Cloud Architecting Quiz and Answer
Cloud Architecting refers to the process of designing and creating cloud-based infrastructure, systems, and solutions.
A cloud architect is responsible for planning, designing, and managing an organization's cloud environment, ensuring it is scalable, secure, and optimized for performance and cost-efficiency.
The following are quizzes and answers related to Cloud Architecting. They are listed in no particular order.
- For certain services like Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Relational Database Service (Amazon RDS), you can invest in reserved capacity. What options are available for Reserved Instances?
AURI, NURI, PURI.
- Where can a customer go to get more details about Amazon Elastic Compute Cloud (Amazon EC2) billing activity that took the place 3 months ago?
AWS Cost Explorer
- True or false? To receive the discounted rate associated with Reserved Instances, you must make a full, upfront payment for the term of the agreement
False
- There is no charge for which of the following data transfer on Amazon Web Services (AWS)?
(i) Inbound data transfer (with some exceptions), (ii) Data transfer between services within the same AWS Reg
- What are the four support plans offered by AWS Support?
Basic, Developer, Business, Enterprise
- What AWS tool compares the cost of running your application in an on-premises data center to AWS?
Total Cost of Ownership calculator
- As AWS grows, the cost of doing business is reduced and savings are passed back to the customer with lower pricing. What is this optimization called?
Economics of scale
- True or false? AWS offers a variety of services at no charge, for example, Amazon Virtual Private Cloud (Amazon VPC), AWS Identity and Access Management (IAM), Consolidated Billing, AWS Elastic Beanstalk, automatic scaling, AWS OpsWorks and AWS CloudFormation. However, you might be charged for other AWS services that you use in conjunction with these services.
True
- When are free data transfers applicable across AWS?
Free inbound data transfer for Amazon Elastic Computer Cloud (Amazon EC2) instances Free outbound data transfer between AWS services within the same Region
- True of false? Unlimited services are available with the AWS Free Tier to new AWS customers for 12 months following their AWS sign-up date.
False
- A student is learning about Amazon Simple Storage Service (Amazon S3). During an interview, a potential employers asks the student to explain how Amazon S3 can be used as a storage solution. Which option is a use case for Amazon S3?
Data lake
- A developer wants to store image files in a bucket that is called images-bucket, but receives the error BucketAlreadyExists. Which action must the developer take to resolve this error?
Bucket names are globally unique. If the requested bucket name is not available, the developer must rename the bucket.
- A ______ organizes the Amazon Simple Storage Service (Amazon S3) namespace at the highest level.
Bucket
- A developer is using Amazon Simple Storage Service (Amazon S3) to host a static website in a bucket called frank-martha-cafe. This bucket is in the us-east-1 Region. Which URL is the virtual-hosted-style URL for their website?
https://frank-martha-cafe.s3-website-us-east-1.amazonaws.com
- True or False: After versioning is enabled on an Amazon Simple Storage Service (Amazon S3) bucket, it can be disabled
False
- What is the largest size of an object that a user can upload to Amazon Simple Storage Service (Amazon S3) in a single PUT operation?
5GB
- A developer uses an Amazon Simple Storage Service (Amazon S3) bucket. They want to allow a certain AWS Identity and Access Management (IAM) user to perform any S3 operation on the bucket and its objects. They also want to follow AWS recommendations for granting permissions. Which mechanism should the developer apply to the bucket?
Bucket policy
- A developer wants to allow a user to download objects directly from an Amazon Simple Storage Service (Amazon S3) bucket without needing AWS security credentials or permissions. What can the developer share with the user to grant them time-limited access to the objects.
The bucket endpoint URL
- Which method can be used to encrypt Amazon Simple Storage Service (Amazon S3) objects in transit?
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
- A developer hosts a static website in an Amazon Simple Storage Service (Amazon S3) bucket. The website references image objects in another S3 bucket. However, these images do no display on the website. What could be the problem?
Cross-Origin Resources Sharing (CORS) has not been enabled on the bucket where the assets are stored
- Due to a company merger, a data engineer needs to increase their object storage capacity. They are not sure how much storage they will need. They want a highly scalable service that can store unstructured, semistructured, and structured data. Which service would be the most cost effective to accomplish this task?
Amazon S3
- Amazon S3 provides a good soultion for which use case?
An internet-accessible storage location for video files that an external website can access
- A company is interested in using Amazon S3 to host their website instead of a traditional web server. Which types of content does Amazon S3 support for static web hosting?
(i) HTML files and image files, (ii) Video and sound files, and (iii) client-side scripts
- A company wants to use an S3 bucket to store sensitive data. Which actions can they take to protect their data?
(i) enabling server-side encryption on the S3 bucket before uploading sensitive data, and (ii) using client-side encrytion to protect data in transit before it is sent to Amazon S3
- A company must create a common place to store shared files. Which requirements does Amazon S3 support? (i) maintain different versions of files, and (ii) recover deleted files
- A customer service team accesses case data daily for up to 30 days. Cases can be reopened and require immediate access for 1 year after they are closed. Reopened cases require 2 days to process. Which solution meets the requirements and is the most cosst efficient?
Store case data in S3 Standard. Use a lifecycle policy to move the data into S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
- Which option takes advantage of edge locations in Amazon CloudFront to transfer files over long distances to an S3 bucket?
Amazon S3 Transfer Acceleration
- A video producer must regularly transfer several video files to Amazon S3. The files range from 100-700 MB. The internet connection has been unreliable, causing some uploads to fail. Which solution provides the fastest, most reliable, and most const-effective way to transfer these files to Amazon S3?
Amazon S3 multipart uploads.
- Which Amazon S3 storage class is designed for backup copies of on-premises data or easily re-creatable data?
S3 One Zone-Infrequent Access (S3 One Zone-IA)
- A company needs to retain records for regulatory purposes for a 7-year period. These records are rarely accessed (once or twice a year). What is the lowest-cost storage class for Amazon S3?
S3 Glacier Deep Archive
- Which attributes are reasons to choose Amazon EC2? Select two
(i) complete control of computing resources, and (ii) ability to run any type of workload
- What are the benefits of using Amazon Machine Image (AMI)? Select three
(I) selling or sharing software solutions packaged as an AMI, (ii) using an AMI as a server backup for Amazon EC2 instances, and (iii) launching instances with the same configuration
- A system administrator must change the instance types of multiple running Amazon EC2 instances. The instances were launched with a mix of Amazon Elastic Block Store (Amazon EBS) backed Amazon Machine Images (AMIs) and instance-store-backed AMIs. Which method is a valid way to change the instance type?
Stop an Amazon EBS-backed instance, change its instance type, and start the instance
- A workload requires high read/write access to large local datasets. Which instance types would perform best for this workload? (i) storage optimized, and (ii) memory optimized.
- An application requires the media access control (MAC) address of the host Amazon Elastic Compute Cloud (Amazon EC2) instance. The architecture uses an AWS Auto Scaling group to dynamically launch and terminate instances. Which way is best for the application to obtain the MAC address?
Use the user data of each instance to access the MAC address through the instance metadata
- Which statements about user data are correct select two
(i) by default, user data runs only once, when an instance is launched, and (ii) the cloud architect must remove the config_user_scripts file to rerun the user data scripts
- A transactional workload on an Amazon Elastic Compute Cloud (Amazon EC2) instance performs high amount of frequent read and write operations. Which Amazon Elastic Book Store (Amazon EBS) volume type is best for this workload?
