SA MAstery 2.0 Flashcards
(33 cards)
A car dealership website hosted in Amazon EC2 stores car listings in an Amazon Aurora database managed by Amazon RDS. Once a vehicle has been sold, its data must be removed from the current listings and forwarded to a distributed processing system.
Which of the following options can satisfy the given requirement?
*
1 point
A) Create a native function or a stored procedure that invokes an AWS Lambda function. Configure the Lambda function to send event notifications to an Amazon SQS queue for the processing system to consume.
B)Create an RDS event subscription and send the notifications to Amazon SQS. Configure the SQS queues to fan out the event notifications to multiple Amazon SNS topics. Process the data using AWS Lambda functions.
C) Create an RDS event subscription and send the notifications to AWS Lambda. Configure the Lambda function to fanout the event notifications to multiple Amazon SQS queues to update the target groups.
D) Create an RDS event subscription and send the notifications to Amazon SNS. Configure the SNS topic to fan out the event notifications to multiple Amazon SQS queues. Process the data using AWS Lambda functions.
A solutions architect is managing an application that runs on a Windows EC2 instance with an attached Amazon FSx for Windows File Server. To save cost, management has decided to stop the instance during off-hours and restart it only when needed. It has been observed that the application takes several minutes to become fully operational which impacts productivity.
How can the solutions architect speed up the instance’s loading time without driving the cost up?
*
1 point
A) Migrate the application to an EC2 instance with hibernation enabled.
B) Enable the hibernation mode on the EC2 instance.
C) Migrate the application to a Linux-based EC2 instance.
D) Disable the Instance Metadata Service to reduce the things that need to be loaded at startup.
A media company wants to ensure that the images it delivers through Amazon CloudFront are compatible across various user devices. The company plans to serve images in WebP format to user agents that support it and return to JPEG format for those that don’t. Additionally, the company wants to add a custom header to the response for tracking purposes.
As a solution architect, what approach would one recommend to meet these requirements while minimizing operational overhead?
*
1 point
A) Implement an image conversion service on Amazon EC2 instances and integrate it with CloudFront. Use AWS Lambda functions to modify the response headers and serve the appropriate format based on the User-Agent header.
B) Generate a CloudFront response headers policy. Utilize the policy to deliver the suitable image format according to the User-Agent HTTP header in the incoming request.
C) Create multiple CloudFront distributions, each serving a specific image format (WebP or JPEG). Route incoming requests based on the User-Agent header to the respective distribution using Amazon Route 53.
D) Configure CloudFront behaviors to handle different image formats based on the User-Agent header. Use Lambda@Edge functions to modify the response headers and serve the appropriate format.
Which of the following options can meet the company requirements with the least operational overhead?
A company runs an internal application on AWS which uses Amazon EC2 instances for compute and Amazon RDS for PostgreSQL for its data store. Considering the application only runs during working hours on weekdays, a solution is required to optimize costs with minimal operational overhead.
Which solution would satisfy these requirements?
*
1 point
A) Purchase reserved instance subscriptions for EC2 and RDS
B) Create an Amazon CloudWatch alarm that triggers an AWS Lambda function when CPU utilization falls below an idle threshold. In the function, implement logic for stopping both the EC2 instance and the RDS database.
C) Purchase a compute savings plan for EC2 and RDS.
D) Deploy the AWS CloudFormation template of the Instance Scheduler on AWS. Set up the start and stop schedules of the EC2 instance and RDS DB instance.
A company has a requirement to move an 80 TB data warehouse to the cloud. It would take 2 months to transfer the data based on the current bandwidth allocation.
Which option is the most cost-effective for quick data upload to AWS?
*
1 point
A) AWS Snowball Edge
B) Amazon S3 Multipart Upload
C) AWS DataSync
D) AWS Direct Connect
An organization needs to control access to several Amazon S3 buckets. The organization plans to use a gateway endpoint to allow access to trusted buckets.
Which of the following could help you achieve this requirement?
*
1 point
A) Generate an endpoint policy for trusted S3 buckets.
B) Generate an endpoint policy for trusted VPCs.
C) Generate a bucket policy for trusted S3 buckets.
D) Generate a bucket policy for trusted VPCs.
An online stock trading application stores financial data in an Amazon S3 bucket, with a lifecycle policy that moves older data to Glacier every month. A strict compliance requirement mandates that a surprise audit can occur at any time, and the required data must be retrievable in under 15 minutes under all circumstances. The manager has instructed that retrieval capacity be available when needed and should support up to 150 MB/s of retrieval throughput.
Which of the following will meet the given requirement? (Select TWO.)
