Welcome to your AWS Free Test - 1 Name Email Phone 1. Question:A company plans to host a survey website on AWS. The company anticipates an unpredictable amount of traffic. This traffic results in asynchronous updates to the database. The company wants to ensure that writes to the database hosted on AWS do not get dropped.Haw should the company write Its application to handle these database requests?Select 1 option(s): Configure the application to publish to an Amazon Simple Notification Service (Amazon SNS) tope Subscribe the database to the SNS topic. Configure lie application: o subscribe to an Amazon Simple Notification Service (Amazon SNS) topic. Publish the database updates to the SNS topic. Use Amazon Simple Queue Service (Amazon SOS) FIFO queues to queue the database connection until the database has resources to write the data. Use Amazon Simple Queue Service (Amazon SOS) FIFO queues for capturing the writes and dramaing the queue as each write is made to the database2. Question: A company receives data from millions of users totaling about 1 TB each flay. The company provides its use's with usage reports gang back 12 months Al usage data must be stored tor at least 5 years to comply with regulatory and auditing requirementsWhich storage solution is MOST cost-effective? Select 1 option(s): Store the data in Amazon S3 Standard. Set a lifecycle -rule to transition the data lo S3 Glacier Deep Archive after 1 year. Set a Recycle rule to delete the data after5 years. Store The data in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA). Set a lifecycle rule to transition the data to S3 Glacier after t year Set the lifecycle rule to delete the data after 5 years. Store the data in Amazon S3 Standard Set a lifecycle rule to transition the data to S3 Standard-infrequent Access (S3 Standard-IA) after i year Sol a lifecycle rule to delete the data after 5 years. Store the data in Amazon S3 Standard Set a lifecycle -rule to transition the data to S3 One Zone-infrequent Access (S3 One Zone-IA) after 1 year, Set a Lifecycle rule to delete the data after 5 years.3. Question: A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).Which combination of steps should a solutions architect take to provide high availability for this architecture?Select 2 option(s): Create new public and private subnets in the same AZ for high availability Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment.4. Question: A company that recently started using AWS establishes a Site-to-Site VPN between its on-premises data center and AWS. The company's security mandate states that traffic originating from on premises should stay within the company's private IP space when communicating with an Amazon Elastic Container Service (Amazon ECS) cluster that is hosting a sample web application.Which solution meets this requireSelect 1 option(s): Configure a gateway endpoint for Amazon ECS. Modify the route table to include an entry pointing to the ECS cluster. Create a Network Load Balancer and AWS PrivateLink endpoint for Amazon ECS in the same VPC that is hosting the ECS cluster. Create a Network Load Balancer in one VPC and an AWS PrivateLink endpoint for Amazon ECS in another VPC. Connect the two VPCs by using VPC peering. Configure an Amazon Route 53 record with Amazon ECS as the target. Apply a server certificate to Route 53 from AWS Certificate Manager (ACM) for SSL offloading.5. Question: A company wants to improve the availability and performance of its stateless UDP-based workload. The workload is deployed on Amazon EC2 instances in multiple AWS RegionsWhat should a solutions architect recommend to accomplish thisSelect 1 option(s): Place the EC2 instances behind Network Load Balancers (NLBs) in each Region Create an accelerator using AWS Global Accelerator. Use the NLBs as endpoints for the accelerator Place the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an accelerator using AWS Global Accelerator Use the ALBs as endpoints for the accelerator Place the EC2 instances behind Network Load Balancers (NLBs) in each Region. Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the NLBs Place the EC2 instances behind Application Load Balancers (ALBs) in each Region Create an Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs.6. Question: A company runs a website on Amazon EC2 instances behind an ELB Application Load Balancer. Amazon Route 53 is used for the DNS. The company wants to set up a backup website with a message including a phone number and email address that users can reach if the primary website is down.How should the company deploy this solutionSelect 1 option(s): Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy. Use Amazon S3 website hosting for the backup website and Route 53 latency routing policy. Deploy the application in another AWS Region and use ELB health checks for failover routing. Deploy the application in another AWS Region and use server-side redirection on the primary website.7. Question: A financial services company has a web application that serves users in the United States and Europe The application consists of a database tier