SAA-02 Flashcards by Thiago Pereira

A data analytics company keeps a massive volume of data which they store in their on-premises data center. To scale their storage systems, they are looking for cloud-backed storage volumes that they can mount using Internet Small Computer System Interface (iSCSI) devices from their on-premises application servers. They have an on-site data analytics application which frequently access the latest data subsets locally while the older data are rarely accessed. You are required to minimize the need to scale the on-premises storage infrastructure while still providing their web application with low-latency access to the data.

Cached Volume Gateway

How well did you know this?

Not at all

Perfectly

You are working for a weather station in Asia with a weather monitoring system that needs to be migrated to AWS. Since the monitoring system requires a low network latency and high network throughput, you decided to launch your EC2 instances to a new cluster placement group. The system was working fine for a couple of weeks, however, when you try to add new instances to the placement group that already has running EC2 instances, you receive an ‘insufficient capacity error’.

Stop and restart the instances in the Placement Group and then try the launch again.

How well did you know this?

Not at all

Perfectly

A Solutions Architect designed a real-time data analytics system based on Kinesis Data Stream and Lambda. A week after the system has been deployed, the users noticed that it performed slowly as the data rate increases. The Architect identified that the performance of the Kinesis Data Streams is causing this problem.

Increase the number of shards of the Kinesis stream by using the UpdateShardCount command.

How well did you know this?

Not at all

Perfectly

You are a Solutions Architect working for a startup which is currently migrating their production environment to AWS. Your manager asked you to set up access to the AWS console using Identity Access Management (IAM). Using the AWS CLI, you have created 5 users for your systems administrators.

Provide a password for each user created and give these passwords to your system administrators.

How well did you know this?

Not at all

Perfectly

You are instructed by your manager to create a publicly accessible EC2 instance by using an Elastic IP (EIP) address and to give him a report on how much it will cost to use that EIP.

There is no cost if the instance is running and it has only one associated EIP.

How well did you know this?

Not at all

Perfectly

You are working as a Solutions Architect for a leading technology company where you are instructed to troubleshoot the operational issues of your cloud architecture by logging the AWS API call history of your AWS resources. You need to quickly identify the most recent changes made to resources in your environment, including creation, modification, and deletion of AWS resources. One of the requirements is that the generated log files should be encrypted to avoid any security issues.

Use CloudTrail with its default settings.

How well did you know this?

Not at all

Perfectly

A multinational company has been building its new data analytics platform with high-performance computing workloads (HPC) which requires a scalable, POSIX-compliant storage service. The data need to be stored redundantly across multiple AZs and allows concurrent connections from thousands of EC2 instances hosted on multiple Availability Zones.

EFS

How well did you know this?

Not at all

Perfectly

A multinational corporate and investment bank is regularly processing steady workloads of accruals, loan interests, and other critical financial calculations every night at 10 PM to 3 AM on their on-premises data center for their corporate clients. Once the process is done, the results are then uploaded to the Oracle General Ledger which means that the processing should not be delayed nor interrupted. The CTO has decided to move their IT infrastructure to AWS to save cost and to improve the scalability of their digital financial services.

Use Scheduled Reserved Instances, which provide compute capacity that is always available on the specified recurring schedule.

How well did you know this?

Not at all

Perfectly

Your company has developed a financial analytics web application hosted in a Docker container using MEAN (MongoDB, Express.js, AngularJS, and Node.js) stack. You want to easily port that web application to AWS Cloud which can automatically handle all the tasks such as balancing load, auto-scaling, monitoring, and placing your containers across your cluster.

Beanstalk

How well did you know this?

Not at all

Perfectly

The start-up company that you are working for has a batch job application that is currently hosted on an EC2 instance. It is set to process messages from a queue created in SQS with default settings. You configured the application to process the messages once a week. After 2 weeks, you noticed that not all messages are being processed by the application.

Amazon SQS has automatically deleted the messages that have been in a queue for more than the maximum message retention period.

How well did you know this?

Not at all

Perfectly

You are working as a Cloud Engineer in a leading technology consulting firm which is using a fleet of Windows-based EC2 instances with IPv4 addresses launched in a private subnet. Several software installed in the EC2 instances are required to be updated via the Internet.

NAT Gateway

How well did you know this?

Not at all

Perfectly

You are working as a solutions architect for a large financial company. They have a web application hosted in their on-premises infrastructure which they want to migrate to AWS cloud. Your manager has instructed you to ensure that there is no downtime while the migration process is on-going. In order to achieve this, your team decided to divert 50% of the traffic to the new application in AWS and the other 50% to the application hosted in their on-premises infrastructure. Once the migration is over and the application works with no issues, a full diversion to AWS will be implemented. The company’s VPC is connected to its on-premises network via an AWS Direct Connect connection.

