AWS 架構師證照考古題大全20241025
Amazon Web Service(AWS 亞馬遜)全系列考古題,2024年最新題庫,持續更新,全網最完整。AWS 證照含金量高,自我進修、跨足雲端產業必備近期版本更新,隨時追蹤最新趨勢變化。
QUESTION 600
A company runs a microservice-based serverless web application. The application must be able to retrieve data from multipleAmazon DynamoDB tables A solutions architect needs to give the application the ability to retrieve the data with no impact on the baseline performance of the application.
Which solution will meet these requirements in the MOST operationally efficient way?
A. AWS AppSync pipeline resolvers
B. Amazon CloudFront with Lambda@Edge functions
C. Edge-optimized Amazon API Gateway with AWS Lambda functions
D. Amazon Athena Federated Query with a DynamoDB connector
Correct Answer: D
Section: (none)
QUESTION 601
A company wants to analyze and troubleshoot Access Denied errors and Unauthorized errors that are related to IAM permissions. The company has AWS CloudTrail turned on.
Which solution will meet these requirements with the LEAST effort?
A. Use AWS Glue and write custom scripts to query CloudTrail logs for the errors.
B. Use AWS Batch and write custom scripts to query CloudTrail logs for the errors.
C. Search CloudTrail logs with Amazon Athena queries to identify the errors.
D. Search CloudTrail logs with Amazon QuickSight. Create a dashboard to identify the errors.
Correct Answer: C
Section: (none)
QUESTION 602
A company wants to add its existing AWS usage cost to its operation cost dashboard. A solutions architect needs torecommend a solution that will give the company access to its usage cost programmatically. The company must be able to access cost data for the current year and forecast costs for the next 12 months.
Which solution will meet these requirements with the LEAST operational overhead?
A. Access usage cost-related data by using the AWS Cost Explorer API with pagination.
B. Access usage cost-related data by using downloadable AWS Cost Explorer report .csv files.
C. Configure AWS Budgets actions to send usage cost data to the company through FTP.
D. Create AWS Budgets reports for usage cost data. Send the data to the company through SMTP.
Correct Answer: A
Section: (none)
QUESTION 603
A solutions architect is reviewing the resilience of an application. The solutions architect notices that a database administratorrecently failed over the application's Amazon Aurora PostgreSQL database writer instance as part of a scaling exercise. The failover resulted in 3 minutes of downtime for the application.
Which solution will reduce the downtime for scaling exercises with the LEAST operational overhead?
A. Create more Aurora PostgreSQL read replicas in the cluster to handle the load during failover.
B. Set up a secondary Aurora PostgreSQL cluster in the same AWS Region. During failover, update the application to use the secondary cluster's writer endpoint.
C. Create an Amazon ElastiCache for Memcached cluster to handle the load during failover.
D. Set up an Amazon RDS proxy for the database. Update the application to use the proxy endpoint.
Correct Answer: D
Section: (none)
QUESTION 604
A company has a regional subscription-based streaming service that runs in a single AWS Region. The architecture consists ofweb servers and application servers on Amazon EC2 instances. The EC2 instances are in Auto Scaling groups behind Elastic Load Balancers. The architecture includes an Amazon Aurora global database cluster that extends across multiple Availability Zones.
The company wants to expand globally and to ensure that its application has minimal downtime. Which solution will provide the MOST fault tolerance?
A. Extend the Auto Scaling groups for the web tier and the application tier to deploy instances in Availability Zones in a secondRegion. Use an Aurora global database to deploy the database in the primary Region and the second Region. Use AmazonRoute 53 health checks with a failover routing policy to the second Region.
B. Deploy the web tier and the application tier to a second Region. Add an Aurora PostgreSQL cross- Region AuroraReplica in the second Region. Use Amazon Route 53 health checks with a failover routing policy to the second Region. Promote the secondary to primary as needed.
C. Deploy the web tier and the application tier to a second Region. Create an Aurora PostgreSQL database in the second Region. Use AWS Database Migration Service (AWS DMS) to replicate the primary database to the second Region. Use Amazon Route 53 health checks with a failover routing policy to the second Region.