and a web server tier The database tier consists of a MySQL database hosted in us-east-1 Amazon Route 53 geoproximity routing is used to direct traffic to instances in the closest Region A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United StatesWhich changes should be made to the database tier to improve performance?Select 1 option(s): Migrate the database to Amazon RDS for MySQL Configure Multi-AZ in one of the European Regions BMigrate the database to Amazon DynamoDB Use DynamoDB global tables to enable replication to additional Regions Deploy MySQL instances in each Region Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance Migrate the database to an Amazon Aurora global database in MySQL compatibility mode Configure read replicas in one of the European Regions8. Question: A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit The company has low network bandwidth in place between AWS and its on-premises data centerWhat should the solutions architect do to meet these requirements9Select 1 option(s): Deploy AWS Migration Hub with 90-day replication windows for data transfer. Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data Deploy Amazon Elastic File System (Amazon EFS), with lifecycle policies enabled, on AWS. Use it to transfer the data Deploy an AWS Snowball device in the on-premises data center after completing an export job request in the AWS Snowball console9. Question:A company has a custom application running on an Amazon EC2 instance that:Reads a large amount of data from Amazon S3 Performs a multi-stage analysis. Writes the results to Amazon DynamoDB. The application writes a significant number of large, temporary files during the multi-stage analysis. The process performance depends on the temporary storage performance.What would be the fastest storage option for holding the temporary files? Select 1 option(s): Multiple Amazon S3 buckets with Transfer Acceleration for storage Multiple Amazon EBS drives with Provisioned IOPS and EBS optimization. Multiple Amazon EFS volumes using the Network File System version 4.1 (NFSv4.1) protocol. DMultiple instance store volumes with software RAID 010. Question:A company hosts its application using Amazon Elastic Container Service (Amazon ECS) and wants to ensure high availability. The company wants to be able (o deploy updates to its application even if nodes in one Availability Zone are not accessible.The expected request volume for the application is 100 requests per second, and each container task is able to serve at least 60 requests pet second The company set up Amazon ECS with a rolling update deployment type with the minimum healthy percent parameter set to 50% and the maximum percent set lo 100%. Which configuration of tasks and Availability Zones meets these requirements?Select 1 option(s): Deploy the application across two Availability Zones, with one task in each Availability Zone Deploy the application across two Availability Zones, with two tasks in each Availability Zone. Deploy the application across three Availability Zones, with one task in each Availability Zone. Deploy the application across three Availability Zones, with two tasks in each Availability Zone.11. Question:A solutions architect must design a database solution for a high-traffic ecommerce web application. The database stores customer profiles and shopping cart information. The database must support a peak load of several million requests each second and deliver responses in milliseconds. The operational overhead for managing and scaling the database must be minimized.Which database solution should the solutions architect recommend?Select 1 option(s): Amazon Aurora Amazon DynamoDB Amazon RDS Amazon Redshift12. Question:A company wants to run a hybrid workload for data processing. The data needs to be accessed by on-premises applications for local data processing using an NFS protocol, and must also be accessible from the AWS Cloud for further analytics and batch processing. Which solution will meet these requirements?Select 1 option(s): Use an AWS Storage Gateway fife gateway to provide file storage to AWS. then perform analytics on the data in the AWS Cloud. Use an AWS Storage Gateway tape gateway to copy the backup of the local data to AWS. then perform analytics on this data in the AWS Cloud. Use an AWS Storage Gateway volume gateway in a stored volume configuration to regularly take snapshots of the local data, then copy the data to AWS. Use an AWS Storage Gateway volume gateway in a cached volume configuration to back up all the local storage in the AWS Cloud, then perform analytics on this data in the cloud.13. Question:A company wants to automate the security assessment of its Amazon EC2 instances. The company needs to validate and demonstrate that security and compliance standards are being followed throughout the development processWhat should a solutions architect do to meet these requirements?Select 1 option(s): Use Amazon Macie to automatically discover, classify and protect the EC2 instances Use Amazon GuardDuty to publish Amazon Simple Notification Service (Amazon