https://www.awsboy.

com/ for free exam preparation

QUESTION: 3
A company has a multi-tier application that runs six front-end web servers in an Amazon
EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer
(ALB).
A solutions architect needs to modify the infrastructure to be highly available without
modifying the application.
Which architecture should the solutions architect choose that provides high availability?

A. Create an Auto Scaling group that uses three instances across each of two Regions
B. Modify the Auto Scaling group to use three instances across each of two Availability
Zones
C. Create an Auto Scaling template that can be used to quickly create more instances in
another Region
D. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to
balance traffic to the web tier

https://aws.amazon.com/ec2/autoscaling/

QUESTION: 4
A company runs an internal browser-based application The application runs on Amazon EC2
instances behind an Application Load Balancer.
The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones.
The Auto Scaling group scales up to 20 instances during work hours but scales down to 2
instances overnight Staff is complaining that the application is very slow when the day
begins, although it runs well by midmorning.
How should the scaling be changed to address the staff complaints and keep costs to a
minimum?
A. Implement a scheduled action that sets the desired capacity to 20 shortly before the office
opens
B. Implement a step scaling action triggered at a lower CPU threshold, and decrease the
cooldown period
C. Implement a target tracking action triggered at a lower CPU threshold and decrease the
cooldown period
D. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly
before the office opens

QUESTION: 5
A solutions architect is designing a solution to access a catalog of images and provide users
with the ability to submit requests to customize images.
Image customization parameters will be in any request sent to an AWS API Gateway API.
The customized image will be generated on demand, and users will receive a link they can
click to view or download their customized image.
The solution must be highly available for viewing and customizing images What
is the MOST cost-effective solution to meet these requirements?

A. Use Amazon EC2 instances to manipulate the original image into the requested
customization. Store the original and manipulated images in Amazon S3.
Configure an Elastic Load Balancer in front of the EC2 instances.

B. Use AWS Lambda to manipulate the original image to the requested customization. Store
the original and manipulated images in Amazon S3. Configure an Amazon CloudFront
distribution with the S3 bucket as the origin.

C. Use AWS Lambda to manipulate the original image to the requested customization.
Store the original images in Amazon S3 and the manipulated images in Amazon
DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances.

D. Use Amazon EC2 instances to manipulate the original image into the requested
customization. Store the original images in Amazon S3 and the manipulated images in
Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as
the origin.
QUESTION: 6
A bicycle-sharing company is developing a multi-tier architecture to track the location of its
bicycles during peak operating hours.
The company wants to use these data points in its existing analytics platform. A solutions
architect must determine the most viable multi-tier option to support this architecture.
The data points must be accessible from the REST API.
Which action meets these requirements for storing and retrieving location data?

A. Use Amazon Athena with Amazon S3

B. Use Amazon API Gateway with AWS Lambda
C. Use Amazon QuickSight with Amazon Redshift
D. Use Amazon API Gateway with Amazon Kinesis Data Analytics

References:
https://aws.amazon.com/api-gateway/

https://aws.amazon.com/lambda/

https://aws.amazon.com/kinesis/data-analytics/

QUESTION: 7
A solutions architect is deploying a distributed database on multiple Amazon EC2 instances.
The database stores all data on multiple instances so it can withstand the loss of an
instance. The database requires block storage with latency and throughput to support
several million transactions per second per server.
Which storage solution should the solutions architect use?

A. Amazon EBS
B. Amazon EC2 instance store
C. Amazon EFS
D. Amazon S3

Instance Store:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html

QUESTION: 8
A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon
EC2 instances in a VPC do not traverse the internet.
What should the solutions architect do to accomplish this? (Select TWO )

A. Create a route table entry for the endpoint

B. Create a gateway endpoint for DynamoDB
C. Create a new DynamoDB table that uses the endpoint
D. Create an ENI for the endpoint in each of the subnets of the VPC
E. Create a security group entry in the default security group to provide access

QUESTION: 9
A solutions architect is designing a web application that will run on Amazon EC2 instances
behind an Application Load Balancer (ALB).
The company strictly requires that the application be resilient against malicious internet
activity and attacks, and protect against new common vulnerabilities and exposures.
What should the solutions architect recommend?