D. Deploy the web tier and the application tier to a second Region. Use an Amazon Aurora global database to deploy the database in the primary Region and the second Region. Use Amazon Route 53 health checks with a failover routing policy to the second Region. Promote the secondary to primary as needed.
Correct Answer: D
Section: (none)
QUESTION 605
A company is migrating its workloads to AWS. The company has transactional and sensitive data in its databases. The companywants to use AWS Cloud solutions to increase security and reduce operational overhead for the databases.
Which solution will meet these requirements?
A. Migrate the databases to Amazon EC2. Use an AWS Key Management Service (AWS KMS) AWS managed key for encryption.
B. Migrate the databases to Amazon RDS Configure encryption at rest.
C. Migrate the data to Amazon S3 Use Amazon Macie for data security and protection
D. Migrate the database to Amazon RDS. Use Amazon CloudWatch Logs for data security and protection.
Correct Answer: B
Section: (none)
QUESTION 606
A company has an online gaming application that has TCP and UDP multiplayer gaming capabilities. The company usesAmazon Route 53 to point the application traffic to multiple Network Load Balancers (NLBs) in different AWS Regions. The company needs to improve application performance and decrease latency for the online game in preparation for user growth.
Which solution will meet these requirements?
A. Add an Amazon CloudFront distribution in front of the NLBs. Increase the Cache-Control max-age parameter.
B. Replace the NLBs with Application Load Balancers (ALBs). Configure Route 53 to use latency-based routing.
C. Add AWS Global Accelerator in front of the NLBs. Configure a Global Accelerator endpoint to use the correct listener ports.
D. Add an Amazon API Gateway endpoint behind the NLBs. Enable API caching. Override method caching for the different stages.
Correct Answer: C
Section: (none)
QUESTION 607
A company stores data in Amazon S3. According to regulations, the data must not contain personally identifiable information(PII). The company recently discovered that S3 buckets have some objects that contain PII. The company needs to automatically detect PII in S3 buckets and to notify the company security team.
Which solution will meet these requirements?
A. Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData event type from Macie findings andto send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
B. Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findingsand to send an Amazon Simple Notification Service (Amazon SNS) notification to the security team.
C. Use Amazon Macie. Create an Amazon EventBridge rule to filter the SensitiveData:S3Object/Personal event type from Macie findings and to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
D. Use Amazon GuardDuty. Create an Amazon EventBridge rule to filter the CRITICAL event type from GuardDuty findingsand to send an Amazon Simple Queue Service (Amazon SQS) notification to the security team.
Correct Answer: A
Section: (none)
QUESTION 608
A company wants to provide data scientists with near real-time read-only access to the company's production Amazon RDS forPostgreSQL database. The database is currently configured as a Single-AZ database. The data scientists use complex queries that will not affect the production database. The company needs a solution that is highly available.
Which solution will meet these requirements MOST cost-effectively?
A. Scale the existing production database in a maintenance window to provide enough power for the data scientists.
B. Change the setup from a Single-AZ to a Multi-AZ instance deployment with a larger secondary standby instance. Provide the data scientists access to the secondary instance.
C. Change the setup from a Single-AZ to a Multi-AZ instance deployment. Provide two additional read replicas for the data scientists.
D. Change the setup from a Single-AZ to a Multi-AZ cluster deployment with two readable standby instances. Provide read endpoints to the data scientists.
Correct Answer: D
Section: (none)
QUESTION 609
A company runs a three-tier web application in the AWS Cloud that operates across three Availability Zones. The applicationarchitecture has an Application Load Balancer, an Amazon EC2 web server that hosts user session states, and a MySQLdatabase that runs on an EC2 instance. The company expects sudden increases in application traffic. The company wants to beable to scale to meet future application capacity demands and to ensure high availability across all three Availability Zones.
Which solution will meet these requirements?
A. Migrate the MySQL database to Amazon RDS for MySQL with a Multi-AZ DB cluster deployment. Use AmazonElastiCache for Redis with high availability to store session data and to cache reads. Migrate the web server to an Auto Scaling group that is in three Availability Zones.
