NEW QUESTION 1
A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4 The chief technology officer (CTO) wants to make the architecture highly available and cost-effective.
What should a solutions architect do to meet these requirements? (Select TWO.)

• A. Increase the number of EC2 instances.
• B. Decrease the number of EC2 instances
• C. Configure a Network Load Balancer in front of the EC2 instances.
• D. Configure an Application Load Balancer in front of the EC2 instances
• E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.

Answer: CE

NEW QUESTION 2
A company runs a multi-tier web application that hosts news content The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones and use an Amazon Aurora database. A solutions architect needs to make the application more resilient to periodic increases in request rates
Which architecture should the solutions architect implement? (Select TWO )

• A. Add AWS Shield.
• B. Add Aurora Replicas
• C. Add AWS Direct Connect
• D. Add AWS Global Accelerator.
• E. Add an Amazon CloudFront distribution in front of the Application Load Balancer

Answer: DE

NEW QUESTION 3
A company has a legacy application that processes data in two parts The second part of the process takes longer than the first, so the company has decided to rewrite the application as two microservices running on Amazon ECS that can scale independently.
How should a solutions architect integrate the microservices?

• A. Implement code in microservice 1 to send data to an Amazon S3 bucke
• B. Use S3 event notifications to invoke microservice 2.
• C. Implement code in microservice 1 to publish data to an Amazon SNS topic Implement code in microservice 2 to subscribe to this topic
• D. Implement code in microservice 1 to send data to Amazon Kinesis Data Firehos
• E. Implement code in microservice 2 to read from Kinesis Data Firehose.
• F. Implement code in microservice 1 to send data to an Amazon SQS queue Implement code in microservice 2 to process messages from the queue

Answer: C

NEW QUESTION 4
A company's application is running on Amazon EC2 instances m a single Region in the event of a disaster a solutions architect needs to ensure that the resources can also be deployed to a second Region
Which combination of actions should the solutions architect take to accomplish this-? (Select TWO)

• A. Detach a volume on an EC2 instance and copy it to Amazon S3
• B. Launch a new EC2 instance from an Amazon Machine image (AMI) in a new Region
• C. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance
• D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination
• E. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume

Answer: BD

NEW QUESTION 5
A company is migrating from an on-premises infrastructure to the AWS Cloud One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync A solutions architect needs to replace the file server farm
Which service should the solutions architect use?

• A. Amazon EFS
• B. Amazon FSx
• C. Amazon S3
• D. AWS Storage Gateway

Answer: B

NEW QUESTION 6
A company has deployed an API in a VPC behind an internet-facing Application Load Balancer (ALB) An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal.
Which combination of architectural changes will reduce the NAT gateway costs'? (Select TWO )

• A. Configure a VPC peering connection between the two VPC
• B. Access the API using the private address
• C. Configure an AWS Direct Connect connection between the two VPC
• D. Access the API using the private address.
• E. Configure a ClassicLink connection for the API into the client VPC Access the API using the ClassicLink address.
• F. Configure a PrivateLink connection for the API into the client VP
• G. Access the API using the PrivateLink address.
• H. Configure an AWS Resource Access Manager connection between the two accounts Access the API using the private address

Answer: DE

NEW QUESTION 7
An Amazon EC2 administrator created the following policy associated with an 1AM group containing several users.

What is the effect of this policy?

• A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
• B. Users can terminate an EC2 instance with the IP address 10.100. 1001 in the us-east-1 Region
• C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254
• D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100. 100. 254

Answer: C

NEW QUESTION 8
A solutions architect is designing a solution where users will De directed to a backup static error page it the primary website is unavailable The primary website's DNS records are hosted in Amazon Route 53 where their domain is pointing to an Application Load Balancer (ALB)
Which configuration should the solutions architect use to meet the company's needs while minimizing changes and infrastructure overhead?

