NEW QUESTION 1
A company is planning to build a high performance computing (HPC) workload as a service solution that Is hosted on AWS A group of 16 AmazonEC2Ltnux Instances requires the lowest possible latency for
node-to-node communication. The instances also need a shared block device volume for high-performing
storage.
Which solution will meet these requirements?

• A. Use a duster placement grou
• B. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon E BS) volume to all the instances by using Amazon EBS Multi-Attach
• C. Use a cluster placement grou
• D. Create shared 'lie systems across the instances by using Amazon Elastic File System (Amazon EFS)
• E. Use a partition placement grou
• F. Create shared tile systems across the instances by using Amazon Elastic File System (Amazon EFS).
• G. Use a spread placement grou
• H. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon EBS) volume to all the instances by using Amazon EBS Multi-Attach

Answer: A

NEW QUESTION 2
A company is migrating a distributed application to AWS The application serves variable workloads The legacy platform consists of a primary server trial coordinates jobs across multiple compute nodes The company wants to modernize the application with a solution that maximizes resiliency and scalability
How should a solutions architect design the architecture to meet these requirements?

• A. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs Implement the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling grou
• B. Configure EC2 Auto Scaling to use scheduled scaling
• C. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs Implement the compute nodes with Amazon EC2 Instances that are managed in an Auto Scaling group Configure EC2 Auto Scaling based on the size of the queue
• D. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed Inan Auto Scaling grou
• E. Configure AWS CloudTrail as a destination for the fobs Configure EC2 Auto Scaling based on the load on the primary server
• F. implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group Configure Amazon EventBridge (Amazon CloudWatch Events) as a destination for the jobs Configure EC2 Auto Scaling based on the load on the compute nodes

Answer: C

NEW QUESTION 3
A company is running a critical business application on Amazon EC2 instances behind an Application Load Balancer The EC2 instances run in an Auto Scaling group and access an Amazon RDS DB instance
The design did not pass an operational review because the EC2 instances and the DB instance are all located in a single Availability Zone A solutions architect must update the design to use a second Availability Zone
Which solution will make the application highly available?

• A. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across bothAvailability Zones Configure the DB instance with connections to each network
• B. Provision two subnets that extend across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones Configure the DB instance with connections to each network
• C. Provision a subnet in each Availability Zone Configure the Auto Scaling group to distribute the EC2 instances across both Availability Zones Configure the DB instance for Multi-AZ deployment
• D. Provision a subnet that extends across both Availability Zones Configure the Auto Scaling group to distribute the EC2 instancesacross both Availability Zones Configure the DB instance for Multi-AZ deployment

Answer: C

NEW QUESTION 4
A company uses a popular content management system (CMS) tot its corporate website. However, the required patching and maintenance are burdensome. The company is redesigning its website and wants a new solution. The website will be updated tour times a year and does not need to have any dynamic content available The solution must provide high scalability and enhanced security
Which combination of changes will meet those requirements with the LEAST operational overhead? (Select TWO)

• A. Deploy an AWS WAF web ACL in front of the website to provide HTTPS functionality
• B. Create and deploy an AWS Lambda function to manage and serve the website content
• C. Create the new website and an Amazon S3 bucket Deploy the website on the S3 bucket with static website hosting enabled
• D. Create the new websit
• E. Deploy the website by using an Auto Scaling group of Amazon EC2 instances behind an Application Load Balancer.

Answer: D

NEW QUESTION 5
A company hosts its web applications in the AWS Cloud. The company configures Elastic Load Balancers to use certificate that are imported into AWS Certificate Manager (ACM). The company’s security team must be notified 30 days before the expiration of each certificate.
What should a solutions architect recommend to meet the requirement?

• A. Add a rule m ACM to publish a custom message to an Amazon Simple Notification Service (Amazon SNS) topic every day beginning 30 days before any certificate will expire.
• B. Create an AWS Config rule that checks for certificates that will expire within 30 day
• C. Configure Amazon EventBridge (Amazon CloudWatch Events) to invoke a custom alert by way of Amazon Simple Notification Service (Amazon SNS) when AWS Config reports a noncompliant resource
• D. Use AWS trusted Advisor to check for certificates that will expire within to day
• E. Create an Amazon CloudWatch alarm that is based on Trusted Advisor metrics for check status changes Configure the alarm to send a custom alert by way of Amazon Simple rectification Service (Amazon SNS)
• F. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect any certificates that will expire within 30 day
• G. Configure the rule to invoke an AWS Lambda functio
• H. Configure the Lambda function to send a custom alert by way of Amazon Simple Notification Service (Amazon SNS).

Answer: B

NEW QUESTION 6
A company wants to establish connectivity between its on-premlses data center and AWS (or an existing workload. The workload runs on Amazon EC2 Instances in two VPCs In different AWS Regions. The VPCs need to communicate with each other. The company needs to provide connectivity from Its data center to both VPCs. The solution must support a bandwidth of 600 Mbps to the data center.
Which solution will meet these requirements?

