NEW QUESTION 1
A company hosts an application on multiple Amazon EC2 instances The application processes messages from an Amazon SQS queue writes to an Amazon RDS table and deletes the message from the queue Occasional duplicate records are found in the RDS table The SQS queue does not contain any duplicate messages
What should a solutions archived do to ensure messages are being processed once only?

• A. Use the CreateQueue API call to create a new queue
• B. Use the AddPermission API call to add appropriate permissions
• C. Use the ReceiveMessage API call to set an appropriate wait time.
• D. Use the ChangeMessageVisibility API call to increase the visibility timeout

Answer: D

NEW QUESTION 2
A solutions architect is designing a solution to access a catalog of images and provide users with the ability to submit requests to customize images Image customization parameters will be in any request sent to an AWS API Gateway API The customized image will be generated on demand, and users will receive a link they can click to view or download their customized image The solution must be highly available for viewing and customizing images
What is the MOST cost-effective solution to meet these requirements?

• A. Use Amazon EC2 instances to manipulate the original image into the requested customization Store the original and manipulated images in Amazon S3 Configure an Elastic Load Balancer in front of the EC2 instances
• B. Use AWS Lambda to manipulate the original image to the requested customization Store the original and manipulated images in Amazon S3 Configure an Amazon CloudFront distribution with the S3 bucket as the origin
• C. Use AWS Lambda to manipulate the original image to the requested customization Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB Configure an Elastic Load Balancer in front of the Amazon EC2 instances
• D. Use Amazon EC2 instances to manipulate the original image into the requested customization Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB Configure an Amazon CloudFront distribution with the S3 bucket as the origin

Answer: B

NEW QUESTION 3
A solutions architect is designing a system to analyze the performance of financial markets while the markets are closed The system will run a series of compute-intensive jobs for 4 hours every night The time to complete the compute jobs is expected to remain constant, and jobs cannot be interrupted once started Once completed, the system is expected to run for a minimum of 1 year
Which type of Amazon EC2 instances should be used to reduce the cost of the system?

• A. Spot Instances
• B. On-Demand Instances
• C. Standard Reserved Instances
• D. Scheduled Reserved Instances

Answer: D

NEW QUESTION 4
A company built a food ordering application that captures user data and stores it for future analysis The application's static front end is deployed on an Amazon EC2 instance The front-end application sends the requests to the backend application running on separate EC2 instance The backend application then stores the data in Amazon RDS
What should a solutions architect do to decouple the architecture and make it scalable''

• A. Use Amazon S3 to serve the front-end application which sends requests to Amazon EC2 to execute the backend application The backend application will process and store the data in Amazon RDS
• B. Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint of the topic and process and store the data in Amazon RDS
• C. Use an EC2 instance to serve the front end and write requests to an Amazon SQS queue Place the backend instance in an Auto Scaling group and scale based on the queue depth to process and store the data in Amazon RDS
• D. Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway which writes the requests to an Amazon SQS queue Place the backend instances in an Auto Scaling group and scale based on the queue depth to process and store the data in Amazon RDS

Answer: D

NEW QUESTION 5
A gaming company has multiple Amazon EC2 instances in a single Availability Zone for its multiplayer game that communicates with users on Layer 4 The chief technology officer (CTO) wants to make the architecture highly available and cost-effective.
What should a solutions architect do to meet these requirements? (Select TWO.)

• A. Increase the number of EC2 instances.
• B. Decrease the number of EC2 instances
• C. Configure a Network Load Balancer in front of the EC2 instances.
• D. Configure an Application Load Balancer in front of the EC2 instances
• E. Configure an Auto Scaling group to add or remove instances in multiple Availability Zones automatically.

Answer: CE

NEW QUESTION 6
A recently acquired company is required to buikl its own infrastructure on AWS and migrate multiple applications to the cloud within a month Each application has approximately 50 TB of data to be transferred After the migration is complete this company and its parent company will both require secure network connectivity with consistent throughput from their data centers to the applications A solutions architect must ensure one-time data migration and ongoing network connectivity
Which solution will meet these requirements''

• A. AWS Direct Connect for both the initial transfer and ongoing connectivity
• B. AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity
• C. AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity
• D. AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity

Answer: C

NEW QUESTION 7
A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office to Amazon S3 Glacier The solution must avoid saturating the branch office's low-bandwidth internet connection
What is the MOST cost-effective solution1?

