sthithapragna questions - april 2024 Flashcards
A company uses Amazon EC2 instances and Amazon elastic block store (amazon EBS) to run its self managed database. The company has 350TB of data spread across all EBS volumes. The company takes daily EBS snapshots and keeps the snapshots for 1 month. The daily change rate is 5% of the EBS volumes. Because of the new regulations, the company needs to keep the monthly snapshots for 7 years. The company needs to change its backup strategy to comply with the new regulations and to ensure that data is available with minimal admin effort. Which solution will meet these requirements MOST cost effectively?
A. Keep the daily snapshot in the EBS snapshot standard tier for 1 month. Copy the monthly snapshot to amazon S3 glacier Deep archive with a 7 year retention period
B. Continue with the current EBS snapshot policy. Add a new policy to move the monthly snapshot to Amazon EBS snapshots archive with a 7 year retention period
C. Keep the daily snapshot in the EBS snapshot standard tier for 1 month. Keep the monthly snapshot in the standard tier for 7 years. Use incremental snapshots.
D. Keep the daily snapshot in the EBS snapshot standard tier. Use EBS direct APIs to take snapshots of all the EBS volumes every month. Store the snapshots in an Amazon S3 bucket in the infrequent access tier for 7 years
B. Continue with the current EBS snapshot policy. Add a new policy to move the monthly snapshot to Amazon EBS snapshots archive with a 7 year retention period
-Glacier is cheaper but requires admin for each retrieval.
- storing data in standard tier for a month is expensive
-EBS snapshots archive is better than glacier and infrequent access
A company runs an application on several amazon EC2 instances that store persistent data on an amazon elastic file system (amazon EFS). The company needs to replicate the data to another AWS region by using an aws managed service solution. Which solution will meet these requirements MOST cost effectively?
A. Use the EFS to EFS backup solution to replicate the data to an efs file system in another region
B. Run a nightly script to copy data from the EFS file system to an Amazon S3 bucket. Enable S3 cross region replication on the S3 bucket
C. Create a VPC in another region. Establish a cross region VPC peer. Run a nightly resync to copy data from the original region to the new region
D. Use AWS backup to create a backup plan with a rule that takes a daily backup and replicates it to another region. Assign the EFS file system resource to the backup plan
D. Use AWS backup to create a backup plan with a rule that takes a daily backup and replicates it to another region. Assign the EFS file system resource to the backup plan
- use AWS backup if available, if not, use EFS to EFS backup
- cross region can replicate data to another region but may not be optimized for EFS storage. also not AWS managed
-nightly resync is manual and can increase overhead costs also not AWS managed
An ecommerce company is migrating its on prem workload to the AWS cloud. The workload currently consists of a web app and a backend Microsoft SQL database for storage. The company expects a high volume of customers during a promotional event. The new infrastructure in the aws cloud must be highly available and scalable. Which solution will meet these requirements with the LEAST admin overhead?
A. Migrate the web app to 2 amazon EC2 instances across two availability zones behind an application load balancer. Migrate the database to amazon RDS for Microsoft SQL server with read replicas in both availability zones.
B. Migrate the web application to an amazon EC2 instance that runs in an auto scaling group across two availability zones behind an application load balancer. Migrate the database to two EC2 instances across seperate AWS regions with database replication
C. Migrate the web application to amazon EC2 instances that run in an auto scaling group across two availability zones behind an application load balancer. Migrate the database to amazon RDS with Multi-AZ deployment
D. Migrate the web application to three amazon EC2 instances across three availability zones behind an application load balancer. Migrate the database to three EC2 instances across three availability Zones
C. Migrate the web application to amazon EC2 instances that run in an auto scaling group across two availability zones behind an application load balancer. Migrate the database to amazon RDS with Multi-AZ deployment
-high availability = Multi-AZ
-least admin=do not use EC2 as its admin heavy
-all options use EC2 so go with the only one with multi-az
A company has an on prem business app that generates hundreds of files each day. These files are stored on an SMB file share and require a low latency connection to the app servers. A new company policy states all app generated files must be copied to AWS. There is already a VPN connection to AWS. The app development team does not have time to make the necessary code modifications to move the app to AWS. Which service should a solutions architect recommend to allow the application to copy files to AWS?