Provisioned IOPS SSD volume type
- It is possible to create an NFS share on an Amazon EBS-backed Linux instance by installing and configuring an NFS server on the instance. In this way, multiple Linux systems can share the file system of that instance. Which advantages does Amazon Elastic File System (Amazon EFS) provide, compared to this solution?
(i) Automatic scaling, and (ii) high availability
- Which feature does Amazon FSx for Windows File Server provide?
Fully managed Windows file servers
- Which descriptions of Amazon Elastic Compute Cloud (Amazon EC2) pricing options are correct?
(i) with On-Demand Instances, customers can pay for compute capacity by usage time with no long term commitments, and (ii) Spot instances offer spare compute capacity at discounted prices, and can be interrupted.
- Which statement that compares a database service that AWS manages with a database on an Amazon EC2 instance is true?
AWS manages database patches for a database on a managed database service.
- A small startup company is deciding which database service to use for an enrollment system for their online training website. Which requirements might lead them to select Amazon RDS rarther than Amazon DynamoDB? Select two
(i) the data is highly structured, and (ii) student, course, and registration data are stored in many different tables.
- A startup company is building an order inventory system with a web frontend and is looking for a real-time transactional database. Which service would best meet their needs?
Amazon DynamoDB
- A small game company is designing an online game, where thousands of players can create their own in-game objects. The current design uses a MySQL database in Amazon RD to store data for player-created objects. Which proposed online game object features could make Amazon DynamoDB a better solution? Select two
(i) unpredictable object attributes for player-created objects, and (ii) a high amount of read activity on player-created objects and a low amount of writes
- An organization is concerned about an increase in fraud. Which service could help with building real-time graph database queries for fraud detection?
Amazon Neptune
- A data engineer must host a new Microsoft SQL server database in AWS for a project. Which service could they use to accomplish this task?
Amazon Aurora
- Which statements should be used to secure an Amazon RDS database? Select three
(i) a virtual private cloud (VPC) to provide instance isolation, (ii) security groups to control network access to individual RDS instances, and (ii) encryption both ar rest and in transit to protect sensitive data.
- Which techniques should be used to secure Amazon DynamoDB? Select three
(i) AWS IAM policies to define access at the table, item, or attribute level, (ii) encryption to protect sensitive data, and (iii) An Amazon VPC gateway endpoint to prevent traffic from traversing the internet
- A company wants to migreat their on-premises Oracle database to Amazon Aurora MySQL. Which process describes the high-level steps most accurately?
use AWS Schema Conversion Tool to convert the schema, and then use AWS Database Migration Service to migrate the data.
- A cloud architect is setting up an application to use an Amazon RDS MySQL DB instance. The database must be architected for high Availability Zones and AWS Regions with minimal downtime. How should they meet this requirement?
Set up an RDS MySQL Multi-AX DB instance. Configure a read replica in a different Region.
- Which definition describes a virtual private cloud (VPC)?
a logically isolated virtual network that you define in the AWS Cloud.
- Which component does not have direct access to the internet?
EC2 instance inside a private subnet.
- A company’s VPC has the Classless Inter-Domain Routing (CIDR) block 172.16.0.0/21 (2048 addresses). It has two subnets (A and B). each subnet must support 100 usable addresses now, but this number is expected to rise to at most 254 usable addresses soon. Which subnet addressing scheme meets the requirements and follow AWS best practices?
Subnet A: 172.16.0.0/23 (512 addresses) Subnet B: 172.16.0.0/23 (512 addresses)
- Several EC2 instances launch in a VPC that has internet access. These instances should not be accessible from the internet, but they must be able to download updates from the internet. How should the instances launch?
Without public IP addresses, in a subnet with a default route to a NAT gateway
- A group of consultants requires access to an EC2 instance from the intenet for 3 consecutive days each week. The instance is shut down the rest of the week. The VPC has internet access. How should you assign one IPv4 address to the instance to give the consultants access?
Associate an Elastic IP with the EC2 instance
- An application uses a bastion host to allow access to the EC2 instance in a private subnet within a VPC. What security configurations would allow SSH access from the source IP to the EC2 instance? Select TWO
(i) Add a rule to the EC2 instance security group to allow return traffic from the bastion host security group on port 22, and (ii) Add a rule to the bastion host security group to allow traffic on port 22 from your source IP address.
- A solution deployed in a VPC needs a subnet with limited access to specific internet addresses. How can an architect configue the netwotk to limit traffic from and to the EC2 instances in the subnet using a network access control list (ACL)?
Add rules to the subnet custom network ACL to allow traffic from and to allowed internet addresses
- Which actions are best practices for designing a VPC? Select three
(i) Divide the VPC network range evenly across all Availability Zones available, (ii) Create one subnet per Availability Zone for each group of hosts that have unique routing requirements, and (iii) Reserve some address space for future use
- Where can you have VPC flow logs delivered? Select three
(i) Amazon CloudWatch, (ii) Amazon S3 bucket, and (iii) Amazon Kinesis Data Firehose
- An EC2 instance must connect to an Amazon S3 bucket. What component provides this connectivity with no additional charge and bo throughput packet limits?
gateway VPC enpoint
- What is the simplest way to connect 100 VPCs together?
Connect the VPCs to AWS Transit Gateway
- A company needs network traffic to flow between an AWS account in one Region to another account in a different Region. What should they set up between the transit gateways in each region?
Transit gateway peering attachment
- A company has two VPCs. VPC A has a CIDR block of 10.1.0.0/16. VPC B has a CIDR block of 10.2.0.0/16. Both VPCs belong to the same AWS account. What is the simplest way to connect the two VPCs so that they can route all traffic between them?
VPC peering
- Systems in a secure subnet in a VPC must access a bucket in Amazon S3. Which solutions stop traffic from crossing the internet? Select two
(i) create a VPC gateway endpoint for Amazon S3, and (ii) use VPC interface endpoints
- A company has three VPCs. VPC A, B, and C have CIDR blocks that do not overlap. Both A and C have separate VPC peering connections with B. However, A cannot communicate with C. What is the simplest and most cost-effective way to enable full communication between A and C?
add a peering connection between A and C, and route traffic between A and C through the perring connection
- Because of a natural disaster, a company moved a secondary data center to a temporary faciity with internet connectivity. It needs a secure connection to the company’s VPC that must be operational as soon as possible. The data center will move again in 2 weeks. Which option meets the requirements?
AWS Site-to-Site VPN
- A company is concerned about internet disruptions. It wants to efficiciently route traffic from their on-premises network to an AWS edge location close to their customer gateway device. What should they use?
AWS Global Accelerator
- A company is implementing a system to back up on-premises systems to AWS. Which network connectivity method provides a solution with the most consistent performance?
AWS Direct Connect
- A company uses a single AWS Direct Connect connection between their on-premises network and their VPC. They want to ensure that the network connectivity is highly available by adding a backup connection. Which network connectivity method provides the most cost-effective solution for the backup connection?
An on-demand AWS Site-toSite VPN connection across the internet
- A company is connecting a VPC to multiple on-premises data centers using a VPN. Which implementation ensures resiliency and predictable bandwidth requirements?
implement AWS Direct Connect as the primary connection and use the VPN to create connectivity to multiple VPCs across multiple AWS Regions.
- Which are characteristics of an AWS IAM group? Select two
(i) new users added to a group inherit the group’s permissions, (ii) a user can belong to more than one group.
- What is an advantage of using attribute-based access control (ABAC) over role-based access control (RBAC)?
ABAC will likely require fewer policies than RBAC
- A developer is a member of an AWS IAM group that has group policy attached to it. The group policy allows access to Amazon S3 and Amazon EC2 and denies access to Amazon Elastic Container Service (Amazon ECS). The developer also has a user policy attached which allows access to Amazon ECS and Amazon CloudFront. Which option describes the user’s access?