• A. Point a Route 53 alias record to an Amazon CloudFront distribution with the ALB as one of its origins Then, create custom error pages for the distribution
• B. Set up a Route 53 active-passive failover configuration Direct traffic to a static error page hosted within an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy
• C. Update the Route 53 record to use a latency-based routing policy Add the backup static error page hosted within an Amazon S3 bucket to the record so the traffic is sent to the most responsive endpoints
• D. Set up a Route 53 active-active configuration with the ALB and an Amazon EC2 instance hosting a static error page as endpoints Route 53 will only send requests to the instance if the health checks fail for the ALB

Answer: B

NEW QUESTION 9
An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database
What should the solutions architect do to separate the read requests from the write requests?

• A. Enable read-through caching on the Amazon Aurora database
• B. Update the application to read from the Multi-AZ standby instance
• C. Create a read replica and modify the application to use the appropriate endpoint
• D. Create a second Amazon Aurora database and link it to the primary database as a read replica.

Answer: C

NEW QUESTION 10
A product team is creating a new application that will store a large amount of data The data will be analyzed hourly and modified by multiple Amazon EC2 Linux instances The application team believes the amount of space needed will continue to grow for the next 6 months
Which set of actions should a solutions architect take to support these needs'?

• A. Store the data in an Amazon EBS volume Mount the EBS volume on the application instances
• B. Store the data in an Amazon EFS file system Mount the file system on the application instances
• C. Store the data in Amazon S3 Glacier Update the vault policy to allow access to the application instances
• D. Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA) Update the bucket policy to allow access to the application instances

Answer: B

NEW QUESTION 11
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.
Which action will MOST securely grant the EC2 instance access to the S3 bucket?

• A. Attach a resource-based policy to the S3 bucket
• B. Create an 1AM user for the application with specific permissions to the S3 bucket
• C. Associate an 1AM role with least privilege permissions to the EC2 instance profile
• D. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls

Answer: C

NEW QUESTION 12
A company's website is used to sell products to the public The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB) There is also an Amazon CloudFront distribution and AWS WAF is being used to protect against SQL injection attacks The ALB is the origin for the CloudFront distribution A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website
What should a solutions architect do to protect the application"?

• A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address
• B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address
• C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address
• D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address

Answer: B

NEW QUESTION 13
A company's website runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The website has a mix of dynamic and static content Users around the globe are reporting that the website is slow
Which set of actions will improve website performance for users worldwide?

• A. Create an Amazon CloudFront distribution and configure the ALB as an origin Then update the Amazon Route 53 record to point to the CloudFront distribution
• B. Create a latency-based Amazon Route 53 record for the ALB Then launch new EC2 instances with larger instance sizes and register the instances with the ALB
• C. Launch ne
• D. EC2 instances hosting the same web application in different Regions closer to the users.Then register the instances with the same ALB using cross-Region VPC peering
• E. Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances Then update an Amazon Route 53 record to point to the S3 buckets

Answer: A

NEW QUESTION 14
A company allows its developers to attach existing 1AM policies to existing 1AM roles to enable (aster experimentation and agility However the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies
How should a solutions architect address this issue?

• A. Create an Amazon SNS topic to send an alert every time a developer creates a new policy
• B. Use service control policies to disable IAM activity across all accounts in the organizational unit
• C. Prevent the developers from attaching any policies and assign all 1AM duties to the security operations team
• D. Set an IAM permissions boundary on the developer 1AM role that explicitly denies attaching the administrator policy

Answer: D

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html

NEW QUESTION 15
A security team wants to limit access to specific services or actions in all of the team's AWS accounts. All accounts belong to a large organization in AWS Organizations The solution must be scalable and there must be a single point where permissions can be maintained.
What should a solutions architect do to accomplish this?

• A. Create an ACL to provide access to the services or actions.
• B. Create a security group to allow accounts and attach it to user groups
• C. Create cross-account roles in each account to deny access to the services or actions.
• D. Create a service control policy in the root organizational unit to deny access to the services or actions

Answer: D

NEW QUESTION 16
A company wants to host a scalable web application on AWS. The application will be accessed by users from different geographic regions of the world. Application users will be able to download and upload unique data up to gigabytes in size. The development team wants a cost-effective solution to minimize upload and download latency and maximize performance.
What should a solutions architect do to accomplish this?

