QUESTION 181
A company runs an application on an Amazon ECS cluster that uses AWS Fargate on-demand capacity. The application cannot tolerate any sudden interruptions. The company wants to optimize costs for the application and ensure that the application remains operational. Which solution will meet these requirements?
A. Create an On-Demand Capacity Reservation.
B. Purchase Convertible Reserved Instances.
C. Use Fargate Spot capacity instead of on-demand capacity with a rolling update deployment type.
D. Purchase a Compute Savings Plan.
Correct Answer: D
QUESTION 182
A company runs an ecommerce website on AWS. The website architecture uses a single Amazon EC2 instance to run a custom application that handles the website’s functions. The website functions include product catalog management and customer checkout. The company’s website traffic and transaction volume are increasing rapidly. The company wants to re-architect the application from its current monolithic architecture to a loosely-coupled architecture to enable independent scaling. Which solution will meet these requirements?
A. Configure an Auto Scaling group that includes multiple EC2 instances that each run a copy of the application. Use an Application Load Balancer (ALB) to distribute traffic across the EC2 instances.
B. Refactor the application into microservices that run on Amazon ECS containers. Deploy each service to its own container. Use an Application Load Balancer (ALB) to distribute traffic.
C. Refactor the web application and split the logic into frontend and backend tiers. Run the frontend tier on the existing EC2 instance. Add a second EC2 instance to run the backend tier.
D. Migrate the entire application to a Kubernetes cluster that has single container by using Amazon EKS. Implement Amazon Route 53 to geographically distribute traffic.
Correct Answer: B
QUESTION 183
Migrate the entire application to a Kubernetes cluster that has single container by using Amazon EKS. Implement Amazon Route 53 to geographically distribute traffic. A company hosts a single-page application in an Amazon S3 bucket. The company has replicated the application to a second S3 bucket in a separate AWS Region. The company has users in Asia and Europe. A solutions architect must design a solution that redirects each user’s requests to the Region that is closest to the user. Which solution will meet this requirement?
A. Create an AWS Lambda function in one Region. Configure the function to redirect traffic to the closest Region based on the user’s IP address. Use S3 Event Notifications to invoke the function.
B. Create an Application Load Balancer (ALB) to distribute and redirect requests to the S3 bucket that is in the closest Region based on the user’s geolocation.
C. Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Configure CloudFront behaviors to direct user requests to the closest Region based on user geolocation.
D. Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Create an AWS Lambda@Edge function to set a specific header that indicates each user’s location. Create behaviors for each S3 bucket origin to select the origin based on the added header.
Correct Answer: C
QUESTION 184
A company hosts a training website on a fleet of Amazon EC2 instances that run web server software. The company anticipates that a new training product will be extremely popular and will receive high user traffic. The training product consists of dozens of training videos that are hosted on the website. A solutions architect must minimize the load on the company’s web servers. Which solution will meet this requirement?
A. Store the videos in Amazon ElastiCache (Redis OSS). Update the web servers to serve the videos by using the ElastiCache API.
B. Store the videos in an Amazon EFS volume. Create a user data script to mount the EFS volume to the web servers.
C. Store the videos in an Amazon S3 bucket. Configure an Amazon CloudFront distribution, and set the S3 bucket as the origin. Create an origin access control (OAC) to secure access to the S3 bucket.
D. Store the videos in an Amazon S3 bucket. Create an AWS Storage Gateway Amazon S3 File Gateway to access the S3 bucket. Create a user data script to mount the S3 File Gateway to the web servers.
Correct Answer: C
QUESTION 185
A company runs a non-production application on an Amazon EC2 instance that has the Amazon CloudWatch agent installed. The CloudWatch agent monitors application processes and sends custom metrics to CloudWatch. The application has a critical bug that causes crashes that require an instance reboot. The company does not currently have the resources to address the bug, but the server needs to remain as operational as possible. The company manually reboots the instance several times each day. The company needs a solution to automate the instance reboots until the company can address the root cause of the bug. Which solution will meet this requirement with the LEAST amount of perational overhead?
A. Use a CloudWlatch alarm state change event to invoke Amazon EventBrndge to un AWS Systems Manager Run Command to restart the instance
B. Use a CloudWatch alarm to invoke an AWS Lambda function to run AWS Systems Manager Run Command to restart the instance.
C. Use a CloudWatch alarm to invoke an Amazon SNS topic that notifies the operations team to restart the instance.
D. Use a CloudWatch alarm to invoke an AWS Lambda function that automatically notifies the company through chat to restart the instance.