A. Amazon EFS
B. Amazon FSx for Windows File Server
C. AWS Snowball
D. AWS Storage Gateway
D. AWS Storage Gateway
- EFS would need a lot of config to be compatible with SMB file share otherwise it would be great
- FSx would also require mods even though its compatible with SMB and they dont have time to write the code
- Snowball is used to transfer data using physical devices. Typically for larger data sets and infrequently but the customer wants frequent uploads
A company has 15 employees. The company stores employee start dates in an amazon DynamoDB table. The company wants to send an email message to each employee on the day of the employees work anniversary. Which solution will meet these requirements with the MOST operational efficiency?
A. Create a script that scans the DynamoDB table and uses Amazon Simple Notification Service (Amzon SNS) to send email messages to employees when neccesary. Use a cron job to run this script every day on an amazon EC2 instance.
B. Create a script that scans the DynamoDB tables and uses Amazon Simple Queue Service SQS to send email messages to employees when needed. Use a cron job to run this script every day on an Amazon EC2 instance
C. Create an AWS Lambda function that scans the DynamoDB table and uses Amazon SNS to send email messages to employees when necessary. Schedule this Lambda function to run every day.
D. Create an AWS Lambda function that scans the DynamoDB table and uses Amazon SQS to send email messages to employees when necessary. Schedule this Lambda function to run every day.
C. Create an AWS Lambda function that scans the DynamoDB table and uses Amazon SNS to send email messages to employees when necessary. Schedule this Lambda function to run every day.
-most operation efficiency = no EC2
- SQS is good for decoupling but adds complexity in this use because of the infrequency of these emails being sent and it being time based
A company’s app is running on Amazon EC2 instances within an auto scaling group behind an Elastic Load Balancer (ELB). Based on the apps history, the company anticipates a spike in traffic during a holiday every year. A solutions architect must design a strategy to ensure that the auto scaling group proactively increases capacity to minimize any performance impact on app users. Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPU utilization exceeds 90%
B. Create a recurring scheduled action to scale up the auto scaling group before the expected period of peak demand
C. Increase the min and max number of EC2 instances in the auto scaling group during the peak demand period
D. Configure an Amazon Simple Notification Service (SNS) notification to send alerts when there are autoscaling:EC2_INSTANCE_LAUNCH events
B. Create a recurring scheduled action to scale up the auto scaling group before the expected period of peak demand
- A is not proactively increasing capacity
- C requires manual intervention which is more error prone especially when you know the high demand times (able to automate)
- D is useful for monitoring but doesn’t scale
A company uses Amazon RDS for PostgreSQL databases for its data tier. The company must implement password rotation for the database. Which solution meets this requirement with the LEAST operational overhead?
A. Store the password in AWS secrets manager. Enable automatic rotation on the secret
B. Store the password in AWS systems manager parameter store. Enable auto rotation on the parameter
C. Store the password in AWS systems manager parameter store. Write an AWS Lambda function that rotates the password
D. Store the password in AWS key management service (AWS KMS). Enable auto rotation on the AWS KMS key
A. Store the password in AWS secrets manager. Enable automatic rotation on the secret
-storing passwords/API keys should always make you think secrets manager
A company runs its app on Oracle Database Enterprise Edition. The company needs to migrate the app and the database to AWS. The company can use the Bring Your Own Licesnse (BYOL) model while migrating to AWS. The app uses third party database features that require privileged access. A solutions architect must design a solution for the database migration. Which solution will meet these requirements MOST cost effectively?
A. migrate the database to Amazon RDS for Oracle by using native tools. Replace the third party features with AWS Lambda
B. Migrate the database to Amazon RDS Custom for Oracle by using native tools. Customize the new database settings to support the third party features
C. Migrate the database to Amazon DynamoDB by using AWS database migration service (AWS DMS). Customize the new database settings to support the third party features
D. Migrate the database to Amazon RDS for PostgreSQL by using AWS Database Migration Service (AWS DMS). Rewrite the app code to remove the dependency on third party features
B. Migrate the database to Amazon RDS Custom for Oracle by using native tools. Customize the new database settings to support the third party features
- Bring Your Own License (BYOL) = managed database service that gives access to the underlying database system
- RDS doesn’t give access to the underlying system BUT RDS CUSTOM does
- DynamoDB uses NoSQL which is too different from Oracle DB
- PostgreSQL is too different from oracle as well
A large international university has deployed all of its compute services in the AWS cloud. These services include Amazon EC2, Amazon RDS, and Amazon DynamoDB. The university currently relies on many custom scripts to back up its infrastructure. However, the university wants to centralize management and automate data backups as much as possible by using AWS native options. Which solution will meet these requirements?