Access to S3, EC2, and CloudFront, but no access to ECS
- What is a benefit of identity federation with the AWS Cloud?
it enables the use of an external identity provider to authenticate workforces users and give them access to AWS resources
- Which service enables identity federation for accessing a web application running in the AWS Cloud?
Amazon Cognito
- Which service helps centrally manage billing, control access, compliance and security, and share resources across multiple AWS accounts?
AWS Organizations
- A technology company has multiple production accounts grouped into a production organizational unit (OU) in AWS Organizations. The company wants to prevent all AWS IAM users in the procution accoint from deleting AWS CloudTrail logs. How can a system administrator enforce this restriction?
create a service control policy (SCP), and attach it to the production OU.
- A developer is writing a client application that encrypts sensitive data using a data key before sending it to a server application. The client application sends the data key to the server application so that the server application can decrypt the sensitive information. The developer is concerned that the condifentiality of the sensitive data might be compromised if the data key is stolen. Which type of encryption should the developer use to fully protect the sensitive information?
envelope encryption.
- Which funtions does the AWS Key Management Service (AWS KMS) provide? Select two
(i) rotate keys, and (ii) create symmetric and asymmetric keys.
- Which AWS service discovers and protects sensitive information stored on Amazon S3 in an AWS account?
Amazon Macie
- Which statement about Amazon EC2 Auto Scaling is accurate?
it can launch Amazon EC2 instances in multiple Availability Zones
- A devops engineer detected that the demand on a fleet of Amazon EC2 instances in an Auto Scaling group increases by a set amount on weekend days. Which type of scaling is the most appropriate for this scenario?
scheduled
- A devops engineer launches a fleet of Amazon EC2 instances are launched in an Auto Scaling group behind an Application Load Balancer. The EC2 instances must maintain 50 percent average CPU utilization. Which type of scaling is appropriate to use based on CPU utilization usage?
target tracking scaling
- How can a user vertically scale an Amazon RDS database?
By changing the instance class or size.
- How can an AWS customer horizontally scale an Amazon Aurora database?
By adding Aurora Replica instances by using Aurora Auto Scaling.
- How does Amazon DynamoDB perform automatic scaling?
It adjusts the provisioned throughput capacity in response to traffic patterns.
- A fleet of Amazon EC2 instances is launched in an Amazon EC2 Auto Scaling group. The instances run an application that uses a custom protocol on TCP port 42000. Connections from client systems on the internet must balance across the instances. Which load balancing solution ensures the highest availability?
Network load balancer
- A company must build a highly available website that uses server-side scripts to serve dynamic HTML. Which solution provides the HIGHEST availability for the LEAST cost and complexity?
An Auto Scaling group launches Amazon EC2 instances, which are served by an Application Load Balancer. DNS name resolution points to the load balancer.
- Users in location A connect to an application in Region A. Users in location B connect to the same application in Region B. If the application in Region A becomes unhealthy, clients in location A must be redirected to the application in Region B. Which solution can meet this requirement?
Use geolocation routing with failover records in Amazon Route 53.
- A software engineer has created an AWS account for your own personal development and testing. They want the account to stay within the AWS Free Tier and not to generate unexpected costs. Which approach will work and requires the LEAST effort?
Create an Amazon CloudWatch alarm to send you an email message when the account billing exceeds $0.
- What are reasons to use automation to provision resources? Select two
(i) lack of version control with manual process, (ii) alignment with the reliability design principle
- What are benefits of using infrastructure as code (IaC) over manual process? Select two
(i) deploy environments with configuration consistency, and (ii) propagates updates from single environment to all environments.
- A cloud architect want to quickly set up a secure implementation of an Amazon FSx for Windows File Server that follows AWS best practices. Which solution should you use?
An AWS Quick Start
- What is Amazon Q Developer?
An artificial intelligence (AI)-powered coding companion.
- Which are reasons to use Amazon Q Developer? Select two
(i) accelerate coding tasks, and (ii) enhance application security
- What is AWS CloudFormation?
An AWS service that you can use to create, model and manage AWS resources
- What is the AWS CloudFormation Designer?
A graphical design interface for creating AWS CloudFormation templates
- Which option can be used to accomplish deployment-specific differences in an AWS CloudFormation template?
use conditions
- Which option is a good way to preview changes before implementing them in AWS CloudFormation Designer?
Create a change set
- Which option is a good way to know which resources in an application environment were manually modified if the environment was created by running an AWS CloudFormation stack?
Run drift detection on the stack
- What is caching?
An high-speed data storage layer used for storing frequently accessed data.
- Which type of data should you cache?
static data that is frequently accessed.
- What is the benefit of caching?
reduced response latency
- Which types of content on a web page can be cached using an edge cache? Selct two
(i) web objects such as hyperlinks, and (ii) video files such as a product demo
- What does Amazon CloudFront enable?
Multi-tiered and regional caching of content
- How does Amazon CloudFront use edge locations?
It caches frequently accessed content at the edge locations. It delivers the cached content to clients through the edge location with the lowest latency to those clients.
- Which statement describes an efficient way to deliver on-demand video content?
Use Amazon S3 to store the content. Then use Amazon CloudFront to deliver the content.
- Which role does Amazon CloudFront play in protecting against distributed denial of service (DDoS) attacks?
Routes traffic through edge locations
- How can an application use Amazon ElastiCache to improve database read performance? (Select TWO.)
(i) Read data from ElastiCache first and write to ElastiCache when a cache miss occurs, and (ii) Write data to ElastiCache whenever the application writes to the database.
- Which type of caching strategy should be used when there's data that must be updated in real time?
Write-through
- Which statement describes the difference between tightly and loosely coupled architectures?
Components in a tightly coupled architecture are highly dependent on each other. In a loosely coupled architecture, components are not highly dependent on each other.
- Which statements describe Amazon Simple Queue Service (Amazon SQS)? Select three
(i) Stores and optionally encrypts messages until they are processed and deleted, (ii) Enables you to decouple and scale microservices, distributed systems, and serverless applications, and (iii) requires a consumer to poll the queue for messages
- Which statements are true when using an Amazon Simple Queue Service (Amazon SQS) standard queue? Select two (i) A message might need to be delivered more than once, and (ii) Messages can be sent in any order.
- A fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances process videos that users upload. Which function can Amazon Simple Queue Service (Amazon SQS) perform in this application?
The application places job messages in an SQS queue. EC2 instances with available processing capacity pull the next job message from the queue.
- What is Amazon Simple Notification Service (Amazon SNS)
A fully managed messaging service for both system-to-system and application-to-application communication which uses publish/subscribe (pub/sub) patterns
- What are some use cases for Amazon Simple Notification Service (Amazon SNS)? Select Three
(i) Notify multiple systems that user input is ready for processing, (ii) Send a push notification to mobile applications when a new software update is available, and (iii) Send a text message to systems operators when unusual activity has been detected.
- What are some features of Amazon Simple Notification Service (Amazon SNS)? Select two
(i) Message delivery to an Amazon Simple Queue Service (Amazon SQS) queue, and (ii) Message delivery to a URL
- Two AWS Lambda functions must simultaneously process PDF Files when they are uploaded to an Amazon Simple Storage Service (Amazon S3) bucket. The S3 event notification allows only one action when the PDF files are uploaded. Which solution provides the simplest and most efficient way to trigger both Lambda functions?
Send the S3 event to an Amazon Simple Notification Service (Amazon SNS) topic that both Lambda functions subscribe to.
