QUESTION 141
A company uses an AWS CloudFormation template to deploy an Amazon ECS service into a production environment. The template includes an Amazon S3 bucket that is named by using a common prefix with the CloudFormation stack name. The company uses the same template to create temporary environments for development and continuous integration. Developers can create environments successfully, but they receive errors from CloudFormation when they attempt to delete the environments. The developers often need to delete and recreate stacks with the same names as part of the development and testing process. Which combination of steps should a solutions architect take to modify the solution to resolve this issue? (Select TWO.)
A. Associate an AWS Lambda function with a CloudFormation custom resource to delete all keys that are present in a given S3 bucket. Implement this custom resource as part of the application’s CloudFormation template.
B. Modify the S3 bucket resource in the CloudFormation template by specifying Delete for the DeletionPolicy attribute. Specify the CAPABILITY_DELETE_NONEMPTY capability to process CloudFormation delete operations.
C. Modify the S3 bucket resource in the CloudFormation template by specifying Retain for the DeletionPolicy attribute. Configure an AWS Config custom rule to run every 24 hours to identify, empty, and delete buckets that are no longer owned by a CloudFormation stack.
D. Ensure that CloudFormation operations are being invoked by a role that has s3:DeleteObject permissions on all objects in the bucket.
E. Modify the S3 bucket resource in the CloudFormation template to configure a bucket policy that grants s3:DeleteObject permissions on all objects in the bucket.
Correct Answer: AD
QUESTION 142
A company operates a static content distribution platform that serves customers globally. The customers consume content from their own AWS accounts. The company serves its content from an Amazon S3 bucket. The company uploads the content from its on-premises environment to the S3 bucket by using an S3 File Gateway. The company wants to improve the platform’s performance and reliability by serving content from the AWs Region that is geographically closest to customers. The company must route the on-premises data to Amazon S3 with minimal latency and without public internet exposure. Which combination of steps will meet these requirements with the LEAST operational overhead?(Select TWO.)
A. Implement S3 Multi-Region Access Points.
B. Use S3 Cross-Region Replication (CRR) to copy content to different Regions.
C. Create an AWS Lambda function that tracks the routing of clients to Regions.
D. Use an AWS Site-to-Site VPN connection to connect to a Multi-Region Access Point
E. Use AWS PrivateLink and AWS Direct Connect to connect to a Multi-Region Access Point.
Correct Answer: AE
QUESTION 143
A company is migrating an on-premises application and a MySQL database to AWS. The application processes highly sensitive data, and new data is constantly updated in the database. The data must not be transferred over the internet. The company also must encrypt the data in transit and at rest. The database is 5 TB in size. The company already has created the database schema in an Amazon RDS for MySQL DB instance. The company has set up a 1 Gbps AWS Direct Connect connection to AWS. The company also has set up a public VIF and a private VIF. A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime. Which solution will meet these requirements?
A. Perform a database backup. Copy the backup files to an AWS Snowball Edge Storage Optimized device. Import the backup to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
B. Use AWS DMS to migrate the data to AWS, Create a DMS replication instance in a private subnet. Create VPC endpoints for AWS DMS, Configure a DMS task to copy data from the on-premises database to the DB instance by using full load plus change data capture (CDC). Use the AWS KMS default key for encryption at rest. Use TLS for encryption in transit.
C. Perform a database backup. Use AWS DataSync to transfer the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
D. Use Amazon S3 File Gateway. Set up a private connection to Amazon S3 by using AWS PrivateLink. Perform a database backup. Copy the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at rest. Use TLS for encryption in transit. Import the data from Amazon S3 to the DB instance.
Correct Answer: B
QUESTION 144
A company needs to deploy its document storage application across two AWS Regions. The company is storing PDF documents that have an average file size of 512 KiB and a minimum file size of 200 KiB. The company needs protection for accidental document overwrites in the primary Region. The secondary Region must have cost-optimized storage. The company needs a solution that provides an SLA of 99.99% that files will be replicated to the secondary Region within 15 minutes. Which solution will meet these requirements?
A. Deploy an Amazon FSx cluster for multiple application hosts to mount in the primary Region. Configure a second Amazon FSx deployment in the secondary Region. Configure replication from the Amazon FSx cluster in the primary Region to the Amazon FSx deployment in the secondary Region.
B. Deploy two Amazon S3 buckets, one in each Region. Enable S3 Versioning for each bucket. Enable S3 Replication Time Control (S3 RTC) to replicate objects to the secondary Region. Specify S3 Glacier Deep Archive as the storage class in the secondary Region.