A. Use third party backup software with an AWS Storage Gateway tape gateway virtual tape library
B. Use AWS backup to configure and monitor all backups for the services in use
C. Use AWS Config to set lifecycle management to take snapshots of all data sources on a schedule
D. Use AWS Systems Manager State Manager to manage the configuration and monitoring of backup tasks
B. Use AWS backup to configure and monitor all backups for the services in use
- Backups = AWS Backup
A company wants to build a map of its IT infrastructure to identify and enforce policies on resources that pose security risks. The companies security team must be able to query data in the IT infrastructure map and quickly identify security risks. Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon RDS to store the data. Use SQL to query the data to identify security risks
B. Use amazon Neptune to store the data. Use SPARQL to query the data to identify security risks
C. Use Amazon Redshift to store the data. Use SQL to query the data to identify security risks
D. Use DynamoDB to store the data. Use PartiQL to query the data to identify security risks
B. Use amazon Neptune to store the data. Use SPARQL to query the data to identify security risks
- infrastructure map = Graph database
- only graph database offered with AWS is Neptune
A large company wants to provide its globally located developers separate, limited size, manages PostgreSQL databases for development purposes. The databases will be low volume. The developers need the database only when they are actively working. Which solution will meet these requirements MOST cost effectively?
A. Give the developers the ability to launch separate Amazon Aurora instances. Set up a process to shut down Aurora instances at the end of the workday and to start Aurora instances at the beginning of the next workday.
B. Develop an AWS service catalog product that enforces size restrictions for launching Amazon Aurora instances. Give the developers access to launch the product when they need a development database.
C. Create an Amazon Aurora Serverless cluster. Develop an AWS service catalog product to launch databases in the cluster with the default capacity settings. Grant the developers access to the product.
D. Monitor AWS Trusted Advisor checks for idle Amazon RDS databases. Create a process to terminate identified idle RDS databases.
C. Create an Amazon Aurora Serverless cluster. Develop an AWS service catalog product to launch databases in the cluster with the default capacity settings. Grant the developers access to the product.
- When they say actively working = serverless
- A and B are too manual
- D is reactive
A company is building a web app that serves a content management system. The content management system runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The EC2 instances run in an Auto Scaling group across multiple availability zones. Users are constantly adding and updating files, blogs, and other website assets in the content management system. A solutions architect must implement a solution in which all the EC2 instances share up-to-date website content with the least possible lag time. Which solution meets these requirements?
A. Update the EC2 user data in the Auto Scaling group lifecycle policy to copy the website assets from the EC2 instance that was launched most recently. Configure the ALB to make changes to the website assets only in the newest EC2 instance.
B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting app to reference the website assets that are stored in the EFS file system.
C. Copy the website assets to an Amazon S3 bucket. Ensure that each EC2 instance downloads the website assets from the S3 bucket to the attached Amazon Elastic Block Store (Amazon EBS) volume. Run the S3 sync command once each hour to keep files up to date.
D. Restore an Amazon Elastic Block Store (Amazon EBS) snapshot with the website assets. Attach the EBS snapshot as a secondary EBS volume when a new EC2 instance is launched. Configure the website hosting app to reference the website assets that are stored in the secondary EBS volume
B. Copy the website assets to an Amazon Elastic File System (Amazon EFS) file system. Configure each EC2 instance to mount the EFS file system locally. Configure the website hosting app to reference the website assets that are stored in the EFS file system.
- too manual to keep other instances up to date with newest instance
- running a sync every hour is too manual
- secondary volumes are not good for constat changes
853 A company’s web app consists of multiple Amazon EC2 instances that run behind an application load balancer in a VPC. An Amazon RDS for MySQL DB instance contains the data. The company needs the ability to automatically detect and respond to suspicious or unexpected behavior in its AWS environment. The company already has added AWS WAF to its architecture. What should a solutions architect do next to protect against threats?
A. Use amazon GuardDuty to perform threat detection. Configure Amazon EventBridge to filter for Guard Duty findings and to invoke an AWS Lambda function to adjust the AWS WAF rules
B. Use AWS Firewall Manager to perform threat detection. Configre Amazon EventBridge to filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL.
C. Use Amazon Inspector to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web app
D. Use Amazon Macie to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit access to the web app.
A. Use amazon GuardDuty to perform threat detection. Configure Amazon EventBridge to filter for Guard Duty findings and to invoke an AWS Lambda function to adjust the AWS WAF rules
- detect and respond = continuous = Guard duty
- Inspector and ACL’s are static and not continuous monitoring
- Macie = stores sensitive data / personally identifiable information (PII)