- What is Amazon MQ?
Message broker service
- What is a common use case for Amazon MQ?
Leveraging an existing on-premesis application that uses Apache ActiveMQ to communicate between microservices
- A solutions architect wants to propose a microservice architecture on AWS to management. Which serverless computing benefits should they include in the proposal ? (Select THREE.)
(i) continuous scaling, (ii) built-in high availability, and (iii) pay-for-value services
- A developer needs to create and deploy a simple web form to capture employee commute information for the company internal employee website. Which is a serverless solution for creating the simple web form?
Host static assets in an Amazon S3 bucket, use an Amazon DynamoDB table, and use Amazon API Gateway and AWS Lambda functions to interact with the database
- Why would a solutions architect recommend to use a microservice architecture? (Select TWO.)
(i) solves a specific business problem, and (ii) independence from other components
- Which scaling configuration does a team lead need to apply to accomplish Lambda function scaling?
None because the AWS Lambda service scales functions automatically
- A solutions architect has to use a custom library in an architecture that uses Lambda functions as the compute option. Which Lambda feature should be used for optimal function deployments?
Lambda layers
- Which set of statements is true for software packaged as a container?
Standardized, portable application code packages that contain code and code dependencies. A container is run by a container engine. A container does not include a guest operating system.
- What is the most effective container deployment using Amazon Elastic Container Service (Amazon ECS) containers when refactoring a monolithic application to use a microservice architecture?
Create services that each provide a distinct function of the application, and run each service in a separate container that Amazon ECS manages.
- An environmental science organization wants to provide HTTPS read-only access to its sensor data DynamoDB database. The user usage pattern is intermittent with 68 percent idle time per month. Which solution is the most cost efficient and secure with the least amount of operational maintenance?
Create a public interface by using Amazon API Gateway with Lambda functions accessing the DynamoDB sensor database.
- Which workflows are suitable to implement with AWS Step Functions when the goal is to implement the solution to reduce operational overhead? (Select THREE.)
(i) Update inventory and run a shipment workflow when a customer purchases an item on an e-commerce site, (ii) implement manual approval in a security incident response workflow, and (iii) coordinate multi-step analytics and machine learning workflows.
- A developer wants to implement a manual approval step using an AWS step functions state machine. The manual approval state has to pause until a notification of approval or rejection is received from an approver email. Which should be implemented in the Step Functions state machine?
A task or activity state with an activated wait for callback parameter
- Which scenario describes a challenge to data velocity?
a shopping website collects clickstream to make personalized recommendations while a user is shopping. When the website is very busy, there is a delay in returning results to customers
- Which statement describes the goal of a modern data architecture?
Give users the ability to access all of organization’s data by integrating a data lake, a data warehouse, and other purpose-built data stores
- Which analytic workload scenario can be a use case for the batch ingestion process?
Send sales transaction data from a retailer’s website to a central location periodically. Analyze the data overnight, and deliver reports to branches in the morning
- A medical research company has a ribonucleic acid (RNA) sequencing machine that stores its private results to the lab’s on-premises networked-attached storage. Their data science team wants to ingest these results into their AWS account. How should theu ingest this data?
Use AWS DataSync to transfer data from the on-premises file store to an Amazon S3 bucket in the data lake
- A data engineer has ingested a new JSON file into an Amazon S3 bucket in their data lake. An AWS Glue Data Catalog maintains metadata about data in the lake. Which features of AWS Glue can the data engineer use to discover the JSON data schema with the fewest steps in a code-free way?
Run an AWS Glue crawler on the S3 bucket
- A data pipeline will ingest clickstream data from a shopping website. The data engineer must transform data as it arrives to feed a real-time analytics Amazon OpenSearch Service dashboard. They must also generate a monthly report based on the dashboard. Which configuration meets this need?
Use Amazon Kinesis Data Stream to capture the data. Use Amazon Kinesis Data Anlytcis to consume and transform data from the stream. Use Amazon Kinesis Data Firehose to deliver transformed sata to OpenSearch Service
- Which statement accurately describes a consideration for designing pipeline storage
Archive data out of relational databases into a more cost-efficient storage option
- A data engineer is desgning a low-cost infrastructure to store data directly from a central repository for both structure and unstructured data. Which option meets the data engineer’s needs?
Amazon S3
- A DevOps engineer is migrating an on-premises Apache Hadoop cluster to AWS. The cluster runs scheduled jobs by using parallel processing. Which AWS service is the MOST appropriate choice
Amazon EMR
- A marketing manager quickly needs one-time insights about the number of leads and closed deals across multiple postal codes. Which service would be the MOST cost-effective ethod to query daily aggregates of sales data stored in Amazon S3?
Amazon Athena
- What are the definitions for recovery point objective (RPO) and recovery time objective (RTO)?
RPO is the maximum acceptable data loss, measured in time. RTO is the maximum acceptable time until recovery.
- What can you do to quickly replicate or redeploy environments in a disaster
use AWS CloudFormation templates to deploy duplicate environments in the same Region
- A company stores data in an Amazon S3 bucket. Which solution provides the most efficient way to ensure that all new and existing objects and metadata are copied to another Region for disaster recovery (DR)?
Enable cross-Region replication on the bucket and copy exiting objects onto themselves.
- Which strategy is the most efficient for Amazon EC2 disaster recovery (DR)?
store essential data separately from the instance, and develop rapid rebuild processes for compute instances.
- Which service provides automatic failover between multiple endpoints in support of a geographich disaster recovery strategy?
Amazon Route 53
- Which statement about he backup and restore disaster recovery pattern is true?
most cost-effective, but highest recovery time objective (RTO)
- Which statements accurately describe the infrastructure characteristics of common disatater revovery patterns? Select two
(i) warm standy has scaled-down version of all infrastructure that scales as necessary and within pre-defined limits to meet th load when a distater occurs, and (ii) pilot light has minimal infrastructure that always runs. The rest of the infrastructure does not run until a disaster occurs.
- What does the multi-site disaster recovery pattern involve?
it involves automatic failover to a second fully functional, constantly operational system that is in another site
- A company requires a disaster recovery solution for a business-critical application that provides a recovery time objective and recovery point objective in minutes. However, they do not want to pay for more that what they need. Which DR pattern would most likely meet these requirements?
warm standby
- What does AWS Strogare Gateway enable you to do? Select three
(i) present cloud-based internet Small Computer Systems Interface (iSCSI) block storage volume to on-premises applications, (ii) use Server Message Block (SMB) or Network File System (NFS) to connect to Amazon S3, and (iii) transfer backup from tape or Virtual Tape Library (VTL) systems to the cloud
- As a Solutions Architect at Digital Cloud Training you are helping a client to design a multi-tier web application architecture. The client has requested that the architecture provide low-latency connectivity between all servers and be resilient across multiple locations. They would also like to use their existing Microsoft SQL licenses for the database tier. The client needs to maintain the ability to access the operating systems of all servers for the installation of monitoring software. How would you recommend the database tier is deployed?
Amazon EC2 instances with Microsoft SQL Server and data replication between two different AZs
- Your company shares some HR videos stored in an Amazon S3 bucket via CloudFront. You need to restrict access to the private content so users coming from specific IP addresses can access the videos and ensure direct access via the Amazon S3 bucket is not possible. How can this be achieved?
Configure CloudFront to require users to access the files using a signed URL, create an origin access identity (OAI) and restrict access to the files in the Amazon S3 bucket to the OAI
- A Solutions Architect is responsible for a web application that runs on EC2 instances that sit behind an Application Load Balancer (ALB). Auto Scaling is used to launch instances across 3 Availability Zones. The web application serves large image files and these are stored on an Amazon EFS file system. Users have experienced delays in retrieving the files and the Architect has been asked to improve the user experience. What should the Architect do to improve user experience?
