sap full2 Flashcards

Question

The contract length for Reserved Instances is between __ and __ years.

Answer 1

All Upfront RIs

Answer 2

Family; Normalization;

Answer 3

AZs; Regions

Answer 4

AZ's but not regions.

Answer 5

Only the changes from Git repositories

Answer 6

Linux AMI & Windows 2012 R2

Answer 7

Stacks; Layers

Answer 8

EC2 ELB RDS

Answer 9

Web; Application; Database

Answer 10

OpsWork will remove

Answer 11

wait condition

Answer 12

VPC Peering

Answer 13

Chef; Puppet; Bootstrap

Answer 14

"automatic rollback on error"

Answer 15

Customer Gateway - Customer side Virtual Private Gateway - AWS Side

Answer 16

cannot; can

Answer 17

Scale up and Scale out; If you scale out, add an additional NAT & subnet and migrate half your workload to the new subnet.

Answer 18

Security groups & make sure that a route table has been created in both VPCs to allow traffic.

Answer 19

RDS; DynamoDB

Answer 20

Amazon RDS or Amazon EC2 with self-managed database

Answer 21

Parallelization

Answer 22

Lexicographical; randomize

Answer 23

Single Tenanted (1 physical device, for you only)

Answer 24

VPC Peering

Answer 25

* RDS (Oracle & SQL) * Redshift

Answer 26

AD Connector; Simple AD

Answer 27

Indefinitely

Answer 28

Develop an Identity Broker to communicate with LDAP & AWS STS

Answer 29

Identity Broker always communicates with LDAP first, THEN with AWS STS

Answer 30

Application then gets temporary access to AWS resources.

Answer 31

A Token A Secret Access Key Access Key ID A Duration

Answer 32

A IPS tool

Answer 33

Using wait conditions Using creation policies cfn-signal CreationPolicies are the preferred mechanism

Answer 34

DeletionPolicy attribute

Answer 35

resource properties, outputs, metadata attributes update policy attributes

Answer 36

Amazon Data Lifecycle Manager (DLM) for EBS Snapshots

Answer 37

- Create and start new instances to replace your current online instances. Then delete the current instances. - On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command

Answer 38

The cfn-hup helper is a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected.

Answer 39

- Consist of a single ZIP file or TAR file - Not exceed 512 MB - Not include a parent folder or top-level directory

Answer 40

Kinesis synchronously replicates the streaming data across three data centres within single AWS region and preserves the data for up to 24H

Answer 41

Adding more shards

Answer 42

1MB/sec data input and 2MB/sec data output

Answer 43

AWS::CloudFormation::Stack

Answer 44

/etc/awslogs/

Answer 45

By configuring workload management (WLM) in Amazon Redshift

Answer 46

HTTP Live Streaming - protocol that segments media files for optimization during streaming. HLS enables media players to play segments with the highest quality resolution that is supported by their network connection during playback

Answer 47

Wowza Streaming Engine is the gold standard of customizable streaming server software for building and delivering professional-grade streaming at any scale

Answer 48

If you want your VPC to use a different set of DHCP options, you must create a new set and associate them with your VPC.

Answer 49

stop and start all of the instances in the placement group, and try the launch again

Answer 50

view an Amazon Kinesis video stream for: - live playback - view archived video

Answer 51

When creating EFS file system

Answer 52

When mounting the EFS volume

Answer 53

NO. Other method need to be used (backing up to EBS)

Answer 54

Transport Layer Security

Answer 55

Extract, transform, load

Answer 56

5000 (and cannot be changed)

Answer 57

Fully managed graph database. Supports open graphs APIs for both Gremlin and SPARQL

Answer 58

In cases with load-balanced web servers, store web session information in Redis so if a server is lost, the session info is not lost and another web server can pick it up.

Answer 59

Use Memcache in front of AWS RDS to cache popular queries to offload work from RDS and return results faster to users

Answer 60

SQL Engine overlaid on S3, based on Presto

Answer 61

Amazon Quantum Ledger Database

Answer 62

Framework allowing administrators to create pre-defined products and landscapes for their users

Answer 63

1000 records per second

Answer 64

500 shards - can be increased to unlimited

Answer 65

- Partition Key - Sequence Number - Data Blob (up to 1MB)

Answer 66

DynamoDB Accelerator

Answer 67

HTTP cookies forwarded from an origin

Answer 68

Managed implementation of Apache ActiveMQ

Answer 69

A cluster endpoint is an endpoint for a Neptune DB cluster that connects to the current primary DB instance for that DB cluster. Each Neptune DB cluster has a cluster endpoint and one primary DB instance

Answer 70

A reader endpoint is an endpoint for a Neptune DB cluster that connects to one of the available Neptune replicas for that DB cluster. Each Neptune DB cluster has a reader endpoint

Answer 71

An instance endpoint is an endpoint for a DB instance in a Neptune DB cluster that connects to that specific DB instance. Each DB instance in a DB cluster, regardless of instance type, has its own unique instance endpoint

Answer 72

PostgreSQL

Answer 73

In blockchain, the ledger is distributed, whereas in QLDB, is is centralized.

Answer 74

a partition key and one or more columns

Answer 75

Apache Cassandra

Answer 76

Amazon Ion documents

Answer 77

index storage

Answer 78

Hadoop Distributed File System

Answer 79

The cluster starts, runs the "steps" (tasks) and terminates itself.

Answer 80

Cluster can accept and execute tasks you submit

Answer 81

Accelerated Computing

Answer 82

to host simple websites, blogs or small applications

Answer 83

The Amazon ECS container agent

Answer 84

Amazon Glacier creates a temporary copy of the object in S3-RRS storage class.

Answer 85

sent to your origin servers running within or outside of AWS.

Answer 86

the bucket and object level

Answer 87

The user must create a file system on the volume.

Answer 88

A mount target must be placed within a VPC to communicate with EC2 instances in that VPC

Answer 89

The EBS volume will not be created on the same tenant hardware assigned to the dedicated instance.

Answer 90

AWS DataSync

Answer 91

Turn it off. The E Ink will display changes to the return label. Then ship it to Amazon.

Answer 92

Amazon Glacier takes 1-5 minutes to retrieve data.

Answer 93

A unique identifier for an object in a bucket

Answer 94

A file system

Answer 95

0 bytes to 5 TB

Answer 96

Server-side encryption with S3-managed keys (SSE-S3)

Answer 97

Elasticity is the ability to grow or shrink infrastructure resources dynamically as needed to adapt to workload changes in an autonomic manner, maximizing the use of resources. This can result in savings in infrastructure costs overall

Answer 98

Enabling "extended data retention".

Answer 99

A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.

