AWS Certified Solutions Architect Professional - Practice Exam 2

A company's Solutions Architect is re-engineering its CI/CD practices to update a critical web application deployed in a fleet of Amazon EC2 instances behind an Application Load Balancer. The application manager requires that deployments happen as quickly as possible with minimal downtime. In the case of errors, there must be an ability to roll back quickly. The company currently uses AWS CodeCommit to host the application source code and has configured an AWS CodeBuild project to build the application. The company also plans to use AWS CodePipeline to trigger builds from CodeCommit commits using the existing CodeBuild project.

What CI/CD configuration meets all of the requirements?

A company stores highly confidential information in an Amazon S3 bucket. After suffering an attack and experiencing a breach of information, the security team came up with new requirements that must be met: - Identify remote IP addresses that are accessing the bucket objects. - Receive alerts when the security policy on the bucket is changed. - Remediate the policy changes automatically.

Which strategies should a Solutions Architect use to meet these requirements?

A company runs a processing engine in the AWS Cloud. The engine processes data to calculate complex results. Millions of devices send information to the processing engine through a RESTful API. Lately, the API has experienced unpredictable bursts of traffic. The company must implement a solution to process all data that the devices send to the processing engine. Data loss is unacceptable.

Which solution will meet these requirements?

During a security audit, IAM secret access keys were found in clear text in AWS CodeCommit repositories. The security team requires measures to automatically find and remediate this vulnerability on an ongoing basis.

Which solution meets these requirements?

A company hosts an application on Amazon EC2 instances in a private subnet within an Amazon VPC. The application stores files in a specific Amazon S3 bucket. Due to some new regulations, the files should not traverse the internet, and only application instances should be granted access to save files in the S3 bucket. A gateway endpoint has been created for Amazon S3 and connected to the Amazon VPC.

What additional steps should a Solutions Architect take to meet these requirements?

A health company stores Personally Identifiable Information (PII) in an Amazon S3 bucket. The current configuration encrypts the objects with server-side encryption with S3-managed encryption keys (SSE-S3). Versioning is not enabled in the bucket. According to a new requirement, all current and future objects in the S3 bucket must be encrypted by keys that the company's security team manages.

Which solution will meet these requirements?

A company is designing an application that requires cross-region disaster recovery with an RTO of 5 minutes and an RPO of 1 hour. The application runs on Amazon EC2 instances and a MySQL database.

Which option could a Solutions Architect recommend to meet the company’s disaster recovery requirements?

A company needs to deploy an application. The application is deployed on Amazon EC2 instances across multiple Availability Zones in the eu-west-1 Region. The solution must meet these constraints: 1) The application requires access to 300 GB of static data before the application starts. 2) The application layer must quickly scale on demand. 3) Startup time must be minimized as much as possible. 4) The development team must be able to change the code multiple times in a day. 5) Any critical OS patches must be installed within 48 hours of release. Which deployment strategy meets these requirements?

Which deployment strategy meets these requirements?

A highly available web application is being deployed on multiple Amazon EC2 instances. It requires users to authenticate before accessing the content. A Solutions Architect needs to design a solution that allows users to remain authenticated even if an underlying instance fails.

Which solution will meet these requirements?

A company wants to migrate its existing on-premises Oracle database to Amazon Aurora PostgreSQL using AWS DMS. The migration must be completed with minimal downtime and impact on the source database. The company has hired an AWS Certified Solutions Architect to carry out the migration and validate that the data was migrated accurately from the source to the target before the cutover.

Which approach will MOST effectively meet these requirements?

A company runs an application on Amazon EC2 instances in an Amazon VPC and must access an external service that runs on an HTTPS REST API. After contacting the provider of the external API, they can only grant access to a single source public IP address per customer.

Which configuration can enable access to the API service using a single IP address without modifying the company’s application?

A company's flagship web application runs on AWS using a three-tier web architecture. The application is PHP-based and comprises an Apache Tomcat web server layer of Amazon EC2 instances in an Auto-Scaling group. The database layer runs on an Amazon Aurora MySQL database. The application was working fine, but users reported errors and timeouts during a marketing event. The operations team reviewed the web application logs and the Amazon Aurora DB metrics. However, some web servers were terminated before logs could be collected, and the Aurora metrics were insufficient for query performance analysis.

