Q201. A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.
This can be accomplished with:
- an egress-only internet gateway
- a NAT gateway
- a custom NAT instance
- a VPC endpoint
Q202. A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.
How can the report be created without affecting the performance of the application?
- Create a read replica of the database.
- Provision a new RDS instance as a secondary master.
- Configure the database to be in multiple regions.
- Increase the number of provisioned storage IOPS.
Q203. A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data.
What would be the MOST resilient and cost-effective option to meet this requirement?
- Amazon EFS
- Amazon RDS
- AWS Storage Gateway
- Amazon S3
Q204. A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.
What is the SIMPLEST solution?
- Associate AWS KMS metrics with Amazon CloudWatch.
- Use AWS CloudTrail to log AWS KMS key usage.
- Deploy a monitoring agent on the RDS instances.
- Poll AWS KMS periodically with a scheduled job.
Q205. A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elastically is not required.
What is the MOST cost-effective way to purchase compute for this platform?
- Scheduled Reserved Instances
- Convertible Reserved Instances
- Standard Reserved Instances
- Spot Instances
Q206. You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?
Q207. You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?
Q208. What combination of the following options will protect S3 objects from both accidental deletion and accidental overwriting? Choose 2 answers
- Enable S3 versioning on the bucket.
- Access S3 data using only signed URLs.
- Disable S3 delete using an IAM bucket policy.
- Enable S3 Reduced Redundancy Storage.
- Enable multi-factor authentication (MFA) protected access.
Q209. In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers
- Modify the Auto Scaling policy to use scheduled scaling actions
- Modify the Auto Scaling group termination policy to terminate the oldest instance first.
- Modify the Auto Scaling group cool-down timers.
- Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.
- Modify the Auto Scaling group termination policy to terminate the newest instance first.
Q210. A VPC public subnet is one that:
- Has at least one route in its associated routing table that uses an Internet Gateway (IGW).
- Includes a route in its associated routing table via a Network Address Translation (NAT) instance.
- Has a Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0.
- Has the Public Subnet option selected in its configuration.
Q211. A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in S3. The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in traffic to and from S3, and need to ensure that it can handle the performance needs of their application.
What other information must you gather from this customer in order to determine whether S3 is the right option?
- You must know how many customers the company has today, because this is critical in understanding what their customer base will be in two years.
- You must find out the total number of requests per second at peak usage.
- You must know the size of the individual objects being written to S3, in order to properly design the key namespace.
- In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket.
Q212. How can software determine the public and private IP addresses of the EC2 instance that it is running on?
- Query the local instance metadata.
- Query the local instance userdata.
- Query the appropriate Amazon CloudWatch metric.
- Use an ipconfig or ifconfig command.
Q213. What action is required to establish a VPC VPN connection between an on-premises data center and an Amazon VPC virtual private gateway?
- Modify the main route table to allow traffic to a network address translation instance.
- Use a dedicated network address translation instance in the public subnet.
- Assign a static Internet-routable IP address to an Amazon VPC customer gateway.
- Establish a dedicated networking connection using AWS Direct Connect.
Q214. You have an application running in us-west-2 that requires six EC2 instances running at all times. With three AZs available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the following deployments provides 100 percent fault tolerance if any single AZ in us-west-2 becomes unavailable? Choose 2 answers
- Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
- Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west- 2c with no EC2 instances
- Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances
- Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
- Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west- 2c with three EC2 instances
Q215. After creating a new AWS account, you use the API to request 40 on-demand EC2 instances in a single AZ. After 20 successful requests, subsequent requests failed.
What could be a reason for this issue, and how would you resolve it?
- You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved.
- AWS allows you to provision no more than 20 instances per Availability Zone. Select a different Availability Zone and retry the failed request.
- You need to use Amazon Virtual Private Cloud (VPC) in order to provision more than 20 instances in a single Availability Zone. Simply terminate the resources already provisioned and re-launch them all in a VPC.
- You encountered an API throttling situation and should try the failed requests using an exponential decay retry algorithm.
Q216. Which of the following is a durable key-value store?
- Amazon Simple Storage Service
- Amazon Simple Workflow Service
- Amazon Simple Queue Service
- Amazon Simple Notification Service
Q217. Is an edge location in AWS the same as a region?
Q218. When it comes to API credentials, what is the best practise recommended by AWS?
- Create a role which has the necessary and can be assumed by the EC2 instance.
- Use the API credentials from an EC2 instance.
- Use the API credentials from a bastion host.
- Use the API credentials from a NAT Instance.
Q219. A custorner has a requirement to extend their on-premises data center to AWS. The custorner requires a 50-Mbps dedicated and private connection to their VPC.
Which AWS product or feature satisfies this requirernent?
- Arnazon VPC
- Elastic IP Addresses
- AWS Direct Connect
- Amazon VPC virtual private gateway
Q220. What is the minimum size of an EBS volume as per AWS?