B. Migrate the MySQL database to Amazon RDS for MySQL with a Multi-AZ DB cluster deployment. Use Amazon ElastiCache for Memcached with high availability to store session data and to cache reads. Migrate the web server to an Auto Scaling group that is in three Availability Zones.
C. Migrate the MySQL database to Amazon DynamoDB Use DynamoDB Accelerator (DAX) to cache reads. Store thesession data in DynamoDB. Migrate the web server to an Auto Scaling group that is in three Availability Zones.
D. Migrate the MySQL database to Amazon RDS for MySQL in a single Availability Zone. Use Amazon ElastiCache forRedis with high availability to store session data and to cache reads. Migrate the web server to an Auto Scaling group that is in three Availability Zones.
Correct Answer: A
Section: (none)
QUESTION 610
A global video streaming company uses Amazon CloudFront as a content distribution network (CDN). The company wants to roll out content in a phased manner across multiple countries. The company needs to ensure that viewers who are outside the countries to which the company rolls out content are not able to view the content.
Which solution will meet these requirements?
A. Add geographic restrictions to the content in CloudFront by using an allow list. Set up a custom error message.
B. Set up a new URL tor restricted content. Authorize access by using a signed URL and cookies. Set up a custom error message.
C. Encrypt the data for the content that the company distributes. Set up a custom error message.
D. Create a new URL for restricted content. Set up a time-restricted access policy for signed URLs.
Correct Answer: A
Section: (none)
QUESTION 611
A company wants to use the AWS Cloud to improve its on-premises disaster recovery (DR) configuration. The company's coreproduction business application uses Microsoft SQL Server Standard, which runs on a virtual machine (VM). The application has a recovery point objective (RPO) of 30 seconds or fewer and a recovery time objective (RTO) of 60 minutes. The DR solution needs to minimize costs wherever possible.
Which solution will meet these requirements?
A. Configure a multi-site active/active setup between the on-premises server and AWS by using Microsoft SQL Server Enterprise with Always On availability groups.
B. Configure a warm standby Amazon RDS for SQL Server database on AWS. Configure AWS Database Migration Service (AWS DMS) to use change data capture (CDC).
C. Use AWS Elastic Disaster Recovery configured to replicate disk changes to AWS as a pilot light.
D. Use third-party backup software to capture backups every night. Store a secondary set of backups in Amazon S3.
Correct Answer: B
Section: (none)
QUESTION 612
A company has an on-premises server that uses an Oracle database to process and store customer information. The companywants to use an AWS database service to achieve higher availability and to improve application performance. The company alsowants to offload reporting from its primary database system.
Which solution will meet these requirements in the MOST operationally efficient way?
A. Use AWS Database Migration Service (AWS DMS) to create an Amazon RDS DB instance in multiple AWS Regions. Point the reporting functions toward a separate DB instance from the primary DB instance.
B. Use Amazon RDS in a Single-AZ deployment to create an Oracle database. Create a read replica in the same zone as the primary DB instance. Direct the reporting functions to the read replica.
C. Use Amazon RDS deployed in a Multi-AZ cluster deployment to create an Oracle database. Direct the reporting functions to use the reader instance in the cluster deployment.
D. Use Amazon RDS deployed in a Multi-AZ instance deployment to create an Amazon Aurora database. Direct the reporting functions to the reader instances.
Correct Answer: C
Section: (none) QUESTION 613
A company wants to build a web application on AWS. Client access requests to the website are not predictable and can be idlefor a long time. Only customers who have paid a subscription fee can have the ability to sign in and use the web application.
Which combination of steps will meet these requirements MOST cost-effectively? (Choose three.)
A. Create an AWS Lambda function to retrieve user information from Amazon DynamoDB. Create an Amazon APIGateway endpoint to accept RESTful APIs. Send the API calls to the Lambda function.
B. Create an Amazon Elastic Container Service (Amazon ECS) service behind an Application Load Balancer to retrieveuser information from Amazon RDS. Create an Amazon API Gateway endpoint to accept RESTful APIs. Send the API calls to the Lambda function.