Answer 100

ApplyImmediately

Answer 101

64 characters

Answer 102

Enhanced and basic

Answer 103

When the final activity that uses the resources has completed successfully or failed

Answer 104

Pipeline definition

Answer 105

Session persistence

Answer 106

They support both authenticated and unauthenticated identities.

Answer 107

128 characters

Answer 108

128 characters

Answer 109

4GB - 15TB

Answer 110

By supplying a Task Runner package that can be installed on your on-premise hosts

Answer 111

RAID 5 and RAID 6

Answer 112

Yes, they can be used for all RDS instances.

Answer 113

Task Runner

Answer 114

for Memcached 11211 and for Redis 6379

Answer 115

Desired capacity

Answer 116

Cluster placement group

Answer 117

No, snapshots are only available through the Amazon EC2 APIs.

Answer 118

describe-stack-resource

Answer 119

4 GB for EBS io1, 100GB for RDS - Provisioned IOPS

Answer 120

block device mapping to attach the volumes as the instance is launched

Answer 121

**1,024TB**

Answer 122

**512 TB**

Answer 123

Service Auto Scaling

Answer 124

NAT Instance - When there is a connection time out, a NAT instance sends a FIN packet to resources behind the NAT instance to close the connection. NAT Gateway - When there is a connection time out, a NAT gateway returns an RST packet to any resources behind the NAT gateway that attempt to continue the connection (it does not send a FIN packet).

Answer 125

Cached volumes can range from 1 GiB to 32 TiB in size and must be rounded to the nearest GiB. Each gateway configured for cached volumes can support up to 32 volumes for a total maximum storage volume of 1,024 TiB (1 PiB).

Answer 126

An HTTP 504 gateway timeout error does not necessarily indicate a problem with your clusterâ€”it just means that the request couldn't be completed within the idle timeout period.

Answer 127

FullAWSAccess

Answer 128

use the unified CloudWatch agent

Answer 129

Every instance has an AWS OpsWorks Stacks agent that communicates regularly with the service. AWS OpsWorks Stacks uses that communication to monitor instance health. If an agent does not communicate with the service for more than approximately five minutes, AWS OpsWorks Stacks considers the instance to have failed.

Answer 130

Turn off RI sharing for member account in that Organization

Answer 131

Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for cloud.example.com that point to the inbound resolver.

Answer 132

Deploy a new API Gateway API and Lambda functions in another Region. Change the Route 53 DNS record to a failover record. Enable target health monitoring. Convert the DynamoDB tables to global tables.

Answer 133

Create a temporary OU named Onboarding for the new account. Apply an SCP to the Onboarding OU to allow AWS Config actions. Move the organizationâ€™s root SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS Config are complete.

Answer 134

Enable Aurora Auto Scaling for Aurora Replicas. Use an Application Load Balancer with the round robin routing and sticky sessions enabled.

Answer 135

Create an Amazon CloudFront distribution for the metadata service. Create an Application Load Balancer (ALB). Configure the CloudFront distribution to forward requests to the ALB. Configure the ALB to invoke the correct Lambda function for each type of request. Create a CloudFront function to remove the problematic headers based on the value of the User-Agent header.

Answer 136

Upload the container images to Amazon Elastic Container Registry (Amazon ECR). Configure two auto scaled Amazon Elastic Container Service (Amazon ECS) clusters with the Fargate launch type to handle the expected load. Deploy tasks from the ECR images. Configure two separate Application Load Balancers to direct traffic to the ECS clusters.

Answer 137

Create an AWS Lambda function in the backup Region to promote the read replica and modify the Auto Scaling group values. Configure Route 53 with a health check that monitors the web application and sends an Amazon Simple Notification Service (Amazon SNS) notification to the Lambda function when the health check status is unhealthy. Update the applicationâ€™s Route 53 record with a failover policy that routes traffic to the ALB in the backup Region when a health check failure occurs.

Answer 138

Use an Elastic Load Balancer to distribute traffic across multiple EC2 instances. Ensure that the EC2 instances are part of an Auto Scaling group that has a minimum capacity of two instances. Modify the DB instance to create a Multi-AZ deployment that extends across two Availability Zones. Create a replication group for the ElastiCache for Redis cluster. Enable Multi-AZ on the cluster.

Answer 139

Create an Amazon S3 bucket. Configure the S3 bucket to host a static webpage. Upload the custom error pages to Amazon S3. Add a custom error response by configuring a CloudFront custom error page. Modify DNS records to point to a publicly accessible web page.

Answer 140

Enable resource sharing from the AWS Organizations management account. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share.

Answer 141

Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint.

Answer 142

Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports.

Answer 143

Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook and an Amazon EventBridge rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send CONTINUE to the Auto Scaling group to terminate the instance.

Answer 144

Create an authorization to associate the private hosted zone in Account A with the new VPC in Account B. Associate a new VPC in Account B with a hosted zone in Account A. Delete the association authorization in Account A.

Answer 145

Configure the reserved concurrency limit for the new Lambda function. Monitor existing critical Lambda functions with Amazon CloudWatch alarms for the Throttles Lambda metric

Answer 146

Create an ECS cluster using a fleet of Spot Instances, with Spot Instance draining enabled. Provision the database using Reserved Instances

Answer 147

Store the documents in a secured Amazon S3 bucket with a lifecycle policy to move the documents that are older than 3 months to Amazon S3 Glacier, then expire the documents from Amazon S3 Glacier that are more than 7 years old

Answer 148

Create an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match. Trigger an AWS Lambda function on file delivery to start an AWS Glue ETL job to transform the entire record according to the processing and transformation requirements. Define the output format as JSON. Once complete, have the ETL job send the results to another S3 bucket for internal processing

Answer 149

Move content to Amazon S3. Create an Amazon CloudFront distribution to serve content out of the S3 bucket. Use Lambda@Edge to load different resources based on the User-Agent HTTP header

Answer 150

Create an Amazon SQS queue and decouple the application and database layers. Configure an AWS Lambda function to write items from the queue into the database

Answer 151

Create an AWS Lambda function that will update user metadata. Create an Amazon SQS queue and configure it as an event source for the Lambda function. Update the web application to send jobs to the queue

Answer 152

- The IAM roles created for the federated users' or federated groups' trust policy have set the SAML provider as the principal - The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP - The company's IdP defines SAML assertions that properly map users or groups in the company to IAM roles with appropriate permissions

Answer 153

Define the infrastructure services in AWS CloudFormation templates. Upload each template as an AWS Service Catalog product to portfolios created in a central AWS account. Share these portfolios with the AWS Organizations structure created for the company Allow IAM users to have AWSServiceCatalogEndUserReadOnlyAccess permissions only. Assign the policy to a group called Endusers, add all users to the group. Apply launch constraints