Q221. If a provisioned IOPS volume of 4iGB is created, what are the possible correct values for IOPS for the volume in order for it to be created?
Q222. How can an EBS volume which is currently attached to an EC2 instance in one Availability Zone to another?
- Detach the volume and attach to an EC2 instance in another AZ.
- Create a new volume in the other AZ and speciW the current volume as the source.
- Create a snapshot of the volume and then create a volume from the snapshot in the other AZ
- Create a new volume in the AZ and do a disk copy of contents from one volume to another.
Q223. A company is hosting EC2 instances which focuses on work-loads are on non-production and non-priority batch loads. Also these processes can be interrupted at any time.
- Reserved Instances
- On-Demand Instances
- Spot Instances
- Regular Instances
Q224. Which of the following databases is not supported on Amazon RDS?
Q225. Amazon rds provides a facility to modify the back-up retention policy for automated backups, with a value of 0 indicating for no backup retention.
What is the maximum retention period allowed in days?
Q226. A mobile application serves scientific articles from individual files in an Amazon S3 bucket. Articles older than 30 days are rarely read. Articles older than 60 days no longer need to be available through the application, but the application owner would like to keep them for historical purposes.
Which cost-effective solution BEST meets these requirements?
- Create a Lambda function to move files older than 30 days to Amazon EBS and move files older than 60 days to Amazon Glacier.
- Create a Lambda function to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon EBS.
- Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent Access and move files older than 60 days to Amazon Glacier.
- Create lifecycle rules to move files older than 30 days to Amazon Glacier and move files older than 60 days to Amazon S3 Standard Infrequent Access.
Q227. An organization is currently hosting a large amount of frequently accessed data consisting of key- value pairs and semi-structured documents in their data center. They are planning to move this data to AWS. Which of one of the following services MOST effectively meets their needs?
- Amazon Redshift
- Amazon RDS
- Amazon DynamoDB
- Amazon Aurora
Q228. A Lambda function must execute a query against an Amazon RDS database in a private subnet.
Which steps are required to allow the Lambda function to access the Amazon RDS database? (Select two.)
- Create a VPC Endpoint for Amazon RDS.
- Create the Lambda function within the Amazon RDS VPC.
- Change the ingress rules of Lambda security group, allowing the Amazon RDS security group.
- Change the ingress rules of the Amazon RDS security group, allowing the Lambda security group.
- Add an Internet Gateway (IGW) to the VPC, route the private subnet to the IGW.
Q229. A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The Architect needs to rebuild the Redshift cluster in another region.
Which approach can the Architect take to address this requirement?
- Modify the Redshift cluster and configure cross-region snapshots to the other region.
- Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day, sharing those snapshots with the other region.
- Modify the Redshift cluster and configure the backup and specify the Amazon S3 bucket in the other region.
- Modify the Redshift cluster to use AWS Snowball in export mode with data delivered to the other region.
Q230. A popular e-commerce application runs on AWS. The application encounters performance issues. The database is unable to handle the amount of queries and load during peak times. The database is running on the RDS Aurora engine on the largest instance size available. What should an administrator do to improve performance?
- Convert the database to Amazon Redshift.
- Create a CloudFront distribution.
- Convert the database to use EBS Provisioned IOPS.
- Create one or more read replicas.
Q231. A Solutions Architect is designing the architecture for a new three-tier web-based e-commerce site that must be available 24/7. Requests are expected to range from 100 to 10,000 each minute. Usage can vary depending on time of day, holidays, and promotions. The design should be able to handle these volumes, with the ability to handle higher volumes if necessary. How should the Architect design the architecture to ensure the web tier is cost-optimized and can handle the expected traffic? (Select two.)
- Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.
- Store all static files in a multi-AZ Amazon Aurora database.
- Create an CloudFront distribution pointing to static content in Amazon S3.
- Use Amazon Route 53 to route traffic to the correct region.
- Use Amazon S3 multi-part uploads to improve upload times.
Q232. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity. How should the Architect configure the database servers to meet the requirements?
- Configure the database security group to allow database traffic from the application server IP addresses.
- Configure the database security group to allow database traffic from the application server security group.
- Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
- Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.
Q233. A Solutions Architect is designing a solution for a media company that will stream large amounts of data from an Amazon EC2 instance. The data streams are typically large and sequential, and must be able to support up to 500 MB/s.
Which storage type will meet the performance requirements of this application?
- EBS Provisioned IOPS SSD
- EBS General Purpose SSD
- EBS Cold HDD
- EBS Throughput Optimized HDD
Q234. A legacy application running in premises requires a Solutions Architect to be able to open a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection to AWS in place.
How should the Architect meet this requirement?
- Create an IAM role that allows access from the corporate network to Amazon S3.
- Configure a proxy on Amazon EC2 and use an Amazon S3 VPC endpoint.