C. Deploy two Amazon S3 buckets, one in each Region. Enable S3 Versioning for the bucket in the primary Region. Set up S3 Cross-Region Replication (CRR) from the primary Region to the secondary Region. Create an S3 event on the secondary bucket to invoke an AWS Lambda function that reviews each replicated object and specifies S3 Glacier Deep Archive as the storage class in the secondary Region.
D. Deploy an Amazon FSx multi-Region cluster. Configure the multi-Region cluster with object versioning. Mount the file system as ZFS with versioning support. Activate S3 archiving from Amazon FSx.
Correct Answer: B
QUESTION 145
A company is creating an inspection solution for a factory. The factory has network-connected cameras at the end of each factory assembly line. The factory uses a pre-trained machine learning (ML) model to identify common defects from still images. The company wants to provide local feedback to factory workers when a defect is detected. The company must be able to provide feedback even if the factory loses internet connectivity. The company has local Linux servers that host an API that provides local feedback to the workers. Which solution will meet these requirements?
A. Set up an Amazon Kinesis video stream from each camera to AWS. Use Amazon EC2 instances to process still images from the streams and to save processed images to an Amazon S3 bucket. Deploy an Amazon SageMaker Al inference endpoint with the ML model. Invoke an AWS Lambda function to call the inference endpoint when new images are uploaded to the S3 bucket. Configure the Lambda function to call the local API when a defect is detected.
B. Deploy AWS loT Greengrass on the local servers. Deploy the ML model to the servers that run Greengrass. Create a Greengrass component to process still images from the cameras and to run inference jobs. Configure the Greengrass component to call the local API when a defect is detected.
C. Order an AWS Snowball Edge device. Deploy an Amazon SageMaker Al endpoint with the ML model on the Snowball Edge device. Process still images from the camera feeds. Configure the SageMaker Al endpoint to call the local API when a defect is detected. Invoke an AWS Lambda function to call the endpoint when new images are uploaded to the Snowball Edge device.
D. Set up an AWS Site-to-Site VPN connection from the factory to AWS. Deploy an Amazon SageMaker Al endpoint with the ML model. Connect to SageMaker Al through a VPC interface endpoint Use the AWS SDK for Python (Boto3) on the local Linux servers to call the SageMaker Al endpoint to process still images from the cameras. Configure the local Linux servers to call the local APl when a defect is detected by the SageMaker Al endpoint
Correct Answer: B
QUESTION 146
A company stores confidential data in a private Amazon S3 bucket. The company use lAM keys to download the data for local analytics. The company must set up automatic remediations for any IAM access keys that become publicly exposed. The remediation solution must generate a list of actions that were taken by using the exposed access kevs. The solution must send a list of the actions to the company through an email message. Which combination of solutions will meet these requirements? (Select TWO.)
A. Configure AWS Trusted Advisor to send Exposed Access Kevs security events to Amazon EventBridge when exposed IAM keys are detected. Create a rule in Amazon EventBridge to fiter events that match the Exposed Access Keys events. Configure the rule to invoke a Step Functions workflow to remediate the exposed keys.
B. Configure AWS Audit Manager to send Exposed Access Kevs security events to Amazon SQS when exposed IAM kevs are detected. Create a rule in Amazon EventBridge to invoke an AWS Lambda function when an event appears in the SQS queue. Configure the Lambda function to invoke an AWS Step Functions workflow to remediate the exposed keys.
C. Configure Amazon Inspector to send Exposed Access Keys security events to Amazon EventBridge when exposed IAM keys are detected. Create a rule in Amazon EventBridge to filter events that match the Exposed Access Keys events. Configure AWS Lambda functions to run an automatic remediation workflow when the EventBridge rule invokes the functions.
D. Create three AWS Lambda functions to run concurrently to handle the remediation workflow. Configure one function to remove the exposed lAM keys. Configure a second function to use AWS CloudTrail logs to list API calls that are linked to the users who used the exposed access keys. Configure the third function to send an email message to the company by using an Amazon SNS topic.
E. Create three AWS Lambda functions to run sequentially to handle the remediation workflow. Configure one function to delete the exposed IAM keys. Configure a second function to use Amazon CloudWatch logs to list API calls that are linked to the users who used the exposed access keys. Configure the third function to send an email message to the company by using an Amazon SNS topic.
