazon Machine Images (AMIs) provided by AWS.

B.

Migrate to Amazon Aurora PostgreSQL by using Babelfish for Aurora PostgreSQL.

C.

Migrate the databases to a PostgreSQL database that runs on Amazon EC2 instances.

D.

Migrate the databases to Amazon RDS for Microsoft SQL Server.

Buy Now
Questions 222

A company must follow strict regulations for the management of data encryption keys. The company manages its own key externally and imports the key into AWS Key Management Service (AWS KMS). The company must control the imported key material and must rotate the key material on a regular schedule.

A solutions architect needs to import the key material into AWS KMS and rotate the key without interrupting applications that use the key.

Which solution will meet these requirements?

Options:

A.

Create a new AWS KMS key that has the same key ID as the existing key. Import new key material into the key.

B.

Schedule the existing AWS KMS key for deletion. Create a new KMS key that has new key material.

C.

Import new key material into the existing AWS KMS key. Set an expiration time for the old key material.

D.

Enable automatic key rotation for the existing AWS KMS key.

Buy Now
Questions 223

A company uses AWS CloudFormation to deploy IAM resources within accounts that AWS Control Tower governs. The security team wants to prevent the deployment of IAM roles that include inline policies with the following statements:

" Effect " : " Allow " , " Action " : " * " , " Resource " : " * "

Which solution will meet this requirement?

Options:

A.

Use AWS Control Tower proactive controls to block CloudFormation stacks that match these inline policy statements.

B.

Use AWS Control Tower detective controls to detect and delete IAM inline policies that contain these statements upon deployment.

C.

Use AWS Config to create a rule that detects these statements in any inline IAM policies. Configure the rule to automatically remove these statements by using the AWS-DeleteIAMInlinePolicy remediation.

D.

Use AWS Config to create a rule that detects these statements in inline IAM policies and sends a notification to the security team.

Buy Now
Questions 224

A company is running a business-critical web application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database that is deployed in a single Availability Zone. The company wants the application to be highly available with minimum downtime and minimum loss of data.

Which solution will meet these requirements with the LEAST operational effort?

Options:

A.

Place the EC2 instances in different AWS Regions. Use Amazon Route 53 health checks to redirect traffic. Use Aurora PostgreSQL Cross-Region Replication.

B.

Configure the Auto Scaling group to use multiple Availability Zones. Configure the database as Multi-AZ. Configure an Amazon RDS Proxy instance for the database.

C.

Configure the Auto Scaling group to use one Availability Zone. Generate hourly snapshots of the database. Recover the database from the snapshots in the event of a failure.

D.

Configure the Auto Scaling group to use multiple AWS Regions. Write the data from the application to Amazon S3. Use S3 Event Notifications to launch an AWS Lambda function to write the data to the database.

Buy Now
Questions 225

A company ' s data platform uses an Amazon Aurora MySQL database. The database has multiple read replicas and multiple DB instances across different Availability Zones. Users have recently reported errors from the database that indicate that there are too many connections. The company wants to reduce the failover time by 20% when a read replica is promoted to primary writer.

Which solution will meet this requirement?

Options:

A.

Switch from Aurora to Amazon RDS with Multi-AZ cluster deployment.

B.

Use Amazon RDS Proxy in front of the Aurora database.

C.

Switch to Amazon DynamoDB with DynamoDB Accelerator DAX for read connections.

D.

Switch to Amazon Redshift with relocation capability.

Buy Now
Questions 226

A company has an on-premises MySQL database that handles transactional data. The company is migrating the database to the AWS Cloud. The migrated database must maintain compatibility with the company ' s applications that use the database. The migrated database also must scale automatically during periods of increased demand.

Which migration solution will meet these requirements?

Options:

A.

Use native MySQL tools to migrate the database to Amazon RDS for MySQL. Configure elastic storage scaling.

B.

Migrate the database to Amazon Redshift by using the mysqldump utility. Turn on Auto Scaling for the Amazon Redshift cluster.

C.

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora. Turn on Aurora Auto Scaling.

D.

Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB. Configure an Auto Scaling policy.

Buy Now
Questions 227

A company is redesigning a static website. The company needs a solution to host the new website in the company ' s AWS account. The solution must be secure and scalable.

Which combination of solutions will meet these requirements? (Select THREE.)

Options:

A.

Configure an Amazon CloudFront distribution. Set the Amazon S3 bucket as the origin.

B.

Associate an AWS Certificate Manager (ACM) TLS certificate to the Amazon CloudFront distribution.

C.

Enable static website hosting for the Amazon S3 bucket.

D.

Create an Amazon S3 bucket to store the static website content.

E.

Export the website ' s SSL/TLS certificate from AWS Certificate Manager (ACM) to the root of the Amazon S3 bucket.

F.

Turn off Block Public Access for the Amazon S3 bucket.

Buy Now
Questions 228

A company runs several websites on AWS for its different brands Each website generates tens of gigabytes of web traffic logs each day. A solutions architect needs to design a scalable solution to give the company ' s developers the ability to analyze traffic patterns across all the company ' s websites. This analysis by the developers will occur on demand once a week over the course of several months. The solution must support queries with standard SQL.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Store the logs in Amazon S3. Use Amazon Athena for analysis.

B.

Store the logs in Amazon RDS. Use a database client for analysis.

C.

Store the logs in Amazon OpenSearch Service. Use OpenSearch Service for analysis.

D.

Store the logs in an Amazon EMR cluster. Use a supported open-source framework for SQL-based analysis.