• A. Set up an AWS Site-to-Site VPN connection between the data center and one VP
• B. Create a VPC peering connection between the VPCs.
• C. Set up an AWS Site-to-Site VPN connection between the data center and each VP
• D. Create a VPC peering connection between the VPCs.
• E. Set up an AWS Direct Connect connection between the data center and one VP
• F. Create a VPC peering connection between the VPCs.
• G. Create a transit gatewa
• H. Attach both VPCs to the transit gatewa
• I. Create an AWS Slte-to-Site VPN tunnel to the transit gateway.

Answer: B

NEW QUESTION 7
A company wants to migrate a Windows-based application from on premises to the AWS Cloud. The application has three tiers, a business tier, and a database tier with Microsoft SQL Server. The company wants to use specific features of SQL Server such as native backups and Data Quality Services. The company also needs to share files for process between the tiers.
How should a solution architect design the architecture to meet these requirements?

• A. Host all three on Amazon instance
• B. Use Mmazon FSx File Gateway for file sharing between tiers.
• C. Host all three on Amazon EC2 instance
• D. Use Amazon FSx for Windows file sharing between the tiers.
• E. Host the application tier and the business tier on Amazon EC2 instance
• F. Host the database tier on Amazon RD
• G. Use Amazon Elastic File system (Amazon EFS) for file sharing between the tiers.
• H. Host the application tier and the business tier on Amazon EC2 instance
• I. Host the database tier on Amazon RD
• J. Use a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume for file sharing between the tiers.

Answer: B

NEW QUESTION 8
A solution architect is creating a new Amazon CloudFront distribution for an application Some of Ine information submitted by users is sensitive. The application uses HTTPS but needs another layer" of security The sensitive information should be protected throughout the entire application stack end access to the information should be restricted to certain applications
Which action should the solutions architect take?

• A. Configure a CloudFront signed URL
• B. Configure a CloudFront signed cookie.
• C. Configure a CloudFront field-level encryption profile
• D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy

Answer: C

NEW QUESTION 9
A gaming company hosts a browser-based application on AWS The users of the application consume a large number of videos and images that are stored in Amazon S3. This content is the same for all users
The application has increased in popularity, and millions of users worldwide are accessing these media files. The company wants to provide the files to the users while reducing the load on the origin
Which solution meets these requirements MOST cost-effectively?

• A. Deploy an AWS Global Accelerator accelerator in front of the web servers
• B. Deploy an Amazon CloudFront web distribution in front of the S3 bucket
• C. Deploy an Amazon ElastiCache for Redis instance in front of the web servers
• D. Deploy an Amazon ElastiCache for Memcached instance in front of the web servers

Answer: B

Explanation:
CloudFront uses Edge Locations to cache content while Global Accelerator uses Edge Locations to find an optimal pathway to the nearest regional endpoint.

NEW QUESTION 10
A company hosts an application on AWS Lambda functions mat are invoked by an Amazon API Gateway API The Lambda functions save customer data to an Amazon Aurora MySQL database Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete The result is that customer data Is not recorded for some of the event
A solutions architect needs to design a solution that stores customer data that is created during database upgrades
Which solution will meet these requirements?

• A. Provision an Amazon RDS proxy to sit between the Lambda functions and the database Configure the Lambda functions to connect to the RDS proxy
• B. Increase the run time of me Lambda functions to the maximum Create a retry mechanism in the code that stores the customer data in the database
• C. Persist the customer data to Lambda local storag
• D. Configure new Lambda functions to scan the local storage to save the customer data to the database.
• E. Store the customer data m an Amazon Simple Queue Service (Amazon SOS) FIFO queue Create a new Lambda function that polls the queue and stores the customer data in the database

Answer: C

NEW QUESTION 11
A company has an application that loads documents into an Amazon 53 bucket and converts the documents into another format. The application stores the converted documents m another S3 bucket and saves the document name and URLs in an Amazon DynamoOB table The DynamoOB entries are used during subsequent days to access the documents The company uses a DynamoOB Accelerator (DAX) cluster in front of the table
Recently, traffic to the application has increased. Document processing tasks are timing out during the scheduled DAX maintenance window. A solutions architect must ensure that the documents continue to load during the maintenance window
What should the solutions architect do to accomplish this goal?

• A. Modify the application to write to the DAX cluster Configure the DAX cluster to write to the DynamoDB table when the maintenance window is complete
• B. Enable Amazon DynamoDB Streams for the DynamoDB tabl
• C. Modify the application to write to the stream Configure the stream to load the data when the maintenance window is complete.
• D. Convert the application to an AWS Lambda function Configure the Lambda function runtime to be longer than the maintenance window Create an Amazon CloudWatch alarm to monitor Lambda timeouts
• E. Modify the application to write the document name and URLs to an Amazon Simple Queue Service (Amazon SOS) queue Create an AWS Lambda function to read the SOS queue and write to DynamoDB.