Route53 and ALB with Weighted

How well did you know this?

Not at all

Perfectly

You are working as a Solutions Architect in a well-funded financial startup. The CTO instructed you to launch a cryptocurrency mining server on a Reserved EC2 instance in us-east-1 region’s private subnet which is using IPv6. Due to the financial data that the server contains, the system should be secured to avoid any unauthorized access and to meet the regulatory compliance requirements.

Egress-only Internet Gateway

How well did you know this?

Not at all

Perfectly

A news company is planning to use a Hardware Security Module (CloudHSM) in AWS for secure key storage of their web applications. You have launched the CloudHSM cluster but after just a few hours, a support staff mistakenly attempted to log in as the administrator three times using an invalid password in the Hardware Security Module. This has caused the HSM to be zeroized, which means that the encryption keys on it have been wiped. Unfortunately, you did not have a copy of the keys stored anywhere else.

The keys are lost permanently if you did not have a copy.

How well did you know this?

Not at all

Perfectly

An application is hosted in an Auto Scaling group of EC2 instances and a Microsoft SQL Server on Amazon RDS. There is a requirement that all in-flight data between your web servers and RDS should be secured.

rds.force_ssl and Downloiad the Amazon RDS Root CA Certificate.

How well did you know this?

Not at all

Perfectly

AWS hosts a variety of public datasets such as satellite imagery, geospatial, or genomic data that you want to use for your web application hosted in Amazon EC2.

No charge.

How well did you know this?

Not at all

Perfectly

An application is using a Lambda function to process complex financial data that run for 15 minutes on average. Most invocations were successfully processed. However, you noticed that there are a few terminated invocations throughout the day, which caused data discrepancy in the application. Which of the following is the most likely cause of this issue?

The failed Lambda functions have been running for over 15 minutes and reached the maximum execution time.

How well did you know this?

Not at all

Perfectly

A global medical research company has a molecular imaging system that provides each client with frequently updated images of what is happening inside the human body at the molecular and cellular level. The system is hosted in AWS and the images are hosted in an S3 bucket behind a CloudFront web distribution. There was a new batch of updated images that were uploaded in S3, however, the users were reporting that they were still seeing the old content. You need to control which image will be returned by the system even when the user has another version cached either locally or behind a corporate caching proxy. Which of the following is the most suitable solution to solve this issue?

Use versioned objects.

How well did you know this?

Not at all

Perfectly

A web application is hosted on a fleet of EC2 instances inside an Auto Scaling Group with a couple of lambda functions for ad hoc processing. Whenever you release updates to your application every week,there are inconsistencies where some resources are not updated properly. You need a way to group the resources together and deploy the new version of your code consistently among the groups with minimal downtime. Which among these options should you do to satisfy the given requirement with the least effort?

Use deployment groups in CodeDeploy to automate code deployments in a consistent manner.

How well did you know this?

Not at all

Perfectly

###
A company is planning to deploy a High-Performance Computing (HPC) cluster in its VPC that requires a scalable, high-performance file system. The storage service must be optimized for efficient workload processing, and the data must be accessible via a fast and scalable file system interface. It should also work natively with Amazon S3 that enables you to easily process your S3 data with a high-performance POSIX interface.

Amazon FSx for Lustre

How well did you know this?

Not at all

Perfectly

A construction company has an online system that tracks all of the status and progress of their projects. The system is hosted in AWS and there is a requirement to monitor the read and write IOPs metrics for their MySQL RDS instance and send real-time alerts to their DevOps team.

CloudWatch e SNS

How well did you know this?

Not at all

Perfectly

You are setting up a cost-effective architecture for a log processing application which has frequently accessed, throughput-intensive workloads with large, sequential I/O operations. The application should be hosted in an already existing On-Demand EC2 instance in your VPC. You must attach a new EBS volume that will be used by the application.

EBS Throughput Optimized HDD (st1)

How well did you know this?

Not at all

Perfectly

You have a fleet of running Spot EC2 instances behind an Application Load Balancer. The incoming traffic comes from various users across multiple AWS regions and you would like to have the user’s session shared among your fleet of instances. You are required to set up a distributed session management layer that will provide scalable and shared data storage for the user sessions. Which of the following would be the best choice to meet the requirement while still providing sub-millisecond latency for your users?

