Welcome to the 30 Minutes AWS Test1. Question:A company serves content to its subscribers across the world using an application running on AWS The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions the chief information officer (CIO) wants to block access for certain countriesWhich action will meet these requirements?Select 1 option(s): Modify the ALB security group to deny incoming traffic from blocked countries. Use ALB listener rules to return access denied responses to incoming traffic from blocked countries. Use Amazon CloudFront to serve the application and deny access to blocked countries. Modify the security group for EC2 instances to deny incoming traffic from blocked countries.2. Question:A company is reviewing a recent migration of a three-tier application to a VPC. The security team discovers thai the principle of least privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers. What should a solutions architect do to correct this issue?Select 1 option(s): Create security group rules using the security group ID as the source or destination. Create security group rules using the instance ID as the source or destination. Create security group rules using the VPC CIDR blocks as the source or destination. Create security group rules using the subnet CIDR blocks as the source or destination.3. Question:A company has a Microsoft Windows-based application that must be migrated to AWS. This application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances.What should a solution architect do to accomplish this?Select 1 option(s): Configure a volume using Amazon EFS Mount the EPS volume to each Windows Instance Configure Amazon FSx for Windows File Server Mount the Amazon FSx volume to each Windows Instance Configure AWS Storage Gateway in Volume Gateway mode Mount the volume to each Windows instance Configure an Amazon EBS volume with the required size Attach each EC2 instance to the volume Mount the file system within the volume to each Windows instance4. Question:An application uses an Amazon RDS MySQL DB instance. The RDS database is becoming low on disk space. A solutions architect wants to increase the disk space without downtime Which solution meets these requirements with the LEAST amount of effort?Select 1 option(s): Change the RDS database instance storage type to Provisioned IOPS. Back up the RDS database, increase the storage capacity, restore the database and stop the previous instance Increase the RDS database instance size Enable storage auto scaling in RDS.5. Question:A company has global users accessing an application deployed in different AWS Regions, exposing public static IP addresses. The users are experiencing poor performance when accessing the application over the internet.What should a solutions architect recommend to reduce internet latency? Select 1 option(s): Set up an Amazon CloudFront distribution to access an application. Set up AWS Global Accelerator and add endpoints. Set up AWS Direct Connect locations in multiple Regions. Set up an Amazon Route 53 geoproximity routing policy to route traffic.6. Question:A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud The company uses tiered storage on premises with hot high-performance parallel storage to support the application during periodic runs of the application and more economical cold storage to hold the data when the application is not actively running Which combination of solutions should a solutions architect recommend to support the storage needs of the application? Select 2 option(s): Amazon EFS for cold data storage Amazon S3 for cold data storage Amazon S3 for high-performance parallel storage Amazon FSx for Windows for high-performance parallel storage Amazon FSx for Lustre for high-performance parallel storage7. Question:A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync A solutions architect needs to replace the file server farm Which service should the solutions architect use?Select 1 option(s): AWS Storage Gateway Amazon S3 Amazon FSx Amazon EFS8. Question:A company maintains a searchable repository of items on its website Tie data is stored in an Amazon RDS for MySQL database table that contains over 10 million rows The database has 2 TB of General Purpose SSD (gp2) storage. There are millions of updates against this data every day through the company's website The company has noticed some operations are taking 10 seconds or longer and has determined that the database storage performance is the bottleneckWhich solution addresses the performance issue? Select 1 option(s): Change the instance to a memory-optimized instance class Enable Multi-AZ RDS read replicas with MySQL native asynchronous replication Change the instance to a burstable performance DB instance class Change the storage type to Provisioned IOPS SSD (io1)9. Question:A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down. How should the company deploy this solution?Select 1 option(s): Use Amazon S3 website hosting for the backup website and Route 53 latency routing policy. Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy. Deploy the application in another AWS Region and use server-side redirection on the primary website. Deploy the application in another AWS Region and use ELB health checks for failover routing.10. Question: A company is hosting its static website in an Amazon S3 bucket, which is the origin for Amazon CioudFront. The company has users in the United States. Canada, and Europe and wants to reduce costs. What should a solutions architect recommend?Select 1 option(s): Implement a CloudFront Secure Sockets Layer (SSL) certificate to push security closer to the locations of the countries that are served. Modify the CloudFront price class to include only the locations of the countries that are served. Adjust the CloudFront caching time to live (TTL) from the default to a longer timeframe. Implement CloudFront events with Lambda@Edge to run the website's data processing.11. Question:A database is on an Amazon RDS MYSQL 5.6 Multi-AZ DB instance that experience highly dynamic reads. Application developers notice a significant slowdown when testing read performance from a secondary AWS Region. The developers want