Answer 154

Use AWS Lambda to write automatic approval rules. Store the approved AMI list in AWS Systems Manager Parameter Store. Use Amazon EventBridge to trigger an AWS Systems Manager Automation document on all EC2 instances every 30 days Use Amazon Inspector to run the CVE assessment package on the EC2 instances launched from the approved AMIs

Answer 155

Create a temporary OU named Staging for the new account. Apply an SCP to the Staging OU to allow AWS DMS actions. Move the organization's deny list SCP to the Production OU. Move the new account to the Production OU when adjustments to AWS DMS are complete

Answer 156

A large number of reads and writes exhausted the I/O credit balance due to provisioning low disk storage during the setup phase

Answer 157

Install the AWS Application Discovery Service Discovery Connector in VMware vCenter. Install the AWS Application Discovery Service Discovery Agent on the physical on-premises servers. Allow the Discovery Agent to collect data for a period of time

Answer 158

Use an Amazon Aurora global database with the primary in the active Region and the secondary in the failover Region

Answer 159

AWS Application Discovery Service AWS Cloud Adoption Readiness Tool (CART) AWS Migration Hub

Answer 160

Create an SCP with the Deny effect on the ec2:PurchaseReservedInstancesOffering action. Attach the SCP to the root of the organization

Answer 161

Create a queue using Amazon SQS. Run the web application on Amazon EC2 and configure it to publish to the new queue. Use Amazon EC2 instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SQS queue length. Store the processed files in an Amazon S3 bucket

Answer 162

Use Amazon SQS with FIFO to queue messages in the correct order. Use Reserved Instances in multiple Availability Zones for processing

Answer 163

Use the AWS Budgets service to define a fixed monthly budget for each development account Create an SCP that denies access to expensive services. Apply the SCP to an OU containing the development accounts Create an AWS Budgets alert action to send an Amazon SNS notification when the budgeted amount is reached. Invoke an AWS Lambda function to terminate all services

Answer 164

Set up an AWS Client VPN endpoint, associate it with a subnet in the VPC, and configure a Client VPN self-service portal. Instruct the developers to connect using the Client VPN client

Answer 165

Enable a cross-Region read replica for the RDS database. In the case of an outage, promote the replica to be a standalone DB instance. Point applications to the new DB endpoint and create a read replica to maintain high availability

Answer 166

Configure Service Control Policies (SCPs) within AWS Control Tower to disallow assigning public IP addresses to EC2 instances across all OUs

Answer 167

Stream the environmental data to Amazon Kinesis Data Streams, analyze it using an AWS Lambda function, and configure Amazon SNS to send immediate alerts to the management team if anomalies are detected

Answer 168

Configure the Kinesis Data Firehose delivery stream to partition the data in Amazon S3 by date and event type. Redefine the Athena table to include these partitions and modify the queries to specifically target relevant partitions

Answer 169

Create an Amazon CloudFront distribution with the ALB as the origin and configure a custom header and secret value. Configure the ALB to conditionally forward traffic only if the header and value match Deploy an AWS WAF web ACL that includes a rule group that blocks the attack traffic. Associate the web ACL with the Amazon CloudFront distribution

Answer 170

Increase the memory available to the Lambda functions Stream the data into an Amazon Kinesis data stream from API Gateway and process the data in batches

Answer 171

Create a new DX connection to the same Region. Provision a Direct Connect gateway and establish new private VIFs to a virtual private gateway in the VPCs in each Region

Answer 172

Create an AWS WAF web ACL with a geo-match rule to block requests from outside the specified country. Associate this rule with the web ACL, and then attach the web ACL to the ALB

Answer 173

Create an Amazon API Gateway HTTP API. Configure this API with direct integrations to DynamoDB by using API Gateway's AWS Service integration type

Answer 174

Create an ECS cluster using a fleet of Spot Instances, with Spot Instance draining enabled. Provision the database using Reserved Instances

Answer 175

Use an Amazon Aurora global database with the primary in the active Region and the secondary in the failover Region

Answer 176

Apache ActiveMQÂ® is the most popular open source, multi-protocol, Java-based message broker.

Answer 177

Use AWS DataSync to schedule a daily task that replicates data between the on-premises file share and Amazon FSX

Answer 178

Configure AWS Secrets Manager for managing the database credentials, creating separate secret keys for the development and production environments. Enable automatic secret rotation. Pass the Secrets Manager secret ARNs to the Lambda functions through environment variables. Assign appropriate IAM roles to the Lambda functions for accessing the secrets

Answer 179

Add a custom 'flag as spam' button to the Contact Control Panel (CCP) in Amazon Connect. This button triggers an AWS Lambda function to update call attributes and log the number in an Amazon DynamoDB table. Adapt the contact flows to reference these attributes and interact with the DynamoDB table for future call filtering

Answer 180

- Use a Network Load Balancer (NLB) in front of the application instance. Use a friendly DNS entry in Amazon Route 53 pointing to the NLB's Elastic IP address - Configure a network ACL rule to block all non-UDP traffic. Associate the network ACL with the subnets that hold the load balancer instances - Enable AWS Shield Advanced on all public-facing resources

Answer 181

The company should create an IAM role and assign the required permissions to the IAM role. The customer should then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks

Answer 182

- Use an Amazon Route 53 failover routing policy for failover from the primary Region to the disaster recovery Region. Set Time to Live (TTL) to 30 seconds - Use Amazon DynamoDB with a global table across both Regions so reads and writes can occur in either location - Run the web and application tiers in both Regions in an active/passive configuration. Use Auto Scaling groups for the web and application layers across multiple Availability Zones in the Regions. Use zonal Reserved Instances for the minimum number of servers and On-Demand Instances for any additional resources

Answer 183

Use AWS CodePipeline to a create a change set when updates are made to the CloudFormation templates in GitHub. Include a CodePipeline action to test the deployment with testing scripts run using AWS CodeBuild. Upon successful testing, configure CodePipeline to execute the change set and deploy to production

Answer 184

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID. Use SCPs to restrict the creation of resources that do not have the cost center and project ID tags specified

Answer 185

- Configure the application to store the user's session in Amazon ElastiCache. Use Application Load Balancers to distribute the load between application instances - Migrate the database to Amazon RDS for MySQL. Configure the RDS instance to use a Multi-AZ deployment - Put the application instances in an Amazon EC2 Auto Scaling group. Configure the Auto Scaling group to create new instances if an instance becomes unhealthy

Answer 186

- Update the AWS CloudFormation template to include the AWS::Budgets::Budget::resource with the NotificationsWithSubscribers property - Create an AWS Service Catalog portfolio for each team. Add each team's Amazon RedShift cluster as an AWS CloudFormation template to their Service Catalog portfolio as a Product

