QUESTION 161
A company has a critical ecommerce application that uses an Amazon RDS for MySQL DB instance with a Multi-AZ deployment. The company’s analytics team has increased the number of queries it uses to generate reports. The increase in usage has resulted in application performance degradation. The analytics team requires near real-time data consistency in its reports. The analytics team must be able to generate reports even if the DB instance is offline. Which solution will meet these requirements?
A. Take a snapshot and restore the snapshot as a separate DB instance to run the queries.
B. Modify the DB instance to use a larger instance size.
C. Direct the queries to the standby DB instance endpoint.
D. Add a read replica. Direct the queries to the read replica endpoint.
Correct Answer: D
QUESTION 162
A solutions architect is designing an architecture that includes web, application, and database tiers. The web tier must be capable of auto scaling. The solutions architect has decided to separate each tier into its own subnets. The design includes two public subnets and four private subnets. The security team requires that tiers be able to communicate with each other only when there is a business need and that all other network traffic be blocked. What should the solutions architect do to meet these requirements?
A. Create an Amazon GuardDuty source/destination rule set to control communication.
B. Create one security group for all tiers to limit traffic to only the required source and destinations.
C. Create specific security groups for each tier to limit traffic to only the required source and destinations.
D. Create network ACLs in all six subnets to limit traffic to the sources and destinations required for the application to function.
Correct Answer: C
QUESTION 163
A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized. Which database solution should the solutions architect recommend?
A. Amazon Aurora
B. Amazon DynamoDB
C. Amazon RDS
D. Amazon Redshift
Correct Answer: C
QUESTION 164
A company has an image processing workload running on Amazon Elastic Container Service (Amazon ECS) in two private subnets. Each private subnet uses a NAT instance for internet access. All images are stored in Amazon S3 buckets. The company is concerned about the data transfer costs between Amazon ECS and Amazon S3. What should a solutions architect do to reduce costs?
A. Configure a NAT gateway to replace the NAT instances.
B. Configure a gateway endpoint for traffic destined to Amazon S3.
C. Configure an interface endpoint for traffic destined to Amazon S3.
D. Configure Amazon CloudFront for the S3 bucket storing the images.
Correct Answer: B
QUESTION 165
A company has hired a vendor to perform an audit. The company needs a solution to allow the vendor to access the company’s AWS account to review Amazon CloudWatch Logs events. The solution must use IAM roles for cross-account access. Which solution will meet these requirements?
A. Create an IAM role in the company’s account. Create an IAM role in the vendor’s account with the logs: GetLogEvents permission. Configure the company’s role trust policy to trust the Amazon Resource Name (ARN) of the company’s IAM role.
B. Create an IAM role in the vendor’s account. Create an IAM role in the company’s account with the logs: GetLogEvents permission. Configure the company’s role trust policy to trust the Amazon Resource Name (ARN) of the company’s IAM role.
C. Create an IAM role in the company’s account. Create an IAM role in the vendor’s account with the logs:GetLogEvents permission. Configure the vendor’s role trust policy to trust the Amazon Resource Name (ARN) of the company’s IAM role.
D. Create an IAM role in the vendor’s account. Create an IAM role in the company’s account with the logs:GetLogEvents permission. Configure the vendor’s role trust policy to trust the Amazon Resource Name (ARN) of the company’s IAM role.
Correct Answer: D
QUESTION 166
A company that analyzes the stock market has two offices: one in the us-east-1 Region and another in the eu-west-2 Region. The company wants to implement an AWS database solution that can provide fast and accurate updates. The office in eu-west-2 has dashboards with complex analytical queries to display the data. The company will use these dashboards to make buying decisions, so the dashboards must have access to the application data in less than 1 second. Which solution meets these requirements and provides the MOST up-to-date dashboard?
A. Deploy an Amazon RDS DB instance in us-east-1 with a read replica instance in eu-west-2. Create an Amazon ElastiCache cluster in eu-west-2 to cache data from the read replica to generate the dashboards.
B. Use an Amazon DynamoDB global table in us-east-1 with replication into eu-west-2. Use multi-active replication to ensure that updates are quickly propagated to eu-west-2.
C. Use an Amazon Aurora global database. Deploy the primary DB cluster in us-east-1. Deploy the secondary DB cluster in eu-west-2. Configure the dashboard application to read from the secondary cluster.
