Term
An application needs to retrieve a subset of data from a large CSV file stored in an Amazon S3 bucket by using simple SQL expressions. The queries are made within Amazon S3 and must only return the needed data.
Which of the following actions should be taken? |
|
Definition
Perform an S3 Select operation based on the bucket's name and object's key. |
|
|
Term
You are a Solutions Architect for a major TV network. They have a web application running on eight Amazon T3 EC2 instances, consuming about 55% of resources on each instance. You are using Auto Scaling to make sure that eight instances are running at all times. The number of requests that this application processes are consistent and do not experience spikes. Your manager instructed you to ensure high availability of this web application at all times to avoid any loss of revenue. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all EC2 instances |
|
Definition
Deploy four EC2 instances with Auto Scaling in one Availability Zone and four in another availability zone in the same region behind an Amazon Elastic Load Balancer. |
|
|
Term
You are working for a FinTech startup as their AWS Solutions Architect. You deployed an application on an Amazon EC2 instance with attached Instance Store volumes and an Elastic IP address. The server is only accessed from 8 AM to 6 PM and can be stopped from 6 PM to 8 AM for cost efficiency using Lambda with the script that automates this based on tags.
Which of the following will occur when the EC2 instance is stopped and started? (Select TWO.) |
|
Definition
The ENI (Elastic Network Interface) is detached. The Elastic IP address is disassociated with the instance. There will be no changes. The underlying host for the instance is possibly changed. All data on the attached instance-store devices will be lost. |
|
|
Term
A VPC has a non-default subnet which has four On-Demand EC2 instances that can be accessed over the Internet. Using the AWS CLI, you launched a fifth instance that uses the same subnet, Amazon Machine Image (AMI), and security group which are being used by the other instances. Upon testing, you are not able to access the new instance.
Which of the following is the most suitable solution to solve this problem? |
|
Definition
Associate an Elastic IP address to the fifth EC2 instance. |
|
|
Term
The media company that you are working for has a video transcoding application running on Amazon EC2. Each EC2 instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. This application has a large backlog of videos which need to be transcoded. Your manager would like to reduce this backlog by adding more EC2 instances, however, these instances are only needed until the backlog is reduced.
In this scenario, which type of Amazon EC2 instance is the most cost-effective type to use? |
|
Definition
|
|
Term
A tech company is currently using Auto Scaling for their web application. A new AMI now needs to be used for launching a fleet of EC2 instances. Which of the following changes needs to be done? |
|
Definition
Create a new launch configuration. |
|
|
Term
An Architect is managing a data analytics application which exclusively uses Amazon S3 as its data storage. For the past few weeks, the application works as expected until a new change was implemented to increase the rate at which the application updates its data. There have been reports that outdated data intermittently appears when the application accesses objects from S3 bucket. The development team investigated the application logic and didn’t find any issues.
Which of the following is the MOST likely cause of this issue? |
|
Definition
The data analytics application is designed to fetch objects from the S3 bucket using parallel requests. |
|
|
Term
You are working as an IT Consultant for a large investment bank that generates large financial datasets with millions of rows. The data must be stored in a columnar fashion to reduce the number of disk I/O requests and reduce the amount of data needed to load from the disk. The bank has an existing third-party business intelligence application which will connect to the storage service and then generate daily and monthly financial reports for its clients around the globe.
In this scenario, which is the best storage service to use to meet the requirement? |
|
Definition
|
|
Term
You are working for a large financial firm and you are instructed to set up a Linux bastion host. It will allow access to the Amazon EC2 instances running in their VPC. For security purposes, only the clients connecting from the corporate external public IP address 175.45.116.100 should have SSH access to the host.
Which is the best option that can meet the customer’s requirement? |
|
Definition
Security Group Inbound Rule: Protocol – TCP. Port Range – 22, Source 175.45.116.100/32 |
|
|
Term
A company is storing its financial reports and regulatory documents in an Amazon S3 bucket. To comply with the IT audit, they tasked their Solutions Architect to track all new objects added to the bucket as well as the removed ones. It should also track whether a versioned object is permanently deleted. The Architect must configure Amazon S3 to publish notifications for these events to a queue for post-processing and to an Amazon SNS topic that will notify the Operations team.
Which of the following is the MOST suitable solution that the Architect should implement? |
|
Definition
Create a new Amazon SNS topic and Amazon SQS queue. Add an S3 event notification configuration on the bucket to publish s3:ObjectCreated:* and s3:ObjectRemoved:Delete event types to SQS and SNS. |
|
|
Term
You were recently promoted to a technical lead role in your DevOps team. Your company has an existing VPC which is quite un-utilized for the past few months. The business manager instructed you to integrate your on-premises data center and your VPC. You explained the list of tasks that you’ll be doing and mentioned about a Virtual Private Network (VPN) connection. The business manager is not tech-savvy but he is interested to know what a VPN is and its benefits.