SNS) notifications. Use Amazon Inspector with Amazon CloudWatch to publish Amazon Simple Notification Service (Amazon SNS) notifications Use Amazon EventBridge (Amazon CloudWatch Events) to detect and react to changes in the status of AWS Trusted Advisor checks14. Question:A web application runs on Amazon EC2 instances behind an Application Load Balancer The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long-running requests use many of the available incoming connections, making the system unresponsive to other usersHow can a solutions architect make the system more responsive? Select 1 option(s): Use Amazon SOS with AWS Lambda to generate reports Increase the Idle timeout on the Application Load Balancer to 5 minutes. Update the client-side application code to increase its request timeout to 5 minutes. Publish the reports to Amazon S3 and use Amazon CloudFront for downloading lo the user.15. Question:A company serves a multilingual website from a fleet of Amazon EC2 instances behind an Application Load Balancer (ALB) This architecture is currently running in the us-west-l Region but is exhibiting high request latency for users located in other parts of the worldThe website needs to serve requests quickly and efficiently regardless of a user's location However, the company does not want to recreate the existing architecture across multiple Regions. How should a solutions architect accomplish this?Select 1 option(s): Replace the existing architecture with a website served from an Amazon S3 bucket. Configure an Amazon CloudFront distribution with the S3 bucket as the origin Configure an Amazon CloudFront distribution with the ALB as the origin. Set the cache behavior settings to only cache based on the Accept-Language request header Set up Amazon API Gateway with the ALB as an integration. Configure API Gateway to use an HTTP integration type Set up an API Gateway stage to enable the API cache Launch an EC2 instance in each additional Region and configure NGINX to act as a cache server for that Region Put all the instances plus the ALB behind an Amazon Route 53 record set with a geolocation routing policy16. Question: A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.Which database solution meets these requirements?Select 1 option(s): Amazon Aurora PostgreSQL Amazon DynamoDB with on-demand enabled Amazon DynamoDB with DynamoDB Streams enabled Amazon SQS and Amazon Aurora PostgreSQL17. Question:A company is hosting a website behind multiple Application Load Balancers. The company has differentdistribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights.Which configuration should the solutions architect choose to meet these requirements?Select 1 option(s): Configure Amazon CloudFront with AWS WAF. Configure Application Load Balancers with AWS WAF. Configure Amazon Route 53 with a geolocation policy. Configure Amazon Route 53 with a geoproximity routing policy.18. Question: A company needs guaranteed Amazon EC2 capacity in three specific Availability Zones in a specific AWS Region for an upcoming event that will last 1 week. What should the company do to guarantee the EC2 capacity?Select 1 option(s): Purchase Reserved Instances that specify the Region needed. Create an On-Demand Capacity Reservation that specifies the Region needed. Purchase Reserved Instances that specify the Region and three Availability Zones needed. Create an On-Demand Capacity Reservation that specifies the Region and three Availability Zones needed.19. Question:A company wants to migrate a high performance computing (HPC) application and data from on-premises to the AWS Cloud. The company uses tiered storage on-premises with hoi high-performance parallel storage to support the application during periodic runs of the application, and more economical cold storage to hold the data when the application is not actively running. Which combination of solutions should a solutions architect recommend to support the storage needs of the application?Select 2 option(s): Amazon S3 for cold data storage Amazon EFS for cold data storage Amazon S3 for high-performance parallel storage Amazon FSx for clustre tor high-performance parallel storage Amazon FSx for Windows for high-performance parallel storage20. Question: A company hosts its multi-tier public web application in the AWS Cloud. The web application runs on Amazon EC2 instances and its database runs on Amazon RDS The company is anticipating a large increase in sales during an upcoming holiday weekend A solutions architect needs to build a solution to analyze the performance of the web application with a granularity of no more than 2 minutesWhat should the solutions architect do to meet this requirement?Select 1 option(s): Send Amazon CloudWatch logs to Amazon Redshift Use Amazon QuickSight to perform further analysis Enable detailed monitoring on all EC2 instances Use Amazon CloudWatch metrics to perform further analysis Create an AWS Lambda function to fetch EC2 logs from Amazon CloudWatch Logs Use Amazon CloudWatch metrics to perform further analysis Send EC2 logs to Amazon S3 Use Amazon Redshift to fetch logs from the S3 