Correct Answer: A
QUESTION 186
A company hosts a training website on a fleet of Amazon EC2 instances that run web server software. The company anticipates that a new training product will be extremely popular and will receive high user traffic. The training product consists of dozens of training videos that are hosted on the website. A solutions architect must minimize the load on the company’s web servers. Which solution will meet this requirement?
A. Store the videos in Amazon ElastiCache (Redis OSS). Update the web servers to serve the videos by using the ElastiCache API.
B. Store the videos in an Amazon EFS volume. Create a user data script to mount the EFS volume to the web servers.
C. Store the videos in an Amazon S3 bucket. Configure an Amazon CloudFront distribution, and set the S3 bucket as the origin. Create an origin access control (OAC) to secure access to the S3 bucket.
D. Store the videos in an Amazon S3 bucket Create an AWS Storage Gateway Amazon S3 File Gateway to access the S3 bucket. Create a user data script to mount the S3 File Gateway to the web servers.
Correct Answer: C
QUESTION 187
A company runs Amazon EC2 Linux instances that do not have public IP addresses. The company hosts the instances in private subnets in a VPC. The company needs to use SSH to access the EC2 instances. The company does not want to maintain long-lived SSH keys or to install additional software on the EC2 instances. The company wants to use IAM for authentication. Which solution will meet these requirements?
A. Set up a bastion host in a new public subnet Use the bastion host to connect to the EC2 instances.
B. Configure an Amazon EC2 Instance Connect endpoint that has the required permissions. Use the Instance Connect endpoint to connect to the EC2 instances.
C. Use the AWS CLI to connect to the EC2 instances.
D. Set up an AWS Direct Connect connection. Establish a private virtual interface (VIF) to connect to the EC2 instances.
Correct Answer: B
QUESTION 188
A company runs a web application that stores user-generated images. The application currently stores 500 GB of images. The average file size of the images is 2 MB. The company expects the total amount of images grow to 2 TB within 6 months. The application needs to serve all stored images with low latency to users from around the world. Which storage solution will meet these requirements MOST cost-effectively?
A. Store images in Amazon EBS volumes that are attached to multiple Amazon EC2 instances across multiple AWS Regions. Serve the content locally based on each user’s location.
B. Store images in an Amazon S3 bucket. Integrate the S3 bucket with Amazon CloudFront. Integrate the web application with a CloudFront endpoint to provide global access.
C. Store the images in an Amazon EFS file system. Use the Standard storage class with Regional access. Enable cross-Region replication to provide high-availability and global access.
D. Deploy Amazon FSx for Windows File Server in two AWS Regions. Set up Windows File Server Replication across Regions to provide global access.
Correct Answer: B
QUESTION 189
A company is building an application on an Amazon ECS cluster that uses the AWS Fargate launch type. The application must read files from a private Amazon S3 bucket. The company needs to design a security solution to allow ECS tasks to retrieve data from the S3 bucket. Which solution will meet these requirements with the LEAST administrative effort?
A. Assign an inline IAM policy to the task role that is configured in the ECS task definition. Configure the policy to grant access to the S3 bucket.
B. Create an IAM user that has programmatic access to the S3 bucket. Store the IAM user credentials as a parameter in AWS Systems Manager Parameter Store. Configure the ECS task definition to read the parameter during runtime.
C. Assign an IAM policy to the task execution role that is configured in the ECS task definition. Configure the policy to grant access to the S3 bucket.
D. Create an IAM user and access keys for the S3 bucket. Store the access credentials as a secret in AWS Secrets Manager. Configure the ECS task definition to read the secret during runtime.
Correct Answer: A
QUESTION 190
An ecommerce company has an application that uses Amazon DynamoDB tables that are configured with provisioned capacity. Order data is stored in a table named Orders. The Orders table has a primary key of order-ID and a sort key of product-ID. The company configured an AWS Lambda function to receive DynamoDB streams from the Orders table and to update a table named Inventory. The company has noticed that during peak sales periods, updates to the Inventory table take longer than the company can tolerate. Which solutions will resolve the slow table updates? (Select TWO.)
A. Add a global secondary index to the Orders table. Include the product-ID attribute.
B. Set the batch size attribute of the DynamoDB streams to be based on the size of items in the Orders table.
C. Increase the DynamoDB table provisioned capacity by 1,000 write capacity units (WCUs).
D. Increase the DynamoDB table provisioned capacity by 1,000 read capacity units (RCUs).
E. Increase the timeout of the Lambda function to 15 minutes.
Correct Answer: BC
QUESTION 191
A company is building an application that needs to process real-time streaming data. The application must process and transform the data and then store the data for later analysis. Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Kinesis Data Streams to ingest streaming data. Configure Amazon EC2 instances to process and transform data records from the data streams. Configure the EC2 instances to store the processed and transformed data in an Amazon RDS for MySQL database.