Answer 187

Check the security group for the EC2 instances to ensure it allows ingress from the customer office

Answer 188

Perform multiple copy operations at one time by running each command from a separate terminal window, in separate instances of the Snowball client

Answer 189

Store the data in an Amazon DynamoDB global table in two Regions using on-demand capacity mode. Run the web service in both Regions as Amazon ECS Fargate tasks in an Auto Scaling ECS service behind an Application Load Balancer (ALB). In Amazon Route 53, configure an alias record and a latency-based routing policy with health checks to distribute traffic between the two ALBs

Answer 190

Change the PIOPS volume for a 1-TB EBS General Purpose SSD (gp2) volume

Answer 191

Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcls option to TRUE on the bucket

Answer 192

A canary deployment

Answer 193

Create a new public virtual interface for the existing DX connection, and create a new VPN that connects to the VPC over the DX public virtual interface

Answer 194

Modify the existing VPC to include an Amazon-provided IPv6 CIDR block for the VPC and its subnets. For the public subnets, update the route tables to route IPv6 traffic (::/0) to the internet gateway. For the private subnets, update the route tables to route IPv6 traffic (::/0) to an egress-only internet gateway

Answer 195

Attach each VPC to a shared transit gateway. Use an egress VPC with firewall appliances in two AZs and connect the transit gateway using IPSec VPNs with BGP

Answer 196

Use AWS Systems Manager Patch Manager to deploy patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports

Answer 197

Create an AWS Cost and Usage Report (CUR) from the AWS Organizations management account. Allow each team to visualize the CUR through an Amazon QuickSight dashboard

Answer 198

Deploy the AWS Systems Manager Agent on the EC2 instances. Access the EC2 instances using Session Manager restricting access to users with permission to manage the instances

Answer 199

Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only

Answer 200

Specify DISABLED for Auto-assign public IP when launching the task and configure a NAT gateway in a public subnet to route requests to the internet

Answer 201

Create an AWS Step Functions workflow to run the Lambda functions in parallel. Create a Lambda function to retrieve a list of files and write each item to an Amazon SQS queue. Configure a Lambda function to retrieve messages from the SQS queue and call the StartExecution API

Answer 202

- Update the DNS service on the Active Directory servers to forward all non-authoritative queries to the VPC Resolver - Define an outbound Amazon Route 53 Resolver. Set a conditional forwarding rule for the Active Directory domain to the Active Directory servers. Configure the DNS settings in the VPC DHCP options set to use the AmazonProvidedDNS servers

Answer 203

Use AWS DMS to migrate data to Amazon DynamoDB using a continuous replication task. Refactor the API to use the DynamoDB data. Implement the refactored API in Amazon API Gateway and enable API caching

Answer 204

Use Amazon WorkSpaces for providing cloud desktops. Connect it to the on-premises network via VPN, integrate with the on-premises Active Directory using an AD Connector, and set up a RADIUS server to enable MFA

Answer 205

Create a Lambda@Edge function to sort parameters by name and force them to be lowercase. Select the CloudFront viewer request trigger to invoke the function

Answer 206

Create Amazon EC2 instances for the service. Create one Elastic IP address for each Availability Zone. Create a Network Load Balancer (NLB) and expose the assigned TCP port. Assign the Elastic IP addresses to the NLB for each Availability Zone. Create a target group and register the EC2 instances with the NLB. Create a new A (alias) record set named cloud.myservice.com and assign the NLB DNS name to the record set

Answer 207

Create a new cross-account IAM role in the Production account with write access to the S3 bucket. Modify the build pipeline to assume this role to upload the files to the Production Account

Answer 208

Implement an Amazon Kinesis Data Firehose for ingesting sales transactions and process them using AWS Lambda functions before storing in an Amazon RDS instance

Answer 209

Reserve capacity for the RDS database and the minimum number of EC2 instances that are constantly running

Answer 210

- Implement Amazon RDS to host the CRM's database - Migrate the CRM system to Amazon EC2 instances

Answer 211

Use AWS Elastic Beanstalk and create a secondary environment configured as a deployment target for the CI/CD pipeline. To deploy, swap the staging and production environment URLs

Answer 212

Implement the REST API using Amazon API Gateway. Run the business logic in AWS Lambda. Store trader session data in Amazon DynamoDB with on-demand capacity

Answer 213

- Enable Amazon Route 53 health checks to determine if the primary site is down, and route traffic to the disaster recovery site if there is an issue - Enable Amazon S3 cross-Region replication on the buckets that contain images - Enable DynamoDB global tables to achieve multi-Region table replication

Answer 214

Create a DX connection to a second AWS Region. Use DynamoDB global tables to replicate data to the second Region. Modify the application to fail over to the second Region

Answer 215

Configure CodePipeline with a deployment stage using AWS CodeDeploy for blue/green deployments. After deploying the new version, monitor its performance and security, and use CodeDeploy's rollback feature in case of any issues"

Answer 216

Define the AWS resources using JavaScript or TypeScript. Use the AWS Cloud Development Kit (AWS CDK) to create CloudFormation templates from the developers' code and use the AWS CDK to create CloudFormation stacks. Incorporate the AWS CDK as a CodeBuild job in CodePipeline

Answer 217

Use Amazon Kinesis Data Streams to collect the inbound data, analyze the data with Kinesis clients, and save the results to an Amazon Redshift cluster using Amazon EMR

Answer 218

- Update the CloudWatch Events rule to trigger on Amazon EC2 "Instance Launch Successful" and "Instance Terminate Successful" events for the Auto Scaling group used by the cluster - Configure a Lambda function to retrieve messages from an Amazon SQS queue. Modify the Lambda function to retrieve a maximum of 10 messages then batch the messages by Amazon Route 53 API call type and submit. Delete the messages from the SQS queue after successful API calls

Answer 219

Create an alias for new versions of the Lambda function. Use the AWS CLI update-alias command with the routing-config parameter to distribute the load

Answer 220

Create an AWS PrivateLink interface VPC endpoint. Connect this endpoint to the endpoint service that the third-party SaaS application provides. Create a security group to limit the access to the endpoint. Associate the security group with the endpoint

Answer 221

Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data

Answer 222

- Set up a 1 Gbps AWS Direct Connect connection. Then, provision a private virtual interface, and use AWS Application Migration Service (MGN) to migrate the VMs into Amazon EC2

Answer 223

Convert the Aurora Serverless v1 database to a multi-Region Aurora MySQL database, ensuring continuous data replication across the primary and a secondary Region. Use AWS SAM to script the application deployment in the secondary Region for rapid recovery