Cache static content using CloudFront
- You work as a Solutions Architect at Digital Cloud Training. You are working on a disaster recovery solution that allows you to bring up your applications in another AWS region. Some of your applications run on EC2 instances and have proprietary software configurations with embedded licenses. You need to create duplicate copies of your EC2 instances in the other region. What would be the best way to do this? (choose 2)
(i) Create an AMI of each EC2 instance and copy the AMIs to the other region, and (ii) Create new EC2 instances from the AMIs
- You are a Solutions Architect at Digital Cloud Training. A client from a large multinational corporation is working on a deployment of a significant amount of resources into AWS. The client would like to be able to deploy resources across multiple AWS accounts and regions using a single toolset and template. You have been asked to suggest a toolset that can provide this functionality?
Use a CloudFormation StackSet and specify the target accounts and regions in which the stacks will be created
- An application you manage exports data from a relational database into an S3 bucket. The data analytics team wants to import this data into a RedShift cluster in a VPC in the same account. Due to the data being sensitive the security team has instructed you to ensure that the data traverses the VPC without being routed via the public Internet. Which combination of actions would meet this requirement? (choose 2)
(i) Create and configure an Amazon S3 VPC endpoint, and (ii) Enable Amazon RedShift Enhanced VPC routing
- A company is generating large datasets with millions of rows to be summarized column-wise. To build daily reports from these data sets, Business Intelligence tools would be used. Which storage service would meet these requirements?
Amazon Redshift
- Which of the following are not backup and restore solutions provided by AWS? (choose multiple)
(i) AWS CloudFormation, and (ii) AWS Elastic Beanstalk
- A web application is running on a fleet of Amazon EC2 instances using an Auto Scaling Group. It is desired that the CPU usage in the fleet is kept at 40%. How should scaling be configured?
Use a target tracking policy that keeps the average aggregate CPU utilization at 40%
- You would like to create a highly available web application that serves static content using multiple On-Demand EC2 instances. Which of the following will help you to achieve this? (choose 2)
(i) Elastic Load Balancer and Auto Scaling, and (ii) Multiple Availability Zones
- You are an entrepreneur building a small company with some resources running on AWS. As you have limited funding, you're extremely cost conscious. Which AWS service can send you alerts via email or SNS topic when you are forecast to exceed your funding capacity so you can take action?
AWS Budgets
- A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster
- You had set up an internal HTTP(S) Elastic Load Balancer to route requests to two EC2 instances inside a private VPC. However, one of the target EC2 instance is showing Unhealthy status. Which of the following options could not be a reason for this?
An EC2 instance is in different availability zones than load balancer.
- A company has deployed Amazon RedShift for performing analytics on user data. When using Amazon RedShift, which of the following statements are correct in relation to availability and durability? (choose 2)
(i) RedShift provides continuous/incremental backups, (ii) RedShift always keeps three copies of your data
- A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only?
Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only
- An application is hosted on the U.S west coast. Users there have no problems, but users on the east coast are experiencing performance issues. The users have reported slow response times with the search bar auto-complete and display of account listings. How can you improve the performance for users on the east coast?
Create an ElastiCache database in the U.S east region.
- You are creating several EC2 instances for a new application. For better performance of the application, both low network latency and high network throughput are required for the EC2 instances. All instances should be launched in a single availability zone. How would you configure this?
Launch all EC2 instances in a placement group using a Cluster placement strategy.
- You have launched a Spot instance on EC2 for working on an application development project. In the event of an interruption what are the possible behaviors that can be configured? (choose 2)
(i) Hibernate, (ii) Stop
- A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure. All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow. Which of the following will provide the MOST cost-effective solution?
Amazon CloudFront with an Amazon S3 bucket origin
- You have developed a new web application on AWS for a real estate firm. It has a web interface where real estate employees upload photos of newly constructed houses in S3 buckets. Prospective buyer’s login to the website and access photos. The marketing team has initiated an intensive marketing event to promote new housing schemes which will lead to customers who frequently access these images. As this is a new application, you have no projection of traffic. You have created Auto Scaling across multiple instance types for these web servers, but you also need to optimize the cost for storage. You don’t want to compromise on latency & all images should be downloaded instantaneously without any outage. Which of the following is a recommended storage solution to meet this requirement?
Use S3 Intelligent-Tiering storage class.
- There is a requirement to get the source IP addresses that access resources in a private subnet. Which of the following could be used to fulfill this purpose?
VPC Flow Logs
- When creating an AWS CloudFront distribution, which of the following is not an origin?
AWS Lambda
- You are an AWS Solutions Architect. Your company has a successful web application deployed in an AWS Auto Scaling group. The application attracts more and more global customers. However, the application’s performance is impacted. Your manager asks you how to improve the performance and availability of the application. Which of the following AWS services would you recommend?
AWS Global Accelerator
- The data scientists in your company are looking for a service that can process and analyze real-time, streaming data. They would like to use standard SQL queries to query the streaming data. Which combination of AWS services would deliver these requirements?
Kinesis Data Streams and Kinesis Data Analytics
- Which of the following approaches provides the lowest cost for Amazon elastic block store snapshots while giving you the ability to fully restore data?
Maintain a single snapshot; the latest snapshot is both incremental and complete
- A Solutions Architect needs to transform data that is being uploaded into S3. The uploads happen sporadically and the transformation should be triggered by an event. The transformed data should then be loaded into a target data store. What services would be used to deliver this solution in the MOST cost-effective manner? (choose 2)
(i) Use AWS Glue to extract, transform and load the data into the target data store, and (ii) Configure S3 event notifications to trigger a Lambda function when data is uploaded and use the Lambda function to trigger the ETL job
- Which of the following is not a category in AWS Trusted Advisor service checks?
Network Optimization
- An e-commerce web application needs a highly scalable key-value database. Which AWS database service should be used?
Amazon DynamoDB
- You have an S3 bucket that receives photos uploaded by customers. When an object is uploaded, an event notification is sent to an SQS queue with the object details. You also have an ECS cluster that gets messages from the queue to do the batch processing. The queue size may change greatly depending on the number of incoming messages and backend processing speed. Which metric would you use to scale up/down the ECS cluster capacity?
The number of messages in the SQS queue.
- A colleague from your company's IT Security team has notified you of an Internet-based threat that affects a certain port and protocol combination. You have conducted an audit of your VPC and found that this port and protocol combination is allowed on an Inbound Rule with a source of 0.0.0.0/0. You have verified that this rule only exists for maintenance purposes and need to make an urgent change to block the access. What is the fastest way to block access from the Internet to the specific ports and protocols?
Update the security group by removing the rule
- An application with a 150 GB relational database runs on an EC2 Instance. While the application is used infrequently with small peaks in the morning and evening, which storage type would be the most cost-effective option for the above requirement?
Amazon EBS General Purpose SSD
- A company is developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (Select TWO.)
(i) DynamoDB, and (ii) ElastiCache
- As an AWS solution architect, you are building a new image processing application with queuing service. There is fleet of m4.large EC2 instances which would poll SQS as images are uploaded by users. The image processing takes around 55 seconds for completion, and users are notified via emails on completion. During the trial period, you find duplicate messages being generated due to which users are getting multiple emails for the same image. What would be the best option to eliminate duplicate messages before going to production?
Increase visibility timeout to 60 seconds.