C. Create an Amazon Cognito user pool to authenticate users.
D. Create an Amazon Cognito identity pool to authenticate users.
E. Use AWS Amplify to serve the frontend web content with HTML, CSS, and JS. Use an integrated Amazon CloudFront configuration.
F. Use Amazon S3 static web hosting with PHP, CSS, and JS. Use Amazon CloudFront to serve the frontend web content.
Correct Answer: ACE
Section: (none)
QUESTION 614
A media company uses an Amazon CloudFront distribution to deliver content over the internet. The company wants onlypremium customers to have access to the media streams and file content. The company stores all content in an Amazon S3bucket. The company also delivers content on demand to customers for a specific purpose, such as movie rentals or music downloads.
Which solution will meet these requirements?
A. Generate and provide S3 signed cookies to premium customers.
B. Generate and provide CloudFront signed URLs to premium customers.
C. Use origin access control (OAC) to limit the access of non-premium customers.
D. Generate and activate field-level encryption to block non-premium customers.
Correct Answer: B
Section: (none)
QUESTION 615
A retail company uses a regional Amazon API Gateway API for its public REST APIs. The API Gateway endpoint is a custom domain name that points to an Amazon Route 53 alias record. A solutions architect needs to create a solution that has minimaleffects on customers and minimal data loss to release the new version of APIs.
Which solution will meet these requirements?
A. Create a canary release deployment stage for API Gateway. Deploy the latest API version. Point an appropriatepercentage of traffic to the canary stage. After API verification, promote the canary stage to the production stage.
B. Create a new API Gateway endpoint with a new version of the API in OpenAPI YAML file format. Use the import-to-update operation in merge mode into the API in API Gateway. Deploy the new version of the API to the production stage.
C. Create a new API Gateway endpoint with a new version of the API in OpenAPI JSON file format. Use the import-to-update operation in overwrite mode into the API in API Gateway. Deploy the new version of the API to the production stage.
D. Create a new API Gateway endpoint with new versions of the API definitions. Create a custom domain name for the new API Gateway API. Point the Route 53 alias record to the new API Gateway API custom domain name.
Correct Answer: A
Section: (none) QUESTION 616
A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet.
What should the solutions architect do to accomplish this? (Select TWO )
A. Create a route table entry for the endpoint
B. Create a gateway endpoint for DynamoDB
C. Create a new DynamoDB table that uses the endpoint
D. Create an ENI for the endpoint in each of the subnets of the VPC
E. Create a security group entry in the default security group to provide access
Correct Answer: AB
Section: (none)
QUESTION 617
A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows.
What should a solutions architect recommend?
A. Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.
B. Set up an Amazon EFS file system that connects with the backup applications using the NFS interface
C. Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface
D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface.
Correct Answer: D
Section: (none)
QUESTION 618
A solutions architect is designing the storage architecture for a new web application used for storing and viewing engineering drawings.
All application components will be deployed on the AWS infrastructure. The application design must support caching to minimizethe amount of time that users wait for the engineering drawings to load. The application must be able to store petabytes of data. Which combination of storage and caching should the solutions architect use?
A. Amazon S3 with Amazon CloudFront
B. Amazon S3 Glacier with Amazon ElastiCache
C. Amazon Elastic Block Store (Amazon EBS) volumes with Amazon CloudFront
D. AWS Storage Gateway with Amazon ElastiCache
Correct Answer: A
Section: (none)
QUESTION 619
A company has an application with a REST-based Interface that allows data to be received in near-real time from a third-party vendor.
Once received, the application processes and stores the data for further analysis. The application Is running on Amazon EC2 instances.
The third-party vendor has received many 503 Service Unavailable Errors when sending data to the application.
When the data volume spikes, the compute capacity reaches its maximum limit and the application is unable to process all requests.
Which design should a solutions architect recommend to provide a more scalable solution?
A. Use Amazon Kinesis Data Streams to ingest the data. Process the data using AWS Lambda functions.
B. Use Amazon API Gateway on top of the existing application. Create a usage planwith a quota Iimit for the third-party vendor.
C. Use Amazon Simple Notification Service (Amazon SNS) to ingest the data.
Put the EC2 instances in an Auto Scaling group behind an Application Load Balancer.