Answer 224

Store each incoming record in an Amazon DynamoDB table. Configure the DynamoDB Time to Live (TTL) feature to delete records older than 90 days

Answer 225

Use an SCP in Organizations to implement a deny list of AWS services. Apply this SCP at each OU level. Leave the default AWS managed SCP at the root level. For any specific exceptions for an OU, remove the standard deny list SCP and add a new deny list SCP for that OU

Answer 226

Use AWS OpsWorks and deploy the application using a blue/green deployment strategy

Answer 227

Use an Amazon S3 static website for the web application. Store uploaded videos in an S3 bucket. Use S3 event notification to publish events to the SQS queue. Process the queue with an AWS Lambda functions that calls the Amazon Rekognition API to perform facial analysis

Answer 228

Configure on-demand capacity mode for the table to enable pay-per-request pricing for read and write requests

Answer 229

Use an Amazon S3 bucket for static images and use the Intelligent Tiering storage class. Use an Amazon CloudFront distribution in front of the S3 bucket and AWS Lambda for processing the images

Answer 230

Use Auto Scaling groups for the EC2 instances and enable RDS auto scaling to dynamically adjust the database capacity based on demand

Answer 231

Establish a new Amazon Elastic File System (Amazon EFS) using the Max I/O performance mode and mount this EFS file system on each EC2 instance in the cluster

Answer 232

Deploy an Amazon S3 File Gateway, configuring it to store both patient records and diagnostic images in Amazon S3 Standard-Infrequent Access (S3 Standard-IA), accessible via SMB

Answer 233

Use the AWS Application Discovery Service agent for data collection on physical servers and Hyper-V. Use the AWS Agentless Discovery Connector for data collection on VMware. Store the collected data in Amazon S3. Query the data with Amazon Athena. Generate reports by using Amazon QuickSight

Answer 234

Use the VMware vSphere client to export the application as an image in Open Virtualization Format (OVF) format. Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an IAM role for VM Import. Use the AWS CLI to run the EC2 import command

Answer 235

Create an Auto Scaling group of Amazon EC2 instances across three availability zones behind an Application Load Balancer. Create an Amazon Aurora PostgreSQL database in one AZ and add Aurora Replicas in two more AZs

Answer 236

Use GitHub webhooks to trigger the CodePipeline pipeline. Use the Jenkins plugin for AWS CodeBuild to conduct unit testing. Send alerts to an Amazon SNS topic for any bad builds. Deploy in a blue/green deployment using AWS CodeDeploy

Answer 237

Verify that the IAM role has permission to decrypt the referenced KMS key

Answer 238

Deploy each application to a single-instance AWS Elastic Beanstalk environment without a load balancer ## Footnote The simplest option is to upload the application code to Elastic Beanstalk. This will result in a managed environment that runs on Amazon EC2 instances. Elastic Beanstalk is best suited for running web applications that are developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker.

Answer 239

Convert the API Gateway Regional endpoint to an edge-optimized endpoint. Enable caching in the production stage ## Footnote An edge-optimized API endpoint is best for geographically distributed clients. API requests are routed to the nearest CloudFront Point of Presence (POP). For mobile clients this is a good use case for this type of endpoint. The Regional endpoint is best suited to traffic coming from within the Region only

Answer 240

- Configure an Aurora global database for storage-based cross-Region replication. Use Amazon S3 with cross-Region replication for static content and resources and create Amazon CloudFront distributions - Use Amazon Route 53 with a latency-based routing policy. Create Auto Scaling groups for the web and application tiers and deploy them in multiple global Regions

Answer 241

Amazon Aurora Global Database is designed for globally distributed applications, allowing a single Amazon Aurora database to span multiple AWS Regions. It replicates your data with no impact on database performance, enables fast local reads with low latency in each Region, and provides disaster recovery from Region-wide outages.

Answer 242

Create an AWS WAF web ACL with a rule to allow access from the IP addresses used by the companies. Associate the web ACL with the API. Create a usage plan with a request limit and associate it with the API. Create an API key and add it to the usage plan

Answer 243

An API key is an alphanumeric string that API developers use to control access to their APIs. An API is a communication mechanism that allows data exchange between two software modules. Once you create an API for your module, other application developers can call your API to integrate your functionality into their code.

Answer 244

Use Auto Scaling groups for the web application and use DynamoDB auto scaling

Answer 245

Use Amazon CloudFront with Amazon S3 to host the web application. Use AWS AppSync to build the application APIs. Use Amazon Cognito groups for RBAC. Authorize data access by leveraging Cognito groups in AWS AppSync resolvers

Answer 246

Simplify application development with GraphQL APIs by providing a single endpoint to securely query or update data from multiple databases, microservices, and APIs

Answer 247

Configure a Multi-AZ Auto Scaling group using the application's AMI. Create an Application Load Balancer (ALB) and select the previously created Auto Scaling group as the target. Create an Amazon Kinesis Data Firehose with a destination of the third-party auditing application. Create a web ACL in WAF. Create an AWS WAF using the WebACL and ALB then enable logging by selecting the Kinesis Data Firehose as the destination. Subscribe to AWS Managed Rules in AWS Marketplace, choosing the WAF as the subscriber ## Footnote The requirement to send rejected request data to a third-party auditing application can be met by configuring logging in AWS WAF to Kinesis Data Firehose. The destination in Firehose can be configured as the third-party auditing application. Kinesis Firehose supports HTTP destinations as well as Datadog, New Relic, and Splunk.

Answer 248

Use an Application Load Balancer (ALB) in front of an Auto Scaling group of Amazon EC2 instances in one AWS Region and three Availability Zones. Configure an Amazon ElastiCache cluster in front of a Multi-AZ Amazon Aurora MySQL DB cluster. Move the shared files to Amazon EFS. Configure Amazon CloudFront with the ALB as the origin and select a price class that includes the US and Europe ## Footnote To meet the 99.9% availability SLA a solution in a single Region with Auto Scaling and Load Balancing across multiple AZs is sufficient. To optimize the DB for read-heavy workloads, Amazon ElastiCache can be placed in front of an Aurora MySQL DB. The shared files can be easily moved to an Amazon EFS file system. CloudFront can be used to reduce latency for users in different geographies. In this case US and Europe price classes can be selected in CloudFront and this will cache the content in those locations only which reduces cost

Answer 249

Use Amazon DynamoDB Streams to capture and send updates to AWS Lambda. Create a Lambda function to output records to Amazon Kinesis Data Streams. Analyze any anomalies with Amazon Kinesis Data Analytics. Send SNS notifications when anomalous behaviors are detected

Answer 250

Create a VPC Endpoint Service that accepts TCP traffic and host it behind a Network Load Balancer. Enable access to the IT services over the DX connection