Buy Now
Questions 229

A company is developing a new application that will run on Amazon EC2 instances. The application needs to access multiple AWS services.

The company needs to ensure that the application will not use long-term access keys to access AWS services.

Options:

A.

Create an IAM user. Assign the IAM user to the application. Create programmatic access keys for the IAM user. Embed the access keys in the application code.

B.

Create an IAM user that has programmatic access keys. Store the access keys in AWS Secrets Manager. Configure the application to retrieve the keys from Secrets Manager when the application runs.

C.

Create an IAM role that can access AWS Systems Manager Parameter Store. Associate the role with each EC2 instance profile. Create IAM access keys for the AWS services, and store the keys in Parameter Store. Configure the application to retrieve the keys from Parameter Store when the application runs.

D.

Create an IAM role that has permissions to access the required AWS services. Associate the IAM role with each EC2 instance profile.

Buy Now
Questions 230

A company is moving data from an on-premises data center to the AWS Cloud. The company must store all its data in an Amazon S3 bucket. To comply with regulations, the company must also ensure that the data will be protected against overwriting indefinitely.

Which solution will ensure that the data in the S3 bucket cannot be overwritten?

Options:

A.

Enable versioning for the S3 bucket. Use server-side encryption with Amazon S3 managed keys (SSE-S3) to protect the data.

B.

Disable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a retention period of 1 year.

C.

Enable versioning for the S3 bucket. Configure S3 Object Lock for the S3 bucket with a legal hold.

D.

Configure S3 Storage Lens for the S3 bucket. Use server-side encryption with customer-provided keys (SSE-C) to protect the data.

Buy Now
Questions 231

A company is designing a new web application that will run on Amazon EC2 instances. The application will use Amazon DynamoDB for backend data storage. The application traffic will be unpredictable. The company expects that the application read and write throughput to the database will be moderate to high. The company needs to scale in response to application traffic.

Which DynamoDB table configuration will meet these requirements MOST cost-effectively?

Options:

A.

Configure DynamoDB with provisioned read and write by using the DynamoDB Standard table class. Set DynamoDB auto scaling to a maximum defined capacity.

B.

Configure DynamoDB in on-demand mode by using the DynamoDB Standard table class.

C.

Configure DynamoDB with provisioned read and write by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class. Set DynamoDB auto scaling to a maximum defined capacity.

D.

Configure DynamoDB in on-demand mode by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class.

Buy Now
Questions 232

A company runs a mobile game app on AWS. The app stores data for every user session. The data updates frequently during a gaming session. The app stores up to 256 KB for each session. Sessions can last up to 48 hours.

The company wants to automate the deletion of expired session data. The company must be able to restore all session data automatically if necessary.

Which solution will meet these requirements?

Options:

A.

Use an Amazon DynamoDB table to store the session data. Enable point-in-time recovery (PITR) and TTL for the table. Select the corresponding attribute for TTL in the session data.

B.

Use an Amazon MemoryDB table to store the session data. Enable point-in-time recovery (PITR) and TTL for the table. Select the corresponding attribute for TTL in the session data.

C.

Store session data in an Amazon S3 bucket. Use the S3 Standard storage class. Enable S3 Versioning for the bucket. Create an S3 Lifecycle configuration to expire objects after 48 hours.

D.

Store session data in an Amazon S3 bucket. Use the S3 Intelligent-Tiering storage class. Enable S3 Versioning for the bucket. Create an S3 Lifecycle configuration to expire objects after 48 hours.

Buy Now
Questions 233

An ecommerce company runs Its application on AWS. The application uses an Amazon Aurora PostgreSQL cluster in Multi-AZ mode for the underlying database. During a recent promotionalcampaign, the application experienced heavy read load and write load. Users experienced timeout issues when they attempted to access the application.

A solutions architect needs to make the application architecture more scalable and highly available.

Which solution will meet these requirements with the LEAST downtime?

Options:

A.

Create an Amazon EventBndge rule that has the Aurora cluster as a source. Create an AWS Lambda function to log the state change events of the Aurora cluster. Add the Lambda function as a target for the EventBndge rule Add additional reader nodes to fail over to.

B.

Modify the Aurora cluster and activate the zero-downtime restart (ZDR) feature. Use Database Activity Streams on the cluster to track the cluster status.

C.

Add additional reader instances to the Aurora cluster Create an Amazon RDS Proxy target group for the Aurora cluster.

D.

Create an Amazon ElastiCache for Redis cache. Replicate data from the Aurora cluster to Redis by using AWS Database Migration Service (AWS DMS) with a write-around approach.

Buy Now
Questions 234

A company has resources across multiple AWS Regions and accounts. A new solutions architect needs to build a map of the workloads and their relationships but has no documentation from the previous employee.

Which solution will provide these details with the least operational effort?

Options:

A.

Use AWS Systems Manager Inventory to generate a map from the detailed report.

B.

Use AWS Step Functions to collect workload details and build diagrams manually.

C.

Use Workload Discovery on AWS to generate architecture diagrams.

D.

Use AWS X-Ray to view workload details and manually draw diagrams.

Buy Now
Questions 235

A company is using an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The company must ensure that Kubernetes service accounts in the EKS cluster have secure and granular access to specific AWS resources by using IAM roles for service accounts (IRSA).

Which combination of solutions will meet these requirements? (Select TWO.)

Options:

A.

Create an IAM policy that defines the required permissions. Attach the policy directly to the IAM role of the EKS nodes.

B.

Implement network policies within the EKS cluster to prevent Kubernetes service accounts from accessing specific AWS services.

C.

