NEW QUESTION 1
A company has created an image analysis application in which users can upload photos and add photo frames to their images. The users upload images and metadata to indicate which photo frames they want to add to their images. The application uses a single Amazon EC2 instance and Amazon DynamoDB to store the metadata.
The application is becoming more popular, and the number of users is increasing. The company expects the number of concurrent users to vary significantly depending on the time of day and day of week. The company must ensure that the application can scale to meet the needs of the growing user base.
Which solution meats these requirements?

• A. Use AWS Lambda to process the photo
• B. Store the photos and metadata in DynamoDB.
• C. Use Amazon Kinesis Data Firehose to process the photos and to store the photos and metadata.
• D. Use AWS Lambda to process the photo
• E. Store the photos in Amazon S3. Retain DynamoDB to store the metadata.
• F. Increase the number of EC2 instances to thre
• G. Use Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volumes to store the photos and metadata.

Answer: A

NEW QUESTION 2
A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images Which method is the MOST costeffective for hosting the website?

• A. Containerize the website and host it in AWS Fargate.
• B. Create an Amazon S3 bucket and host the website there
• C. Deploy a web server on an Amazon EC2 instance to host the website.
• D. Configure an Application Loa d Balancer with an AWS Lambda target that uses the Express js framework.

Answer: B

Explanation:
Explanation
In Static Websites, Web pages are returned by the server which are prebuilt.
They use simple languages such as HTML, CSS, or JavaScript.
There is no processing of content on the server (according to the user) in Static Websites. Web pages are returned by the server with no change therefore, static Websites are fast.
There is no interaction with databases.
Also, they are less costly as the host does not need to support server-side processing with different languages.
============
In Dynamic Websites, Web pages are returned by the server which are processed during runtime means they are not prebuilt web pages but they are built during runtime according to the user’s demand.
These use server-side scripting languages such as PHP, Node.js, ASP.NET and many more supported by the server.
So, they are slower than static websites but updates and interaction with databases are possible.

NEW QUESTION 3
A company has more than 5 TB of file data on Windows file servers that run on premises Users and applications interact with the data each day
The company is moving its Windows workloads to AWS. As the company continues this process, the company requires access to AWS and on-premises file storage with minimum latency The company needs a solution that minimizes operational overhead and requires no significant changes to the existing file access patterns. The company uses an AWS Site-to-Site VPN connection for connectivity to AWS
What should a solutions architect do to meet these requirements?

• A. Deploy and configure Amazon FSx for Windows File Server on AW
• B. Move the on-premises file data to FSx for Windows File Serve
• C. Reconfigure the workloads to use FSx for Windows File Server on AWS.
• D. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to the S3 File Gateway Reconfigure the on-premises workloads and the cloud workloads to use the S3 File Gateway
• E. Deploy and configure an Amazon S3 File Gateway on premises Move the on-premises file data to Amazon S3 Reconfigure the workloads to use either Amazon S3 directly or the S3 File Gateway, depending on each workload's location
• F. Deploy and configure Amazon FSx for Windows File Server on AWS Deploy and configure an Amazon FSx File Gateway on premises Move the on-premises file data to the FSx File Gateway Configure the cloud workloads to use FSx for Windows File Server on AWS Configure the on-premises workloads to use the FSx File Gateway

Answer: D

NEW QUESTION 4
A company wants to run its critical applications in containers to meet requirements tor scalability and availability The company prefers to focus on maintenance of the critical applications The company does not want to be responsible for provisioning and managing the underlying infrastructure that runs the containerized workload
What should a solutions architect do to meet those requirements?

• A. Use Amazon EC2 Instances, and Install Docker on the Instances
• B. Use Amazon Elastic Container Service (Amazon ECS) on Amazon EC2 worker nodes
• C. Use Amazon Elastic Container Service (Amazon ECS) on AWS Fargate
• D. Use Amazon EC2 instances from an Amazon Elastic Container Service (Amazon ECS)-op6mized Amazon Machine Image (AMI).