What is one of the major advantages of having a VPN in AWS? |
|
Definition
It allows you to connect your AWS cloud resources to your on-premises data center using secure and private sessions with IP Security (IPSec) or Transport Layer Security (TLS) tunnels. |
|
|
Term
Your customer has clients all across the globe that access product files stored in several S3 buckets, which are behind each of their own CloudFront web distributions. They currently want to deliver their content to a specific client, and they need to make sure that only that client can access the data. Currently, all of their clients can access their S3 buckets directly using an S3 URL or through their CloudFront distribution. The Solutions Architect must serve the private content via CloudFront only, to secure the distribution of files.
Which combination of actions should you implement to meet the above requirements? (Select TWO.) |
|
Definition
Restrict access to files in the origin by creating an origin access identity (OAI) and give it permission to read the files in the bucket. Require the users to access the private content by using special CloudFront signed URLs or signed cookies |
|
|
Term
A large insurance company has an AWS account that contains three VPCs (DEV, UAT and PROD) in the same region. UAT is peered to both PROD and DEV using a VPC peering connection. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market.
Which of the following options helps the company accomplish this? |
|
Definition
Create a new VPC peering connection between PROD and DEV with the appropriate routes. |
|
|
Term
A company is using multiple AWS accounts that are consolidated using AWS Organizations. They want to copy several S3 objects to another S3 bucket that belonged to a different AWS account which they also own. The Solutions Architect was instructed to set up the necessary permissions for this task and to ensure that the destination account owns the copied objects and not the account it was sent from.
How can the Architect accomplish this requirement? |
|
Definition
Configure cross-account permissions in S3 by creating an IAM customer managed policy that allows an IAM user or role to copy objects from the source bucket in one account to the destination bucket in the other account. Then attach the policy to the IAM user or role that you want to use to copy objects between accounts. |
|
|
Term
An online stocks trading application that stores financial data in an S3 bucket has a lifecycle policy that moves older data to Glacier every month. There is a strict compliance requirement where a surprise audit can happen at anytime and you should be able to retrieve the required data in under 15 minutes under all circumstances. Your manager instructed you to ensure that retrieval capacity is available when you need it and should handle up to 150 MB/s of retrieval throughput.
Which of the following should you do to meet the above requirement? (Select TWO.) |
|
Definition
Use Expedited Retrieval to access the financial data. Purchase provisioned retrieval capacity. |
|
|
Term
A music company is generating confidential data that is saved on their on-premises data center. As a backup solution, the company wants to upload their data on Amazon S3. The company has a policy that any data stored outside its own data center must be encrypted. This way, even if the data is hacked, nobody will be able to read it without the encryption keys.
Which of the following methods can achieve this? (Select TWO.) |
|
Definition
Use Amazon S3 server-side encryption with customer-provided keys.
Encrypt the data on the client-side using your own master key then upload the data to Amazon S3. |
|
|
Term
A global online sports betting company has its popular web application hosted in AWS. They are planning to develop a new online portal for their new business venture and they hired you to implement the cloud architecture for a new online portal that will accept bets globally for world sports. You started to design the system with a relational database that runs on a single EC2 instance, which requires a single EBS volume that can support up to 30,000 IOPS.
In this scenario, which Amazon EBS volume type can you use that will meet the performance requirements of this new online portal? |
|
Definition
EBS Provisioned IOPS SSD (io1) |
|
|
Term
A new online banking platform has been re-designed to have a microservices architecture in which complex applications are decomposed into smaller, independent services. The new platform is using Docker considering that application containers are optimal for running small, decoupled services. The new solution should remove the need to provision and manage servers, let you specify and pay for resources per application, and improve security through application isolation by design.
Which of the following is the MOST suitable service to use to migrate this new platform to AWS? |
|
Definition
|
|
Term
An online job site is using NGINX for its application servers hosted in EC2 instances and MongoDB Atlas for its database-tier. MongoDB Atlas is a fully automated third-party cloud service which is not provided by AWS, but supports VPC peering to connect to your VPC.
Which of the following items are invalid VPC peering configurations? (Select TWO.) |
|
Definition
Edge to Edge routing via a gateway One VPC Peered with two VPCs using longest prefix match Transitive Peering One to one relationship between two Virtual Private Cloud networks Two VPCs peered to a specific CIDR block in one VPC |
|
|
Term
You currently have an Augment Reality (AR) mobile game which has a serverless backend. It is using a DynamoDB table which was launched using the AWS CLI to store all the user data and information gathered from the players and a Lambda function to pull the data from DynamoDB. The game is being used by millions of users each day to read and store data.
How would you design the application to improve its overall performance and make it more scalable while keeping the costs low? (Select TWO.) |
|
Definition
Use API Gateway in conjunction with Lambda and turn on the caching on frequently accessed data and enable DynamoDB global replication. Use AWS SSO and Cognito to authenticate users and have them directly access DynamoDB using single-sign on. Manually set the provisioned read and write capacity to a higher RCU and WCU. Configure CloudFront with DynamoDB as the origin; cache frequently accessed data on client device using ElastiCache. Since Auto Scaling is enabled by default, the provisioned read and write capacity will adjust automatically. Also enable DynamoDB Accelerator (DAX) to improve the performance from milliseconds to microseconds. Enable DynamoDB Accelerator (DAX) and ensure that the Auto Scaling is enabled and increase the maximum provisioned read and write capacity. |
|
|
Term
A data analytics company is setting up an innovative checkout-free grocery store. Their Solutions Architect developed a real-time monitoring application that uses smart sensors to collect the items that the customers are getting from the grocery’s refrigerators and shelves then automatically deduct it from their accounts. The company wants to analyze the items that are frequently being bought and store the results in S3 for durable storage to determine the purchase behavior of its customers.