Modify the EKS cluster ' s IAM role to include permissions for each Kubernetes service account. Ensure a one-to-one mapping between IAM roles and Kubernetes roles.

D.

Define an IAM role that includes the necessary permissions. Annotate the Kubernetes service accounts with the Amazon Resource Name (ARN) of the IAM role.

E.

Set up a trust relationship between the IAM roles for the service accounts and an OpenID Connect (OIDC) identity provider.

Buy Now
Questions 236

A gaming company is building an application with Voice over IP capabilities. The application will serve traffic to users across the world. The application needs to be highly available with automated failover across AWS Regions. The company wants to minimize the latency of users without relying on IP address caching on user devices.

What should a solutions architect do to meet these requirements?

Options:

A.

Use AWS Global Accelerator with health checks.

B.

Use Amazon Route 53 with a geolocation routing policy.

C.

Create an Amazon CloudFront distribution that includes multiple origins.

D.

Create an Application Load Balancer that uses path-based routing.

Buy Now
Questions 237

A company runs an application on EC2 instances that need access to RDS credentials stored in AWS Secrets Manager.

Which solution meets this requirement?

Options:

A.

Create an IAM role, and attach the role to each EC2 instance profile. Use an identity-based policy to grant the role access to the secret.

B.

Create an IAM user, and attach the user to each EC2 instance profile. Use a resource-based policy to grant the user access to the secret.

C.

Create a resource-based policy for the secret. Use EC2 Instance Connect to access the secret.

D.

Create an identity-based policy for the secret. Grant direct access to the EC2 instances.

Buy Now
Questions 238

A company collects data from sensors. The company needs a cloud-based solution to store and transform the sensor data to make critical decisions. The solution must store the data for up to 2 days. After 2 days, the solution must delete the data. The company needs to use the transformeddata in an automated workflow that has manual approval steps.

Which solution will meet these requirements?

Options:

A.

Load the data into an Amazon Simple Queue Service (Amazon SQS) queue that has a retention period of 2 days. Use an Amazon EventBridge pipe to retrieve data from the queue, transform the data, and pass the data to an AWS Step Functions workflow.

B.

Load the data into AWS DataSync. Delete the DataSync task after 2 days. Invoke an AWS Lambda function to retrieve the data, transform the data, and invoke a second Lambda function that performs the remaining workflow steps.

C.

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic, transform the data, and send the data to Amazon EC2 instances to perform the remaining workflow steps.

D.

Load the data into an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge pipe to retrieve the data from the topic and transform the data into an appropriate format for an Amazon SQS queue. Use an AWS Lambda function to poll the queue to perform the remaining workflow steps.

Buy Now
Questions 239

A software company needs to upgrade a critical web application. The application is hosted in a public subnet. The EC2 instance runs a MySQL database. The application ' s DNS records are published in an Amazon Route 53 zone.

A solutions architect must reconfigure the application to be scalable and highly available. The solutions architect must also reduce MySQL read latency.

Which combination of solutions will meet these requirements? (Select TWO.)

Options:

A.

Launch a second EC2 instance in a second AWS Region. Use a Route 53 failover routing policy to redirect the traffic to the second EC2 instance.

B.

Create and configure an Auto Scaling group to launch private EC2 instances in multiple Availability Zones. Add the instances to a target group behind a new Application Load Balancer.

C.

Migrate the database to an Amazon Aurora MySQL cluster. Create the primary DB instance and reader DB instance in separate Availability Zones.

D.

Create and configure an Auto Scaling group to launch private EC2 instances in multiple AWS Regions. Add the instances to a target group behind a new Application Load Balancer.

E.

Migrate the database to an Amazon Aurora MySQL cluster with cross-Region read replicas.

Buy Now
Questions 240

A company is running a two-tier web-based application in an on-premises data center. The application layer consists of a single server running a stateful application. The application connects to a PostgreSQL database running on a separate server. The user base is expected to grow significantly, so the company is migrating the application and database to AWS. The solution will use Amazon Aurora PostgreSQL, Amazon EC2 Auto Scaling, and Elastic Load Balancing.

Which solution will provide a consistent user experience that will allow the application and database tiers to scale?

Options:

A.

Enable Aurora Auto Scaling for Aurora Replicas. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

B.

Enable Aurora Auto Scaling for Aurora writers. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

C.

Enable Aurora Auto Scaling for Aurora Replicas. Use an Application Load Balancer with the round robin routing algorithm and sticky sessions enabled.

D.

Enable Aurora Auto Scaling for Aurora writers. Use a Network Load Balancer with the least outstanding requests routing algorithm and sticky sessions enabled.

Buy Now
Questions 241

A company is designing an application to run in a VPC on AWS. The application consists of Amazon EC2 instances that run in private subnets as part of an Auto Scaling group. The application stores data in an Amazon RDS DB instance.

The company attaches a security group named web-servers to the EC2 instances. The company attaches a security group named database to the DB instance.

The company needs a solution to establish communication between the EC2 instances and the DB instance.

Which solution will meet this requirement?

Options:

A.

Configure the inbound rule for the database security group to allow access from the current set of IP addresses that the EC2 instances use.

B.

Configure the inbound rule of the database security group to allow access from the web-servers security group. Configure an outbound rule for the web-servers security group to allow access to the database security group.

C.

Configure the inbound rule of the database security group to allow access by specifying the Auto Scaling group ID.

D.

Configure the outbound rule of the database security group to allow access to the web-servers security group. Configure an inbound rule for the web-servers security group to allow access from the database security group.