- Use Amazon API Gateway to do IP whitelisting.
- Configure IP whitelisting on the customer’s gateway.
Q235. A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance, and requires long-term persistence.
Which storage solution BEST meets these requirements?
- An Amazon EBS Provisioned IOPS volume
- An Amazon EBS General Purpose volume
- An Amazon EBS Magnetic volume
- An Amazon EC2 Instance Store
Q236. A Solutions Architect is designing solution with AWS Lambda where different environments require different database passwords.
What should the Architect do to accomplish this in a secure and scalable way?
- Create a Lambda function for each individual environment.
- Use Amazon DynamoDB to store environmental variables.
- Use encrypted AWS Lambda environmental variables.
- Implement a dedicated Lambda function for distributing variables.
Q237. A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation.
What is the MOST efficient way to fulfill this requirement?
- Use Amazon CloudWatch to monitor utilization.
- Use Amazon API Gateway to monitor availability.
- Use an Amazon Elastic Load Balancer.
- Use Amazon Route 53 health checks.
Q238. A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers.
How should the Architect design a solution to meet the requirements without impacting running applications?
- Create a network ACL on the web server’s subnet, and allow HTTPS inbound and MySQL outbound.
Place both database and web servers on the same subnet.
- Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
- Create a network ACL on the web server’s subnet, and allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic.
- Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
Q239. Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx?
- AWS Lambda
- Auto Scaling
- AWS Elastic Beanstalk
- Elastic Load Balancing
Q240. Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent. Which Amazon EBS storage option will achieve the MOST consistent performance to help maintain application performance?
- Provisioned IOPS SSD
- General Purpose SSD
- Cold HDD
- Throughput Optimized HDD
Q241. A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2 instance. Which Amazon storage type satisfies these requirements?
- EBS Provisioned IOPS SSD (io1)
- EBS General Purpose SSD (gp2)
- EBS Throughput Optimized HDD (st1)
- EBS Cold HDD (sc1)
Q242. A company’s development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance of Amazon S3.
Which naming scheme should the company use?
- Add a date as the prefix.
- Add a sequential id as the suffix.
- Add a hexadecimal hash as the suffix.
- Add a hexadecimal hash as the prefix.
Q243. A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view of all API events for current and future AWS regions.
How should the Architect accomplish this task?
- Enable AWS CloudTrail logging in each individual region. Repeat this for all future regions.
- Enable Amazon CloudWatch logs for all AWS services across all regions and aggregate them in a single Amazon S3 bucket.
- Enable AWS Trusted Advisor security checks and report all security incidents for all regions.
- Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.
Q244. A company has a legacy application using a proprietary file system and plans to migrate the application to AWS.
Which storage service should the company use?
- Amazon DynamoDB
- Amazon S3
- Amazon EBS
- Amazon EFS
Q245. A company plans to use AWS for all new batch processing workloads. The company’s developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7.
How should a Solutions Architect design this architecture in a cost-efficient manner?
- Purchase Reserved Instances to run all containers. Use Auto Scaling groups to schedule jobs.
- Host a container management service on Spot Instances. Use Reserved Instances to run Docker containers.
- Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances.
- Use Amazon ECS to manage container orchestration. Purchase Reserved Instances to run all batch workloads at the same time.
Q246. A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom.
Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer- Provided Keys (SSE-C).
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
- Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
- Create an Amazon S3 bucket to store the reports and use Amazon s3 versioning with Server- Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Q247. A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested. Which storage should a Solutions Architect recommend to bet accommodate this use case?
- Amazon S3
- Amazon RDS
- Amazon RedShift
- AWS Storage Gateway
Q248. A Solutions Architect has five web servers serving requests for a domain.
Which of the following Amazon Route 53 routing policies can distribute traffic randomly among all healthy web servers?
- Multivalue Answer
Q249. A web server will be provisioned on two Amazon EC2 instances with an Application Load Balancer.
Which of the following configurations will allow traffic on HTTP and HTTPS when configuring a security group to apply to each of these servers?
- Allow all inbound traffic, with explicit denies on non-HTTP and non-HTTPS ports.
- Allow incoming traffic to HTTP and HTTPS ports.
- Allow incoming traffic to HTTP and HTTPS ports, with explicit denies to all other ports.
- Deny all traffic to non-HTTP and non-HTTPS ports
Q250. A company wants to run a static website served through Amazon CloudFront.
What is an advantage of storing the website content in an S3 bucket instead of an EBS volume?
- S3 buckets are replicated globally, allowing for large scalability. EBS volumes are replicated only within a region.
- S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an Elastic Load Balancing load balancer to be an origin.
- S3 buckets can be encrypted, allowing for secure storage of the web files. EBS volumes cannot be encrypted.
- S3 buckets support object-level read throttling, preventing abuse. EBS volumes do not provide object- level throttling.