• A. Use Amazon S3 with Transfer Acceleration to host the application.
• B. Use Amazon S3 with CacheControl headers to host the application.D18912E1457D5D1DDCBD40AB3BF70D5D
• C. Use Amazon EC2 with Auto Scaling and Amazon CloudFront to host the application.
• D. Use Amazon EC2 with Auto Scaling and Amazon ElastiCache to host the application.

Answer: C

NEW QUESTION 17
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company’s user base grows in the us-west-1 Region, it needs a solution with low latency and high availability.
What should a solutions architect do to accomplish this?

• A. Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
• B. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request.
• C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
• D. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing polic
• E. Create alias records in Route 53 that point to the Application Load Balancer.

Answer: B

NEW QUESTION 18
A company’s web application uses an Amazon RDS PostgreSQL DB instance to store its application data. During the financial closing period at the start of every month. Accountants run large queries that impact the database's performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.
What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

• A. Create a read replica and direct reporting traffic to the replica.
• B. Create a Multi-AZ database and direct reporting traffic to the standby.
• C. Create a cross-Region read replica and direct reporting traffic to the replica.
• D. Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database.

Answer: B

NEW QUESTION 19
A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.
What should a solutions architect do to meet these requirements?

• A. Redesign the application to use Amazon CloudFront.
• B. Redesign the application to use AWS Elastic Beanstalk.
• C. Redesign the application to use a Network Load Balancer.
• D. Redesign the application to use Amazon S3 static website hosting.

Answer: A

NEW QUESTION 20
A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

• A. Create new public and private subnets in the same AZ for high availability
• B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs
• C. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer
• D. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ
• E. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment

Answer: BE

NEW QUESTION 21
A company has a multi-tier application that runs six front-end web servers in an Amazon EC2 Auto Scaling group in a single Availability Zone behind an Application Load Balancer (ALB) A solutions architect needs to modify the infrastructure to be highly available without modifying the application
Which architecture should the solutions architect choose that provides high availability?

• A. Create an Auto Scaling group that uses three instances across each of two Regions
• B. Modify the Auto Scaling group to use three instances across each of two Availability Zones
• C. Create an Auto Scaling template that can be used to quickly create more instances in another Region
• D. Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier

Answer: B

NEW QUESTION 22
A company is migrating a three-tier application to AWS. The application requires a MySQL database. In the past, the application users reported poor application performance when creating new entries. These
performance issues were caused by users generating different real-time reports from the application duringworking hours.
Which solution will improve the performance of the application when it is moved to AWS?

• A. Import the data into an Amazon DynamoDB table with provisioned capacit
• B. Refactor the application to use DynamoDB for reports.
• C. Create the database on a compute optimized Amazon EC2 instanc
• D. Ensure compute resources exceed the on-premises database.
• E. Create an Amazon Aurora MySQL Multi-AZ DB cluster with multiple read replica
• F. Configure the application reader endpoint for reports.
• G. Create an Amazon Aurora MySQL Multi-AZ DB cluste
• H. Configure the application to use the backup instance of the cluster as an endpoint for the reports.

Answer: B

NEW QUESTION 23
A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume.
Which solution meet these requirements?

• A. Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3.
• B. Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3.
• C. Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3.
• D. Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3.

Answer: C

NEW QUESTION 24
A solutions architect is deploying a distributed database on multiple Amazon EC2 instances The database stores all data on multiple instances so it can withstand the loss of an instance The database requires block storage with latency and throughput to support several million transactions per second per server
Which storage solution should the solutions architect use?

• A. Amazon EBS
• B. Amazon EC2 instance store
• C. Amazon EFS
• D. Amazon S3

Answer: B

NEW QUESTION 25
......