Buy Now
Questions 242

A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company is migrating users from IAM to AWS IAM Identity Center.

The company wants to ensure that no new IAM users can be created in any of the member accounts. The company wants to allow only existing IAM users to have access to the accounts.

Which solution will meet these requirements?

Options:

A.

Create a service control policy SCP that denies the iam:CreateUser action. Apply the SCP to all the member accounts in the organization.

B.

Create an IAM policy that denies all IAM write operations. Attach the policy to all the users.

C.

Create an IAM group in each account. Attach a policy that denies the iam:CreateAccessKey action to the IAM group. Add the existing IAM users to the IAM group.

D.

Create a permissions boundary that denies the iam:CreateAccessKey action. Attach the permissions boundary to all IAM users and IAM groups in the organization.

Buy Now
Questions 243

A company has a production Amazon RDS for MySQL database. The company needs to create a new application that will read frequently changing data from the database with minimal impact on the database ' s overall performance. The application will rarely perform the same query more than once.

What should a solutions architect do to meet these requirements?

Options:

A.

Set up an Amazon ElastiCache cluster. Query the results in the cluster.

B.

Set up an Application Load Balancer (ALB). Query the results in the ALB.

C.

Set up a read replica for the database. Query the read replica.

D.

Set up querying of database snapshots. Query the database snapshots.

Buy Now
Questions 244

A company is implementing a new policy to enhance the security of its AWS environment. The policy requires all administrative actions that users perform on the AWS Management Console to be secured by multi-factor authentication (MFA).

Which solution will allow the company to enforce this policy in the MOST operationally efficient way?

Options:

A.

Enable MFA on the root account. Ensure that all administrators use the root account to perform administrative actions.

B.

Create an IAM policy that requires MFA to be enabled for the IAM roles that administrators assume to perform administrative actions.

C.

Configure an Amazon CloudWatch alarm that sends an email notification when an administrator performs an administrative action without MFA.

D.

Use AWS Config to periodically audit IAM users and to automatically attach an IAM policy that requires MFA when AWS Config detects administrative actions.

Buy Now
Questions 245

A company wants to receive an email notification when IAM users are added to or deleted from an AWS account.

Which solution will meet these requirements?

Options:

A.

Enable Amazon Inspector. Create an Amazon EventBridge rule that responds to Amazon Inspector findings. Set the target as an Amazon SNS topic. Set the company ' s email address as a subscriber to the SNS topic.

B.

Enable Amazon GuardDuty. Create an Amazon EventBridge rule that responds to GuardDuty findings. Configure an event pattern of Impact:IAMUser/AnomalousBehavior. Set the target as an Amazon SNS topic. Set the company’s email address as a subscriber to the SNS topic.

C.

Enable Amazon Macie. Create an Amazon EventBridge rule that responds to Macie findings. Set the target as an Amazon SNS topic. Set the company’s email address as a subscriber to the SNS topic.

D.

Enable management events in AWS CloudTrail. Create an Amazon EventBridge rule that responds to AWS API calls through CloudTrail. Configure an event pattern for CreateUser and DeleteUser actions. Set the target as an Amazon SNS topic. Set the company’s email address as a subscriber to the SNS topic.

Buy Now
Questions 246

An ecommerce company stores terabytes of customer data in the AWS Cloud. The data contains personally identifiable information (PII). The company wants to use the data in three applications. Only one of the applications needs to process the PII. The PII must be removed before the other two applications process the data.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Store the data in an Amazon DynamoDB table. Create a proxy application layer to intercept and process the data that each application requests.

B.

Store the data in an Amazon S3 bucket. Process and transform the data by using S3 Object Lambda before returning the data to the requesting application.

C.

Process the data and store the transformed data in three separate Amazon S3 buckets so that each application has its own custom dataset. Point each application to its respective S3 bucket.

D.

Process the data and store the transformed data in three separate Amazon DynamoDB tables so that each application has its own custom dataset. Point each application to its respective DynamoDB table.

Buy Now
Questions 247

A developer needs to export the contents of several Amazon DynamoDB tables into Amazon S3 buckets to comply with company data regulations. The developer uses the AWS CLI to runcommands to export from each table to the proper S3 bucket. The developer sets up AWS credentials correctly and grants resources appropriate permissions. However, the exports of some tables fail.

What should the developer do to resolve this issue?

Options:

A.

Ensure that point-in-time recovery is enabled on the DynamoDB tables.

B.

Ensure that the target S3 bucket is in the same AWS Region as the DynamoDB table.

C.

Ensure that DynamoDB streaming is enabled for the tables.

D.

Ensure that DynamoDB Accelerator (DAX) is enabled.

Buy Now
Questions 248

A company is designing a website that displays stock market prices to users. The company wants to use Amazon ElastiCache (Redis OSS) for the data caching layer. The company needs to ensure that the website ' s data caching layer can automatically fail over to another node if necessary.

Options:

A.

Enable read replicas in ElastiCache (Redis OSS). Promote the read replica when necessary.

B.

Enable Multi-AZ in ElastiCache (Redis OSS).Fail over to a second node when necessary.

C.

Export a backup of the ElastiCache (Redis OSS) cache to an Amazon S3 bucket. Restore the cache to a second cluster when necessary.

D.

Export a backup of the ElastiCache (Redis OSS) cache by using AWS Backup. Restore the cache to a second cluster when necessary.

Buy Now
Questions 249

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.

Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

Options:

A.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.

B.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.

C.

Create an Amazon S3 interface endpoint in the networking account.

D.

Create an Amazon S3 gateway endpoint in the networking account.