*
2 points
A) Use Expedited Retrieval to access the financial data.
B) Specify a range, or portion, of the financial data archive to retrieve.
C) Use Bulk Retrieval to access the financial data.
D) Purchase provisioned retrieval capacity.
E) Use Standard Retrieval for accessing the financial data.
An application consists of multiple Amazon EC2 instances in private subnets in different availability zones. The application uses a single NAT Gateway for downloading software patches from the Internet to the instances. There is a requirement to protect the application from a single point of failure when the NAT Gateway encounters a failure or if its availability zone goes down.
How should the Solutions Architect redesign the architecture to be more highly available and cost-effective?
*
1 point
A) Create three NAT Gateways in each availability zone. Configure the route table in each private subnet to ensure that instances use the NAT Gateway in the same availability zone.
B) Create two NAT Gateways in each availability zone. Configure the route table in each public subnet to ensure that instances use the NAT Gateway in the same availability zone.
C) Create a NAT Gateway in each availability zone. Configure the route table in each public subnet to ensure that instances use the NAT Gateway in the same availability zone.
D) Create a NAT Gateway in each availability zone. Configure the route table in each private subnet to ensure that instances use the NAT Gateway in the same availability zone
Due to the large volume of query requests, the database performance of an online reporting application significantly slowed down. The Solutions Architect is trying to convince her client to use Amazon RDS Read Replica for their application instead of setting up a Multi-AZ Deployments configuration.
What are two benefits of using Read Replicas over Multi-AZ that the Architect should point out? (Select TWO.)
*
2 points
A) Allows both read and write operations on the read replica to complement the primary database.
B) Provides synchronous replication and automatic failover in the case of Availability Zone service failures.
C) It elastically scales out beyond the capacity constraints of a single DB instance for read-heavy database workloads.
D) Provides asynchronous replication and improves the performance of the primary database by taking read-heavy database workloads from it.
E) It enhances the read performance of your primary database by increasing its IOPS and accelerates its query processing via AWS Global Accelerator.
A multinational corporate and investment bank regularly processes steady workloads of accruals, loan interests, and other critical financial calculations every night from 10 PM to 3 AM on their on-premises data center for their corporate clients. Once the process is done, the results are then uploaded to the Oracle General Ledger which means that the processing should not be delayed or interrupted. The CTO has decided to move its IT infrastructure to AWS to save costs. The company needs to reserve compute capacity in a specific Availability Zone to properly run their workloads.
As the Senior Solutions Architect, how can you implement a cost-effective architecture in AWS for their financial system?
*
1 point
A) Use On-Demand Capacity Reservations, which provide compute capacity that is always available on the specified recurring schedule.
B) Use Regional Reserved Instances to reserve capacity on a specific Availability Zone and lower the operating cost through its billing discounts.
C) Use Dedicated Hosts, which provide a physical host that is fully dedicated to running your instances, and bring your existing per-socket, per-core, or per-VM software licenses to reduce costs.
D) Use On-Demand EC2 instances which allows you to pay for the instances that you launch and use by the second. Reserve compute capacity in a specific Availability Zone to avoid any interruption.
A payment processing company plans to migrate its on-premises application to an Amazon EC2 instance. An IPv6 CIDR block is attached to the company’s Amazon VPC. Strict security policy mandates that the production VPC must only allow outbound communication over IPv6 between the instance and the internet but should prevent the internet from initiating an inbound IPv6 connection. The new architecture should also allow traffic flow inspection and traffic filtering.
What should a solutions architect do to meet these requirements?
*
1 point
A) Launch the EC2 instance to a private subnet and attach an Egress-Only Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Network Firewall to set up the required rules for traffic inspection and traffic filtering.
B) Launch the EC2 instance to a private subnet and attach a NAT Gateway to the VPC to allow outbound IPv6 communication to the internet. Use AWS Firewall Manager to set up the required rules for traffic inspection and traffic filtering.
C) Launch the EC2 instance to a private subnet and attach AWS PrivateLink interface endpoint to the VPC to control outbound IPv6 communication to the internet. Use Amazon GuardDuty to set up the required rules for traffic inspection and traffic filtering.
D) Launch the EC2 instance to a public subnet and attach an Internet Gateway to the VPC to allow outbound IPv6 communication to the internet. Use Traffic Mirroring to set up the required rules for traffic inspection and traffic filtering.
A company has two On-Demand EC2 instances inside the Virtual Private Cloud in the same Availability Zone but are deployed to different subnets. One EC2 instance is running a database and the other EC2 instance a web application that connects with the database. You need to ensure that these two instances can communicate with each other for the system to work properly.