Which combination of steps must a Solutions Architect take to improve application performance visibility during peak traffic marketing events? (Select THREE.)

A Solutions Architect plans to migrate the application to the AWS Cloud. The application consists of a series of components, and each component processes data within a few seconds before passing it on to the next component. The Solutions Architect must refactor the application into serverless microservices and be fully coordinated using cloud-native services.

Which approach meets these requirements in the most cost-effective way?

A fleet of EC2 instances back up a large quantity of data by uploading it to an Amazon S3 bucket in another region daily. Some S3 uploads have been failing, and the storage costs have significantly increased.

How can a Solutions Architect configure the backup jobs to efficiently backup data to S3 while reducing storage costs?

A company's on-premises data center is connected to AWS over a minimally used 10-Gbps Direct Connect connection using a private virtual interface to its virtual private cloud (VPC). The company performs a data archival workflow once a month. It has an internet connection of 100 Mbps, and the usual archive size is around 150 TB. The workflow is executed on the first Friday of each month and must be transferred and available on Amazon S3 by Monday morning.

Which option would you recommend as the LEAST expensive way to address the given use case?

A company has an application used for storing marketing data. The data is unstructured and stored in a MySQL database running on a single Amazon EC2 instance. The application's front end is composed of six EC2 instances in three Availability Zones (AZs). Each week, the application receives bursts of traffic, and its performance suffers. A Solutions Architect must design a solution to address scalability and reliability.

Which set of actions should the Solutions Architect take?

A company must migrate its on-premises data processing application to the AWS Cloud. The application processes input files that users upload through a web portal. A web server stores the uploaded files on NAS and messages the processing server over a message queue. Each file can take up to 1 hour to process, and the number of files awaiting to be processed is significantly higher during business hours. The number of files drops after business hours.

Which of the following is the MOST cost-effective migration recommendation?

A company is mounting IoT sensors in all of its stores worldwide. During the manufacturing of each sensor, the company’s private certificate authority (CA) issues an X.509 certificate that contains a unique serial number. The company then deploys each certificate to its respective sensor. The company hired you as a Solutions Architect to give the sensors the ability to send data to AWS after they are installed. Sensors must not be able to send data to AWS until they are installed.

Which solution will meet these requirements?

A company has many separate AWS accounts, each hosting services for different departments. The company also has a Microsoft Azure Active Directory deployed. A Solutions Architect needs to centralize billing and management of the company’s AWS accounts. The company wants to start using identity federation instead of manual user management. The company also wants to use temporary credentials instead of long-lived access keys.

Which combination of steps will meet these requirements? (Choose three.)

A Solutions Architect must design a solution to provide private connectivity from a company's WAN network to multiple AWS Regions. The company has offices worldwide, and its main data center is in California. Traffic must not traverse the public internet at any time, and the solution must also be highly available.

How can the Solutions Architect meet these requirements?

A company has a web application that uses Amazon API Gateway and AWS Lambda. A recent marketing campaign has increased demand, requiring the application to support thousands of simultaneous invocations. A Solutions Architect noticed that requests fail multiple times before succeeding. Application logs indicate that AWS Lambda has no errors.

What is the most likely root cause of this problem?

To reduce the cost of several AWS Elastic Beanstalk environments, a Solutions Architect has to design a highly available solution that will spin up an Elastic Beanstalk environment in the morning and terminate it at the end of the day. The solution should be designed with minimal operational overhead and to minimize costs. It should also be able to handle the increased use of Elastic Beanstalk environments among different teams and must provide a one-stop scheduler solution for all teams to keep operational costs as low as possible.

Which of the following solutions will meet these requirements?

A tech company operates a cloud-based application on AWS. The application includes an Amazon API Gateway API that exposes an HTTPS endpoint. The API uses AWS Lambda functions to process data, which is subsequently stored in an Amazon Aurora Serverless v1 database. The company deployed the application using the AWS SAM, ensuring deployment across multiple Availability Zones, but currently lacks a disaster recovery (DR) strategy. Our mission is to design a DR strategy plan that can recover the application in a different AWS Region. It requires a Recovery Time Objective (RTO) of 5 minutes and a Recovery Point Objective (RPO) of 1 minute. What actions should we take to fulfill these requirements?

An Amazon CloudFront distribution has been configured with an Amazon S3 bucket as the origin. After some testing, this has caused users to receive HTTP 307 Temporary Redirect responses from Amazon S3.