E.

Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.

Buy Now
Questions 250

A company is developing a rating system for its ecommerce web application. The company needs a solution to save ratings that users submit in an Amazon DynamoDB table.

The company wants to ensure that developers do not need to interact directly with the DynamoDB table. The solution must be scalable and reusable.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Create an Application Load Balancer (ALB). Create an AWS Lambda function, and set the function as a target group in the ALB. Invoke the Lambda function by using the put_item method through the ALB.

B.

Create an AWS Lambda function. Configure the Lambda function to interact with the DynamoDB table by using the put-item method from Boto3. Invoke the Lambda function from the web application.

C.

Create an Amazon Simple Queue Service (Amazon SQS) queue and an AWS Lambda function that has an SQS trigger type. Instruct the developers to add customer ratings to the SQS queue as JSON messages. Configure the Lambda function to fetch the ratings from the queue and store the ratings in DynamoDB.

D.

Create an Amazon API Gateway REST API Define a resource and create a new POST method Choose AWS as the integration type, and select DynamoDB as the service. Set the action to PutItem.

Buy Now
Questions 251

A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed internet connection.

The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity.

Which solution meets these requirements?

Options:

A.

Turn on S3 Transfer Acceleration on the destination S3 bucket. Use multipart uploads to directly upload site data to the destination S3 bucket.

B.

Upload the data from each site to an S3 bucket in the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3 bucket. Then remove the data from the origin S3 bucket.

C.

Schedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3 bucket.

D.

Upload the data from each site to an Amazon EC2 instance in the closest Region. Store the data in an Amazon Elastic Block Store (Amazon EBS) volume. At regular intervals, take an EBS snapshot and copy it to the Region that contains the destination S3 bucket. Restore the EBS volume in that Region.

Buy Now
Questions 252

Question:

A company recently migrated a large amount of research data to an Amazon S3 bucket. The company needs an automated solution to identify sensitive data in the bucket. A security team also needs to monitor access patterns for the data 24 hours a day, 7 days a week to identify suspicious activities or evidence of tampering with security controls.

Options:

Options:

A.

Set up AWS CloudTrail reporting, and grant the security team read-only access to the CloudTrail reports. Set up an Amazon S3 Inventory report to identify sensitive data. Review the findings with the security team.

B.

Enable Amazon Macie and Amazon GuardDuty on the account. Grant the security team access to Macie and GuardDuty. Review the findings with the security team.

C.

Set up an Amazon S3 Inventory report. Use Amazon Athena and Amazon QuickSight to identify sensitive data. Create a dashboard for the security team to review findings.

D.

Use AWS Identity and Access Management (IAM) Access Advisor to monitor for suspicious activity and tampering. Create a dashboard for the security team. Set up an Amazon S3 Inventory report to identify sensitive data. Review the findings with the security team.

Buy Now
Questions 253

A company has an application that runs on a single Amazon EC2 instance. The application uses a MySQL database that runs on the same EC2 instance. The company needs a highly available and automatically scalable solution to handle increased traffic.

Which solution will meet these requirements?

Options:

A.

Deploy the application to EC2 instances that run in an Auto Scaling group behind an Application Load Balancer. Create an Amazon Redshift cluster that has multiple MySQL-compatible nodes.

B.

Deploy the application to EC2 instances that are configured as a target group behind an Application Load Balancer. Create an Amazon RDS for MySQL cluster that has multiple instances.

C.

Deploy the application to EC2 instances that run in an Auto Scaling group behind an Application Load Balancer. Create an Amazon Aurora Serverless MySQL cluster for the database layer.

D.

Deploy the application to EC2 instances that are configured as a target group behind an Application Load Balancer. Create an Amazon ElastiCache (Redis OSS) cluster that uses the MySQL connector.

Buy Now
Questions 254

A company hosts its order processing system on AWS. The architecture consists of a frontend and a backend. The frontend includes an Application Load Balancer (ALB) and Amazon EC2 instances in an Auto-Scaling group. The backend includes an EC2 instance and an Amazon RDS MySQL database.

To prevent incomplete or lost orders, the company wants to ensure that order states are always preserved. The company wants to ensure that every order will eventually be processed, even after an outage or pause. Every order must be processed exactly once.

Options:

A.

Create an Auto Scaling group and an ALB for the backend. Create a read replica for the RDS database in a second Availability Zone. Update the backend RDS endpoint.

B.

Create an Auto Scaling group and an ALB for the backend. Create an Amazon RDS proxy in front of the RDS database. Update the backend EC2 instance to use the Amazon RDS proxy endpoint.

C.

Create an Auto Scaling group for the backend. Configure the backend EC2 instances to con-sume messages from an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Configure a dead-letter queue (DLQ) for the SQS queue.

D.

Create an AWS Lambda function to replace the backend EC2 instance. Subscribe the func-tion to an Amazon Simple Notification Service (Amazon SNS) topic. Configure the frontend to send orders to the SNS topic.

Buy Now
Questions 255

A company that has multiple AWS accounts maintains an on-premises Microsoft Active Directory. The company needs a solution to implement Single Sign-On for its employees. The company wants to use AWS IAM Identity Center.

The solution must meet the following requirements:

Allow users to access AWS accounts and third-party applications by using existing Active Directory credentials.

Enforce multi-factor authentication (MFA) to access AWS accounts.

Centrally manage permissions to access AWS accounts and applications.

Options:

Options:

A.

Create an IAM identity provider for Active Directory in each AWS account. Ensure that Active Directory users and groups access AWS accounts directly through IAM roles. Use IAM Identity Center to enforce MFA in each account for all users.