D. Repackage the application as a container.
Deploy the application using Amazon Elastic Container Service (Amazon ECS) using the EC2 launch type with an Auto Scaling group.
Correct Answer: A
Section: (none)
QUESTION 620
A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier n the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets.
The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third partyprovider. A solutions architect must devise a strategy that maximizes security without increasing operational overhead.
What should the solutions architect do to meet these requirements?
A. Deploy a NAT instance in the VPC.Route all the internet-based traffic through tho NAT instance.
B. Deploy a NAT gateway in the public subnets. Modify the private subnet route table to direct all internet- bound traffic to the NAT gateway.
C. Configure an internet gateway and attach it to tho VPC Modify the private subnet route table to direct internet-bound traffic to the internet gateway.
D. Configure a virtual private gateway and attach it to the VPC.Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.
Correct Answer: B
Section: (none)
QUESTION 621
A company is building a RESTful serverless web application on AWS by using Amazon API Gateway and AWS Lambda.
The users of this web application will be geographically disturbed, and the company wants to reduce the latency of API requests to these users.
Which type of endpoint should a solutions architect use to meet these requirements?
A. Private endpoint
B. Regional endpoint
C. Interface VPC endpoint
D. Edge-optimized endpoint
Correct Answer: D
Section: (none)
QUESTION 622
A company is deploying an application that processes large quantities of data in parallel. The company plans to use AmazonEC2 instances for the workload. The network architecture must be configurable to prevent groups of nodes from sharing the same underlying hardware.
Which networking solution meets these requirements?
A. Run the EC2 instances in a spread placement group
B. Group the EC2 instances in separate accounts
C. Configure the EC2 instances with dedicated tenancy
D. Configure the EC2 instances with shared tenancy
Correct Answer: A
Section: (none)
QUESTION 623
A solutions architect is designing the architecture fora software demonstration environment. The
environment will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). Thesystem will experience significant increases in traffic during working hours but is not required to operate on weekends.
Which combination of actions should the solutions architect take to ensure that the system can scale to meet demand? (Select TWO)
A. Use AWS Auto Scaling to adjust the ALB capacity based on request rate.
B. Use AWS Auto Scaling to scale the capacity of the VPC internet gateway.
C. Launch the EC2 instances in multiple AWS Regions to distribute the load across Regions.
D. Use a target tracking scaling policy to scale the Auto Scaling group based on instance CPU utilization.
E. Use scheduled scaling to change the Auto Scaling group minimum, maximum, and desired capacity to zero for weekends Revert to the default values at the start of the week.
Correct Answer: DE
Section: (none)
QUESTION 624
A company is building an ecommerce application and needs to store sensitive customer information. The company needs to give customers the ability to complete purchase transactions on the website. The company also needs to ensure that sensitive customer data is protected even from database administrators.
Which solution meets these requirements?
A. Store sensitive data in an Amazon Elastic Block Store (Amazon EBS) volume Use EBS encryption to encrypt the data. Use an IAM instance role to restrict access.
B. Store sensitive data in Amazon RDS for MySQL Use AWS Key Management Service (AWS KMS) client-side encryption to encrypt the data.
C. Store sensitive data in Amazon S3. Use AWS Key Management Service (AWS KMS) server-side encryption to encrypt the data. Use S3 bucket policies to restrict access.
D. Store sensitive data in Amazon FSx for Windows Server. Mount the file share on application servers Use Windows file permissions to restrict access.
Correct Answer: B
Section: (none)
QUESTION 625
A company is using AWS Key Management Service (AWS KMS) customer master keys (CMKs) to encrypt AWS Lambda environment variables. A solutions architect needs to ensure that the required permissions are in place to decrypt and use theenvironment variables. Which steps must the solutions architect take to implement the correct permissions? (Select TWO.)
A. Add AWS KMS permissions in the Lambda resource policy
B. Add AWS KMS permissions in the Lambda execution role.
C. Add AWS KMS permissions in the Lambda function policy
D. Allow the Lambda execution role in the AWS KMS key policy
E. Allow the Lambda resource policy in the AWS KMS key policy.
Correct Answer: BD
Section: (none)
QUESTION 626
A company has two VPCs that are located in the us-west-2 Region within the same AWS account. The company needs toallow network traffic between these VPCs. Approximately 500 GB of data transfer will occur between the VPCs each month.