D. Deploy an Amazon RDS for MySQL DB instance in us-east-1 with a read replica instance in eu-west-2. Configure the dashboard application to read from the read replica.
Correct Answer: C
QUESTION 167
A company uses an Amazon RDS for MySQL database with provisioned IOPS in a Multi-AZ deployment. The company recently migrated the database to Amazon DynamoDB tables successfully. However, the company needs to retain the RDS for MySQL database for several months for occasional post-migration testing and debugging. The company took a snapshot of the RDS database immediately after the migration. The RDS database must be available to query within 10 minutes when needed. Which solution will meet these requirements in the MOST cost-effective way?
A. Use the stop-db-cluster AWS CLI command and the stop-db-instance CLI command to stop the RDS database. Restart the database as needed by using CLI commands.
B. Create a new RDS database. Attach Amazon EBS magnetic volumes that contain the original RDS database snapshot to the new database. Terminate the original RDS database.
C. Create a new RDS database in a single Availability Zone based on the original RDS database snapshot. Terminate the original RDS database.
D. Create an Amazon Aurora MySQL Serverless v2 cluster based on the RDS database snapshot. Terminate the original RDS database.
Correct Answer: C
QUESTION 168
A company is building a compute-intensive application that will run on a fleet of Amazon EC2 instances. The application uses attached Amazon EBS volumes for storing data. The EBS volumes will be created at time of initial deployment. The application will process sensitive information. All of the data must be encrypted. The solution should not impact the application’s performance. Which solution will meet these requirements?
A. Configure the fleet of EC2 instances to use encrypted EBS volumes to store data.
B. Configure the application to write all data to an encrypted Amazon S3 bucket.
C. Configure a custom encryption algorithm for the application that will encrypt and decrypt all data.
D. Configure an Amazon Machine Image (AMI) that has an encrypted root volume and store the data to ephemeral disks.
Correct Answer: A
QUESTION 169
An ecommerce company has an application that uses Amazon DynamoDB tables that are configured with provisioned capacity. Order data is stored in a table named Orders. The Orders table has a primary key of order-ID and a sort key of product-ID. The company configured an AWS Lambda function to receive DynamoDB streams from the Orders table and to update a table named Inventory. The company has noticed that during peak sales periods, updates to the Inventory table take longer than the company can tolerate. Which solutions will resolve the slow table updates? (Select TWO.)
A. Add a global secondary index to the Orders table. Include the product-ID attribute.
B. Set the batch size attribute of the DynamoDB streams to be based on the size of items in the Orders table.
C. Increase the DynamoDB table provisioned capacity by 1,000 write capacity units (WCUs).
D. Increase the DynamoDB table provisioned capacity by 1,000 read capacity units (RCUs).
E. Increase the timeout of the Lambda function to 15 minutes.
Correct Answer: CD
QUESTION 170
A company currently runs a Linux-based application in a self-managed Docker container that runs on Amazon EC2 instances. The application runs a lightweight data processing tool that always completes its job within 3 minutes. The company wants an alternative deployment solution for the application to reduce infrastructure management overhead. The company is willing to make any required changes to the container image. Which solution will meet this requirement with the LEAST operational overhead?
A. Deploy the application as an AWS Lambda function that uses the container image.
B. Deploy the application on Amazon EKS with the AWS Fargate launch type.
C. Deploy the application on Amazon ECS with the AWS Fargate launch type.
D. Deploy the application as a custom Amazon Machine Image (AMI) by using AWS Batch.
Correct Answer: A
QUESTION 171
A company has an organization in AWS Organizations that includes a development organizational unit (OU) and a production OU. A solutions architect wants to create a service control policy (SCP) to allow development users to run Amazon EC2 instances in the development OU. The solutions architect wants to prohibit future IAM policies from overriding the configuration. Which solution will meet these requirements in the MOST secure way?
A. Create an SCP that denies ec2:* permissions for all resources. Attach the SCP to the development OU. Configure an IAM policy that allows development users to use ec2: Runinstances actions to run EC2 instances.
B. Create an SCP that denies ec2:* permissions for all resources. Attach the SCP to the organization’s root OU. Create a second SCP that allows ec2: Runinstances permissions. Attach the second SCP to the development OU.