Answer: C

NEW QUESTION 12
A company has migrated a two-tier application from its on-premises data center to the AWS Cloud The data tier is a Multi-AZ deployment of Amazon RDS for Oracle with 12 TB of General Purpose SSD Amazon Elastic Block Store (Amazon EBS) storage The application is designed to process and store documents in the database as binary large objects (blobs) with an average document size of 6 MB
The database size has grown over time reducing the performance and increasing the cost of storage. The company must improve the database performance and needs a solution that is highly available and resilient
Which solution will meet these requirements MOST cost-effectively?

• A. Reduce the RDS DB instance size Increase the storage capacity to 24 TiB Change the storage type to Magnetic
• B. Increase the RDS DB instance siz
• C. Increase the storage capacity to 24 TiB Change the storage type to Provisioned IOPS
• D. Create an Amazon S3 bucke
• E. Update the application to store documents in the S3 bucket Store theobject metadata m the existing database
• F. Create an Amazon DynamoDB tabl
• G. Update the application to use DynamoD
• H. Use AWS Database Migration Service (AWS DMS) to migrate data from the Oracle database to DynamoDB

Answer: C

NEW QUESTION 13
A company needs to ingested and handle large amounts of streaming data that its application generates. The application runs on Amazon EC2 instances and sends data to Amazon Kinesis Data Streams. which is contained wild default settings. Every other day the application consumes the data and writes the data to an Amazon S3 bucket for business intelligence (BI) processing the company observes that Amazon S3 is not receiving all the data that trio application sends to Kinesis Data Streams.
What should a solutions architect do to resolve this issue?

• A. Update the Kinesis Data Streams default settings by modifying the data retention period.
• B. Update the application to use the Kinesis Producer Library (KPL) lo send the data to Kinesis Data Streams.
• C. Update the number of Kinesis shards lo handle the throughput of me data that is sent to Kinesis Data Streams.
• D. Turn on S3 Versioning within the S3 bucket to preserve every version of every object that is ingested in the S3 bucket.

Answer: A

NEW QUESTION 14
A company's application integrates with multiple software-as-a-service (SaaS) sources for data collection. The company runs Amazon EC2 instances to receive the data and to upload the data to an Amazon S3 bucket for analysis. The same EC2 instance that receives and uploads the data also sends a notification to the user when an upload is complete. The company has noticed slow application performance and wants to improve the performance as much as possible.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Create an Auto Scaling group so that EC2 instances can scale ou
• B. Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• C. Create an Amazon AppFlow flow to transfer data between each SaaS source and the S3 bucket.Configure an S3 event notification to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.
• D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for each SaaS source to send output dat
• E. Configure the S3 bucket as the rule's targe
• F. Create a second EventBridge (CloudWatch Events) rule to send events when the upload to the S3 bucket is complet
• G. Configure an Amazon Simple Notification Service (Amazon SNS) topic as the second rule's target.
• H. Create a Docker container to use instead of an EC2 instanc
• I. Host the containerized application on Amazon Elastic Container Service (Amazon ECS). Configure Amazon CloudWatch Container Insights to send events to an Amazon Simple Notification Service (Amazon SNS) topic when the upload to the S3 bucket is complete.

Answer: B

NEW QUESTION 15
A company is storing sensitive user information in an Amazon S3 bucket The company wants to provide secure access to this bucket from the application tier running on Ama2on EC2 instances inside a VPC
Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)

• A. Configure a VPC gateway endpoint (or Amazon S3 within the VPC
• B. Create a bucket policy to make the objects to the S3 bucket public
• C. Create a bucket policy that limits access to only the application tier running in the VPC
• D. Create an 1AM user with an S3 access policy and copy the IAM credentials to the EC2 instance
• E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket

Answer: BD

NEW QUESTION 16
A company has two VPCs named Management and Production The Management VPC uses VPNs through a customer gateway to connect to a single device in the data center. The Production VPC uses a virtual private gateway with two attached AWS Direct Connect connections The Management and Production VPCs both use a single VPC peering connection to allow communication between the applications.
What should a solutions architect do to mitigate any single point of failure in this architecture?

• A. Add a set of VPNs between the Management and Production VPCs
• B. Add a second virtual private gateway and attach it to the Management VPC.
• C. Add a second set of VPNs to the Management VPC from a second customer gateway device
• D. Add a second VPC peering connection between the Management VPC and the Production VPC.

Answer: C

Explanation:
https://docs.aws.amazon.com/vpn/latest/s2svpn/images/Multiple_Gateways_diagram.png
"To protect against a loss of connectivity in case your customer gateway device becomes unavailable, you can set up a second Site-to-Site VPN connection to your VPC and virtual private gateway by using a second customer gateway device." https://docs.aws.amazon.com/vpn/latest/s2svpn/vpn-redundant-connection.html

NEW QUESTION 17
A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway The company is concerned about data transfer charges What is the MOST cost-effective way for the company to avoid Regional data transfer charges?

• A. Launch the NAT gateway in each Availability Zone
• B. Replace the NAT gateway with a NAT instance
• C. Deploy a gateway VPC endpoint for Amazon S3
• D. Provision an EC2 Dedicated Host to run the EC2 instances

Answer: C

NEW QUESTION 18
......