Answer: C

Explanation:
using AWS ECS on AWS Fargate since they requirements are for scalability and availability without having to provision and manage the underlying infrastructure to run the containerized workload. https://docs.aws.amazon.com/AmazonECS/latest/userguide/what-is-fargate.html

NEW QUESTION 5
A company is launching a new application and will display application metrics on an Amazon CloudWatch dashboard. The company’s product manager needs to access this dashboard periodically. The product manager does not have an AWS account. A solution architect must provide access to the product manager by following the principle of least privilege.
Which solution will meet these requirements?

• A. Share the dashboard from the CloudWatch consol
• B. Enter the product manager’s email address, and complete the sharing step
• C. Provide a shareable link for the dashboard to the product manager.
• D. Create an IAM user specifically for the product manage
• E. Attach the CloudWatch Read Only Access managed policy to the use
• F. Share the new login credential with the product manage
• G. Share the browser URL of the correct dashboard with the product manager.
• H. Create an IAM user for the company’s employees, Attach the View Only Access AWS managed policy to the IAM use
• I. Share the new login credentials with the product manage
• J. Ask the product manager to navigate to the CloudWatch console and locate the dashboard by name in the Dashboards section.
• K. Deploy a bastion server in a public subne
• L. When the product manager requires access to the dashboard, start the server and share the RDP credential
• M. On the bastion server, ensure that the browser is configured to open the dashboard URL with cached AWS credentials that have appropriate permissions to view the dashboard.

Answer: A

NEW QUESTION 6
A new employee has joined a company as a deployment engineer. The deployment engineer will be using AWS CloudFormation templates to create multiple AWS resources. A solutions architect wants the deployment engineer to perform job activities while following the principle of least privilege.
Which steps should the solutions architect do in conjunction to reach this goal? (Select two.)

• A. Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.
• B. Create a new IAM user for the deployment engineer and add the IAM user to a group that has thePowerUsers IAM policy attached.
• C. Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached.
• D. Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only.
• E. Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.

Answer: DE

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html

NEW QUESTION 7
An ecommerce company wants to launch a one-deal-a-day website on AWS. Each day will feature exactly one product on sale (or a period of 24 hours. The company wants to be able to handle millions of requests each hour with millisecond latency during peak hours.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Use Amazon S3 to host the full website in different S3 buckets Add Amazon CloudFront distributions Set the S3 buckets as origins for the distributions Store the order data in Amazon S3
• B. Deploy the full website on Amazon EC2 instances that run in Auto Scaling groups across multiple Availability Zones Add an Application Load Balancer (ALB) to distribute the website traffic Add another ALB for the backend APIs Store the data in Amazon RDS for MySQL
• C. Migrate the full application to run in containers Host the containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use the Kubernetes Cluster Autoscaler to increase and decrease the number of pods to process bursts in traffic Store the data in Amazon RDS for MySQL
• D. Use an Amazon S3 bucket to host the website's static content Deploy an Amazon CloudFront distributio
• E. Set the S3 bucket as the origin Use Amazon API Gateway and AWS Lambda functions for the backend APIs Store the data in Amazon DynamoDB

Answer: D

NEW QUESTION 8
A company is preparing to store confidential data in Amazon S3 For compliance reasons the data must be encrypted at rest Encryption key usage must be logged tor auditing purposes. Keys must be rotated every year.
Which solution meets these requirements and «the MOST operationally efferent?

• A. Server-side encryption with customer-provided keys (SSE-C)
• B. Server-side encryption with Amazon S3 managed keys (SSE-S3)
• C. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with manual rotation
• D. Server-side encryption with AWS KMS (SSE-KMS) customer master keys (CMKs) with automate rotation

Answer: D

Explanation:
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
When you enable automatic key rotation for a customer managed key, AWS KMS generates new cryptographic material for the KMS key every year. AWS KMS also saves the KMS key's older cryptographic material in perpetuity so it can be used to decrypt data that the KMS key encrypted.
Key rotation in AWS KMS is a cryptographic best practice that is designed to be transparent and easy to use.
AWS KMS supports optional automatic key rotation only for customer managed CMKs. Enable and disable key rotation. Automatic key rotation is disabled by default on customer managed CMKs. When you enable (or re-enable) key rotation, AWS KMS automatically rotates the CMK 365 days after the enable date and every 365 days thereafter.