bucket to process raw data for further analysis with Amazon QuickSight.21. Question: A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications.Which solution will meet these requirements?Select 1 option(s): Amazon DynamoDB Amazon RDS for MySQL MySQL-compatible Amazon Aurora Serverless MySQL deployed on Amazon EC2 in an Auto Scaling group22. Question: A solutions architect wants all new users to have specific complexity requirements and mandatory rotation periods for 1AM user passwords What should the solutions architect do to accomplish this?Select 1 option(s): Set an overall password policy for the entire AWS account Set a password policy for each 1AM user in the AWS account. Use third-party vendor software to set password requirements, Attach an Amazon CloudWatch rule to the Create_newuser event to set the password with the appropriate requirements.23. Question:A company has an ecommerce application that stores data in an on-premises SQL database. The company has decided to migrate this database to AWS. However as part of the migration, the company wants to find a way to attain sub-millisecond responses to common read requests.A solutions architect knows that the increase in speed is paramount and that a small percentage of stale data returned in the database reads is acceptable What should the solutions architect recommend?Select 1 option(s): Build Amazon RDS read replicas. Build the database as a larger instance type. Build a database cache using Amazon ElastiCache Build a database cache using Amazon Elasticsearch Service (Amazon ES)24. Question:A company Is launching an ecommerce website on AWS. This website is built with a three-tier architecture that includes a MySQL database In a Multi-AZ deployment of Amazon Aurora MySQL. The website application must be highly available and will initially be launched in an AWS Region with three Availability Zones The application produces a metric that describes the load the application experiences. Which solution meets these requirements?Select 1 option(s): Configure an Application Load Balancer (ALB( with Amazon EC2 Auto Scaling behind the ALB with scheduled scaling Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a simple scaling policy. Configure a Network Load Balancer (NLB) and launch a Spot Fleet with Amazon EC2 Auto Scaling behind the NL8. Configure an Application Load Balancer (ALB) and Amazon EC2 Auto Scaling behind the ALB with a target tracking scaling policy.25. Question:A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB) A solutions architect needs to modify the infrastructure to be highly available without modifying the application Which architecture should the solutions architect choose that provides high availability?Select 1 option(s): Create an Auto Scaling group that uses three instances across each of two Regions Modify the Auto Scaling group to use three instances across each of two Availability Zones Create an Auto Scaling template that can be used to quickly create more instances in another Region Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier26. Question:A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows.What should a solutions architect recommend?Select 1 option(s): Set up AWS Storage Gateway to connect with the backup applications using the NFS interface. Set up an Amazon EFS file system that connects with the backup applications using the NFS interface Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.27. Question:A company is using a third-party vendor to manage its marketplace analytics. The vendor needs limited programmatic access to resources in the company's account. All the needed policies have been created to grant appropriate access. Which additional component will provide the vendor with the MOST secure access to the account?Select 1 option(s): Create an 1AM user. Implement a service control policy (SCP) Use a cross-account role with an external ID. Configure a single sign-on (SSO) identity provider.28. Question:A solutions architect must design a solution for a persistent database that is being migrated from on-premises to AWS. The database requires 64,000 IOPS according to the database administrator. If possible, the database administrator wants to use a single Amazon Elastic Block Store (Amazon EBS) volume to host the database instance. Which solution effectively meets the database administrator's criteria?Select 1 option(s): Use an instance from the 13 I/O optimized family and leverage local ephemeral storage to achieve the IOPS requirement. Create an Nitro-based Amazon EC2 instance with an Amazon EBS Provisioned IOPS SSD (io1) volume attached. Configure the volume to have 64,000 IOPS. Create and map an Amazon Elastic File System (Amazon EFS) volume to the database instance and use the volume to achieve the required IOPS for the database. Provision two volumes and assign 32,000 IOPS to each. Create a logical volume at the operating system level that aggregates both volumes to achieve the IOPS requirements.29. Question: A company wants to move its on-premises network, attached storage (NAS) to AWS. The company wants to make the data