Answer 251

Use AWS Lambda to create daily EBS snapshots and copy them to the disaster recovery Region. Implement an Aurora Replica in the DR Region. Use Amazon Route 53 with an active-passive failover configuration. Use Amazon EC2 in an Auto Scaling group with the capacity set to 0 in the disaster recovery Region

Answer 252

Use AWS CodeBuild for automated testing. Use CloudFormation changes sets to evaluate changes ahead of deployment. Use AWS CodeDeploy to leverage blue/green deployment patterns

Answer 253

Create a customer managed policy document for each project that requires access to AWS resources. Specify full control of the resources that belong to the project. Attach the project-specific policy document to an IAM group. Change the group membership when developers change projects. Update the policy document when the set of resources changes

Answer 254

Migrate the database to an Amazon RDS Aurora MySQL configuration. Host the web application on an Auto Scaling configuration of Amazon EC2 instances behind an Application Load Balancer. Use Amazon AppStream 2.0 to improve the user experience

Answer 255

In each regional account, establish the SecurityAudit IAM role and grant permission to the central account to assume this role

Answer 256

Set up a monitoring system in the organization's central account using AWS Budgets. Focus on tracking the hours of EC2 instance operation, setting a monitoring interval to daily. Define a budget limit that is 15% above the 45-day average usage of EC2, as determined by AWS Cost Explorer, and configure alerts for the architecture team when this limit is reached

Answer 257

Export the data from the DB instance and import the data into an unencrypted DB instance

Answer 258

Set up an S3 gateway VPC endpoint in the VPC. Attach an endpoint policy to the endpoint to allow the required actions on the S3 bucket ## Footnote There are already two NAT gateways in place but Amazon S3 and DynamoDB come with the option to place gateway endpoints in the VPC which provide reliable connectivity to Amazon S3 without requiring an internet gateway or a NAT device for your VPC. There is no additional charge for using gateway endpoints and this is a secure method of connecting to these service endpoints without using public IP addresses. The cost of the solution can then be reduced as the NAT gateways would no longer be needed.

Answer 259

Enable versioning for the AWS Lambda function and associate an alias for every new version. Use the AWS CLI â€˜update-aliasâ€™ command with the â€˜routing-configâ€™ parameter to distribute the load

Answer 260

Use AWS Budgets to create a budget for Rl coverage and set the threshold to 70%. Configure an alert that notifies the DevOps team

Answer 261

The throttle limit on the REST API is configured too low. During busy periods some requests are being throttled and are not reaching the Lambda function ## Footnote Throttling can be configured for API Gateway at the stage or usage plan level. Amazon API Gateway provides two basic types of throttling-related settings: * Server-side throttling limits are applied across all clients. These limit settings exist to prevent your APIâ€”and your accountâ€”from being overwhelmed by too many requests. * Per-client throttling limits are applied to clients that use API keys associated with your usage policy as client identifier.

Answer 262

Create a VPN connection between the companyâ€™s corporate network and the VPC. Configure security groups for the EC2 instances to only allow traffic from the VPN connection

Answer 263

Use AWS Compute Optimizer. Call the â€œExportLambdaFunctionRecommendationsâ€ operation for the Lambda functions. Export the .csv file to an S3 bucket. Create an Amazon EventBridge rule to schedule the Lambda function to run every 2 weeks

Answer 264

Create an Amazon EventBridge rule that triggers an AWS Lambda function to use AWS Trusted Advisor to retrieve the most current utilization and service limit data. If the current utilization is above 80%, publish a message to an Amazon SNS topic to alert the cloud team

Answer 265

Change the default encryption to server-side encryption with AWS KMS managed encryption keys (SSE-KMS) in S3 bucket. Set an S3 bucket policy to deny unencrypted PutObject requests. Use the AWS CLI to re-upload all objects in the S3 bucket

Answer 266

The ECS task IAM role was modified

Answer 267

Set up a standby ECS cluster and service on Fargate in a different Region. Create a cross-Region RDS read replica in this new Region. Design an AWS Lambda function to promote the read replica to a primary database and reconfigure Route 53 to reroute traffic to the standby ECS cluster. Adjust the EventBridge rule to include this Lambda function as a target

Answer 268

Use AWS SAM and built-in AWS CodeDeploy to deploy the new Lambda version, gradually shift traffic to the new version, and use pre-traffic and post-traffic test functions to verify code. Rollback in case Amazon CloudWatch alarms is triggered ## Footnote AWS CodeDeploy leverages Lambdaâ€™s traffic shifting capabilities to automate the gradual rollout of new function versions. It can also help you use deployment best practices, such as testing a new change on a small portion of traffic before deploying it to all customers. For example, CodeDeploy lets you automate pre-deployment tests that a function must pass before it begins taking traffic. You can also set alarms that automatically trigger rollbacks in the event of errors.

Answer 269

Use Amazon EC2 Auto Scaling with an AMI that includes the latest OS patches. Mount an Amazon EFS file system with the static data to the EC2 instances at launch time ## Footnote An Auto Scaling group should be used across multiple AZs. The AMI included should include the latest OS patches and the launch config / template should be replaced with a new AMI that includes updated OS patches whenever the critical patches are released. An Amazon EFS file system can be mounted to the instances that has the 100 GB of static data.

Answer 270

Re-architect the application. Load the data into Amazon S3. Use AWS Glue to transform the data. Store the table schema in an AWS Glue Data Catalog. Use Amazon Athena to query the data

Answer 271

Create an IAM role with the AmazonSSMManagedInstanceCore managed policy attached. Attach the IAM role to all the EC2 instances. Remove all security group rules attached to the EC2 instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin for their devices and remotely access the instances by using the start-session API call from Systems Manager

Answer 272

Implement AWS Application Discovery Service with the installation of its data collection agent on each server in the organization's data center to gather detailed server usage and network data ## Footnote AWS Application Discovery Service is specifically designed to assist organizations in collecting detailed information about their on-premises infrastructure, which is crucial for cloud migration planning. By deploying the data collection agent on each server, the organization can obtain in-depth data on server performance, including CPU and memory usage, network I/O, and running services. This detailed level of data collection, including network traffic analysis, is essential for accurately determining the sizing and configuration of Amazon EC2 instances for the migration.