What is the Most cost-effective solution to connect these VPCs?
A. Implement AWS Transit Gateway to connect the VPCs Update the route tables of each VPC to use the transit gateway for inter-VPC communication.
B. Implement an AWS Site-to-Site VPN tunnel between the VPCs Update the route tables of each VPC to use the VPN tunnel for inter-VPC communication.
C. Set up a VPC peering connection between the VPCs. Update the route tables ofeach VPC to use the VPC peering connection for inter-VPC communication
D. Set up a 1 GB AWS Direct Connect connection between the VPCs. Update the route tables of each VPC to use the Direct Connect connection for inter-VPC communication.
Correct Answer: C
Section: (none)
QUESTION 627
A company has a financial application that produces reports. The reports average 50 KB in size and are stored in Amazon S3.The reports are frequently accessed during the first week after production and must be stored for several years. The reports must be retrievable within 6 hours. Which solution meets these requirements MOST cost-effectively?
A. Use S3 Standard Use an S3 Lifecycle rule to transition the reports to S3 Glacier after 7 days
B. Use S3 Standard. Use an S3 Lifecycle rule to transition the reports to S3 Standard-Infrequent Access (S3 Standard-IA) after 7 days.
C. Use S3 Intelligent-Tiering. Configure S3 Intelligent-Tiering to transition the reports to S3 Standard- Infrequent Access (S3 Standard-IA)and S3 Glacier.
D. Use S3 Standard Use an S3 Lifecycle rule to transition the reports to S3 Glacier Deep Archive after 7 days
Correct Answer: A
Section: (none)
QUESTION 628
A company wants to direct its users to a backup static error page if he company's primary website is unavailable. The primarywebsite's DNS records are hosted in Amazon Route 53 The domain is pointing to an Application Load Balancer (ALB).The company needs a solution that minimizes changes and infrastructure overhead.
Which solution will meet these requirements?
A. Update the Route 53 records to use a latency routing policy Add a static error page that is hosted in an Amazon S3 bucket to the records so that the traffic is sent to the most responsive endpoints.
B. Set up a Route 53 active-passive failover configuration Direct traffic to a static error page that is hosted in an Amazon S3 bucket when Route 53 health checks determine that the ALB endpoint is unhealthy
C. Set up a Route 53 actve-active configuration with the ALB and an Amazon EC2 instance that hosts a static error page as endpoints. Configure Route 53to send requests to the instance only if the health checks fail for the ALB
D. Update the Route 53 records to use a multivalue answer routing policy. Create a health check Direct traffic to the website if the health check passes Direct traffic to a static error page that is hosted in Amazon S3 if the health check does not pass
Correct Answer: B
Section: (none)
QUESTION 629
A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones. The instances host applicationsthat use a hierarchical directory structure. The applications need to read and write rapidly and concurrently to shared storage.
What should a solutions architect do to meet these requirements?
A. Create an Amazon S3 bucket. Allow access from all the EC2 instances in the VPC
B. Create an Amazon Elastic File System (Amazon EFS) file system. Mount the EFS file system from each EC2 instance.
C. Create a file system on a Provisioned IOPS SSD (io2) Amazon Elastic Block Store (Amazon EBS) volume. Attach the EBS volume to all the EC2 instances
D. Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instance. Synchronize the EBS volumes across the different EC2 instances.
Correct Answer: B
Section: (none)
QUESTION 630
A solutions architect is designing a workload that will store hourly energy consumption by business tenants in a building. The sensors will feed a database through HTTP requests that will add up usage for each tenant. The solutions architect must usemanaged services when possible. The workload will receive more features in the future as the solutions architect adds independent components. Which solution will meet these requirements with the LEAST operational overhead?
A. Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and store the data in an Amazon DynamoDB table.
B. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive andprocess the data from the sensors. Use an Amazon S3 bucket to store the processed data.