- Which of the following statements are true with respect to VPC? (choose multiple)
(i) A network ACL can be associated with multiple subnets, and (ii) Subnet’s IP CIDR block can be same as the VPC CIDR block.
- You are a Solutions Architect. A large multinational client has requested a design for a multi-region, multi-master database. The client has requested that the database be designed for fast, massively scaled applications for a global user base. The database should be a fully managed service including the replication. Which AWS service can deliver these requirements?
DynamoDB with Global Tables and Cross Region Replication
- You have created a private Amazon CloudFront distribution that serves files from an Amazon S3 bucket and is accessed using signed URLs. You need to ensure that users cannot bypass the controls provided by Amazon CloudFront and access content directly. How can this be achieved? (choose 2)
(i) Modify the permissions on the Amazon S3 bucket so that only the origin access identity has read and download permissions, and (ii) Create an origin access identity and associate it with your distribution
- Which of the following features of an Amazon S3 bucket can only be suspended once they have been enabled?
Versioning
- A Solutions Architect requires a highly available database that can deliver an extremely low RPO. Which of the following configurations uses synchronous replication?
RDS DB instance using a Multi-AZ configuration
- A company is planning to build an online chat application for their enterprise level collaboration for their employees across the world. They are looking for a single digit latency fully managed database to store and retrieve conversations. What would AWS Database service you recommend?
AWS DynamoDB
- A Solutions Architect is designing a highly-scalable system to track records. Records must remain available for immediate download for three months, and then the records must be deleted. What's the most appropriate decision for this use case?
Store the files on Amazon S3, and create a lifecycle policy to remove the files after three months
- A Solutions Architect has created a VPC design that meets the security requirements of their organization. Any new applications that are deployed must use this VPC design. How can project teams deploy, manage, and delete VPCs that meet this design with the LEAST administrative effort?
Deploy an AWS CloudFormation template that defines components of the VPC
- There is a temporary need to share some video files that are stored in a private S3 bucket. The consumers do not have AWS accounts and you need to ensure that only authorized consumers can access the files. What is the best way to enable this access?
Generate a pre-signed URL and distribute it to the consumers
- You lead a team to develop a new online game application in AWS EC2. The application will have a large number of users globally. For a great user experience, this application requires very low network latency and jitter. If the network speed is not fast enough, you will lose customers. Which tool would you choose to improve the application performance? (Select TWO.)
(i) CloudFront, and (ii) AWS Global Accelerator
- Your company has an online game application deployed in an Auto Scaling group. The traffic of the application is predictable. Every Friday, the traffic starts to increase, remains high on weekends and then drops on Monday. You need to plan the scaling actions for the Auto Scaling group. Which method is the most suitable for the scaling policy?
Configure a scheduled action in the Auto Scaling group by specifying the recurrence, start/end time, capacities, etc.
- Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents.
Store data in an S3 bucket and enable versioning.
- A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI. The security team has mandated a more secure solution. Which solution will meet the security team’s mandate?
Create an IAM role with permissions to access the table, and launch all instances with the new role.
- Which of the following statements are true in terms of allowing/denying traffic from/to VPC assuming the default rules are not in effect? (choose 2)
(i) In a Network ACL, for a successful HTTPS connection, you must add an inbound rule and outbound rule with HTTPS type, IP range in source and destination respectively and ALLOW traffic, and (ii) In a Security Group, for a successful HTTPS connection, add an inbound rule with HTTPS type and IP range in the source.
- You need to deploy a machine learning application in AWS EC2. The performance of inter-instance communication is very critical for the application and you want to attach a network device to the instance so that the performance can be greatly improved. Which option is the most appropriate to improve the performance?
Configure Elastic Fabric Adapter (EFA) in the instance.
- You are working as an AWS Architect for a start-up company. The company has a two-tier production website on AWS with web servers in front end & database servers in the back end. A third-party firm has been looking after the operations of these database servers. They need to access these database servers in private subnets on SSH port. As per the standard operating procedure provided by the Security team, all access to these servers should be over a secure layer. What will be the best solution to meet this requirement?
Deploy Bastion hosts in Public Subnet
- A call center application consists of a three-tier application using Auto Scaling groups to automatically scale resources as needed. Users report that every morning at 9:00am the system becomes very slow for about 15 minutes. A Solutions Architect determines that a large percentage of the call center staff starts work at 9:00am, so Auto Scaling does not have enough time to scale to meet demand. How can the Architect fix the problem?
Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30am each morning
- A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances that will be placed behind an Elastic Load Balancer. The ELB must support WebSockets. How can the Architect meet these requirements?
Launch an Application Load Balancer (ALB)
- An organization is building an Amazon Redshift cluster in their shared services VPC. The cluster will host sensitive data. How can the organization control which networks can access the cluster?
Define a cluster security group for the cluster that allows access from the allowed networks.
- During an application load testing exercise, the Amazon RDS database was seen to cause a performance bottleneck. Which steps can be taken to improve the database performance? (choose 2)
(i) Redirect read queries to RDS read replicas, and (ii) Scale up to a larger RDS instance type
- You are undertaking a project to make some audio and video files that your company uses for onboarding new staff members available via a mobile application. You are looking for a cost-effective way to convert the files from their current formats into formats that are compatible with smartphones and tablets. The files are currently stored in an S3 bucket. What AWS service can help with converting the files?
Elastic Transcoder
- A company has a media processing application deployed in a local data center. Its file storage is built on a Microsoft Windows file server. The application and file server need to be migrated to AWS. You want to quickly set up the file server in AWS and the application code should continue working to access the file systems. Which method should you choose to create the file server?
Create a Windows File Server in Amazon FSx.
- An application launched on Amazon EC2 instances needs to publish personally identifiable information (Pll) about customers using Amazon SNS. The application is launched in private subnets within an Amazon VPC. Which is the MOST secure way to allow the application to access service endpoints in the same region?
Use AWS PrivateLink
- An organization is migrating data to the AWS cloud. An on-premises application uses Network File System shares and must access the data without code changes. The data is critical and is accessed frequently. Which storage solution should a Solutions Architect recommend to maximize availability and durability?
AWS Storage Gateway - File Gateway
- Your team is developing a high-performance computing (HPC) application. The application resolves complex, compute-intensive problems and needs a high-performance and low-latency Lustre file system. You need to configure this file system in AWS at a low cost. Which method is the most suitable?
Create a Lustre file system through Amazon FSx.
- A company is launching a new application and expects it to be very popular. The company requires a database layer that can scale along with the application. The schema will be frequently changes and the application cannot afford any downtime for database changes. Which AWS service allows the company to achieve these requirements?
Amazon DynamoDB
- You have launched an RDS instance with MySQL database with default configuration for your file sharing application to store all the transactional information. Due to security compliance, your organization wants to encrypt all the databases and storage on the cloud. They approached you to perform this activity on your MySQL RDS database. How can you achieve this?
Copy snapshot from the latest snapshot of your RDS instance, select encryption during copy and restore a new DB instance from the newly encrypted snapshot.
- A Solutions Architect is designing a critical business application with a relational database that runs on an EC2 instance. It requires a single EBS volume that can support up to 16,000 IOPS. Which Amazon EBS volume type can meet the performance requirements of this application?
EBS Provisioned IOPS SSD
- A new mobile application that your company is deploying will be hosted on AWS. The users of the application will use mobile devices to upload small amounts of data on a frequent basis. It is expected that the number of users connecting each day could be over 1 million. The data that is uploaded must be stored in a durable and persistent data store. The data store must also be highly available and easily scalable. Which AWS service would you use?