ElasticCache in-memory caching

How well did you know this?

Not at all

Perfectly

You created a new CloudFormation template that creates 4 EC2 instances and are connected to one Elastic Load Balancer (ELB).

Which section of the template should you configure to get the Domain Name Server hostname of the ELB upon the creation of the AWS stack?

Outputs

How well did you know this?

Not at all

Perfectly

You are a Solutions Architect working for a software development company. You are planning to launch a fleet of EBS-backed EC2 instances and want to automatically assign each instance with a static private IP address which does not change even if the instances are restarted.

Launch the instances in the VPC

A leading media company has recently adopted a hybrid cloud architecture which requires them to migrate their application servers and databases in AWS. One of their applications requires a heterogeneous database migration in which you need to transform your on- premises Oracle database to PostgreSQL in AWS. This entails a schema and code transformation before the proper data migration starts.

First, use the AWS Schema Conversion Tool to convert the source schema and application code to match that of the target database, and then use the AWS Database Migration Service to migrate data from the source database to the target database.

You are working as a Solutions Architect for a major accounting firm, and they have a legacy general ledger accounting application that needs to be moved to AWS. However, the legacy application has a dependency on multicast networking.On this scenario, which of the following options should you consider ensuring the legacy application works in AWS?

Create a virtual overlay network running on the OS level of the instance.

A tech company is running two production web servers hosted on Reserved EC2 instances with EBS-backed root volumes. These instances have a consistent CPU load of 90%. Traffic is being distributed to these instances by an Elastic Load Balancer. In addition, they also have Multi-AZ RDS MySQL databases for their production, test, and development environments.

Consider not using a Multi-AZ RDS deployment for the development and test database.

In a startup company you are working for, you are asked to design a web application that requires a NoSQL database that has no limit on the storage size for a given table. The startup is still new in the market and it has very limited human resources who can take care of the database infrastructure. Which is the most suitable service that you can implement that provides a fully managed, scalable and highly available NoSQL service?

DynamoDB

You are setting up the required compute resources in your VPC for your application which have workloads that require high, sequential read and write access to very large data sets on local storage.

Storage Optimized Instances

You are the Solutions Architect of a software development company where you are required to connect the on-premises infrastructure to their AWS cloud.

AWS Direct Connect e IPsec VPN connection

You have EC2 instances running on your VPC. You have both UAT and production EC2 instances running. You want to ensure that employees who are responsible for the UAT instances don’t have the access to work on the production instances to minimize security risks.

Define the tags on the UAT and production servers and add a condition to the IAM policy which allows access to specific tags.

A financial company wants to store their data in Amazon S3 but at the same time, they want to store their frequently accessed data locally on their on-premises server. This is since they do not have the option to extend their on-premises storage, which is why they are looking for a durable and scalable storage service to use in AWS.

Use the Amazon Storage Gateway - Cached Volumes.

An application is hosted in an On-Demand EC2 instance and is using Amazon SDK to communicate to other AWS services such as S3, DynamoDB, and many others. As part of the upcoming IT audit, you need to ensure that all API calls to your AWS resources are logged and durably stored.

AWS CloudTrail

You are consulted by a multimedia company that needs to deploy web services to an AWS region which they have never used before. The company currently has an IAM role for their Amazon EC2 instance which permits the instance to access Amazon DynamoDB. They want their EC2 instances in the new region to have the exact same privileges.

Assign the existing IAM role to instances in the new region.

A web application, which is hosted in your on-premises data center and uses a MySQL database, must be migrated to AWS Cloud. You need to ensure that the network traffic to and from your RDS database instance is encrypted using SSL. For improved security, you have to use the profile credentials specific to your EC2 instance to access your database, instead of a password.

Set up an RDS database and enable the IAM DB Authentication.

You are a Solutions Architect of a tech company. You are having an issue whenever you try to connect to your newly created EC2 instance using a Remote Desktop connection from your computer. Upon checking, you have verified that the instance has a public IP and the Internet gateway and route tables are in place.

You should adjust the security group to allow traffic from port 3389.

You are working as an IT Consultant for a top investment firm. Your task is to ensure a smooth upgrade of their accounting system in AWS to a new version without any system outages. The Technical Manager gave the advice to implement an in-place upgrade strategy while a DevOps Engineer suggested to use blue/Green Deployment strategy instead. Which of the following options are not the advantages of using Blue/Green Deployment over in-place upgrade strategy?