Answer 273

Download the Lambda function package from the source account. Use the deployment package and create new Lambda functions in the target account. Share the Aurora DB cluster with the target account by using AWS Resource Access Manager (AWS RAM). Grant the Target account permission to clone the Aurora DB cluster

Answer 274

Use Application Auto Scaling to scale out write capacity on the DynamoDB table based on a schedule

Answer 275

Configure a CodeCommit trigger to invoke an AWS Lambda function to scan new code submissions for credentials. If any credentials are found, disable them and notify the user ## Footnote You can configure a CodeCommit repository so that code pushes or other events trigger actions, such as sending a notification from Amazon Simple Notification Service (Amazon SNS) or invoking a function in AWS Lambda. You can create up to 10 triggers for each CodeCommit repository. In this case you can trigger AWS Lambda to scan the code for access keys

Answer 276

Use the Amazon CloudWatch Logs agent to stream log messages directly to CloudWatch Logs. Configure the batch_count parameter to 1 ## Footnote The batch_count parameter specifies the max number of log events in a batch, up to 10000. Using a value of 1 will result in every log entry being immediately streamed to CloudWatch Logs.

Answer 277

The bucket has the BlockPublicAcls setting set to TRUE

Answer 278

Set the authorization to AWS_IAM for the API Gateway method. Create a permissions policy that grants execute-api:Invoke permission on the REST API resource and attach it to a group containing the IAM user accounts

Answer 279

Attach an endpoint policy to the gateway endpoint that restricts access to the specific S3 bucket. Assign an IAM role to the EC2 instances and attach a policy to the S3 bucket that grants access only to this role

Answer 280

Use Amazon ECS Spot instances and configure Spot Instance Draining

Answer 281

Implement a blue/green deployment strategy

Answer 282

Create an Auto Scaling group for the EC2 instances and use an Application Load Balancer to direct incoming requests. Use Amazon DynamoDB to save the authenticated connection details

Answer 283

Configure the security group on the interface endpoint to allow connectivity to the AWS services

Answer 284

Create an Auto Scaling group for the front end with a combination of Reserved instances and Spot Instances to reduce costs. Convert the tables in the Oracle database into Amazon DynamoDB tables

Answer 285

- An inbound rule for port 443 from source 10.1.0.0/24 - An outbound rule for ports 1024 through 65535 to destination 10.1.0.0/24

Answer 286

Configure an AWS Glue crawler to crawl the databases and create tables in the AWS Glue Data Catalog. Create an AWS Glue ETL job that loads data from the RDS databases to Amazon S3. Use Amazon Athena to run the queries

Answer 287

Identify the IP addresses in Amazon S3 requests with Amazon S3 access logs and Amazon Athena. Use AWS Config with Auto Remediation to remediate any changes to S3 bucket policies. Configure alerting with AWS Config and Amazon SNS

Answer 288

Integrate an Amazon ElastiCache for Redis layer to cache database query results. Update the Lambda functions to retrieve data from this cache when available

Answer 289

Use AWS DMS to migrate the database to Amazon RDS. Replicate the client VMs into AWS using AWS SMS. Create Route 53 A records for each client VM

Answer 290

Adjust the workload configuration to utilize topology spread constraints based on different Availability Zones

Answer 291

Create an IAM account for the new employee and add the account to the security team IAM group. Set a permissions boundary that grants access to manage Amazon DynamoDB, Amazon RDS, and Amazon CloudWatch. When the employee takes on new management responsibilities, add the additional services to the permissions boundary IAM policy

Answer 292

Create a DynamoDB global table to replicate data between us-west-1 and eu-central-1. Enable continuous backup on the DynamoDB table in us-west-1 . Set up S3 cross-region replication from us-west-1 to eu-central-1 ## Footnote A DynamoDB global table is a multi-region, multi-active database. This means you can create a table and write to that table in multiple Regions and AWS synchronizes the items. This provides the required redundancy for the database table. DynamoDB continuous backups can be enabled. This provides per-second granularity and restore to any single second from the time PITR was enabled up to the prior 35 days. This protects against data corruption

Answer 293

Use AWS Organizations to create a management account and create each teamâ€™s account from the management account. Create a security account for cross-account access. Apply service control policies on each account and grant the security team cross-account access to all accounts. The Security team will create IAM policies to provide least privilege access.

Answer 294

Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Use the EBS direct APIs to copy the data from the snapshot to Amazon S3 ## Footnote Amazon Data Lifecycle Manager provides an automated, policy-based lifecycle management solution for Amazon Elastic Block Store (EBS) Snapshots and EBS-backed Amazon Machine Images (AMIs). Automate the creation of point-in-time copy of your block storage data with user-defined policies that you can customize based on data protection needs. Amazon Data Lifecycle Manager requires no scripting or special training

Answer 295

Install a second DX connection from a different network carrier and attach it to the same virtual private gateway as the first DX connection

Answer 296

Create a SAML-based identity management provider in a central account and map IAM roles that provide the necessary permissions for users. Map users in the on-premises IdP groups to IAM roles. Use cross-account access to the other AWS accounts

Answer 297

Create a cross-Region read replica in us-west-1. Use Amazon EventBridge to trigger an AWS Lambda function that promotes the read replica to primary and updates the DNS endpoint address for the database

Answer 298

- Write a custom health check that verifies successful access to the database endpoints in each Region. Add the health check within the latency-based routing policy in Amazon Route 53 - Set the value of Evaluate Target Health to Yes on the latency alias resources for both us-east-2 and us-west-1

Answer 299

- Create an Application Load Balancer that includes HTTP and HTTPS listeners - Create an Amazon CloudFront distribution and deploy a Lambda@Edge function - Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names

Answer 300

Create an interface VPC endpoint for API Gateway in the VPC. Enable private DNS naming for the VPC endpoint and configure an API resource policy that allows access from the VPC endpoint. Use the API endpoint's DNS names to access the API from the EC2 instance

Answer 301

Create two AWS Direct Connect connections from the New York data center to an AWS Region. Configure the company WAN to send traffic over the DX connection. Use Direct Connect Gateway to access data in other AWS Regions

Answer 302

Implement AWS Global Accelerator with a standard accelerator configuration. Associate each regional deployment's ALB with the Global Accelerator and distribute its static IP addresses to customers ## Footnote AWS Global Accelerator provides static IP addresses as a core feature, which can be used by customers for their firewall allow lists

Answer 303

Configure the application to send Set-Cookie headers to the viewer and control access to the files using signed cookies

Answer 304

Configure an Amazon RDS instance with a cross-Region read replica in an alternative Region. Should the primary Region fail, promote the read replica to become the new primary database

Answer 305

Upload the data to the S3 bucket using S3 Transfer Acceleration

Answer 306

- An inbound rule in WebAppSG allowing port 80 from source ALB-SG - An inbound rule in ALB-SG allowing port 80 from source 0.0.0.0/0

Answer 307

Build an API with API Gateway and AWS Lambda, use Amazon S3 for hosting static web resources and create an Amazon CloudFront distribution with the S3 bucket as the origin. Use Amazon Cognito to provide user management authentication functions ## Footnote CloudFront can then be used to cache the S3 assets for lower latency for the global user base. CloudFront also offers basic DDoS protections with AWS Shield standard offered for free for use with CloudFront.