DynamoDB
- Your client is looking for a way to use standard templates for describing and provisioning their infrastructure resources on AWS. Which AWS service can be used in this scenario?
CloudFormation
- An application that you will be deploying in your VPC requires 14 EC2 instances that must be placed on distinct underlying hardware to reduce the impact of the failure of a hardware node. The instances will use varying instance types. What configuration will cater to these requirements taking cost-effectiveness into account?
Use a Spread Placement Group across two AZs
- An application running on EC2 instances processes sensitive information stored on Amazon S3. The information is accessed over the Internet. The security team is concerned that the Internet connectivity to Amazon S3 is a security risk. Which solution will resolve the security concern?
Access the data through a VPC endpoint for Amazon S3.
- You are planning to launch a RedShift cluster for processing and analyzing a large amount of data. The RedShift cluster will be deployed into a VPC with multiple subnets. Which construct is used when provisioning the cluster to allow you to specify a set of subnets in the VPC that the cluster will be deployed into?
Subnet Group
- One of your clients has asked you for some advice on an issue they are facing regarding storage. The client uses an on-premise block-based storage array which is getting close to capacity. The client would like to maintain a configuration where reads/writes to a subset of frequently accessed data are performed on-premise whilst also alleviating the local capacity issues by migrating data into the AWS cloud. What would you suggest as the BEST solution to the client's current problems?
Implement a Storage Gateway Volume Gateway in cached mode
- A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time but will not require frequent access. Which lifecycle action should be taken to meet the requirements while reducing costs?
Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
- A Linux instance running in your VPC requires some configuration changes to be implemented locally and you need to run some commands. Which of the following can be used to securely connect to the instance?
Key Pairs
- You need to enable sign in on your mobile app using social identity providers including Amazon, Facebook and Google. How can you enable this capability?
Amazon Cognito
- Your company is starting to use AWS to host new web-based applications. A new two-tier application will be deployed that provides customers with access to data records. It is important that the application is highly responsive and retrieval times are optimized. You're looking for a persistent data store that can provide the required performance. From the list below what AWS service would you recommend for this requirement?
ElastiCache with the Redis engine
- You have configured AWS S3 event notification to send a message to AWS Simple Queue Service whenever an object is deleted. You are performing a ReceiveMessage API operation on the AWS SQS queue to receive the S3 delete object message onto AWS EC2 instance. For any successful message operations, you are deleting them from the queue. For failed operations, you are not deleting the messages. You have developed a retry mechanism which reruns the application every 5 minutes for failed ReceiveMessage operations. However, you are not receiving the messages again during the rerun. What could have caused this?
Visibility Timeout on the SQS queue is set to 10 minutes.
- A client plans to migrate an on-premise multi-tier application to AWS. The application is integrated with industry-standard message brokers. The client wants to migrate from the existing message broker without rewriting application code. Which service should be used?
Amazon MQ
- The security policy of an organization requires an application to encrypt data before writing to the disk. Which solution should the organization use to meet this requirement?
AWS KMS API
- A Solutions Architect is developing a mobile web app that will provide access to health-related data. The web apps will be tested on Android and iOS devices. The Architect needs to run tests on multiple devices simultaneously and to be able to reproduce issues, and record logs and performance data to ensure quality before release. What AWS service can be used for these requirements?
AWS Device Farm
- A large media site has multiple applications running on Amazon ECS. A Solutions Architect needs to use content metadata to route traffic to specific services. What is the MOST efficient method to fulfill this requirement?
Use an AWS Application Load Balancer with a path-based routing rule to route traffic to the correct service
- An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 2000GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time. What should be implemented to improve database performance using persistent storage?
Change the EC2 instance type to one with EC2 instance store volumes
- You are an AWS Solutions Architect. Your company has a successful web application deployed in an AWS Auto Scaling group. The application attracts more and more global customers. However, the application’s performance is impacted. Your manager asks you how to improve the performance and availability of the application. Which of the following AWS services would you recommend?
AWS Global Accelerator
- A Solutions Architect is designing a shared service for hosting containers from several customers on Amazon ECS. These containers will use several AWS services. A container from one customer must not be able to access data from another customer. Which solution should the Architect use to meet the requirements?
IAM roles for tasks
- A web application allows customers to upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda function that inserts a message to an SQS queue. A single EC2 instance reads messages from the queue, processes them, and stores them in an DynamoDB table partitioned by unique order ID. Next month traffic is expected to increase by a factor of 10 and a Solutions Architect is reviewing the architecture for possible scaling problems. Which component is MOST likely to need re-architecting to be able to scale to accommodate the new traffic?
EC2 instance
- You are creating a design for a web-based application that will be based on a web front-end using EC2 instances and a database back-end. This application is a low priority and you do not want to incur costs in general day to day management. Which AWS database service can you use that will require the least operational overhead?
DynamoDB
- You would like to provide some on-demand and live streaming video to your customers. The plan is to provide the users with both the media player and the media files from the AWS cloud. One of the features you need is for the content of the media files to begin playing while the file is still being downloaded. What AWS services can deliver these requirements? (choose 2)
(i) Use CloudFront with a Web and RTMP distribution, and (ii) Store the media files in an S3 bucket
- There is a requirement to host a database on an EC2 Instance. It is also required that the EBS volume should support 18,000 IOPS. Which Amazon EBS volume type would meet the performance requirements of this database?
EBS Provisioned IOPS SSD
- How many VPCs can an Internet Gateway be attached to at any given time?
1
- You are planning to build a fleet of EBS-optimized EC2 instances for your new application. Due to security compliance, your organization wants you to encrypt root volume which is used to boot the instances. How can this be achieved?
Launch an unencrypted EC2 instance and create a snapshot of the root volume. Make a copy of the snapshot with the encryption option selected and Create Image using the encrypted snapshot. Use this image to launch EC2 instances.
- Which of the following is an AWS component which consumes resources from your VPC?
NAT Gateway
- An application you manage uses Auto Scaling and a fleet of EC2 instances. You recently noticed that Auto Scaling is scaling the number of instances up and down multiple times in the same hour. You need to implement a remediation to reduce the amount of scaling events. The remediation must be cost-effective and preserve elasticity. What design changes would you implement? (choose 2)
(i) Modify the CloudWatch alarm period that triggers your Auto Scaling scale down policy, and (ii) Modify the Auto Scaling group cool-down timers
- A company hosts a popular web application that connects to an Amazon RDS MySQL DB instance running in a default VPC private subnet created with default ACL settings. The web servers must be accessible only to customers on an SSL connection and the database must only be accessible to web servers in a public subnet. Which solution would meet these requirements without impacting other applications? (SELECT TWO)
(i) Create a DB Server security group that allows MySQL port 3306 inbound and specify the source as the Web Server security group and (ii) Create a Web Server security group that allows HTTPS port 443 inbound traffic from anywhere (0.0.0.0/0) and apply it to the Web Servers.
- A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate reports on data in the database and will do joins across multiple tables. The database must automatically scale as the amount of data grows. Which AWS service should be used to run the database?
Amazon Aurora
- An EBS-backed EC2 instance has been configured with some proprietary software that uses an embedded license. You need to move the EC2 instance to another Availability Zone (AZ) within the region. How can this be accomplished? Choose the best answer.
Create an image from the instance. Launch an instance from the AMI in the destination AZ
- A DynamoDB database you manage is randomly experiencing heavy read requests that are causing latency. What is the simplest way to alleviate the performance issues?
Enable DynamoDB DAX
- A customer has asked you to recommend the best solution for a highly available database. The database is a relational OLTP type of database and the customer does not want to manage the operating system the database runs on. Failover between AZs must be automatic. Which of the below options would you suggest to the customer?