Blue/green deployment is more cost-effective than in-place upgrade. You don't need to launch a new environment with additional AWS resources. You can use Blue/Green Deployment with CodeCommit and CodeBuild to automatically deploy the new version of your application

A startup company wants to launch a fleet of EC2 instances on AWS. Your manager wants to ensure that the Java programming language is installed automatically when the instance is launched.

User data

You are trying to enable Cross-Region Replication to your S3 bucket but this option is disabled.

Ir order to use the Cross-Region Replication feature in S3, you need to first enable versioning on the bucket.

A game company has a requirement of load balancing the incoming TCP traffic at the transport level (Layer4) to their containerized gaming servers hosted in AWS Fargate. To maintain performance, it should handle millions of requests per second sent by gamers around the globe while maintaining ultra-low latencies. Which of the following must be implemented in the current architecture to satisfy the new requirement?

Launch a new Network Load Balancer.

You deployed a web application to an EC2 instance that adds a variety of photo effects to a picture uploaded by the users. The application will put the generated photos to an S3 bucket by sending PUTrequests to the S3 API.

Create a role in IAM. Afterwards, assign this role to a new EC2 instance.

A Solutions Architect is developing a three-tier cryptocurrency web application for a FinTech startup. the architect has been instructed to restrict access to the database tier to only accept traffic from the application tier and deny traffic from other sources. The application tier is composed of application servers hosted in an Auto Scaling group of EC2 instances.

Set up the security group of the database tier to allow database traffic from the security group of the application servers.

A fast food company is using AWS to host their online ordering system which uses an Auto Scaling group ofEC2 instances deployed across multiple Availability Zones with an Application Load Balancer in front. To better handle the incoming traffic from various digital devices, you are planning to implement a new routing system where requests which have a URL of /api/android are forwarded to one specific target group named "Android-Target-Group". Conversely, requests which have a URL of /api/ios are forwarded to another separate target group named "iOS-Target-Group". How can you implement this change in AWS?

Use path conditions to define rules that forward requests to different target groups based on the URL in the request.

You are setting up a configuration management in your existing cloud architecture where you must deploy and manage your EC2 instances including the other AWS resources using Chef and Puppet.

AWS OpsWorks

You are working for a top IT Consultancy that has a VPC with two On-Demand EC2 instances with Elastic IP addresses. You were notified that your EC2 instances are currently under SSH brute force attacks over the Internet. Their IT Security team has identified the IP addresses where these attacks originated. You must immediately implement a temporary fix to stop these attacks while the team is setting up AWS WAF, GuardDuty, and AWS Shield Advanced to permanently fix the security vulnerability.

Block the IP address in the Network Access Control List.

A company is planning to launch a High-Performance Computing (HPC) cluster in AWS that does Computational Fluid Dynamics (CFD) simulations. The solution should scale-out their simulation jobs to experiment with more tunable parameters for faster and more accurate results. The cluster is composed of Windows servers hosted on t3a.medium EC2 instances. As the Solutions Architect, you should ensure that the architecture provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

Enable Enhanced Networking with Elastic Network Adapter (ENA) on the Windows EC2 Instances.

A company would like to archive their old yet confidential corporate files that are infrequently accessed.

AWS Glacier.

You are working as a Senior Solutions Architect in a digital media services startup. Your current project is about a movie streaming app where you are required to launch several EC2 instances on multiple availability zones. Which of the following will configure your load balancer to distribute incoming requests evenly to all EC2 instances across multiple Availability Zones?

Cross-zone load balancing.

Your IT Director instructed you to ensure that all the AWS resources in your VPC dont go beyond their respective service limits. You should prepare a system that provides you real-time guidance in provisioning your resources that adheres to the AWS best practices.

AWS Trusted Advisor.

You were hired as an IT Consultant in a startup cryptocurrency company that wants to go global with their international money transfer app. Your project is to make sure that the database of the app is highly available on multiple regions.

Provides enhanced database durability in the event of a DB instance component failure or an Availability Zone outage. Increased database availability in the case of system upgrades like OS patching or DB Instance scaling.

A financial analytics application that collects, processes and analyzes stock data in real-time is using Kinesis Data Streams. The producers continually push data to Kinesis Data Streams while the consumers process the data in real time.

DynamoDB, Redshift and S3

You recently created a brand new IAM User with a default setting using AWS CLI. This is intended to be used to send API requests to your S3, DynamoDB, Lambda, and other AWS resources of your cloud infrastructure. Which of the following must be done to allow the user to make API calls to your AWS resources?

Create a set of Access Keys for the user and attach the necessary permissions.