NEW QUESTION 9
A hospital wants to create digital copies for its large collection of historical written records. The hospital will continue to add hundreds of new documents each day. The hospital's data team will scan the documents and will upload the documents to the AWS Cloud.
A solutions architect must implement a solution to analyze the documents: extract the medical information, and store the documents so that an application can run SQL queries on the data The solution must maximize scalability and operational efficiency
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

• A. Write the document information to an Amazon EC2 instance that runs a MySQL database
• B. Write the document information to an Amazon S3 bucket Use Amazon Athena to query the data
• C. Create an Auto Scaling group of Amazon EC2 instances to run a custom application that processes the scanned files and extracts the medical information.
• D. Create an AWS Lambda function that runs when new documents are uploaded Use Amazon Rekognition to convert the documents to raw text Use Amazon Transcribe Medical to detect and extract relevant medical Information from the text.
• E. Create an AWS Lambda function that runs when new documents are uploaded Use Amazon Textract to convert the documents to raw text Use Amazon Comprehend Medical to detect and extract relevant medical information from the text

Answer: AE

NEW QUESTION 10
A company wants to use the AWS Cloud to make an existing application highly available and resilient. The current version of the application resides in the company's data center. The application recently experienced data loss after a database server crashed because of an unexpected power outage.
The company needs a solution that avoids any single points of failure. The solution must give the application the ability to scale to meet user demand.
Which solution will meet these requirements?

• A. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zone
• B. Use an Amazon RDS DB instance in a Multi-AZ configuration.
• C. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group in a single Availability Zon
• D. Deploy the database on an EC2 instanc
• E. Enable EC2 Auto Recovery.
• F. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zone
• G. Use an Amazon RDS DB instance with a read replica in a single Availability Zon
• H. Promote the read replica to replace the primary DB instance if the primary DB instance fails.
• I. Deploy the application servers by using Amazon EC2 instances in an Auto Scaling group across multiple Availability Zones Deploy the primary and secondary database servers on EC2 instances across multiple Availability Zones Use Amazon Elastic Block Store (Amazon EBS) Multi-Attach to create shared storage between the instances.

Answer: A

NEW QUESTION 11
To meet security requirements, a company needs to encrypt all of its application data in transit while communicating with an Amazon RDS MySQL DB instance A recent security audit revealed that encryption al rest is enabled using AWS Key Management Service (AWS KMS). but data in transit Is not enabled
What should a solutions architect do to satisfy the security requirements?

• A. Enable IAM database authentication on the database.
• B. Provide self-signed certificates, Use the certificates in all connections to the RDS instance
• C. Take a snapshot of the RDS instance Restore the snapshot to a new instance with encryption enabled
• D. Download AWS-provided root certificates Provide the certificates in all connections to the RDS instance

Answer: C

Explanation:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html#Overview.Encryption.

NEW QUESTION 12
A company wants to migrate its on-premises application to AWS. The application produces output files that vary in size from tens of gigabytes to hundreds of terabytes The application data must be stored in a standard file system structure
The company wants a solution that scales automatically, is highly available, and requires minimum operational overhead.
Which solution will meet these requirements?

• A. Migrate the application to run as containers on Amazon Elastic Container Service (Amazon ECS) Use Amazon S3 for storage
• B. Migrate the application to run as containers on Amazon Elastic Kubernetes Service (Amazon EKS) Use Amazon Elastic Block Store (Amazon EBS) for storage
• C. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
• D. Use Amazon Elastic File System (Amazon EFS) for storage.
• E. Migrate the application to Amazon EC2 instances in a Multi-AZ Auto Scaling grou
• F. Use Amazon Elastic Block Store (Amazon EBS) for storage.