Use RDS in a Multi-AZ configuration
- An application requires a highly available relational database with an initial storage capacity of 8 TB. The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads. Which option will meet these requirements?
Amazon Aurora
- Your organization has an AWS setup and planning to build Single Sign-On for users to authenticate with on-premise Microsoft Active Directory Federation Services (ADFS) and let users log in to the AWS console using AWS STS Enterprise Identity Federation. Which of the following services do you need to call from AWS STS service after you authenticate with your on-premise?
AssumeRoleWithSAML
- Your company keeps unstructured data on a filesystem. You need to provide access to employees via EC2 instances in your VPC. Which storage solution should you choose?
Amazon EFS
- You have successfully set up a VPC peering connection in your account between two VPCs – VPC A and VPC B, each in a different region. When you are trying to make a request from VPC A to VPC B, the request fails. Which of the following could be a reason?
Routes not configured in route tables for peering connections.
- You are looking for a method to distribute onboarding videos to your company's numerous remote workers around the world. The training videos are located in an S3 bucket that is not publicly accessible. Which of the options below would allow you to share the videos?
Use CloudFront and set the S3 bucket as an origin
- You will be launching and terminating EC2 instances on a need basis for your workloads. You need to run some shell scripts and perform certain checks connecting to the AWS S3 bucket when the instance is getting launched. Which of the following options will allow performing any tasks during launch? (choose multiple)
(i) Use Instance user data for shell scripts, and (ii) Use AutoScaling Group lifecycle hooks and trigger AWS Lambda function through CloudWatch events.
- An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs. What feature will enable this?
Configuring lifecycle configuration rules on the S3 bucket
- You host a static website in an S3 bucket and there are global clients from multiple regions. You want to use an AWS service to store cache for frequently accessed content so that the latency is reduced and the data transfer rate is increased. Which of the following options would you choose?
Configure CloudFront to deliver the content in the S3 bucket.
- There is a requirement for 500 messages to be sent and processed in order. Which service can be used in this regard?
AWS SQS FIFO
- You are developing an application using AWS SDK to get objects from AWS S3. The objects have big sizes and sometimes there are failures when getting objects especially when the network connectivity is poor. You want to get a specific range of bytes in a single GET request and retrieve the whole object in parts. Which method can achieve this?
Use the “Range” HTTP header in a GET request to download the specified range bytes of an object.
- An application needs to access data in another AWS account in another VPC in the same region. What would ensure that the data can be accessed as required?
Use VPC Peering between both accounts
- An application consists of the following architecture: a. EC2 Instances in multiple AZ’s behind an ELB b. EC2 Instances are launched via an Auto Scaling Group. c. There is a NAT instance which is used so that instances can download updates from the Internet. What is a bottleneck in the architecture?
The NAT Instance
- You have an application hosted in an Auto Scaling group and an application load balancer distributes traffic to the ASG. You want to add a scaling policy that keeps the average aggregate CPU utilization of the Auto Scaling group to be 60 percent. The capacity of the Auto Scaling group should increase or decrease based on this target value. Which scaling policy does it belong to?
Target tracking scaling policy
- A manufacturer wants to grant permissions to a new chief technology officer. They need permament access to manage AWS resources, allowing them to create, modify, and delete resources as needed. Which AWS Identity and Access Management (IAM) identity type should be used in this scenario?
IAM user
- A multi-account prganization is using AWS Organizations to manage their accounts. The company want to enforce certain restrictions, such as preventing accounts from enabling specific services or features, which apply to all their AWS accounts. Which permission mechanism best fits this use case?
Service control policy (SCP).
- Which types of files can be publicly hosted on an Amazon S3 static website? Select Two
(i) HTML files, and (ii) Image files
- A company is launching a Linux instance that will be used for batch processing. They want to select an instance type that is best suited for the workload. Which instance type should they choose when launching the instance?
Compute optimized instance type.
- A company has a non-time-critical workload that can be stopped and restarted. They want to keep costs as low as they can for this workload. Which pricing option should they choose?
Amazon EC2 Stop Instances
- A cloud architect has a development PostgreSQL database running on Amazon RDS. It was being used to test a production database with a heavy read-write workload. Testing is complete, and they want to delete the database. Compnay policy requires storage of development databases backups for 6 months after deletion. How can you accomplish this?
Take a snapshot, and store it for 6 months.
- A company wants to reduce database costs by migrating global account data from a legacy Oracle database to Amazon Aurora. Which services should be used for this migration? select two
(i) AWS Database Migration Service (AWS DMS), and (ii) AWS Schema Conversion Tool (AWS SCT).
- An architect is responsible for configuring a hybrid architecture for a small company with a large customer base. The requirements are that overall costs must be low and the solution must reuse existing internet connections. Which service will best meet the requirements?
AWS Site-to-Site VPN.
- An architecture spans across two Regions and has multiple virtual orivate clouds (VPCs) in each Region. The architect sets up an AWS Transit Gateway hub in each Region to peer the VPCs. They need to connect the Transit Gateway hubs in each Region together so that traffic can flow between Regions. Which solution should they use to connect the Transit Gateway hubs?
Transit gateway peering attachments
- A company needs a way for its users to login to AWS services using their existing corporate identities. Which option should they choose to accomplish this?
AWS IAM Identity Center
- A long-running application implemented on EC2 instances uses an Amazon EC2 Auto Scaling policy to cost effectively scale the application servers. The application traffic cannot be predicted, so auto scaling should be automated based on previous workload traffic patterns. Which auto scaling policy type would satify the requirements?
Predictive scaling policy
- An internal facing web application is used intermittently and should be extremely cost efficient. The relational database should require minimal human administration and automatically scale horizontally using configured limits. Over weekends, the database should be stopped. Which Amazon database would satify these requirments?
Amazon Aurora Serverless
- An S3 bucket regularly receives uploaded videos froma a web application. Users in the United States can access the videos with very low latency. Users in Europe and other Regions are complaining of slow downloads. Which solution can maintain a good user experience regardless of which Region users connect from?
Configure Amazon CloudFront and connect to the S3 bucket as a source
- A company has an architecture that uses Amazon RDS for the databse server tier and Amazon EC2 for the web server and application server tiers. Communication between tiers is synchronous. The application server failed, causing the entire system to go down. How can this be rearchitected to prevent the system from going down?
Decouple the architecture by adding Application Load Balancers between the tiers
- A delivery company wants to provide real-time updates when packages are dispatched for delivery. Their current process involves manually updating their database and relying on customers to log into their system to check the status of their deliveries. Which service should be used to accomplish real-time notification?
Use Amazon Simle Notification Service (Amazon SNS)
- Which are example of microservice serverless patterns on AWS? Select two (i) Amazon Kinesis invokes an AWS Lambda function and stores data on Amazon DynamoDB, and (ii) Amazon API Gateway invokes an application running on AWS Fargate containers through an Application Load Balancer
- A solutions architect is designing a work flow that needs real-time data ingestion. They are considering either Amazon Kinesis Data Firehose or Amazon Kinesis Data Streams for this solution. Which service should the solutions architect choose to meet the requirement of data delivery of less than 10 seconds?
Amazon Kinesis Data Streams because it has lower latency when compared to Amazon Kinesis Data Firehose, which has a minimum buffer of 60 seconds
- A manager needs to implement a disaster recovery strategy for an architecture that is hosted on AWS. She knows that the workload is not critical to the business, so keeoing costs low is more important than the speed of recovery. Which disaster recovery strategy should she implement?
Back-up and restore