B. Send streaming data to an Amazon SQS queue. Configure AWS Lambda functions to process the data in the SQS queue. Store the processed data in an Amazon DynamoDB table.
C. Use Amazon Kinesis Data Streams to ingest streaming data. Configure an AWS Lambda function to process and transform data records from the data streams. Configure the Lambda function to store the processed and transformed data in an Amazon DynamoDB table.
D. Send streaming data to an Amazon SNS topic. Create an application to process the data on an Amazon EC2 instance. Store the processed data in an Amazon ElastiCache (Memcached) cache.
Correct Answer: C
QUESTION 192
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company is migrating users from IAM to AWS IAM Identity Center. The company wants to ensure that no new IAM users can be created in any of the member accounts. The company wants to allow only existing IAM users to have access to the accounts. Which solution will meet these requirements?
A. Create a service control policy (SCP) that denies the iam:CreateUser action. Apply the SCP to all the member accounts in the organization.
B. Create an IAM policy that denies all IAM write operations. Attach the policy to all the users.
C. Create an IAM group in each account. Attach a policy that denies the iam:Create AccessKey action to the IAM group. Add the existing IAM users to the IAM group.
D. Create a permissions boundary that denies the iam:CreateAccessKey action. Attach the permissions boundary to all IAM users and IAM groups in the organization.
Correct Answer: C
QUESTION 193
An application collects data and generates logs for all operational activities in a company’s AWS Cloud infrastructure. The company wants a solution to store and retain the application logs. The logs must be immutable for 7 years. The company can delete the logs after 7 years. Which solution will meet these requirements in the MOST cost-effective way?
A. Use Amazon S3 Glacier Flexible Retrieval to store the application logs. Configure S3 Object Lock and set a retention period of 7 years.
B. Use Amazon EBS volumes to store the application logs. Configure volume backups by using AWS Backup.
C. Use the Amazon S3 Express One Zone storage class to store the application logs. Configure an S3 bucket policy that requires users to authenticate by using multi-factor authentication (MFA).
D. Use an Amazon EFS file system to store the application logs. Configure file locking for each log file.
Correct Answer: A
QUESTION 194
A company wants to share data between applications that run in separate AWS accounts. The company wants to use Amazon API Gateway REST APIs to expose private APIs. The company wants to ensure that only authorized accounts can invoke the private APIs. Which solution will meet this requirement?
A. Use an API Gateway interface endpoint policy to grant access to specific accounts.
B. Use an API Gateway resource policy to grant access to specific accounts.
C. Use cross-account IAM policies to grant access to the private APIs.
D. User AWS Lambda authorizers to grant access to specific accounts.
Correct Answer: B
QUESTION 195
A company performs a security review of its AWS workloads and finds that all the company’s IAM users have the AdministratorAccess IAM managed policy directly attached. The company’s IAM users belong to either an engineering department or an operations department. Engineering users require full read and write access to all resources. Operations users require only read access to all resources. The company must apply the principle of least privilege to user access. Which solution will meet this requirement in the MOST operationally efficient way?
A. Create an IAM group for each department. Add either the AdministratorAccess or ReadOnlyAccess IAM managed policy to each group as appropriate. Add each department user to the appropriate IAM group. Remove existing IAM permissions from the users.
B. Create an IAM group named Staff. Apply both the AdministratorAccess and ReadOnlyAccess IAM managed policy to the Staff IAM group. Add all IAM users to the Staff group. Remove existing IAM permissions from the users.
C. Add the ReadOnlyAccess IAM managed policy to IAM users that belong to the operations department users. Remove existing AdministratorAccess IAM permissions from the operations department users. Add a tag of Operations to the operations department IAM users.
D. Add the ReadOnlyAccess inline policy statement to IAM users that belong to the operations department. Remove the existing AdministratorAccess IAM permissions from operations department users. Add a tag of Operations to the operations department IAM users.
Correct Answer: A
QUESTION 196
A company stores a large amount of log files in an Amazon S3 bucket. The company must retain the log files for 10 years. The company accesses the log files frequently during the first 90 days after creation. The company rarely accesses the log files after 90 days. The company wants to optimize storage costs for the files. Which solution will meet these requirements in the MOST cost-effective way?