C. Use Amazon API Gateway with AWS Lambda functions to receive the data from the sensors, process the data, and storethe data in a Microsoft SQL Server Express database on an Amazon EC2 instance.
D. Use an Elastic Load Balancer that is supported by an Auto Scaling group of Amazon EC2 instances to receive and process the data from the sensors. Use an Amazon Elastic File System (Amazon EFS) shared file system to store the processed data.
Correct Answer: A
Section: (none)
QUESTION 631
A company has five organizational units (OUs) as part of its organization in AWS Organizations. Each OU correlates to the fivebusinesses that the company owns. The company's research and development (R&D) business is separating from the companyand will need its own organization.A solutions architect creates a separate new management account for this purpose.
What should the solutions architect do next in the new management account?
A. Have the R&D AWS account be part of both organizations during the transition
B. Invite the R&D AWS account to be part of the new organization after the R&D AWS account has left the prior organization
C. Create a new R&D AWS account in the new organization. Migrate resources from the prior R&D AWS account to the new R&D AWS account
D. Have the R&D AWS account join the new organization. Make the new management account a member of the prior organization.
Correct Answer: C
Section: (none)
QUESTION 632
A solutions architect is using an AWS CloudFormation template to deploy a three-tier web application. The web applicationconsists of a web tier and an application tier that stores and retrieves user data in Amazon DynamoDB tables. The web andapplication tiers are hosted on Amazon EC2 instances, and the database tier is not publicly accessible. The application EC2instances need to access the DynamoDB tables without exposing API credentials in the template.
What should the solutions architect do to meet these requirements?
A. Create an IAM role to read the DynamoDB tables. Associate the role with the application instances by referencing an instance profile.
B. Create an IAM role that has the required permissions to read and write from the DynamoDB tables. Add the role to the EC2 instance profile, and associate the instance profile with the application instances
C. Use the parameter section in the AWS CloudFormation template to have the user input access and secret keys from analready-created IAM user that has the required permissions to read and write from the DynamoDB tables
D. Create an IAM user in the AWS CloudFomation template that has the required permissions to read and write from the DynamoDB tables Use the GetAtt function to retrieve the access and secret keys, and pass them to the application instances through the user data
Correct Answer: B
Section: (none)
QUESTION 633
A company's website handles millions of requests each day, and the number of requests continues to increase.A solutions architect needs to improve the response time of the web application. The solutions architect determines that the applicationneeds to decrease latency when retrieving product details from the Amazon DynamoDB table.
Which solution will meet these requirements with the LEAST amount of operational overhead?
A. Set up a DynamoDB Accelerator (DAX) cluster. Route all read requests through DAX.
B. Set up Amazon ElastiCache for Redis between the DynamoDB table and the web application. Route all read requests through Redis.
C. Set up Amazon ElastiCache for Memcached between the DynamoDB table and the web application. Route all read requests through Memcached.
D. Set up Amazon DynamoDB Streams on the table, and have AWS Lambda read from the table and populate Amazon ElastiCache. Route all read requests through ElastiCache.
Correct Answer: A
Section: (none)
QUESTION 634
A company uses multiple vendors to distribute digital assets that are stored in Amazon S3 buckets. The company wants to ensure that its vendor AWS accounts have the minimum access that is needed to download objects in these S3 Buckets.
Which solution will meet these requirements with the LEAST operational overhead?
A. Design a bucket policy that has anonymous read permissions and permissions to list all buckets
B. Design a bucket policy that gives read-only access to users. Specify IAM entities as principals
C. Create a cross-account IAM role that has a read-only access policy specified for the IAM role
D. Create a user policy and vendor user groups that give read-only access to vendor users
Correct Answer: C
Section: (none)
QUESTION 635
A solutions architect is designing a disaster recovery (DR) strategy to provide Amazon EC2 capacity in a failover AWS Region.Business requirements state that the DR strategy must meet capacity in the failover Region.
Which solution will meet these requirements?