available to any Linux instances within its VPC and ensure changes are automatically synchronized across all instances accessing the data store. The majority of the data is accessed very rarely, and some files are accessed by multiple users at the same time.Which solution meets these requirements and is MOST cost-effective?Select 1 option(s): Create an Amazon Elastic Block Store (Amazon EBS) snapshot containing the data. Share it with users within the VPC. Create an Amazon S3 bucket that has a lifecycle policy set to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after the appropriate number of days. Create an Amazon Elastic File System (Amazon EFS) file system within the VPC. Set the throughput mode to Provisioned and to the required amount of IOPS to support concurrent usage. Create an Amazon Elastic File System (Amazon EFS) file system within the VPC. Set the lifecycle policy to transition the data to £FS Infrequent Access (EFS IA) after the appropriate number of days.30. Question:A software vendor is deploying a new software-as-a-service (SaaS) solution that will be utilized by many AWS users. The service is hosted in a VPC behind a Network Load Balancer. The software vendor wants to provide access to this service to users with the least amount of administrative overhead and without exposing the service to the public internet What should a solutions architect do to accomplish this goal?Select 1 option(s): Create a peering VPC connection from each user's VPC to the software vendor s VPC. Deploy a transit VPC in the software vendor's AWS account. Create a VPN connection with each user account Connect the service in the VPC with an AWS PrivateLink endpoint. Have users subscribe to the endpoint. Deploy a transit VPC in the software vendor's AWS account. Create an AWS Direct Connect connection with each user account.31. Question:A company Is migrating lo the AWS Cloud. A file server is the first workload to migrate. Users must be able to access the file share using the Server Message Block (SMB) protocol. Which AWS managed service meets these requirements?Select 1 option(s): Amazon EBS Amazon EC2 Amazon FSx Amazon S332. Question:A meteorological startup company has a custom web application to sell weather data to its users online. The company uses Amazon DynamoDB to store its data and wants to build a new service that sends an alert to the managers of four internal teams every time a new weather event is recorded The company does not want this new service to affect the performance of the current application What should a solutions architect do to meet these requirements with the LEAST amount of operational overhead?Select 1 option(s): Use DynamoDB transactions to write new event data to the table Configure the transactions to notify internal teams. Have the current application publish a message to four Amazon Simple Notification Service (Amazon SNS) topics. Have each team subscribe to one topic. Enable Amazon DynamoDB Streams on the table Use triggers to write to a single Amazon Simple Notification Service (Amazon SNS) topic to which the teams can subscribe Add a custom attribute to each record to flag new items Write a cron job that scans the table every minute for items that are new and notifies an Amazon Simple Queue Service (Amazon SQS) queue to which the teams can subscribe33. Question:A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only. What should a solutions architect do to protect against data loss?Select 3 option(s): Enable versioning on the S3 bucket Enable access logging on the S3 bucket Enable server-side encryption on the S3 bucket. Configure an S3 Lifecycle rule to transition objects to Amazon S3 Glacier. Use MFA Delete to require multi-factor authentication to delete an object34. Question:A company is working with an external vendor that requires write access to the company's Amazon Simple Queue Service (Amazon SQS) queue. The vendor has its own AWS account. What should a solutions architect do to implement least privilege access7Select 1 option(s): Update the permission policy on the SQS queue to give write access to the vendor's AWS account. Create an 1AM user with write access to the SQS queue and share the credentials for the 1AM user. Update AWS Resource Access Manager to provide write access to the SQS queue from the vendor's AWS account. Create a cross-account role with access to all SQS queues and use the vendor's AWS account in the trust document for the role35. Question:A company hosts its core network services, including directory services and DNS. in its on-premises data center. The data center is connected to the AWS Cloud using AWS Direct Connect (DX) Additional AWS accounts are planned that will require quick, cost-effective, and consistent access to these network services What should a solutions architect implement to meet these requirements with the LEAST amount of operational overhead?Select 1 option(s): Create a DX connection in each new account Route the network traffic to the on-premises servers Configure VPC endpoints in the DX VPC for all required services Route the network traffic to the