What might be causing this behavior, and how would you resolve it? (Select TWO.)

A tech company that recently migrated to AWS is building a hybrid DNS solution. To achieve this, they've set up an AWS Direct Connect (DX) connection linking their on-premises corporate network with an AWS Transit Gateway. The solution will use an Amazon Route 53 private hosted zone for the domain 'tech.corporation.local' to manage resources within Amazon VPCs. The company has the following DNS resolution prerequisites: - On-premises systems should be able to resolve and connect to 'tech.corporation.local'. - All VPCs should be able to resolve 'tech.corporation.local'.

Which architecture should the company use to meet these requirements with the HIGHEST performance?

A company runs 50 Proof-of-Concept (PoC) applications on virtual servers in an on-premises data center. Most of the applications are simple Node.js and Python web applications that are no longer actively developed and serve a low number of concurrent users. The applications use an average of 1 GB of memory, up to 3 GB during peak processing periods, which can last several hours.

What is the MOST cost-effective solution for these requirements?

An IoT company has IoT sensors in various locations. Each device sends data to the company’s Node.js API servers, which are hosted on Amazon EC2 instances behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL database, utilizing a 4 TB General Purpose SSD volume. As the company expands its sensor network, the load on the API servers has steadily increased, resulting in consistent overloading. Additionally, RDS performance metrics indicate high write latency.

Which of the following steps would effectively resolve these issues in a sustainable manner, facilitating continued growth with the addition of new sensors while also maintaining cost-efficiency for the platform?

A company offers a membership program for its flagship application. Members need to download all files in a secured Amazon S3 bucket. An Amazon CloudFront distribution has been created to serve content from the Amazon S3 bucket to users worldwide. Access should be restricted to members and not be available to anyone else.

What is the most efficient method a Solutions Architect should use to securely enable access to the files in the S3 bucket?

A new security mandate requires all personnel data held in the cloud to be encrypted at rest. Which two methods allow you to encrypt data stored in S3 buckets at rest cost-efficiently? (Select TWO)

A company has several Amazon RDS databases, each with over 80 TB of data. The company is building a data query platform for the Business Intelligence Analysts' team, which requires generating a weekly business report from the databases. The system should support ad-hoc SQL queries.

What is the MOST cost-effective solution?

A company saves confidential exports as CSV files in an Amazon S3 bucket. The data can only be accessed by IAM users. Due to new requirements, an individual CSV file must be shared with an external organization. A Solutions Architect used an IAM user account to attempt to perform a PUT Object call to enable a public ACL on the object, and it failed with "insufficient permissions."

What is the most likely cause of this issue?

A company hosts the front end of an application on AWS and the back end REST API in an on-premises environment. The back end and the front end will be connected over an AWS Direct Connect (DX) connection through a private virtual interface. The application requires consistent, redundant, and reliable connectivity between both servers.

Which design would provide the MOST reliable connection to the backend API?

A marketing company runs an application that stores ad invoices in an Amazon S3 bucket and metadata about the invoices in an Amazon DynamoDB table. The application software runs in us-east-1 and eu-central-1. The S3 bucket and DynamoDB table are in us-east-1. A Solutions Architect has been asked to implement protection from data corruption and the loss of connectivity to either Region.

Which solution meets these requirements?

An Amazon RDS database was created with encryption enabled using an AWS-managed CMK, but it does not require encryption anymore.

How can a Solutions Architect unencrypt the database with the LEAST operational overhead?

A company is deploying a web application on AWS. The application is packaged as a Docker image and is deployed as an AWS Fargate service in Amazon ECS behind an Application Load Balancer (ALB). The company needs to allow only a specific list of users to access the application from the Internet. The company cannot change or integrate the application with an identity provider. All users must be authenticated through multi-factor authentication (MFA).

Which solution will meet these requirements?

A company must host a highly available and secure application in an AWS VPC. The VPC extends across two Availability Zones, each AZ consisting of a public and a private subnet. The application is hosted on Amazon EC2 instances in the private subnet. It needs to communicate with the Internet via two NAT gateways and uses an Application Load Balancer in the public subnet. The service uses Amazon S3 for storage, adding an average of 1 TB in new objects daily. A solutions architect must reduce the associated cost of the solution and reduce manual effort while maintaining security.