A. Purchase On-Demand Instances in the failover Region
B. Purchase an EC2 Savings Plan in the failover Region
C. Purchase regional Reserved Instances in the failover Region
D. Purchase a Capacity Reservation in the failover Region
Correct Answer: C
Section: (none)
QUESTION 636
A company collects and shares research data with the company's employees all over the world. The company wants to collectand store the data in an Amazon S3 bucket and process the data in the AWS Cloud. The company will share the data with the company's employees. The company needs a secure solution in the AWS Cloud that minimizes operational overhead.
Which solution will meet these requirements?
A. Use an AWS Lambda function to create an S3 presigned URL.Instruct employees to use the URL
B. Create an IAM user for each employee. Create an IAM policy for each employee to allow S3 access. Instruct employees to use the AWS Management Console
C. Create an S3 File Gateway. Create a share for uploading and a share for downloading. Allow employees to mount shares on their local computers to use S3 File Gateway
D. Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider options. Use AWS Secrets Manager to manage the user credentials Instruct employees to use Transfer Family
Correct Answer: D
Section: (none)
QUESTION 637
A company runs an application that stores and shares photos. Users upload the photos to an Amazon S3 bucket. Every day,users upload approximately 150 photos. The company wants to design a solution that creates a thumbnail of each new photo and stores the thumbnail in a second S3 bucket.
Which solution will meet these requirements MOST cost-effectively?
A. Configure an Amazon EventBridge scheduled rule to invoke a script every minute on along-running Amazon EMR cluster. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket.
B. Configure an Amazon EventBridge scheduled rule to invoke a script every minute on a memory- optimized Amazon EC2instance that is always on. Configure the script to generate thumbnails for the photos that do not have thumbnails. Configure the script to upload the thumbnails to the second S3 bucket
C. Configure an S3 event notification to invoke an AWS Lambda function each time a user uploads a new photo to the application. Configure the Lambda function to generate a thumbnail and to upload the thumbnail to the second S3 bucket
D. Configure S3 Storage Lens to invoke an AWS Lambda function each time a user uploads a new photo to the application.Configure the Lambda function to generate a thumbnail and to upload the thumbnail to a second S3 bucket
Correct Answer: C
Section: (none)
QUESTION 638
A company runs an application that uses Amazon RDS for PostgreSQL. The application receives traffic only on weekdays during business hours. The company wants to optimize costs and reduce operational overhead based on this usage.
Which solution will meet these requirements?
A. Use the Instance Scheduler on AWS to configure start and stop schedules
B. Turn off automatic backups. Create weekly manual snapshots of the database
C. Create a custom AWS Lambda function to start and stop the database based on minimum CPU utilization
D. Purchase All Upfront reserved DB instances
Correct Answer: A
Section: (none)
QUESTION 639
An ecommerce company runs a PostgreSQL database on premises. The database stores data by using high IOPS AmazonElastic Block Store (Amazon EBS) block storage.The daily peak I/O transactions per second do not exceed 15,000 IOPS. The company wants to migrate the database to Amazon RDS for PostgreSQL and provision disk IOPS performance independent of disk storage capacity.
Which solution will meet these requirements MOST cost_effectively?
A. Configure the General Purpose SSD(gp2)EBS volume storage type and provision 15.000 IOPS
B. Configure the Provisioned IOPS SSD(io1)EBS volume storage type and provision 15,000 IOPS
C. Configure the General Purpose SSD (gp3) EBS volume storage type and provision 15,000 IOPS
D. Configure the EBS magnetic volume type to achieve maximum lOPS
Correct Answer: B
Section: (none)
QUESTION 640
A company has an on-premises MySQL database that handles transactional data. The company is
migrating the database to the AWS Cloud. The migrated database must maintain compatibility with the company's applicationsthat use the database. The migrated database also must scale automatically during periods of increased demand.
Which migration solution will meet these requirements?
A. Use native MySQL tools to migrate the database to Amazon RDSfor MySQL. Configure elastic storage scaling
B. Migrate the database to Amazon Redshift by using the mysqldump utility. Turn on Auto Scaling for the Amazon Redshift cluster
C. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon Aurora. Turn on Aurora Auto Scaling
D. Use AWS Database Migration Service (AWS DMS) to migrate the database to Amazon DynamoDB. Configure an Auto Scaling policy
Correct Answer: C
Section: (none)