A. Leverage Amazon CloudFront with the ALB endpoint as the origin

B. Deploy an appropriately managed rule for AWS WAF and associate it with the ALB
C. Subscribe to AWS Shield Advanced and ensure common vulnerabilities and exposures
are blocked
D. Configure network ACLs and security groups to allow only ports 80 and 443 to access the
EC2 instances

Explanation:
https://aws.amazon.com/waf/

https://aws.amazon.com/shield/

https://aws.amazon.com/shield/features/
QUESTION: 10
A company has been storing analytics data in an Amazon RDS instance for the past few
years. The company asked a solutions architect to find a solution that allows users to access
this data using an API.
The expectation is that the application will experience periods of inactivity but could receive
bursts of traffic within seconds.
Which solution should the solutions architect suggest?

A. Set up an Amazon API Gateway and use Amazon ECS.

B. Set up an Amazon API Gateway and use AWS Elastic Beanstalk.
C. Set up an Amazon API Gateway and use AWS Lambda functions
D. Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling

QUESTION: 11
A company's web application is using multiple Linux Amazon EC2 instances and stores data
on Amazon EBS volumes.
The company is looking for a solution to increase the resiliency of the application in case of a
failure and to provide storage that complies with atomicity, consistency, isolation, and
durability (ACID).

What should a solutions architect do to meet these requirements?

A. Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes
to each EC2 instance.

B. Create an Application Load Balancer with Auto Scaling groups across multiple Availability
Zones. Mount an instance store on each EC2 instance.

C. Create an Application Load Balancer with Auto Scaling groups across multiple Availability
Zones. Store data on Amazon EFS and mount a target on each instance.

D. Create an Application Load Balancer with Auto Scaling groups across multiple Availability
Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).

QUESTION: 12
A company has an application that calls AWS Lambda functions.
A recent code review found database credentials stored in the source code. The
database credentials need to be removed from the Lambda source code.
The credentials must then be securely stored and rotated on an ongoing basis to meet
security policy requirements.
What should a solutions architect recommend to meet these requirements?

A. Store the password in AWS CloudHSM.

Associate the Lambda function with a role that can retrieve the password from CloudHSM
given its key ID.
B. Store the password in AWS Secrets Manager. Associate the Lambda function with a role
that can retrieve the password from Secrets Manager given its secret ID.
C. Move the database password to an environment variable associated with the Lambda
function. Retrieve the password from the environment variable upon execution.

D. Store the password in AWS Key Management Service (AWS KMS).

QUESTION: 51

A company has a two-tier application architecture that runs in public and private subnets
Amazon EC2 instances running the web application are in the public subnet and a database
runs on the private subnet.

The web application instances and the database are running in a single Availability Zone
(AZ). Which combination of steps should a solutions architect take to provide high availability
for this architecture?

(Select TWO.)

A. Create new public and private subnets in the same AZ for high availability

B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning
multiple AZs

C. Add the existing web application instances to an Auto Scaling group behind an
Application Load Balancer

D. Create new public and private subnets in a new AZ Create a database using Amazon
EC2 in one AZ

E. Create new public and private subnets in the same VPC each in a new AZ Migrate the
database to an Amazon RDS multi-AZ deployment

QUESTION: 52

A financial services company has a web application that serves users in the United States
and Europe.

The application consists of a database tier and a web server tier.

The database tier consists of a MySQL database hosted in us-east-1 Amazon Route 53

geo-proximity routing is used to direct traffic to instances in the closest Region.

A performance review of the system reveals that European users are not receiving the same
level of query performance as those in the United States.

Which changes should be made to the database tier to improve performance?

A. Migrate the database to Amazon RDS for MySQL.

Configure Multi-AZ in one of the European Regions.

B. Migrate the database to Amazon DynamoDB.

Use DynamoDB global tables to enable replication to additional Regions.