How can this be accomplished?

A company hosts a blog application on AWS utilizing Amazon API Gateway, Amazon DynamoDB, and AWS Lambda. Currently, the application does not use API keys to authorize requests. Users provide feedback on various articles. These are the main API endpoints:

The company aims to boost user engagement by displaying feedback in real time.

Which design should be implemented to reduce feedback latency and improve user experience?

A company has deployed an application to multiple AWS accounts, including production and staging accounts.

Which solution is most appropriate for implementing centralized control of security identities and permissions to access the environments?

A company urgently needs to migrate data to AWS. The data center has a 1 Gbps internet connection and a separate 500 Mbps AWS Direct Connect link. The company must transfer 20 TB of data from the data center to an Amazon S3 bucket.

What is the FASTEST way of transferring the data?

An Amazon EC2 instance is located in a public subnet with the IPv6 address 2024:2db:1:101::1. After some testing, developers reported they could not access the web content. The VPC Flow Logs for the subnet contain the following entries:

Which of the following options will restore network reachability to the EC2 instance?

A company recently migrated from an on-premises data center to the AWS Cloud using a re-platforming strategy. One of the migrated servers is running a legacy Simple Mail Transfer Protocol (SMTP) service that a critical application relies upon. This application sends outbound email messages to the company’s customers using SMTP, but the legacy SMTP server does not support TLS encryption and uses TCP port 25. The company has decided to use Amazon Simple Email Service (Amazon SES) and decommission the legacy SMTP server. They have created and validated the SES domain and have lifted the SES limits.

How should the company modify the application to send email messages through Amazon SES?

A company deploys JavaScript and Python applications to AWS using AWS CodePipeline and AWS CloudFormation. However, the company is looking for a new way of deploying the applications without using CloudFormation, as the developers don't want to learn new domain-specific languages. The developers also want to use features of JavaScript and Python, such as looping.

How can the company address the developer's concerns and quickly bring the applications up to deployment standards?

A company is planning to migrate its on-premises data center to AWS. Currently, the data center operates on Linux-based VMware VMs. Due to some requirements, information about the network dependencies between these VMs must be gathered. This information must be presented in a diagram that includes the following information:

Which solution will meet these requirements?

A data analytics company generates around 20 GB of statistical data daily, expected to increase over time. They use Amazon S3 as the data lake to store the data. A Solutions Architect plans to use Amazon Athena to analyze this data by date ranges.

Which is the most optimal way to save this data to get the best performance as the data grows? (Select TWO.)

A company uses SSH to connect to EC2 instances hosted in private subnets from an on-premise environment. The EC2 instances are based on the latest Amazon Linux 2 AMI. The company's architecture includes a VPC with private and public subnets and a NAT gateway. They also have a Site-to-Site VPN for connectivity with the on-premises environment and EC2 security groups with direct SSH access from the on-premises environment.

Which strategy should the company use to increase security control around SSH access and comply with auditing requirements?

A company uses an AWS CodeCommit repository and needs to store a backup copy of the repository data in a different AWS Region.

Which solution will meet these requirements?

A company is migrating a 30 TB PostgreSQL database from its on-premises data center to AWS. The database grows at the rate of 12 GB per day. The data center is connected to AWS using a 50 Mbps internet connection and an IPSec VPN connection to the Amazon VPC. The company needs to migrate the database within 2 weeks.

Which combination of actions will meet the migration schedule with the LEAST downtime? (Select THREE.)

A company has deployed a web application on Amazon EC2 instances within a private subnet. An Application Load Balancer (ALB) is set up to manage traffic to these instances. The EC2 instances are associated with a security group named InstanceSG, while the ALB is assigned to a security group named ALBSG. The security team must lock down the security group rules according to best practices.

What rules should be configured in the security groups? (Select TWO.)

An application deployed using an AWS CloudFormation stack uses multiple AWS Lambda functions. A new version has been developed, and the engineering team is trying to implement a deployment process that supports a canary release. They want to test the new version incrementally using small incremental deployments.

Which solution will meet these requirements?

A company is developing a reporting tool with thousands of devices. The devices will send 8KB of data per second to a data platform that must process and analyze the data and provide information back. The data platform must support near real-time analytics of the inbound data, provide durability and parallelization for the data, and deliver results to a data warehouse.

Which strategy should the company use to meet these requirements?