a solution that provides less than 1 second of read replication latency.What should the solutions architect recommend?Select 1 option(s): Create another RDS for MySQL read replica in the secondary. Install MySQL on Amazon EC2 in (he secondary Region. Migrate the database to Amazon Aurora with cross-Region replicas. Implement Amazon ElastiCache to improve database query performance.12. Question:Company is designing a website that uses an Amazon S3 bucket to store static images. The company wants ail future requests have taster response times while reducing both latency and cost.Which service configuration should a solutions architect recommend?Select 1 option(s): Deploy a Network Load Balancer in front of Amazon S3. Deploy a NAT server in front of Amazon S3. Deploy Amazon CloudFront in front of Amazon S3. Configure Auto Scaling to automatically adjust the capacity of the website.13. Question:A solutions architect is deploying a distributed database on multiple Amazon EC2 instances The database stores all data on multiple instances so it can withstand the loss of an instance The database requires block storage with latency and throughput to support several million transactions per second per serverWhich storage solution should the solutions architect use?Select 1 option(s): Amazon EBS Amazon S3 Amazon EFS Amazon EC2 instance store14. Question:A web application is deployed in the AWS Cloud It consists of a two-tier architecture that includes a web layer and a database layer The web server is vulnerable to cross-site scripting (XSS) attacks What should a solutions architect do to remediate the vulnerability? Select 1 option(s): Create a Classic Load Balancer Put the web layer behind the load balancer and enable AWS WAF Create an Application Load Balancer Put the web layer behind the load balancer and enable AWS WAF Create a Network Load Balancer Put the web layer behind the load balancer and enable AWS WAF Create an Application Load Balancer Put the web layer behind the load balancer and use AWS Shield Standard15. Question: A company has an application workflow that uses an AWS Lambda function to download and decrypt files from Amazon S3 These files are encrypted using AWS Key Management Service Customer Master Keys (AWS KMS CMKs) A solutions architect needs to design a solution that will ensure the required permissions are set correctly.Which combination of actions accomplish this? Select 2 option(s): Create a new 1AM policy with the kms:decrypt permission and attach the policy to the Lambda function Grant the decrypt permission for the Lambda resource policy in the KMS key's policy. Create a new 1AM role with the kms decrypt permission and attach the execution role to the Lambda function. Attach the kms.decrypt permission to the Lambda function's resource policy. Grant the decrypt permission for the Lambda 1AM role in the KMS key's policy16. Question:A company runs an internal browser-based application The application runs on Amazon EC2 instances behind an Application Load Balancer The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning.How should the scaling be changed to address the staff complaints and keep costs to a minimum?Select 1 option(s): Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens Implement a target tracking action triggered at a lower CPU threshold and decrease the cooldown period Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.17. Question:A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.Which action will MOST securely grant the EC2 instance access to the S3 bucket?Select 1 option(s): Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls Create an IAM user for the application with specific permissions to the S3 bucket Attach a resource-based policy to the S3 bucket Associate an IAM role with least privilege permissions to the EC2 instance profile18. Question: An engineering team is developing and deploying AWS Lambda functions. The team needs to create roles and manage policies in AWS IAM to configure the permissions of the Lambda functions.How should the permissions for the team be configured so they also adhere to the concept of least privilege? Select 1 option(s): Create an IAM role with a managed policy attached Allow the engineering team and the Lambda functions to assume this role Create an execution role for the Lambda functions. Attach a managed policy that has permission boundaries specific to these Lambda functions Create an IAM role with a managed policy attached that has permission boundaries specific to the Lambda functions Allow the engineering team to assume this role. Create an IAM group for the engineering team with an lAMFullAccess policy attached Add all the users from the team to this IAM group19. Question:A company runs a high performance computing (HPC) workload on AWS. The workload required low-latency network performance and high network throughput with tightly coupled node-to-node communication. The Amazon EC2 instances are properly sized for compute and storage capacity, and are launched using default options.What should a solutions architect propose to improve the performance of the workload'?Select 1 option(s): Choose dedicated instance tenancy while launching Amazon EC2 instances Choose a cluster placement group while launching Amazon EC2 instances Choose an Elastic Inference accelerator while launching Amazon EC2 instances Choose the required capacity reservation while launching Amazon EC2 instances.20. Question: A company has applications hosted on Amazon EC2 instances with IPv6 addresses. The applications must initiate communications with other external applications using the internet. However, the company's security policy states that any external service cannot initiate a connection to the EC2 instances. What should a solutions architect recommend to resolve this issue?Select 1 option(s): Create a NAT gateway and make it the destination of the subnet's route table Create an internet gateway and make it the destination of the subnet's route table Create a virtual private gateway and make it the destination of the subnet's route table Create an egress-only internet gateway and make it the destination of the subnet's route tableTime is Up!