Answer: C

NEW QUESTION 13
A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly. The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and minimum development effort.
Which solution will meet these requirements with the LEAST operational overhead?

• A. Use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scalin
• B. Use an Application Load Balancer to distribute the incoming requests.
• C. Use two Amazon EC2 instances to host the containerized web applicatio
• D. Use an Application Load Balancer to distribute the incoming requests
• E. Use AWS Lambda with a new code that uses one of the supported language
• F. Create multiple Lambda functions to support the loa
• G. Use Amazon API Gateway as an entry point to the Lambda functions.
• H. Use a high performance computing (HPC) solution such as AWS ParallelClusterto establish an HPC cluster that can process the incoming requests at the appropriate scale.

Answer: A

NEW QUESTION 14
A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.
During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.
Which solution will meet these requirements?

• A. Refactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instances.Connect the database by using native Java Database Connectivity (JDBC) drivers.
• B. Change the platform from Aurora to Amazon DynamoD
• C. Provision a DynamoDB Accelerator (DAX) cluste
• D. Use the DAX client SDK to point the existing DynamoDB API calls at the DAX cluster.
• E. Set up two Lambda function
• F. Configure one function to receive the informatio
• G. Configure the other function to load the information into the databas
• H. Integrate the Lambda functions by using Amazon Simple Notification Service (Amazon SNS).
• I. Set up two Lambda function
• J. Configure one function to receive the informatio
• K. Configure the other function to load the information into the databas
• L. Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon SQS) queue.

Answer: D

Explanation:
Explanation
bottlenecks can be avoided with queues (SQS).

NEW QUESTION 15
A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected, even from database administrators.
Which solution meets these requirements?

• A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volum
• B. Use EBS encryption to encrypt the dat
• C. Use an IAM instance role to restrict access.
• D. Store sensitive data in Amazon RDS for MySQ
• E. Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
• F. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) service-side encryption the dat
• G. Use S3 bucket policies to restrict access.
• H. Store sensitive data in Amazon FSx for Windows Serve
• I. Mount the file share on application servers.Use Windows file permissions to restrict access.

Answer: C

NEW QUESTION 16
A company has an application that provides marketing services to stores. The services are based on previous purchases by store customers. The stores upload transaction data to the company through SFTP, and the data is processed and analyzed to generate new marketing offers. Some of the files can exceed 200 GB in size.
Recently, the company discovered that some of the stores have uploaded files that contain personally identifiable information (PII) that should not have been included. The company wants administrators to be alerted if PII is shared again.
The company also wants to automate remediation.
What should a solutions architect do to meet these requirements with the LEAST development effort?

• A. Use an Amazon S3 bucket as a secure transfer poin
• B. Use Amazon Inspector to scan me objects in the bucke
• C. If objects contain Pl
• D. trigger an S3 Lifecycle policy to remove the objects that contain Pll.
• E. Use an Amazon S3 bucket as a secure transfer poin
• F. Use Amazon Macie to scan the objects in the bucke
• G. If objects contain Pl
• H. Use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects mat contain Pll.
• I. Implement custom scanning algorithms in an AWS Lambda functio
• J. Trigger the function when objects are loaded into the bucke
• K. It objects contain Rl
• L. use Amazon Simple Notification Service (Amazon SNS) to trigger a notification to the administrators to remove the objects that contain Pll.
• M. Implement custom scanning algorithms in an AWS Lambda functio
• N. Trigger the function when objects are loaded into the bucke
• O. If objects contain Pl
• P. use Amazon Simple Email Service (Amazon STS) to trigger a notification to the administrators and trigger on S3 Lifecycle policy to remove the objects mot contain PII.

Answer: B

NEW QUESTION 17
A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website.
Which actions should the solutions architect take to protect the website from such an attack? (Select TWO.)

• A. Use AWS Shield Advanced to stop the DDoS attack.
• B. Configure Amazon GuardDuty to automatically block the attackers.
• C. Configure the website to use Amazon CloudFront for both static and dynamic content.
• D. Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
• E. Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization

Answer: AC

NEW QUESTION 18
......