You are an IT Consultant for a top investment bank which is in the process of building its new Forex trading platform. To ensure high availability and scalability, you designed the trading platform to use an Elastic Load Balancer in front of an Auto Scaling group of On-Demand EC2 instances across multiple Availability Zones. For its database tier, you chose to use a single Amazon Aurora instance to take advantage of its distributed, fault-tolerant and self-healing storage system. In the event of system failure on the primary database instance, what happens to Amazon Aurora during the failover?

Aurora will attempt to create a new DB Instance in the same Availability Zone as the original instance and is done on a best-effort basis.

A mobile application stores pictures in Amazon Simple Storage Service (S3) and allows application sign-inusing an OpenID Connect-compatible identity provider.

Web Identity Federation

A company has an application hosted in an Auto Scaling group of Amazon EC2 instances across multiple Availability Zones behind an Application Load Balancer. There are several occasions where some instances are automatically terminated after failing the HTTPS health checks in the ALB and then purges all the ephemeral logs stored in the instance. A Solutions Architect must implement a solution that collects all the application and server logs effectively. She should be able to perform a root cause analysis based on the logs, even if the Auto Scaling group immediately terminated the instance.

Add a lifecycle hook to your Auto Scaling group to move instances in the Terminating state to the Terminating:Wait state to delay the termination of unhealthy Amazon EC2 instances. Configure a CloudWatch Events rule for the EC2 Instance-terminate Lifecycle Action Auto Scaling Event with an associated Lambda function. Trigger the CloudWatch agent to push the application logs and then resume the instance termination once all the logs are sent to CloudWatch Logs.

You have a web application hosted on a fleet of EC2 instances located in two Availability Zones that are all placed behind an Application Load Balancer. As a Solutions Architect, you must add a health check configuration to ensure your application is highly- available.

HTTP or HTTPS health check

A top university has recently launched its online learning portal where the students can take e-learning courses from the comforts of their homes. The portal is on a large On-Demand EC2 instance with a single amazon Aurora database.

Create Amazon Aurora Replicas.

You are working as a Principal Solutions Architect for a leading digital news company which has both an on-premises data center as well as an AWS cloud infrastructure. They store their graphics, audios, videos, and other multimedia assets primarily in their on-premises storage server and use an S3 Standard storage class bucket as a backup. Their data are heavily used for only a week (7 days) but after that period, it will only be infrequently used by their customers. You are instructed to save storage costs in AWS yet maintain the ability to fetch a subset of their media assets in a matter of minutes for a surprise annual data audit, which will be conducted on their cloud storage.

Set a lifecycle policy in the bucket to transition the data to Glacier after one week (7 days) Set a lifecycle policy in the bucket to transition to S3 - Standard IA after 30 days

A multinational manufacturing company has multiple accounts in AWS to separate their various departments such as finance, human resources, engineering and many others. There is a requirement to ensure that certain access to services and actions are properly controlled to comply with the security policy of the company. As the Solutions Architect, which is the most suitable way to set up the multi-account AWS environment of the company?

Use AWS Organizations and Service Control Policies to control services on each account

You are working for a global news network where you have set up a CloudFront distribution for your web application. However, you noticed that your application's origin server is being hit for each request instead of the AWS Edge locations, which serve the cached objects. The issue occurs even for the commonly requested objects.

The Cache-Control max-age directive is set to zero.

You have designed and built a new AWS architecture. After deploying your application to an On-demand EC2 instance, you found that there is an issue in your application when connecting to port 443. After troubleshooting the issue, you added port 443 to the security group of the instance.How long will it take before the changes are applied to all of the resources in your VPC?

Immediately.

You have several EC2 Reserved Instances in your account that needs to be decommissioned and shut down since they are no longer required. The data is still required by the Audit team.Which of the following steps can be taken for this scenario? (Select TWO.)

You can opt to sell these EC2 instances on the AWS Reserved Instance Marketplace Take snapshots of the EBS volumes and terminate the EC2 instances.

You are managing a global news website which has a very high traffic. To improve the performance, you redesigned the application architecture to use a Classic Load Balancer with an Auto Scaling Group in multiple Availability Zones. However, you noticed that one of the Availability Zones is not receiving any traffic.

The Availability Zone is not properly added to the load balancer which is why it is not receiving any traffic

Your IT Manager asks you to create a decoupled application whose process includes dependencies on EC2 instances and servers located in your company’s on-premises data center.Which of these options are you least likely to recommend as part of that process?

SQS polling from an EC2 instance using IAM user credentials.