C. Create an SCP that denies ec2:* permissions for all resources. Attach the SCP to the production OU. Create an IAM user group named AllDevUsers for all development users. Create an IAM policy in the development OU and attach it to AllDevUsers. Configure the policy to allow ec2: Runinstances permissions with a condition that the
StringNotEquals parameter is equal to AllDevUsers.
D. Create an SCP that denies ec2:* permissions for all resources. Attach the SCP to the production OU. Create an IAM role named DevAdminRole. Attach a permissions boundary to DevAdminRole to allow only the ec2: uninstances action. Create an IAM policy and attach it to DevAdminRole. Configure the policy to grant ec2: Runinstances permissions.
Correct Answer: B
QUESTION 172
An application collects data and generates logs for all operational activities in a company’s AWS Cloud infrastructure. The company wants a solution to store and retain the application logs. The logs must be immutable for 7 years. The company can delete the logs after 7 years. Which solution will meet these requirements in the MOST cost-effective way?
A. Use Amazon S3 Glacier Flexible Retrieval to store the application logs. Configure S3 Object Lock and set a retention period of 7 years.
B. Use Amazon EBS volumes to store the application logs. Configure volume backups by using AWS Backup.
C. Use the Amazon S3 Express One Zone storage class to store the application logs. Configure an S3 bucket policy that requires users to authenticate by using multi-factor authentication (MFA).
D. Use an Amazon EFS file system to store the application logs. Configure file locking for each log file.
Correct Answer: A
QUESTION 173
A company wants to build a serverless application in which multiple microservices need to exchange messages. The company needs to ensure that messages that the microservices send to one another are processed exactly once in the exact order the messages are sent. Which solution will meet these requirements in the MOST operationally efficient way?
A. Create an Amazon SQS FIFO queue. Configure the microservices to use the SQS queue to exchange messages.
B. Use Amazon SNS topics to connect the microservices to one another. Subscribe the microservices to the SNS topics. Use the Amazon SNS API to send and receive notifications between microservices.
C. Create an Amazon SQS standard queue. Connect the microservices to one another by using Amazon EventBridge events that the microservices exchange through the SQS queue.
D. Use Amazon Managed Streaming for Apache Kafka (Amazon MSK) on Amazon EC2 instances to deploy the application.
Correct Answer: A
QUESTION 174
An image-hosting company stores images as objects in Amazon S3 buckets. The company must prevent accidental exposure of the objects to the public. All S3 objects in the company’s entire AWS account must remain private. Which solution will meet these requirements?
A. Use Amazon GuardDuty to monitor S3 bucket policies. Create an automatic remediation action rule that uses an AWS Lambda function to remediate any change that makes the objects public.
B. Use AWS Trusted Advisor to find publicly accessible S3 buckets. Configure email notifications in Trusted Advisor when a change to S3 bucket policies is detected. Use the AWS CLI to change any S3 bucket policy that Trusted Advisor flags.
C. Use AWS Resource Access Manager (AWS RAM) to find publicly accessible S3 buckets. Use Amazon SNS to invoke an AWS Lambda function when AWS RAM detects a change in S3 bucket policies. Configure the Lambda function to programmatically remediate each detected change.
D. Use the S3 Block Public Access feature at the account level. Deploy the AWS Config s3-account-level-public-access-blocks rule and an AWS Systems Manager document to take automatic remediation actions when the rule is in the non-compliant state.
Correct Answer: D
QUESTION 175
A company runs a web application that stores user-generated images. The application currently stores 500 GB of images. The average file size of the images is 2 MB. The company expects the total amount of images grow to 2 TB within 6 months. The application needs to serve all stored images with low latency to users from around the world. Which storage solution will meet these requirements MOST cost-effectively?
A. Store images in Amazon EBS volumes that are attached to multiple Amazon EC2 instances across multiple AWS Regions. Serve the content locally based on each user’s location.
B. Store images in an Amazon S3 bucket. Integrate the S3 bucket with Amazon CloudFront. Integrate the web application with a CloudFront endpoint to provide global access.
C. Store the images in an Amazon EFS file system. Use the Standard storage class with Regional access. Enable cross-Region replication to provide high-availability and global access.
D. Deploy Amazon FSx for Windows File Server in two AWS Regions. Set up Windows File Server Replication across Regions to provide global access.