C. Deploy MySQL instances in each Region.

Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary
instance.

D. Migrate the database to an Amazon Aurora global database in MySQL compatibility

mode. Configure read replicas in one of the European Regions.

QUESTION: 53

A solutions architect is tasked with transferring 750 TB of data from a network-attached file
system located at a branch office to Amazon S3 Glacier.

The solution must avoid saturating the branch office's low-bandwidth internet connection.
What is the MOST cost-effective solution1?

A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly.
Create a bucket policy to enforce a VPC endpoint.

B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination.
Create a bucket policy to enforce a VPC endpoint.

C. Mount the network-attached file system to Amazon S3 and copy the files directly. Create

a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.

D. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination.
Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.

QUESTION: 54

A company's production application runs online transaction processing (OLTP) transactions

on an Amazon RDS MySQL DB instance. The company is launching a new reporting tool
that will access the same data. The reporting tool must be highly available and not impact
the performance of the production application.

How can this be achieved?

A. Create hourly snapshots of the production RDS DB instance.

B. Create a Multi-AZ RDS Read Replica of the production RDS DB instance.

C. Create multiple RDS Read Replicas of the production RDS DB instance. Place the

Read Replicas in an Auto Scaling group.

D. Create a Single-AZ RDS Read Replica of the production RDS DB instance. Create a

second Single-AZ RDS Read Replica from the replica.

QUESTION: 55

A company allows its developers to attach existing IAM policies to existing IAM roles to
enable faster experimentation and agility. However, the security operations team is
concerned that the developers could attach the existing administrator policy, which would
allow the developers to circumvent any other security policies.

How should a solutions architect address this issue?

A. Create an Amazon SNS topic to send an alert every time a developer creates a new
policy

B. Use service control policies to disable IAM activity across all accounts in the
organizational unit

C. Prevent the developers from attaching any policies and assign all IAM duties to the
security operations team

D. Set an IAM permissions boundary on the developer IAM role that explicitly denies
attaching the administrator policy

QUESTION: 56

A user is storing a large number of objects on AWS S3. The user wants to implement the
search functionality among the objects. How can the user achieve this?

A. Use the indexing feature of S3.

B. Tag the objects with the metadata to search on that.

C. Use the query functionality of S3.

D. Make your own DB system that stores the S3 metadata for the search functionality.

QUESTION: 57
After setting up a Virtual Private Cloud (VPC) network, a more experienced cloud engineer
suggests that to achieve low network latency and high network throughput you should look
into setting up a placement group. You know nothing about this, but begin to do some
research about it and are especially curious about its limitations. Which of the below
statements is wrong in describing the limitations of a placement group?

A. Although launching multiple instance types into a placement group is possible, this
reduces the likelihood that the required capacity will be available for your launch to succeed.

B. A placement group can span multiple Availability Zones.

C. You can't move an existing instance into a placement group.

D. A placement group can span peered VPCs

QUESTION: 58

What is a placement group in Amazon EC2?

A. It is a group of EC2 instances within a single Availability Zone.

B. It is the edge location of your web content.

C. It is the AWS region where you run the EC2 instance of your web content.

D. It is a group used to span multiple Availability Zones.

QUESTION: 59

You are migrating an internal server on your DC to an EC2 instance with EBS volume. Your
server disk usage is around 500GB so you just copied all your data to a 2TB disk to be used
with AWS Import/Export. Where will the data be imported once it arrives at Amazon?

A. to a 2TB EBS volume

B. to an S3 bucket with 2 objects of 1TB

C. to a 500 GB EBS volume

D. to an S3 bucket as a 2TB snapshot

QUESTION: 60

A client needs you to import some existing infrastructure from a dedicated hosting provider
to AWS to try and save on the cost of running his current website. He also needs an
automated process that manages backups, software patching, automatic failure detection,
and recovery. You are aware that his existing setup currently uses an Oracle database.
Which of the following AWS databases would be best for accomplishing this task?

A. Amazon RDS

B. Amazon Redshift

C. Amazon SimpleDB

D. Amazon ElastiCache