You are planning to migrate a MySQL database from your on-premises data center to your AWS Cloud. This database will be used by a legacy batch application which has steady- state workloads in the morning but has its peak load at night for the end- of- day processing. You need to choose an EBS volume which can handle a maximum of 450 GB of data and can also be used as the system boot volume for your EC2 instance.

Amazon EBS General Purpose SSD

You are working as an AWS Engineer in a major telecommunications company in which you are tasked to make a network monitoring system. You launched an EC2 instance to host the monitoring system and used CloudWatch to monitor, store, and access the log files of your instance. Which of the following provides an automated way to send log data to CloudWatch Logs from your Amazon EC2 instance?

CloudWatch Logs agent

You are working for a startup that builds the Internet of Things (IOT) devices and monitoring applications. They are using IOT sensors to monitor all data by using Amazon Kinesis configured with default settings. You then send the data to an Amazon S3 bucket after 2 days. When you checked the data in S3, only data for the last day is present and no data is present for the first day. What is the root cause of this issue?

By default, data records in Kinesis are only accessible for 24 hours from the time they are added to a stream.

A website is running on an Auto Scaling group of On-Demand EC2 instances which are abruptly getting terminated from time to time. To automate the monitoring process, you started to create a simple script which uses the AWS CLI to find the root cause of this issue. Which of the following is the most suitable command to use?

aws ec2 describe-instances

You are working for a computer animation film studio that has a web application running on an Amazon EC2 instance. It uploads 5 GB video objects to an Amazon S3 bucket. Video uploads are taking longer than expected, which impacts the performance of your application.

Use Amazon S3 Multipart Upload API.

A new DevOps engineer has created a CloudFormation template for a web application and she raised apull-request in GIT for you to check and review. After checking the template, you immediately told her thatthe template will not work .{ "AWSTemplateFormatVersion":"2010-09-09", "Parameters":{ "VPCId":{ "Type":"String","Description":"techradio" }, "SubnetId":{ "Type":"String", "Description":"subnet-b46032ec" } }, "Outputs":{ "InstanceId":{ "Value":{ "Ref":"TechradioInstance" }, "Description":"Instance Id" } } } Which of the following is the reason why this CloudFormation template will fail to deploy the stack?

The resources section is missing.

An online shopping platform is hosted on an Auto Scaling group of On-Demand EC2 instances with a default Auto Scaling termination policy and no instance protection configured. The system is deployed across three Availability Zones in the US West region (us-west-1) with an Application Load Balancer in front to provide high availability and fault tolerance for the shopping platform. The us-west-1a, us- west-1b, and us-west-1c Availability Zones have 10, 8 and 7 running instances respectively. Due to the low number of incoming traffic, the scale-in operation has been triggered.

# Choose the Availability Zone with the greatest number of instances, which is the us-west-1a Availability Zone in this scenario. Select the instances with the oldest launch configuration. Select the instance that is closest to the next billing hour.

A commercial bank has designed their next generaton online banking platform to use a distributed system architecture. As their Software Architect, you must ensure that their architecture is highly scalable, yet sell cost-effective.

Launch an Auto-Scaling group of EC2 instances to host your application services and an SQS queue. Include an Auto Scaling trigger to watch the SQS queue size which will either scale in or scale out the number of EC2 instances based on the queue.

You are working as a Senior Solutions Architect for a data analytics company which has a VPC for their human resource department, and another VPC located on a different region for their finance department.You need to configure your architecture to allow the finance department to access all resources that are in the human resource department and vice versa.

Inter-Region VPC Peering

You are working as the Solutions Architect for a global technology consultancy firm which has an application that uses multiple EC2 instances located in various AWS regions such as US East (Ohio), USWest (N. California), and EU (Ireland). Your manager instructed you to set up a latency-based routing to route incoming traffic for www.techrad.io to all the EC2 instances across all AWS regions.

Use Route 53 to distribute the load to the multiple EC2 instances across all AWS Regions

A Junior DevOps Engineer deployed a large EBS-backed EC2 instance to host a NodeJS web app in AWS which was developed by an IT contractor. He properly configured the security group and used a key pair named "techradiokey" which has a techradiokey.pem private key file. The EC2 instance works as expected and the junior DevOps engineer can connect to it using an SSH connection. The IT contractor was also given the key pair and he has made various changes in the instance as well to the files located in .ssh folder to make the NodeJS app work. After a few weeks, the IT contractor and the junior DevOps engineer cannot connect the EC2 instance anymore, even with a valid private key file. They are constantly getting a "Server refused our key" error even though their private key is valid.