Answer 308

Create a separate AWS account for identities where IAM user accounts can be created. Create roles with appropriate permissions in the production and testing accounts. Add the identity account to the trust policies for the roles

Answer 309

Create an S3 bucket for the pipeline. Configure S3 caching for the CodeBuild projects that are in the pipeline. Update the build specifications of the CodeBuild projects. Add the data file directory to the cache definition

Answer 310

Deploy a scaled-down version of the production environment in a separate AWS Region ensuring the minimum distance requirements are met. The DR environment should include one instance for the web tier and one instance for the application tier. Create another database instance and configure source-replica replication for MySQL. Configure Auto Scaling for the web and app tiers to they can scale based on load. Use Amazon Route 53 to switch traffic to the DR Region

Answer 311

Associate the private hosted zone to all the VPCs. Create a Route 53 inbound resolver in the shared services VPC. Attach all VPCs to the transit gateway and create forwarding rules in the on-premises DNS server for internal.company.local that point to the inbound resolver

Answer 312

Create an Amazon SQS queue. Configure the existing web server to publish to the new queue. Use Amazon EC2 instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SQS queue length. Store the processed files in an Amazon S3 bucket

Answer 313

Create an AWS Service Catalog product from the environment template and add a launch constraint to the product with the existing role. Give users in the testing team permission to use AWS Service Catalog APIs only. Train users to launch the template from the AWS Service Catalog console

Answer 314

Refactor the application onto AWS Lambda functions. Use AWS Step Functions to orchestrate the application

Answer 315

Create a pipeline in CodePipeline with a deploy stage that uses a blue/green deployment strategy. Monitor the application and if there are any issues trigger a manual rollback using CodeDeploy

Answer 316

Launch the Amazon EC2 instances in a private subnet with an outbound route to a NAT gateway in a public subnet. Associate an Elastic IP address to the NAT gateway that can be whitelisted on the external API service

Answer 317

Add the member accounts to a single organizational unit (OU). Create a service control policy (SCP) that denies access to the specific set of services and attach it to the OU

Answer 318

- Set up the tasks using the awsvpc network mode for enhanced network isolation and control - Attach security groups to the individual tasks and utilize IAM roles specifically designed for tasks to access other AWS resources ## Footnote The awsvpc network mode provides each task with its own elastic network interface, IP address, and security group, offering better isolation and control compared to bridge mode. This aligns with best practices for security and network configuration in a microservices architecture

Answer 319

Migrate the applications to Docker containers on Amazon ECS. Create a separate ECS task and service for each application. Enable service Auto Scaling based on memory utilization and set the threshold to 75%. Monitor services and hosts by using Amazon CloudWatch

Answer 320

Create a separate pipeline in CodePipeline and trigger execution using CodeCommit branches. Use AWS CodeBuild for running unit tests and stage the artifacts in an S3 bucket in a separate testing account

Answer 321

Configure Amazon S3 for hosting the web application while using AWS AppSync for database access services. Use Amazon Simple Queue Service (Amazon SQS) for queuing orders and AWS Lambda for business logic. Use Amazon SQS dead-letter queue for tracking and re-processing failed orders ## Footnote AWS AppSync creates serverless GraphQL and Pub/Sub APIs that simplify application development through a single endpoint to securely query, update, or publish data

Answer 322

Set up Kinesis Data Firehose in the logging account and then subscribe the delivery stream to CloudWatch Logs streams in each application AWS account via subscription filters. Persist the log data in an Amazon S3 bucket inside the logging AWS account

Answer 323

Use AWS Database Migration Service to replicate the data from the databases into Amazon Redshift ## Footnote The Amazon Redshift cluster must be in the same AWS account and the same AWS Region as the replication instance. During a database migration to Amazon Redshift, AWS DMS first moves data to an Amazon S3 bucket. When the files reside in an Amazon S3 bucket, AWS DMS then transfers them to the proper tables in the Amazon Redshift data warehouse. AWS DMS creates the S3 bucket in the same AWS Region as the Amazon Redshift database. The AWS DMS replication instance must be located in that same region.

Answer 324

Deploy an AWS DataSync agent to an on-premises server that has access to the NFS file system. Send data over the Direct Connect connection to an AWS PrivateLink interface VPC endpoint for Amazon EFS by using a private VIF. Configure a DataSync scheduled task to send the images to the EFS file system every night

Answer 325

Configure an Amazon VPC interface endpoint to access your Secrets Manager Lambda rotation function and private Amazon Relational Database Service (Amazon RDS) instance

Answer 326

Set up database migration to Amazon Aurora MySQL. Deploy the application in an Auto Scaling group for Amazon EC2 instances that are fronted by an Application Load Balancer. Store sessions in an Amazon ElastiCache for Redis with replication group

Answer 327

Storage Gateway doesn't automatically update the cache when you upload a file directly to Amazon S3. Perform a **RefreshCache** operation to see the changes on the file share ## Footnote Storage Gateway updates the file share cache automatically when you write files to the cache locally using the file share. However, Storage Gateway doesn't automatically update the cache when you upload a file directly to Amazon S3. When you do this, you must perform a RefreshCache operation to see the changes on the file share. If you have more than one file share, then you must run the RefreshCache operation on each file share.

Answer 328

With cross-zone load balancing enabled, one instance in Availability Zone X receives 20% traffic and four instances in Availability Zone Y receive 20% traffic each. With cross-zone load balancing disabled, one instance in Availability Zone X receives 50% traffic and four instances in Availability Zone Y receive 12.5% traffic each

Answer 329

Set up new Amazon DynamoDB tables for the application with on-demand capacity. Use a gateway VPC endpoint for DynamoDB so that the application can have a private and encrypted connection to the DynamoDB tables

Answer 330

- When a new Amazon S3 bucket is created, it takes up to 24 hours before the bucket name propagates across all AWS Regions - CloudFront by default, forwards the requests to the default S3 endpoint. Change the origin domain name of the distribution to include the Regional endpoint of the bucket

Answer 331

Suspend the Auto Scaling group's Terminate process. Use Session Manager to log in to an instance that is marked as unhealthy and analyze the system logs to figure out the root cause

Answer 332

Use AWS X-Ray to analyze the microservices applications through request tracing. Configure Amazon CloudWatch for monitoring containers, latency, web server requests, and incoming load-balancer requests and create CloudWatch alarms to send out notifications if system latency is increasing

sap full2 Flashcards

(489 cards)