on-premises servers. Create a VPN connection between each new account and the DX VPC, Route the network traffic to the on-premises servers Configure AWS Transit Gateway between the accounts Assign DX to the transit gateway and route network traffic to the on-premises servers36. Question: A company runs its production workload on an Amazon Aurora MySQL DB cluster that includes six Aurora Replicas. The company wants near-real-lime reporting queries from one of its departments to be automatically distributed across three of the Aurora Replicas. Those three replicas have a different compute and memory specification from the rest of the DB clusterWhich solution meets these requirements?Select 1 option(s): Create and use a custom endpoint for the workload Create a three-node cluster clone and use the reader endpoint Use any of the instance endpoints for the selected three nodes. Use the reader endpoint to automatically distribute the read-only workload.37. Question:A company is running a multi-tier ecommerce web application In the AWS Cloud. The application runs on Amazon EC2 Instances with an Amazon RDS MySQL Mutt>AZ DB instance. Amazon RDS is configured with the latest generation instance with 2,000 GB of storage in an Amazon EBS General Purpose SSD (gp2) volume. The database performance impacts the application during periods of high demand.After analyzing the logs in Amazon CloudWatch Logs, a database administrator finds that the application performance always degrades when the number of read and write IOPS is higher than 6.000 What should a solutions architect do to improve the application performance?Select 1 option(s): Replace the volume with a Magnetic volume Increase the number of IOPS on the gp2 volume Replace the volume with a Provisioned IOPS (PIOPS) volume. Replace the 2,000 GB gp2 volume with two 1,000 GBgp2 volumes.38. Question:An application running on an Amazon EC2 instance in VPC-A needs to access files in another EC2 instance in VPC-B. Both are in separate. AWS accounts. The network administrator needs to design a solution to enable secure access to EC2 instance in VOC-B from VPC-A. The connectivity should not have a single point of failure or bandwidth concerns. Which solution will meet these requirements?Select 1 option(s): Set up a VPC peering connection between VPC-A and VPC-B. Set up VPC gateway endpoints for the EC2 instance running in VPC-B. Attach a virtual private gateway to VPC-B and enable routing from VPC-A. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B.39. Question:A company uses Amazon S3 to store its confidential audit documents. The S3 bucket uses bucket policies to restrict access to audit team 1AM user credentials according to the principle of least privilege. Company managers are worried about accidental deletion of documents in the S3 bucket and want a more secure solution. What should a solutions architect do to secure the audit documents?Select 1 option(s): Enable the versioning and MFA Delete features on the S3 bucket Enable multi-factor authentication (MFA) on the 1AM user credentials for each audit team 1AM user account. Add an S3 Lifecycle policy to the audit team's 1AM user accounts to deny the s3:DeleteOb|ect action during audit dates. Use AWS Key Management Service (AWS KMS> to encrypt the S3 bucket and restrict audit team 1AM user accounts from accessing the KMS key.40. Question:A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API. Which action meets these requirements for storing and retrieving location data?Select 1 option(s): Use Amazon Athena with Amazon S3. Use Amazon API Gateway with AWS Lambda. Use Amazon QuickSight with Amazon Redshift. Use Amazon API Gateway with Amazon Kinesis Data Analytics.41. Question:A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket analyzed daily for one week and then must remain immediately accessible for occasional analysis What is the MOST cost-effective storage solution alternative to the current configuration?Select 1 option(s): Configure a lifecycle policy to delete the objects after 30 days. Configure a lifecycle policy to transition the objects to Amazon S3 Glacier after 30 days Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days42. Question:A solution architect needs to design a highly available application consisting of web, application, and database tiers, HTTPS content delivery should be as close to the edge as possible, with the least delivery time. Which solution meets these requirements and is MOST secure?Select 1 option(s): Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances m public subnets Configure Amazon CtoudFiont to deliver HTTPS content using the public ALB as the origin Amazon EC2 instances in private subnets Configure Configure a public Application Load Balancer with multiple redundant Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin. Configure a public Application Load Balancer (ALB) with multiple redundant Amazon EC2 instances in private subnets Configure Amazon CloudFront to deliver HTTPS content using the public ALB as the origin Configure a public Application Load Balancer with multiple redundant Amazon EC2 instances in public subnets Configure Amazon CloudFront to deliver HTTPS content using the EC2 instances as the origin43. Question: A company is running a highly sensitive application on Amazon EC2 backed by an Amazon RDS database Compliance regulations mandate that all personally identifiable information (Pll) be encrypted at restWhich solution should a solutions architect recommend to meet this requirement with the LEAST amount of changes to the infrastructure''Select 1 option(s): Deploy AWS Certificate Manager to generate certificates Use the certificates to encrypt the database volume Deploy AWS CloudHSM. generate encryption keys, and use the customer master key (CMK) to encrypt database volumes. Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes Configure Amazon Elastic Block Store {Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.44. Question:An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time. What is the MOST secure way to do this?Select 1 option(s): Enable public read on the S3 object and provide the link to the vendor. Upload the file to Amazon WorkDocs and share the public link with the vendor. Generate a presigned URL and have the vendor download the log file before it expires. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multifactor authentication.45. Question:A business application is hosted on Amazon EC2 and uses Amazon S3 for encrypted object storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet. Which capability should the solutions architect use to meet the compliance requirements?Select 1 option(s): AWS Key Management Service (AWS KMS) ) VPC endpoint Private subnet Virtual private gateway46. Question:A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync A solutions architect needs to replace the file server farmWhich service should the solutions architect use?Select 1 option(s): Amazon EFS Amazon FSx Amazon S3 AWS Storage Gateway47. Question:A company is developing an ecommerce application that will consist of a load-balanced front end. a container-based application and a relational database A solutions architect needs to create a highly available solution that operates with as little manual intervention as possible Which solutions meet these requirements? Select 2 option(s): Create an Amazon RDS DB instance in Multi-AZ mode Create an Amazon RDS DB instance and one or more replicas in another Availability Zone Create an Amazon EC2 instance-based Docker cluster to handle the dynamic application load Create an Amazon Elastic Container Service (Amazon ECS) cluster with a Fargate launch type to handle the dynamic application load Create an Amazon Elastic Container Service (Amazon ECS) cluster with an Amazon EC2 launch type to handle the dynamic application load48. Question:A company runs an application on an Amazon EC2 instance Backed by Amazon Elastic Block Store (Amazon EBS). The instance needs to be available for 12 hours daily. The company wants to save costs by making the instance unavailable outside the window required for the application However the contents of the instance's memory must be preserved whenever the instance is unavailable What should a solutions architect do lo meet this requirement?Select 1 option(s): Stop the instance outside the application's availability window. Start up the Instance again when required. Hibernate tie instance outside the application's availability window. Start up the instance again when required. Use Auto Scaling to scale down the instance outside the application's availability window. Scale up the instance when required. Terminate the instance outside the application's availability window Launch the instance by using a preconfigured Amazon Machine Image (AMI) when required49. Question:A solutions architect needs to design a resilient solution for Windows users' home directories. The solution must provide fault tolerance, file-level backup and recovery, and access control, based upon the company's Active Directory. Which storage solution meets these requirements?Select 1 option(s): Configure Amazon S3 to store the users' home directories. Join Amazon S3 to Active Directory. Configure a Multi-AZ file system with Amazon FSx for Windows File Server Join Amazon FSx to Active Directory. Configure Amazon Elastic File System (Amazon EFS) for the users' home directories. Configure AWS Single Sign-On with Active Directory. Configure Amazon Elastic Block Store (Amazon EBS) to store the users' home directories Configure AWS Single Sign-On with Active Directory.50. Question: A company has NFS servers in an on-premises data center that need to periodically back up small amounts of data to Amazon S3. Which solution meets these requirements and is MOST cost-effective?Select 1 option(s): Set up AWS Glue to copy the data from the on-premises servers to Amazon S3. Set up an AWS DataSync agent on the on premises servers, and sync the data to Amazon S3. Set up an SFTP sync using AWS Transfer for SFTP to sync data from on premises to Amazon S3. Set up an AWS Direct Connect connection between the on-premises data center and a VPC, and copy the data to Amazon S3Time is Up!