The SSH private key that you are using has a file permission of 0777

You are a Solutions Architect in an intelligence agency that is currently hosting learning and training portal in AWS. Your manager instructed you to launch a large EC2 instance with an attached EBS Volume and enable Enhanced Networking.

When you need a consistently lower inter-instance latency. When you need a higher packet per second (PPS) performance.

You are working as a Solution Architect for a startup in Silicon Valley. Their application architecture is currently set up to store both the access key ID and the secret access key in a plain text file on a customAmazon Machine Image (AMI). The EC2 instances, which are created by using this AMI, are using the stored access keys to connect to a DynamoDB table. What should you do to make the current architecture more secure?

Remove the stored access keys in the AMI. Create a new IAM role with permissions to access the DynamoDB table and assign it to the EC2 instances.

You are planning to launch an application that tracks the GPS coordinates of delivery trucks in your country. The coordinates are transmitted from each delivery truck every five seconds. You need to design an architecture that will enable real-time processing of these coordinates from multiple consumers. The aggregated data will be analyzed in a separate reporting application. Which AWS service should you use for this scenario?

Amazon Kinesis.

You have created a VPC with a single subnet then you launched an On-Demand EC2 instance in that subnet. You have attached Internet gateway (IGW) to the VPC and verified that the EC2 instance has a public IP. The main route table of the VPC is as per below: Destination: 10.0.0.0/27, Target: local, Status: Active, Propagated: No However, the instance still cannot be reached from the Internet when you tried to connect to it from your computer. Which of the following should be made to the route table to fix this issue?

Add this new entry to the route table: 0.0.0.0/0 -> Your Internet Gateway

You are working for a startup which develops an AI-based traffic monitoring service. You need to register a new domain called www.techradio-ai.com and set up other DNS entries for the other components of your system in AWS. Which of the following is not supported by Amazon Route 53?

DNSSEC

A game development company operates several virtual reality (VR) and augmented reality (AR) games which use various RESTful web APIs hosted on their on- premises data center. Due to the unprecedented growth of their company, they decided to migrate their system to AWS Cloud to scale out their resources as well to minimize costs. Which of the following should you recommend as the most cost-effective and scalable solution to meet the above requirement?

Use AWS Lambda and Amazon API Gateway.

A company needs to launch a new MySQL RDS database for its new data analytics application. The SolutionArchitect needs to ensure that the database-tier must be able to quickly recover from any system crashes. Which of the below is NOT a recommended practice for RDS?

Use MyISAM as the storage engine for MySQL

In a tech company that you are working for, there is a requirement to allow one IAM user to modify the configuration of one of your Elastic Load Balancers (ELB) which is used in a specific project. Each developer in your company has an individual IAM user and they usually move from one project to another. Which of the following would be the best way to allow this access?

Create a new IAM Role which will be assumed by the IAM user. Attach a policy allowing access to modify the ELB and once it is done, remove the IAM role from the user.

As the Solutions Architect, you have built a photo-sharing site for an entertainment company. The site was hosted using 3 EC2 instances in a single availability zone with a Classic Load Balancer in front to evenly distribute the incoming load. What should you do to enable your Classic Load Balancer to bind a user's session to a specific instance?

Sticky Sessions

You are working as a Solutions Architect in a global investment bank which requires corporate IT governance and cost oversight of all their AWS resources across their divisions around the world. Their corporate divisions want to maintain administrative control of the discrete AWS resources they consume and ensure that those resources are separate from other divisions. Which of the following options will support the autonomy of each corporate division while enabling the corporate IT to maintain governance and cost oversight? (Select TWO.)

Use AWS Consolidated Billing by creating AWS Organizations to link the divisions accounts to a parent corporate account. Enable IAM cross-account access for all corporate IT administrators in each child account.

A company has 10 TB of infrequently accessed financial data files that would need to be stored in AWS. These data would be accessed infrequently during specific weeks when they are retrieved for auditing purposes. The retrieval time is not strict as long as it does not exceed 24 hours. Which of the following would be a secure, durable, and cost-effective solution for this scenario?

Upload the data to S3 and set a lifecycle policy to transition data to Glacier after 0 days.

The social media company that you are working for needs to capture the detailed information of all HTTP requests that went through their public- facing application load balancer every five minutes. They want to use this data for analyzing traffic patterns and for troubleshooting their web applications in AWS. Which of the following options meet the customer requirements?

Enable access logs on the application load balancer.