• A. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly Create a bucket policy to enforce a VPC endpoint
• B. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination Create a bucket policy to enforce a VPC endpoint
• C. Mount the network-attached file system to Amazon S3 and copy the files directl
• D. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier
• E. Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier

Answer: D

NEW QUESTION 8
A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB) The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones On the first day of every month at midnight the application becomes much slower when the month-end financial calculation batch executes This causes the CPU utilization of the EC2 instances to immediately peak to 100%. which disrupts the application
What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

• A. Configure an Amazon CloudFront distribution in front of the ALB
• B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
• C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
• D. Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

Answer: C

NEW QUESTION 9
A company has an application that calls AWS Lambda functions A recent code review found database credentials stored in the source code The database credentials need to be removed from the Lambda source code The credentials must then be securely stored and rotated on an ongoing basis to meet security policy requirements
What should a solutions architect recommend to meet these requirements?

• A. Store the password in AWS CloudHSM Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID
• B. Store the password in AWS Secrets Manager Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID
• C. Move the database password to an environment variable associated with the Lambda function Retrieve the password from the environment variable upon execution
• D. Store the password in AWS Key Management Service (AWS KMS) Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID

Answer: B

NEW QUESTION 10
A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture? (Select TWO.)

• A. Create new public and private subnets in the same AZ for high availability
• B. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs
• C. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer
• D. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ
• E. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment

Answer: BE

NEW QUESTION 11
A solutions architect has created a new AWS account and must secure AWS account root user access Which combination of actions will accomplish this? (Select TWO.)

• A. Ensure the root user uses a strong password
• B. Enable multi-factor authentication to the root user
• C. Store root user access keys in an encrypted Amazon S3 bucket
• D. Add the root user to a group containing administrative permissions.
• E. Apply the required permissions to the root user with an inline policy document

Answer: AB

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html

NEW QUESTION 12
A company is planning to migrate a business-critical dataset to Amazon S3. The current solution design uses a single S3 bucket in the us-east-1 Region with versioning enabled to store the dataset. The company's disaster recovery policy states that all data multiple AWS Regions.
How should a solutions architect design the S3 solution?

• A. Create an additional S3 bucket in another Region and configure cross-Region replication.
• B. Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS).
• C. Create an additional S3 bucket with versioning in another Region and configure cross-Region replication.
• D. Create an additional S3 bucket with versioning in another Region and configure cross-origin resource (CORS).

Answer: C

NEW QUESTION 13
A start-up company has a web application based in the us-east-1 Region with multiple Amazon EC2 instances running behind an Application Load Balancer across multiple Availability Zones. As the company’s user base grows in the us-west-1 Region, it needs a solution with low latency and high availability.
What should a solutions architect do to accomplish this?

• A. Provision EC2 instances in us-west-1. Switch the Application Load Balancer to a Network Load Balancer to achieve cross-Region load balancing.
• B. Provision EC2 instances and an Application Load Balancer in us-west-1. Make the load balancer distribute the traffic based on the location of the request.
• C. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Create an accelerator in AWS Global Accelerator that uses an endpoint group that includes the load balancer endpoints in both Regions.
• D. Provision EC2 instances and configure an Application Load Balancer in us-west-1. Configure Amazon Route 53 with a weighted routing polic
• E. Create alias records in Route 53 that point to the Application Load Balancer.

Answer: B

NEW QUESTION 14
A solutions architect is designing the cloud architecture for a new application being deployed on AWS The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed The processor application is stateless The solutions architect must ensure that the application is loosely coupled and the job items are durably stored
Which design should the solutions architect use?

• A. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage
• B. Create an Amazon SQS queue to hold the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch configuration that uses the AMI Create an Auto Scaling group using the launch configuration Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage
• C. Create an Amazon SQS queue to hold the jobs that needs to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue
• D. Create an Amazon SNS topic to send the jobs that need to be processed Create an Amazon Machine Image (AMI) that consists of the processor application Create a launch template that uses the AMI Create an Auto Scaling group using the launch template Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic.