What service must be used to easily capture, transform, and load streaming data into Amazon S3, Amazon Elasticsearch Service, and Splunk? |
|
Definition
Amazon Kinesis Data Firehose |
|
|
Term
A tech startup is launching an on-demand food delivery platform using Amazon ECS cluster with an AWS Fargate serverless compute engine and Amazon Aurora. It is expected that the database read queries will significantly increase in the coming weeks ahead. A Solutions Architect recently launched two Read Replicas to the database cluster to improve the platform’s scalability.
Which of the following is the MOST suitable configuration that the Architect should implement to load balance all of the incoming read requests equally to the two Read Replicas? |
|
Definition
Use the built-in Reader endpoint of the Amazon Aurora database. |
|
|
Term
A media company recently launched their newly created web application. Many users tried to visit the website, but they are receiving a 503 Service Unavailable Error. The system administrator tracked the EC2 instance status and saw the capacity is reaching its maximum limit and unable to process all the requests. To gain insights from the application’s data, they need to launch a real-time analytics service.
Which of the following allows you to read records in batches? |
|
Definition
Create a Kinesis Data Stream and use AWS Lambda to read records from the data stream. |
|
|
Term
You are working for a startup company that has resources deployed on the AWS Cloud. Your company is now going through a set of scheduled audits by an external auditing firm for compliance.
Which of the following services available in AWS can be utilized to help ensure the right information are present for auditing purposes? |
|
Definition
|
|
Term
A company is deploying a Microsoft SharePoint Server environment on AWS using CloudFormation. The Solutions Architect needs to install and configure the architecture that is composed of Microsoft Active Directory (AD) domain controllers, Microsoft SQL Server 2012, multiple Amazon EC2 instances to host the Microsoft SharePoint Server and many other dependencies. The Architect needs to ensure that the required components are properly running before the stack creation proceeds.
Which of the following should the Architect do to meet this requirement? |
|
Definition
Configure a CreationPolicy attribute to the instance in the CloudFormation template. Send a success signal after the applications are installed and configured using the cfn-signal helper script. |
|
|
Term
Your web application is relying entirely on slower disk-based databases, causing it to perform slowly. To improve its performance, you integrated an in-memory data store to your web application using ElastiCache.
How does Amazon ElastiCache improve database performance? |
|
Definition
By caching database query results. |
|
|
Term
Your web application is relying entirely on slower disk-based databases, causing it to perform slowly. To improve its performance, you integrated an in-memory data store to your web application using ElastiCache.
How does Amazon ElastiCache improve database performance? |
|
Definition
By caching database query results. |
|
|
Term
You are unable to connect to your newly deployed EC2 instance via SSH from your home computer. However, you were able to successfully access other existing instances in your VPC without any issues.
Which of the following should you check and possibly correct to restore connectivity? |
|
Definition
Configure the Security Group of the EC2 instance to permit ingress traffic over port 22 from your IP. |
|
|
Term
You are working as a Solutions Architect for an aerospace manufacturer which heavily uses AWS. They are running a prototype high performance computing (HPC) cluster that spans multiple EC2 instances across multiple Availability Zones, which processes various wind simulation models. Currently, you are experiencing a slowdown in your applications and upon further investigation, it was discovered that it was due to latency issues.
Which is the MOST suitable solution that you should implement to provide low-latency network performance necessary for tightly-coupled node-to-node communication of your HPC cluster? |
|
Definition
Set up a cluster placement group within a single Availability Zone in the same AWS Region. |
|
|
Term
You are setting up the cloud architecture for an international money transfer service to be deployed in AWS which will have thousands of users around the globe. The service should be available 24/7 to avoid any business disruption and should be resilient enough to handle the outage of an entire AWS region. To meet this requirement, you have deployed your AWS resources to multiple AWS Regions. You need to use Route 53 and configure it to set all of your resources to be available all the time as much as possible. When a resource becomes unavailable, your Route 53 should detect that it’s unhealthy and stop including it when responding to queries.
Which of the following is the most fault tolerant routing configuration that you should use in this scenario? |
|
Definition
Configure an Active-Active Failover with Weighted routing policy. |
|
|
Term
In Amazon EC2, you can manage your instances from the moment you launch them up to their termination. You can flexibly control your computing costs by changing the EC2 instance state.
Which of the following statements is true regarding EC2 billing? (Select TWO.) |
|
Definition
You will be billed when your Reserved instance is in terminated state.
You will be billed when your On-Demand instance is preparing to hibernate with a stopping state. |
|
|