Correct Answer: AD
QUESTION 147
A company needs its remote employees to access the web interface of an application. The company hosts the application in a VPC in the AwS Cloud. The application runs on a fleet of Amazon EC2 instances in private subnets across multiple Availability Zones. The remote employees are not currently using a corporate VPN connection. Company policy does not allow a direct connection from the public internet to the application. Which solution will meet these requirements?
A. Create a customer gateway by using the company’s external IP address. Create a virtual private gateway, and attach it to the VPC. Create an AWS Site-to-Site VPN connection between the customer gateway and the virtual private gateway. Modify the route table to route corporate traffic back to the customer gateway.
B. Generate server and client certificates and keys. Create an AWS Client VPN endpoint. Associate the private subnets with the Client VPN endpoint. Authorize the remote employees to access the VPC. Download the Client VPN endpoint configuration file to use in the remote employees’ VPN client application.
C. Create a transit gateway in the VPC. Associate the private subnets with the transit gateway. Enable AwS Client VPN connection endpoints on the transit gateway. Deploy the Client VPN software to each of the remote employees. Configure route tables to route traffic between the Client VPN connections and the private subnets.
D. Create a network ACL. Add inbound and outbound rules for the IP addresses of the remote employees. Associate the private subnets with the network ACL. Update the existing security group that is associated with the fleet of EC2 instances to permit the IP addresses of the remote employees.
Correct Answer: B
QUESTION 148
A company runs a workload on AWS. The company’s current infrastructure uses Amazon EC2 instances and Amazon RDS DB instances. The EC2 instances perform stateful work tha cannot be interrupted. The instances have a predictable and steady base traffic pattern with occasional spikes throughout each year. The company expects the traffic pattern to remain the same for the coming year. The company wants to optimize the running cost for the workload and to identify underused resources. Which solution will meet these requirements MOST cost-effectively?
A. Implement an EC2 Auto Scaling group with Spot Instances. Purchase a 1-year Reserved Instance for the RDS database with the All Upfront option. Use AWS Cost Explorer to identify and track underused resources.
B. Implement an EC2 Auto Scaling group with On-Demand Instances. Purchase a 3-year Convertible Reserved Instance for the RDS database. Use AWS Trusted Advisor to identify and track underused resources.
C. Purchase 1-year EC2 Reserved Instances with the All Upfront option to meet the workflow’s usage needs. Implement an EC2 Auto Scaling group with On-Demand Instances to handle the traffic spikes. Purchase a 1-year Reserved Instance for the RDS database with the All Upfront option. Use AWS Trusted Advisor to identify and track underused resources.
D. Purchase 1-year EC2 Reserved Instances with the All Upfront option to meet the peak load. Implement EC2 Auto Scaling. Purchase a 3-year Reserved Instance for the RDS database with the All Upfront option. Use AWS Cost Explorer to identify and track underused resources.
Correct Answer: C
QUESTION 149
A company runs an application on AWS. The company uses several third-party services that integrate with the application through a RESTful API. The application uses a Regional API endpoint to integrate with several AWS Lambda functions. The application data is stored in an Amazon DynamoDB table. The application and the API run in the eu-west-1 Region. The company needs to configure the application to failover to the us-east-1 Region in the event of a connectivity failure. All data must be available in both Regions. A solutions architect deploys all the Lambda functions to us-east-1. Which additional steps should the solutions architect take to meet these requirements? (Select TWO.)
A. Deploy a second Regional API endpoint in us-east-1. Create a Lambda integration between the functions in us-east-1 and the second Regional APl endpoint.
B. Enable Amazon DynamoDB Streams on the table in eu-west-1. Replicate all changes to a DynamoDB table in us-east-1.
C. Modify the existing DynamoDB table to be a global table in eu-west-1 and in us-east-1.
D. Change the API endpoint in eu-west-1 to an edge-optimized endpoint. Create a Lambda integration with the functions in both Regions.
E. Create a DynamoDB read replica in us-east-1.
Correct Answer: AC
QUESTION 150
A company recently deployed an application on Amazon ECS with the Fargate launch type. The company uses an AWS CloudFormation template to deploy the application.The company wants to identify over-provisioned resources and to update identified resources to optimize costs. vWhich solution will meet these requirements?
A. Enable AWS Compute Optimizer. Identify resources that are classified as over provisioned. Update the CloudFormation task definition to use the task size that Compute Optimizer recommends. Redeploy the CloudFormation template.
B. Enable AWS Compute Optimizer. Identify resources that are classified as over provisioned. Implement an Amazon ECS target tracking scaling policy to dynamically adjust ECS services based on the task size that Compute Optimizer recommends.