An event sourcing application is to be implemented using a microservice architecture on AWS. Each microservice consists of an API Gateway, AWS Lambda, and Amazon DynamoDB. The application will initialize when the first microservice publishes an event to an event store, then proceeds by consuming the data in the second microservice. As a Solutions Architect, which of the following architectures should be followed?

Configure the first microservice to send data to Amazon Kinesis Data Firehose stream, then send the event log to an Amazon S3 bucket. Modify the second microservice to fetch data from the Kinesis stream.

You are building a microservices architecture in which software is composed of small independent services that communicate over well-defined APIs. In building large-scale systems, fine-grained decoupling of microservices is a recommended practice to implement. The decoupled services should scale horizontally from each other to improve scalability. What is the difference between Horizontal scaling and Vertical scaling?

Vertical scaling means running the same software on bigger machines which is limited by the capacity of the individual server. Horizontal scaling is adding more “Vertical scaling means running the same software on bigger machines which is limited by the capacity of the individual server. Horizontal scaling is adding more servers to the existing pool and doesnt run into limitations of individual servers.”

An online stock trading system is hosted in AWS and uses an Auto Scaling group of EC2 instances, an RDSdatabase, and an Amazon ElastiCache for Redis. You need to improve the data security of your in-memory data store by requiring the user to enter a password before they are granted permission to execute Redis commands. Which of the following should you do to meet the above requirement?

Authenticate the users using Redis AUTH by creating a new Redis Cluster with both the --transit-encryption-enabled and --auth-token parameters enabled.

An On-Demand EC2 instance is launched into a VPC subnet with the Network ACL configured to allow all inbound traffic and deny all outbound traffic. The instances security group has an inbound rule to allow SSH from any IP address and does not have any outbound rules. In this scenario, what are the changes needed to allow SSH connection to the instance?

The outbound network ACL needs to be modified to allow outbound traffic.

A web application is deployed in an On-Demand EC2 instance in your VPC. There is an issue with the application which requires you to connect to it via an SSH connection. Which of the following is needed in order to access an EC2 instance from the Internet? (Select THREE.)

An Internet Gateway (IGW) attached to the VPC. A route entry to the Internet gateway in the Route table of the VPC. A Public IP address attached to the EC2 instance.

You have just launched a new API Gateway service which uses AWS Lambda as a serverless computing service. In what type of protocol will your API endpoint be exposed?

HTTPS

A WordPress website hosted in an EC2 instance, which has an additional EBS volume attached, was mistakenly deployed in the us- east- 1a Availability Zone due to a misconfiguration in your CloudFormation template. There is a requirement to quickly rectify the issue by moving and attaching the EBS volume to a new EC2 instance in the us-east-1b Availability Zone. As the Solutions Architect of the company, which of the following should you do to solve this issue?

First, create a snapshot of the EBS volume. Afterwards, create a volume using the snapshot in the other Availability Zone.

You are working as an IT Consultant for a large media company where you are tasked to design a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this S3 bucket to immediately receive over 2000 PUT requests and 3500 GET requests per second at peak hour. What should you do to ensure optimal performance?

Do nothing. Amazon S3 will automatically manage performance at this scale.

There is a technical requirement by a financial firm that does online credit card processing to have a secure application environment on AWS. They are trying to decide on whether to use KMS or CloudHSM.Which of the following statements is right when it comes to Cloud HSM and KMS?

You should consider using AWS CloudHSM over AWS KMS if you require your keys stored in dedicated, third-party validated hardware security modules under your exclusive control.

An online shopping platform has been deployed to AWS using Elastic Beanstalk. They simply uploaded theirNode.js application, and Elastic Beanstalk automatically handles the details of capacity provisioning, loadbalancing, scaling, and application health monitoring. Since the entire deployment process is automated,the DevOps team is not sure where to get the application log files of their shopping platform. In Elastic Beanstalk, where does it store the application files and server log files?

Application files are stored in S3. The server log files can also optionally be stored in S3 or in CloudWatch Logs.

A startup is building an AI-based face recognition application in AWS, where they store millions of images in an S3 bucket. As the Solutions Architect, you must ensure that each and every image uploaded to their system is stored without any issues. What is the correct indication that an object was successfully stored when you put objects in Amazon S3?

HTTP 200 result code and MD5 chcksum.

A large Philippine-based Business Process Outsourcing company is building a two-tier web application in their VPC to serve dynamic transaction-based content. The data tier is leveraging an Online Transactional Processing (OLTP) database but for the web tier, they are still deciding what service they will use. What AWS services should you leverage to build an elastic and scalable web tier?

Elastic Load Balancing, Amazon EC2, and Auto Scaling