Answer: C

NEW QUESTION 15
A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff.
What should the solutions architect recommend?

• A. Use AWS Directory Service to create a managed Active Director
• B. Uninstall Active Directory on the current EC2 instance.
• C. Create another EC2 instance in the same subnet and reinstall Active Directory on i
• D. Uninstall Active Directory.
• E. Use AWS Directory Service to create an Active Directory connecto
• F. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance.
• G. Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controlle
• H. Modify the EC2 instance’s security group to deny public access to Active Directory.

Answer: C

NEW QUESTION 16
A company’s website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage.
There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly the internal systems fetch data. This impacts the website’s read and write performance, and the users experience slow response times.
Which solution will improve the website's performance?

• A. Use an RDS PostgreSQL DB instance instead of a MySQL database.
• B. Use Amazon ElastiCache to cache the query responses for the website.
• C. Add an additional Availability Zone to the current RDS MySQL Multi.AZ DB instance.
• D. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica.

Answer: D

NEW QUESTION 17
A company captures clickstream data from multiple websites and analyzes it using batch processing. The data is loaded nightly into Amazon Redshift and is consumed by business analysts. The company wants to move towards near-real-time data processing for timely insights. The solution should process the streaming data with minimal effort and operational overhead.
Which combination of AWS services are MOST cost-effective for this solution? (Choose two.)

• A. Amazon EC2
• B. AWS Lambda
• C. Amazon Kinesis Data Streams
• D. Amazon Kinesis Data Firehose
• E. Amazon Kinesis Data Analytics

Answer: AD

NEW QUESTION 18
An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database
What should the solutions architect do to separate the read requests from the write requests?

• A. Enable read-through caching on the Amazon Aurora database
• B. Update the application to read from the Multi-AZ standby instance
• C. Create a read replica and modify the application to use the appropriate endpoint
• D. Create a second Amazon Aurora database and link it to the primary database as a read replica.

Answer: C

NEW QUESTION 19
A marketing company is storing CSV files in an Amazon S3 bucket for statistical analysis An application on an Amazon EC2 instance needs permission to efficiently process the CSV data stored in the S3 bucket.
Which action will MOST securely grant the EC2 instance access to the S3 bucket?

• A. Attach a resource-based policy to the S3 bucket
• B. Create an 1AM user for the application with specific permissions to the S3 bucket
• C. Associate an 1AM role with least privilege permissions to the EC2 instance profile
• D. Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls

Answer: C

NEW QUESTION 20
A company's application is running on Amazon EC2 instances m a single Region in the event of a disaster a solutions architect needs to ensure that the resources can also be deployed to a second Region
Which combination of actions should the solutions architect take to accomplish this-? (Select TWO)

• A. Detach a volume on an EC2 instance and copy it to Amazon S3
• B. Launch a new EC2 instance from an Amazon Machine image (AMI) in a new Region
• C. Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance
• D. Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination
• E. Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume

Answer: BD

NEW QUESTION 21
A company is managing health records on-premises The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space The CTO has requested a solutions architect design a solution to move existing data and support future records
Which services can the solutions architect recommend to meet these requirements'?

• A. Use AWS DataSync to move existing data to AW
• B. Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
• C. Use AWS Storage Gateway to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
• D. Use AWS DataSync to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
• E. Use AWS Storage Gateway to move existing data to AWS Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data Enable Amazon S3 object lock and enable Amazon S3 server access logging

Answer: B

NEW QUESTION 22
A company's web application is using multiple Linux Amazon EC2 instances and storing data on Amazon EBS volumes. The company is looking for a solution to increase the resiliency of the application in case of a failure and to provide storage that complies with atomicity, consistency, isolation, and durability (ACID).
What should a solutions architect do to meet these requirements?

• A. Launch the application on EC2 instances in each Availability Zon
• B. Attach EBS volumes to each EC2 instance.
• C. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones Mount an instance store on each EC2 instance
• D. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones.Store data on Amazon EFS and mount a target on each instance.
• E. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)

Answer: C

NEW QUESTION 23
......