C. Enable AWS Cost Explorer and use a Reserved Instance utilization and coverage report to identify over-provisioned ECS services. Create an Amazon ECS target tracking scaling policy to automatically adjust the services to match the values in the report
D. Enable AWS Cost Explorer and use a Reserved Instance utilization and coverage report to identify over-provisioned ECS services. Update the CloudFormation task definition to use values that match the values in the report. Redeploy the CloudFormation template.
Correct Answer: A
QUESTION 151
An environmental company is deploying sensors in major cities throughout a country to measure air quality. The sensors connect to AWS IoT Core to ingest timeseries data readings. The company stores the data in Amazon DynamoDB. For business continuity, the company must have the ability to ingest and store data in two AWS Regions. Which solution will meet these requirements?
A. Create an Amazon Route 53 alias failover routing policy with values for AWS loT Core data endpoints in both Regions. Migrate data to Amazon Aurora global tables.
B. Create a domain configuration for AWS loT Core in each Region. Create an Amazon Route 53 latency-based routing policy. Use AWS loT Core data endpoints in both Regions as values. Migrate the data to Amazon MemoryDB and configure cross-Region replication.
C. Create a domain configuration for AWS loT Core in each Region. Create an Amazon Route 53 health check that evaluates domain configuration health. Create a failover routing policy with values for the domain name from the AWS loT Core domain configurations. Update the DynamoDB table to a global table.
D. Create an Amazon Route 53 latency-based routing policy. Use AWS loT Core data endpoints in both Regions as values. Configure DynamoDB streams and cross-Region data replication.
Correct Answer: C
QUESTION 152
A company is creating a data analytics platform on AWS. The company wants to deploy Apache Kafka as part of the solution. The company must ensure that all Kafka clients are authenticated to a Kafka cluster by using mutual TLS. Which solution will meet these requirements with LEAST operational overhead?
A. Create a new certificate in AWS Certificate Manager (ACM) for the aws.kafka.internal domain. Deploy an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster. Configure the MSK cluster to use the ACM certificate for TLS encryption. Provide the certificate to all clients.
B. Enable AWS Private CA. Deploy an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster. Configure the MSK cluster to use AWS Private CA. Use AWS Private CA to issue certificates to the clients.
C. Create a new self-signed certificate. Load the certificate as a server certificate into IAM. Deploy an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster. Configure the MSK cluster to use the IAM certificate. Use the IAM certificate to issue certificates to the clients.
D. Deploy an Amazon EKS cluster. Configure the cert-manager Amazon EKS add-on. Deploy Kafka to the EKS cluster. Use the cert-manager add-on to issue certificates to the Kafka broker and clients.
Correct Answer: B
QUESTION 153
A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration. Which solution will meet these requirements?
A. Configure the AWS DataSync agent to replicate the VMware data store to Amazon FSx for Windows File Server. Use an SMB share to host the VMware data store. Use VM Import/Export to move the VMs to EC2 instances.
B. Use the VMware Sphere client to export the application as an image in Open Virtualization Format (OVF) format. Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an IAM role to import the VMs. Use the AWS CLI to run the aws ec2 import-image command.
C. Configure Amazon S3 File Gateway to export a Common Internet File System (CIFS) share. Create a backup copy to the shared folder. Create an AMI from the backup copy. Launch an EC2 instance from the AMI.
D. Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install the Systems Manager Agent (SSM Agent) on the on-premises VMs. Register the VMs as managed instances in Systems Manager. Use AWS Backup to create a snapshot of the VMs and create an AMI. Launch an EC2 instance from the AMI.
Correct Answer: B
QUESTION 154
A company is launching a new online game on Amazon EC2 instances. The game must be available globally. The company plans to run the game in three AWS Regions: us-east-1, eu-west-1, and ap-southeast-1. The game’s leaderboards, player inventory, and event status must be available across Regions. A solutions architect must design a solution that will give any Region the ability to scale to handle the load of all Regions. Additionally, users must automatically connect to the Region that provides the least latency. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an EC2 Spot Fleet. Attach the Spot Fleet to a Network Load Balancer (NLB) in each Region. Create an AWS Global Accelerator IP address that points to the NLB. Create an Amazon Route 53 latency-based routing entry for the Global Accelerator IP address. Save the game metadata to an Amazon RDS for MySQL DB instance in each Region. Set up a read replica in the other Regions.
B. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to a Network Load Balancer (NLB) in each Region. For each Region, create an Amazon Route 53 entry that uses geoproximity routing and points to the NLB in that Region. Save the game metadata to MySQL databases on EC2 instances in each Region. Set up replication between the database EC2 instances in each Region.
C. Create an Auto Scaling group for the EC2 instances. Attach the Auto Scaling group to a Network Load Balancer (NLB) in each Region. For each Region, create an Amazon Route 53 entry that uses latency-based routing and points to the NLB in that Region. Save the game metadata to an Amazon DynamoDB global table.
D. Use EC2 Global View. Deploy the EC2 instances to each Region. Attach the instances to a Network Load Balancer (NLB). Deploy a DNS server on an EC2 instance in each Region. Set up custom logic on each DNS server to redirect the user to the Region that provides the lowest latency. Save the game metadata to an Amazon Aurora global database.
Correct Answer: C
QUESTION 155
A company runs multiple applications on AWS and uses AWS Organizations to manage AWS accounts. The company has tagged all the resources for the applications with a key of AppID. The company enables AWS Cost Explorer and configures AWS Cost and Usage Reports to be delivered to an Amazon S3 bucket. The company needs to determine the costs related to each application as part of an audit of the previous 3 months. Which solution will meet this requirement?
A. Create a cost category in the AWS Billing and Cost Management console. Group the costs by the AppID tag dimension. Download the report as a CSV file from the console.
B. Create a report in the AWS Cost Explorer console. Group the costs by the AppID tag dimension. Download the report as a CSV file from the console.
C. Enable user-defined tags in the AWS Billing and Cost Management console. Activate the AppID tag as a cost allocation tag. Download the updated Cost and Usage Report file from the S3 bucket.
D. Enable user-defined tags in the AWS Billing and Cost Management console. Select the AppID tag in the category field. Download the updated AWS Cost and Usage Report file from the S3 bucket.
Correct Answer: C
QUESTION 156
A solutions architect needs to define a reference architecture for three-tier applications that have stateful web layers, application layers, and NoSQL data layers. The reference architecture must provide high availability within an AWS Region. The architecture must be able to fail over to a second Region within 1 minute. The architecture must also ensure that failovers have minimal effects on the user experience. Which combination of steps will meet these requirements? (Select THREE.)
A. Use an Amazon Route 53 weighted routing policy. Set 100/0 weights across the two Regions. Set TTL to 1 hour.
B. Use an Amazon Route 53 failover routing policy to fail over from the primary Region to the secondary Region. Set TTL to 30 seconds.
C. Use a global table within Amazon DynamoDB to provide both Regions with access to the data.
D. Back up data from an Amazon DynamoDB table in the primary Region to an Amazon S3 bucket in the primary Region every hour. Use S3 Cross-Region Replication to copy the data from the primary Region to an S3 bucket in the secondary Region. Use a script to import the data from the S3 bucket in the secondary Region into a DynamoDB table in the secondary Region during failover events.
E. Implement a hot standby model by using Auto Scaling groups for the web layers and application layers across multiple Availability Zones in both Regions. Use Zonal Reserved Instances for the minimum required number of servers. Use On-Demand Instances for any additional resources.
F. Use Auto Scaling groups for the web layers and application layers across multiple Availability Zones in both Regions. Use Spot Instances for the required resources.
Correct Answer: BCE
QUESTION 157
A company is transitioning some of its applications to AWS. The company has already set up a central AWS network account in an AWS Region and established an AWS Direct Connect connection. The company expects to have hundreds of AWS workload accounts and VPCs soon. The corporate network must be able to access resources on AWS seamlessly and communicate with all the workload VPCs. The company also wants to route traffic from its workloads to the internet through the company’s on-premises data center. Which combination of steps will meet these requirements? (Select THREE.)
A. In the central network account, set up a Direct Connect gateway. Create a virtual private gateway for each workload account. Create an association proposal between the Direct Connect gateway and each workload account’s virtual private gateway.
B. In the central network account, provision a Direct Connect gateway and a transit gateway. Establish connectivity between the Direct Connect gateway and the transit gateway by associating the transit gateway with the Direct Connect gateway through a transit VIF.
C. In the central network account, create an internet gateway. Configure route table rules to direct internet traffic through the internet gateway.
D. Share the transit gateway with the workload accounts. Attach VPCs to the transit gateway.
E. Establish VPC peering connections between all the workload VPCs and the central network account. Configure route tables in the workload VPCs to route internet traffic to the central network account.