What are the things you have to check so that these EC2 instances can communicate inside the VPC? (Select TWO.)
*
2 points
A) Check the Network ACL if it allows communication between the two subnets.
B) Check if both instances are the same instance class.
C) Ensure that the EC2 instances are in the same Placement Group.
D) Check if the default route is set to a NAT instance or Internet Gateway (IGW) for them to communicate.
D) Check if all security groups are set to allow the application host to communicate to the database on the right port and protocol.
A Solutions Architect designed a real-time data analytics system based on Kinesis Data Stream and Lambda. A week after the system has been deployed, the users noticed that it performed slowly as the data rate increases. The Architect identified that the performance of the Kinesis Data Streams is causing this problem.
Which of the following should the Architect do to improve performance?
*
1 point
A) Implement Step Scaling to the Kinesis Data Stream.
B) Improve the performance of the stream by decreasing the number of its shards using the MergeShard command.
C) Replace the data stream with Amazon Data Firehose instead.
D) Increase the number of shards of the Kinesis stream by using the UpdateShardCount command.
A company needs to implement a solution that will process real-time streaming data of its users across the globe. This will enable them to track and analyze globally-distributed user activity on their website and mobile applications, including clickstream analysis. The solution should process the data in close geographical proximity to their users and respond to user requests at low latencies.
Which of the following is the most suitable solution for this scenario?
*
1 point
A) Use a CloudFront web distribution and Route 53 with a latency-based routing policy, in order to process the data in close geographical proximity to users and respond to user requests at low latencies. Process real-time streaming data using Kinesis and durably store the results to an Amazon S3 bucket.
B) Integrate CloudFront with Lambda@Edge in order to process the data in close geographical proximity to users and respond to user requests at low latencies. Process real-time streaming data using Amazon Athena and durably store the results to an Amazon S3 bucket.
C) Integrate CloudFront with Lambda@Edge in order to process the data in close geographical proximity to users and respond to user requests at low latencies. Process real-time streaming data using Kinesis and durably store the results to an Amazon S3 bucket.
D) Use a CloudFront web distribution and Route 53 with a Geoproximity routing policy in order to process the data in close geographical proximity to users and respond to user requests at low latencies. Process real-time streaming data using Kinesis and durably store the results to an Amazon S3 bucket.
A web application, which is hosted in the on-premises data center and uses a MySQL database, must be migrated to AWS Cloud. You need to ensure that the network traffic to and from your RDS database instance is encrypted using SSL. For improved security, you have to use the profile credentials specific to your EC2 instance to access your database, instead of a password.
Which of the following should you do to meet the above requirement?
*
1 point
A) Launch a new RDS database instance using Aurora with the Backtrack feature enabled.
B) Launch the mysql client using the –ssl-ca parameter when connecting to the database.
C) Configure your RDS database to enable encryption.
D) Set up an RDS database and enable the IAM DB Authentication.
A large consulting firm is in the process of conducting an internal security audit of its cloud infrastructure. The goal is to ensure that the information in its Amazon S3 bucket, which is associated with the firm’s AWS Lake Formation data lake, doesn’t include confidential data related to its customers or staff.
The firm aims to uncover financial or personally identifiable information (PII), such as passport, credit card numbers, and taxpayer identification numbers, in its S3 bucket. This will prevent any sensitive data from being ingested into a data lake.
What solution would be the most operationally effective solution in meeting these particular requirements?
*
1 point
A) Utilize Amazon Macie to perform a comprehensive data discovery operation using managed identifiers to detect various data types.
B) Set up Amazon S3 Inventory for the S3 bucket and then configure Amazon Athena to conduct queries on the generated inventory.
C) Set up AWS Glue DataBrew to identify and cleanse sensitive data in the S3 bucket.
D) Implement AWS Audit Manager within the AWS account and opt for auditing based on the Payment Card Industry Data Security Standards (PCI DSS).
A multinational manufacturing company has multiple accounts in AWS to separate their various departments such as finance, human resources, engineering and many others. There is a requirement to ensure that certain access to services and actions are properly controlled to comply with the security policy of the company.
As the Solutions Architect, which is the most suitable way to set up the multi-account AWS environment of the company?
*
1 point
A) Set up a common IAM policy that can be applied across all AWS accounts.
B) Connect all departments by setting up a cross-account access to each of the AWS accounts of the company. Create and attach IAM policies to your resources based on their respective departments to control access.
C) Use AWS Organizations and Service Control Policies to control services on each account.
D) Provide access to externally authenticated users via Identity Federation. Set up an IAM role to specify permissions for users from each department whose identity is federated from your organization or a third-party identity provider.