Correct Answer: B
QUESTION 176
A company is building an application that needs to process real-time streaming data. The application must process and transform the data and then store the data for later analysis. Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon Kinesis Data Streams to ingest streaming data. Configure Amazon EC2 instances to process and transform data records from the data streams. Configure the EC2 instances to store the processed and transformed data in an Amazon RDS for MySQL database.
B. Send streaming data to an Amazon SQS queue. Configure AWS Lambda functions to process the data in the SQS queue. Store the processed data in an Amazon DynamoDB table.
C. Use Amazon Kinesis Data Streams to ingest streaming data. Configure an AWS Lambda function to process and transform data records from the data streams. Configure the Lambda function to store the processed and transformed data in an Amazon DynamoDB table.
D. Send streaming data to an Amazon SNS topic. Create an application to process the data on an Amazon EC2 instance. Store the processed data in an Amazon ElastiCache (Memcached) cache.
Correct Answer: A
QUESTION 177
A company uses an organization in AWS Organizations to manage multiple AWS accounts. The company is migrating users from IAM to AWS IAM Identity Center. The company wants to ensure that no new IAM users can be created in any of the member accounts. The company wants to allow only existing IAM users to have access to the accounts. Which solution will meet these requirements?
A. Create a service control policy (SCP) that denies the iam:CreateUser action. Apply the SCP to all the member accounts in the organization.
B. Create an IAM policy that denies all IAM write operations. Attach the policy to all the users.
C. Create an IAM group in each account. Attach a policy that denies the iam:CreateAccessKey action to the IAM group. Add the existing IAM users to the IAM group.
D. Create a permissions boundary that denies the iam:CreateAccessKey action. Attach the permissions boundary to all IAM users and IAM groups in the organization.
Correct Answer: A
QUESTION 178
A company runs several application workloads as Kubernetes jobs in an Amazon EKS cluster. The jobs need to securely access other AWS services, including Amazon SNS, Amazon SQS, and Amazon DynamoDB. The company needs a solution to provide the jobs with the required access. Which solution will meet this requirement with the LEAST operational overhead?
A. Create an IAM user for each job type. Create IAM policies that grant access to the required services. Create access keys for each user and set the keys as environment variables in the Kubernetes jobs.
B. Set up identity federation to the company’s identity provider (IP) by using AWS Directory Service. Configure the EKS workloads to retrieve temporary credentials through the identity federation mechanism.
C. Assign VPC subnets that have specific IP ranges to the jobs. Assign resource-based policies directly to SNS topics, SQS queues, and DynamoDB tables to allow access from the subnet IP ranges.
D. Create IAM roles that have the necessary permissions to access the required services. Assign the roles to Kubernetes service accounts and associate the service accounts with the Kubernetes jobs.
Correct Answer: D
QUESTION 179
A company plans to migrate a MySQL-based application from an on-premises environment to AWS. The application performs database joins across several tables and uses indexes for faster query response times. The company needs the database to be highly available with automatic failover. Which solution on AWS will meet these requirements with the LEAST operational overhead?
A. Deploy an Amazon RDS DB instance with a read replica.
B. Deploy an Amazon RDS Multi-AZ DB instance.
C. Deploy Amazon DynamoDB global tables.
D. Deploy multiple Amazon RDS DB instances. Use Amazon Route 53 DNS with failover health checks configured.
Correct Answer: B
QUESTION 180
A company stores a large amount of log files in an Amazon S3 bucket. The company must retain the log files for 10 years. The company accesses the log files frequently during the first 90 days after creation. The company rarely accesses the log files after 90 days. The company wants to optimize storage costs for the files. Which solution will meet these requirements in the MOST cost-effective way?
A. Create an S3 Lifecycle configuration to move the logs from the S3 Standard storage class to S3 Glacier Instant Retrieval after 90 days. Set the configuration to expire the logs after 10 years.
B. Store the log files in the S3 Intelligent-Tiering storage class. Configure an S3 Lifecycle rule to delete the logs after 10 years.
C. Store the data directly in the S3 Glacier Deep Archive storage class. Create an S3 Lifecycle configuration to delete the logs after 10 years.
D. Create an S3 Lifecycle configuration to move the logs from the S3 Standard storage class to S3 Glacier Deep Archive after 90 days. Set the configuration to expire the logs after 10 years.
Correct Answer: D
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.