F. Provision private subnets exclusively. Configure route tables on the subnets and gateway to route traffic destined for non AWS resources to the on-premises data center.
Correct Answer: BDF
QUESTION 158
A company runs an application across three AWS accounts. The company uses an organization in AWS Organizations to manage the AWS accounts. One account hosts a company runs an application across three Auro accounts, The company uses development environment. The second account hosts a testing environment. The third account hosts a production environment. The application runs on Amazon ECS with the AWS Fargate launch type. The application stores data in an Amazon Aurora MySQL database. The company expects production environment traffic to be consistent and predictable for the next year. The production environment remains active throughout each week. However, the development environment and the testing environment shut down during weekends and 12 hours each weekday. The company wants to optimize costs for the application. Which solution will meet this requirement?
A. In the organization management account, purchase Reserved Instances for a 1-year term for the databases. Purchase a 1-year EC2 Instance Savings Plan that will meet the compute usage demand.
B. In the organization management account, purchase Reserved Instances for a 1-year term for the production environment database. Purchase a 1-year Compute Savings Plan that will meet the compute usage demand.
C. In each account, purchase Reserved Instances for a 3-year term for the database. Purchase a 3-year Compute Savings Plan that will meet the compute usage demand.
D. In the production account, purchase Reserved Instances for a 3-year term for the database. Purchase a 3-year EC2 Instance Savings Plan that will meet the compute usage demand.
Correct Answer: A
QUESTION 159
A company has recently migrated an application to a set of Amazon EC2 instances. A partner company’s application calls the application by using a domain named api.example.com or a URL. The partner company authenticates by using mutual TLS. The company wants to modernize the application. The company containerizes the application and stores the containers in an Amazon ECR repository. The company places a certificate authority (CA) bundle in an Amazon S3 bucket. The modernized application must retain support for mutual TLS authentication and must be able to scale on demand. Which solution will meet these requirements?
A. Create an Amazon API Gateway HTTP API. Assign the api.example.com domain name to the HTTP API. Configure mutual TLS that uses the S3 bucket path. Create a new Amazon ECS cluster, and run the containers on AWS Fargate. Set the Fargate services as targets for the HTTP API.
B. Create an AWS AppSync API. Assign the api.example.com domain name to the AppSync API. Configure mutual TLS that uses the S3 bucket path. Run the containers on AWS Lambda functions. Set the Lambda functions as target for the AppSync API.
C. Create an Amazon CloudFront distribution. Implement a CloudF ront function to perform mutual TLS by using the CA bundle from the S3 bucket. Run the containers on AWS Lambda functions. Set the Lambda functions as origins for the CloudFront distribution.
D. Create an Application Load Balancer (ALB) and a new listener. Create a new Amazon ECS cluster. Run the containers on AWS Fargate. Create a new trust store and set a path to the S3 bucket. Attach the trust store to the ALB listener. Set the Fargate services as targets for the ALB.
Correct Answer: A
QUESTION 160
A company recently migrated a large ecommerce website to AWS. The company uses a private GitHub repository to manage code. The company uses Jenkins to perform builds and unit testing. The company needs to receive notifications for bad builds. The company must ensure that there is no downtime during deployments. Any updates to the production website must be seamless for users, and the company must be able to roll back an update in the event of a major issue. The company wants to use AWS CodePipeline to manage the build and deployment process. Which solution will meet these requirements?
A. Use GitHub WebSockets to invoke a pipeline in CodePipeline. Use the Jenkins plugin for AWS CodeBuild to perform unit tests. Send alerts to an Amazon SNS topic for any bad builds. Use AWS CodeDeploy to deploy builds by using an all-at-once, in-place deployment strategy.
B. Use GitHub webhooks to invoke a pipeline in CodePipeline. Use the Jenkins plugin for AWS CodeBuild to perform unit testing. Send alerts to an Amazon SNS topic for any bad builds. Use AWS CodeDeploy to deploy builds by using a blue/green deployment strategy.
C. Use GitHub WebSockets to invoke a pipeline in CodePipeline. Use AWS X-Ray to perform unit tests and static code analysis. Send alerts to an Amazon SNS topic for any bad builds. Use AWS CodeDeploy to deploy builds by using a blue/green deployment strategy.
D. Use GitHub webhooks to invoke a pipeline in CodePipeline. Use AWS X-Ray to perform unit tests and static code analysis. Send alerts to an Amazon SNS topic for any bad builds. Use AWS CodeDeploy to deploy builds by using an all-at-once, in-place deployment strategy.
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.