B.

Use AWS Directory Service to create a new AWS Managed Microsoft AD Active Directory. Configure IAM Identity Center in each account to use the new AWS Managed Microsoft AD Active Directory as the identity source. Use IAM Identity Center to enforce MFA for all users.

C.

Use IAM Identity Center with the existing Active Directory as the identity source. Enforce MFA for all users. Use AWS Organizations and Active Directory groups to manage access permissions for AWS accounts and application access.

D.

Use AWS Lambda functions to periodically synchronize Active Directory users and groups with IAM users and groups in each AWS account. Use IAM roles and policies to manage application access. Create a second Lambda function to enforce MFA.

Buy Now
Questions 256

A company is storing data in Amazon S3 buckets. The company needs to retain any objects that contain personally identifiable information (PII) that might need to be reviewed.

A solutions architect must develop an automated solution to identify objects that contain PII and apply the necessary controls to prevent deletion before review.

Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

Options:

A.

Create a job in Amazon Macie to scan the S3 buckets for the relevant sensitive data identifiers.

B.

Move the identified objects to the S3 Glacier Deep Archive storage class.

C.

Create an AWS Lambda function that performs an S3 Object Lock legal hold operation on the identified objects.

D.

Create an AWS Lambda function that applies an S3 Object Lock retention period to the identified objects in governance mode.

E.

Create an Amazon EventBridge rule that invokes the AWS Lambda function when Amazon Macie detects sensitive data.

F.

Configure multi-factor authentication (MFA) delete on the S3 buckets.

Buy Now
Questions 257

A solutions architect has an application container, an AWS Lambda function, and an Amazon Simple Queue Service (Amazon SQS) queue. The Lambda function uses the SQS queue as an event source. The Lambda function makes a call to a third-party machine learning (ML) API when the function is invoked. The response from the third-party API can take up to 60 seconds to return.

The Lambda function ' s timeout value is currently 65 seconds. The solutions architect has noticed that the Lambda function sometimes processes duplicate messages from the SQS queue.

What should the solutions architect do to ensure that the Lambda function does not process duplicate messages?

Options:

A.

Configure the Lambda function with a larger amount of memory.

B.

Configure an increase in the Lambda function ' s timeout value.

C.

Configure the SQS queue ' s delivery delay value to be greater than the maximum time it takes to call the third-party API.

D.

Configure the SQS queue ' s visibility timeout value to be greater than the maximum time it takes to call the third-party API.

Buy Now
Questions 258

A company uses AWS WAF to protect its web applications. A solutions architect configures a web ACL that uses several rules, including a rule that inspects the HTTP request body for malicious content.

The solutions architect notices that the web ACL is not inspecting large HTTP POST requests properly. As a result, suspicious activities are not being detected. Some large HTTP POST requests are more than 8 MB in size.

The solutions architect must ensure that the web ACL inspects the large HTTP POST requests properly.

Which solution will meet this requirement?

Options:

A.

Create two custom AWS WAF rules. Configure one rule to block all oversized requests. Configure the second rule with a higher priority to allow large requests from legitimate hosts.

B.

Enable AWS Shield Advanced. Reconfigure the web ACL to block oversized requests by using Shield Advanced.

C.

Verify that the Content-Type header is correctly set in the HTTP requests that AWS WAF rules inspect.

D.

Create an AWS Lambda function to preprocess the large requests before AWS rules inspect the requests.

Buy Now
Questions 259

A home security company is expanding its business globally. The company needs to encrypt customer data. The company does not want to manage its own keys. The company needs the keys to be usable in multiple AWS Regions and needs to control access to the keys.

Which solution will meet these requirements with the LEAST operational overhead?

Options:

A.

Use AWS Key Management Service (AWS KMS) to create multi-Region keys. Apply tags to identify each key. Use attribute-based access control (ABAC) condition keys to control access to the keys.

B.

Use AWS Key Management Service (AWS KMS) to create multiple keys by importing key material. Apply tags to identify each key. Use attribute-based access control (ABAC) condition keys to control access to the keys.

C.

Use AWS CloudHSM to create a CloudHSM cluster in the company ' s primary Region. Synchronize the CloudHSM cluster to additional Regions by using the CloudHSM Management Utility (CMU).

D.

Use AWS CloudHSM to create users. Use the CloudHSM Management Utility (CMU) to share keys with the users. Use the shareKey command to share or unshare the key with additional users in each Region.

Buy Now
Questions 260

A company wants to protect AWS-hosted resources, including Application Load Balancers and CloudFront distributions. They need near real-time visibility into attacks and a dedicated AWS response team for DDoS events.

Which AWS service meets these requirements?

Options:

A.

AWS WAF

B.

AWS Shield Standard

C.

Amazon Macie

D.

AWS Shield Advanced

Buy Now
Questions 261

A healthcare company is running an Amazon EMR cluster on Amazon EC2 instances to process data that is stored in Amazon S3. The company must ensure that the data processing jobs have access only to the relevant data in Amazon S3. Each job must have specific EMR runtime roles.

Which combination of steps will meet these requirements? (Select THREE.)

Options:

A.

Set up security configurations in Amazon EMR, and set EnableApplicationScopedIAMRole to true.

B.

Set up runtime roles to assume the EC2 instance profile of the Amazon EMR cluster.

C.

Set up an EC2 instance profile for the Amazon EMR cluster to assume the runtime roles.

D.

For each IAM role that serves as an EMR runtime role, set up a trust policy with the EC2 instance profile role.