A. Create an S3 Lifecycle configuration to move the logs from the S3 Standard storage class to S3 Glacier Instant Retrieval after 90 days. Set the configuration to expire the logs after 10 years.
B. Store the log files in the S3 Intelligent-Tiering storage class. Configure an S3 Lifecycle rule to delete the logs after 10 years.
C. Store the data directly in the S3 Glacier Deep Archive storage class. Create an S3 Lifecycle configuration to delete the logs after 10 years.
D. Create an S3 Lifecycle configuration to move the logs from the S3 Standard storage class to S3 Glacier Deep Archive after 90 days. Set the configuration to expire the logs after 10 years.
Correct Answer: D
QUESTION 197
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS volumes for storing data. The EBS volumes will be created at time of initial deployment. The application will process sensitive information. All of the data must be encrypted. The solution should not impact the application’s performance. Which solution will meet these requirements?
A. Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.
B. Configure the application to write all data to an encrypted Amazon S3 bucket.
C. Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.
D. Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.
Correct Answer: A
QUESTION 198
A company wants to grant an external vendor temporary, limited access to an Amazon S3 bucket to download files. The company does not want the external vendor to have access to the bucket for a long period of time. Which solution will meet these requirements in the MOST secure way?
A. Create an IAM user and programmatic access keys. Attach an IAM policy to the user that allows read-only access to the S3 bucket. Share the IAM user and programmatic access keys with the external vendor.
B. Add a bucket policy to the S3 bucket that grants access based on the external vendor’s IP address range.
C. Create a presigned URL for each required object in the S3 bucket. Share the presigned URLs with the external vendor.
D. Create an IAM role and temporary access keys. Attach an IAM policy to the role that allows read-only access to the S3 bucket. Share the IAM role and temporary access keys with the external vendor.
Correct Answer: C
QUESTION 199
A company hosts a single-page application in an Amazon S3 bucket. The company has replicated the application to a second S3 bucket in a separate AWS Region. The company has users in Asia and Europe. A solutions architect must design a solution that redirects each user’s requests to the Region that is closest to the user. Which solution will meet this requirement?
A. Create an AWS Lambda function in one Region. Configure the function to redirect traffic to the closest Region based on the user’s IP address. Use S3 Event Notifications to invoke the function.
B. Create an Application Load Balancer (ALB) to distribute and redirect requests to the S3 bucket that is in the closest Region based on the user’s geolocation.
C. Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Configure CloudFront behaviors to direct user requests to the closest Region based on user geolocation.
D. Create an Amazon CloudFront distribution that uses the two S3 buckets as origins. Create an AWS Lambda@Edge function to set a specific header that indicates each user’s location. Create behaviors for each S3 bucket origin to select the origin based on the added header.
Correct Answer: C
QUESTION 200
A software company recently deployed an x86-based application to Amazon ECS with the AWS Fargate launch type. The company establishes a baseline usage pattern for the application. The company will run the application for at least 1 year. The application serves critical APIs that require consistent availability. The company wants to optimize costs for the application. Which solution will meet this requirement?
A. Purchase a Compute Savings Plan with an hourly commitment.
B. Purchase Reserved Instances for the AWS Fargate tasks.
C. Configure the tasks to use AWS Graviton.
D. Configure the tasks to use Spot Instances.
Correct Answer: B
QUESTION 201
An ecommerce company runs a transaction processing system within a large application on a set of Amazon EC2 instances behind an Application Load Balancer (ALB). The transaction process handles order creation, payment initiation, and inventory updates. The company has observed performance issues in the transaction workflow as the volume of
transactions has increased. The company wants to re-architect the transaction process to introduce horizontal scalability and to improve cost efficiency. Which solution will meet these requirements?
A. Decouple the transaction system into microservices that run on AWS Lambda functions. Expose the microservices through a central Amazon API Gateway REST API. Use Amazon SQS queues to decouple order creation and payment processing.
B. Migrate the transaction system to an Amazon EKS cluster. Deploy the Kubernetes Vertical Pod Autoscaler to manage application scalability.
C. Add caching layers to the transaction system by using an Amazon ElastiCache (ValKey) cluster. Scale the EC2 instances to the largest size available to handle the increased load.
D. Decouple the transaction system into microservices. Deploy each microservice as a separate application to its own dedicated group of EC2 instances. Place each group of instances behind a separate ALB. Scale the application by launching larger EC2 instance sizes as needed.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.