E.

Establish a trust policy between the EMR runtime roles and the EMR service role of the cluster.

F.

Set up security configurations in Amazon EMR, and set EnableInTransitEncryption to true.

Buy Now
Questions 262

A company wants to restrict access to the content of its web application. The company needs to protect the content by using authorization techniques that are available on AWS. The company also wants to implement a serverless architecture for authorization and authentication that has low login latency.

The solution must integrate with the web application and serve web content globally. The application currently has a small user base, but the company expects the application ' s user base to increase

Which solution will meet these requirements?

Options:

A.

Configure Amazon Cognito for authentication. Implement Lambda@Edge for authorization. Configure Amazon CloudFront to serve the web application globally

B.

Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement AWS Lambda for authorization. Use an Application Load Balancer to serve the web application globally.

C.

Configure Amazon Cognito for authentication. Implement AWS Lambda for authorization Use Amazon S3 Transfer Acceleration to serve the web application globally.

D.

Configure AWS Directory Service for Microsoft Active Directory for authentication. Implement Lambda@Edge for authorization. Use AWS Elastic Beanstalk to serve the web application globally.

Buy Now
Questions 263

A company runs a container application on a Kubernetes cluster in the company ' s data center. The application uses Advanced Message Queuing Protocol (AMQP) to communicate with a message queue. The data center cannot scale fast enough to meet the company ' s expanding business needs. The company wants to migrate the workloads to AWS.

Which solution will meet these requirements with the LEAST overhead?

Options:

A.

Migrate the container application to Amazon ECS. Use Amazon SQS to retrieve the messages.

B.

Migrate the container application to Amazon EKS. Use Amazon MQ to retrieve the messages.

C.

Use highly available Amazon EC2 instances to run the application. Use Amazon MQ to retrieve the messages.

D.

Use AWS Lambda functions to run the application. Use Amazon SQS to retrieve the messages.

Buy Now
Questions 264

A company is developing a social media application that must scale rapidly and handle long-running, ordered processes that store large amounts of relational data. Components must scale independently and evolve without downtime.

Which combination of AWS services will meet these requirements?

Options:

A.

Amazon ECS with Fargate, Amazon RDS, and Amazon SQS

B.

Amazon ECS with Fargate, Amazon RDS, and Amazon SNS

C.

AWS Lambda, Amazon DynamoDB Streams, and AWS Step Functions

D.

AWS Elastic Beanstalk, Amazon RDS, and Amazon SNS

Buy Now
Questions 265

A solutions architect is designing the architecture for a web application that has a frontend and a backend. The backend services must receive data from the frontend services for processing. The frontend must manage access to the application by using API keys. The backend must scale without affecting the frontend.

Which solution will meet these requirements?

Options:

A.

Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use AWS Lambda functions as the backend to read from the queue.

B.

Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Queue Service (Amazon SQS) queue. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate as the backend to read from the queue.

C.

Deploy an Amazon API Gateway REST API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use AWS Lambda functions as the backend. Subscribe the Lambda functions to the topic.

D.

Deploy an Amazon API Gateway HTTP API as the frontend to direct traffic to an Amazon Simple Notification Service (Amazon SNS) topic. Use Amazon Elastic Kubernetes Service (Amazon EKS) on AWS Fargate as the backend. Subscribe Amazon EKS to the topic.

Buy Now
Questions 266

A company has a serverless web application that is comprised of AWS Lambda functions. The application experiences spikes in traffic that cause increased latency because of cold starts. The company wants to improve the application’s ability to handle traffic spikes and to minimize latency. The solution must optimize costs during periods when traffic is low.

Options:

A.

Configure provisioned concurrency for the Lambda functions. Use AWS Application Auto Scaling to adjust the provisioned concurrency.

B.

Launch Amazon EC2 instances in an Auto Scaling group. Add a scheduled scaling policy to launch additional EC2 instances during peak traffic periods.

C.

Configure provisioned concurrency for the Lambda functions. Set a fixed concurrency level to handle the maximum expected traffic.

D.

Create a recurring schedule in Amazon EventBridge Scheduler. Use the schedule to invoke the Lambda functions periodically to warm the functions.

Buy Now
Questions 267

A company hosts customer data in an Amazon S3 bucket. The company wants to ensure that only specific applications that run on Amazon EC2 instances in a private subnet have access to the S3 bucket. The applications must not require long-term AWS access keys. The company needs to log all access to S3 objects for auditing purposes.

Which solution will meet these requirements?

Options:

A.

Create an S3 bucket policy that allows access only from the private subnet ' s IP range. Configure each EC2 instance to use access keys that are stored in AWS Systems Manager Parameter Store. Configure Amazon S3 server access logging.

B.

Create an IAM role that has access to the S3 bucket. Attach the IAM role to the EC2 instances. Update the bucket policy to allow access only for the role. Use AWS CloudTrail to log data events for the bucket.

C.

Create an IAM user, an access key, and a secret key. Store the keys in AWS Secrets Manager. Configure the EC2 instances to retrieve the keys. Use AWS CloudTrail management events to track bucket access.

D.

Create a gateway VPC endpoint for Amazon S3. Update the S3 bucket policy to allow access only through the endpoint. Attach an IAM role to the EC2 instances that has appropriate S3 permissions. Use VPC Flow Logs to track VPC endpoint activity.

Buy Now
Questions 268

A company wants to grant an external vendor temporary, limited access to an Amazon S3 bucket to download files. The company does not want the external vendor to have access to the bucket for a long period of time.

Which solution will meet these requirements in the MOST secure way?

Options:

A.

Create an IAM user and programmatic access keys. Attach an IAM policy to the user that allows read-only access to the S3 bucket. Share the IAM user and programmatic access keys with the external vendor.

B.

Add a bucket policy to the S3 bucket that grants access based on the external vendor ' s IP address range.

C.

Create a presigned URL for each required object in the S3 bucket. Share the presigned URLs with the external vendor.

D.

Create an IAM role and temporary access keys. Attach an IAM policy to the role that allows read-only access to the S3 bucket. Share the IAM role temporary access keys with the external vendor.

Buy Now
Questions 269

A company plans to deploy containerized microservices in the AWS Cloud. The containers must mount a persistent file store that the company can manage by using OS-level permissions. The company requires fully managed services to host the containers and file store.

Options:

A.

Use AWS Lambda functions and an Amazon API Gateway REST API to handle the microservices. Use Amazon S3 buckets for storage.

B.

Use Amazon EC2 instances to host the microservices. Use Amazon Elastic Block Store (Amazon EBS) volumes for storage.

C.

Use Amazon Elastic Container Service (Amazon ECS) containers on AWS Fargate to handle the microservices. Use an Amazon Elastic File System (Amazon EFS) file system for storage.

D.

Use Amazon Elastic Container Service (Amazon ECS) containers on AWS Fargate to handle the microservices. Use an Amazon EC2 instance that runs a dedicated file store for storage.

Buy Now
Questions 270

A company is developing an application that uses an Amazon Aurora MySQL database. The company plans to regularly make changes to the MySQL database schema to test new features. The tests must not affect the existing production database.

When the company finishes testing, a developer needs to replicate the changes to the production database. The solution must cause minimal downtime.

Which solution will meet these requirements?

Options:

A.

Create a new staging Aurora MySQL database cluster based on the existing database. Make the schema changes to the new staging database cluster to test the new features.

B.

Create a read replica based on the existing Aurora MySQL database. Make the schema changes to the read replica. Promote the read replica to primary after successful testing.

C.

Create a blue/green deployment of the Aurora MySQL database. Make schema changes in the staging environment to test new features. Direct traffic from the green environment to the blue environment when testing is complete.

D.

Replicate the Aurora MySQL database to an Amazon DynamoDB table. Make the schema changes to the DynamoDB table to test the new features. Configure the application to use the DynamoDB table when testing is complete.

Buy Now
Questions 271

A company is launching a new application that requires a structured database to store user profiles, application settings, and transactional data. The database must be scalable with application traffic and must offer backups.

Which solution will meet these requirements MOST cost-effectively?

Options:

A.

Deploy a self-managed database on Amazon EC2 instances by using open source software. Use Spot Instances for cost optimization. Configure automated backups to Amazon S3.

B.

Use Amazon RDS. Use on-demand capacity mode for the database with General Purpose SSD storage. Configure automatic backups with a retention period of 7 days.

C.

Use Amazon Aurora Serverless for the database. Use serverless capacity scaling. Configure automated backups to Amazon S3.

D.

Deploy a self-managed NoSQL database on Amazon EC2 instances. Use Reserved Instances for cost optimization. Configure automated backups directly to Amazon S3 Glacier Flexible Retrieval.

Buy Now
Questions 272

A company stores sensitive financial reports in an Amazon S3 bucket. To comply with auditing requirements, the company must encrypt the data at rest. Users must not have the ability to change the encryption method or remove encryption when the users upload data. The company must be able to audit all encryption and storage actions. Which solution will meet these requirements and provide the MOST granular control?

Options:

A.

Enable default server-side encryption with Amazon S3 managed keys (SSE-S3) for the S3 bucket. Apply a bucket policy that denies any upload requests that do not include the x-amz-server-side-encryption header.

B.

Configure server-side encryption with AWS KMS (SSE-KMS) keys. Use an S3 bucket policy to reject any data that is not encrypted by the designated key.

C.

Use client-side encryption before uploading the reports. Store the encryption keys in AWS Secrets Manager.

D.

Enable default server-side encryption with Amazon S3 managed keys (SSE-S3). Use AWS Identity and Access Management (IAM) to prevent users from changing S3 bucket settings.

Buy Now
Questions 273

A company creates operations data and stores the data in an Amazon S3 bucket for the company ' s annual audit, an external consultant needs to access an annual report that is stored in the S3 bucket. The external consultant needs to access the report for 7 days.

The company must implement a solution to allow the external consultant access to only the report.

Which solution will meet these requirements with the MOST operational efficiency?

Options:

A.

Create a new S3 bucket that is configured to host a public static website. Migrate the operations data to the new S3 bucket. Share the S3 website URL with the external consultant.

B.

Enable public access to the S3 bucket for 7 days. Remove access to the S3 bucket when the external consultant completes the audit.

C.

Create a new IAM user that has access to the report in the S3 bucket. Provide the access keys to the external consultant. Revoke the access keys after 7 days.

D.

Generate a presigned URL that has the required access to the location of the report on the S3 bucket. Share the presigned URL with the external consultant.

Buy Now
Exam Code: SAA-C03
Exam Name: AWS Certified Solutions Architect - Associate (SAA-C03)
Last Update: Jun 26, 2026
Questions: 879
SAA-C03 pdf

SAA-C03 PDF

$25.5  $84.99
SAA-C03 Engine

SAA-C03 Testing Engine

$30  $99.99
SAA-C03 PDF + Engine

SAA-C03 PDF + Testing Engine

$40.5  $134.99