QUESTION: 1

A client is migrating a legacy web application to the AWS Cloud. The current system
uses an Oracle database as a relational database management system solution. Backups
occur every night, and the data is stored on-premises. The Solutions Architect must automate
the backups and identity a storage solution while keeping costs low.
Which AWS service will meet these requirements?

A. Amazon RDS

QUESTION: 2

An application hosted on AWS uses object storage for storing internal reports that are
accessed daily by the CFO. Currently, these reports are publicly available. How shouldA
Solutions Architect re-design this architecture to prevent unauthorized access to these
reports?

C. Specify the use of AWS KMS server-side encryption at the time of an object creation on
Amazon S3.

QUESTION: 3

A Solution Architect is creating a multi-tiered architecture forAn application that

includes a public-facing web tier. Security requirement state that the Amazon EC2 instance
running in the application tier must not be accessible directly from the internet.
What should be done to accomplish this?

A. create a multi-VPC peering mesh with network access rules limiting Communications to
specific ports implements an internet gateway on each VCP for external communication.

QUESTION: 4
A company expects its user base to increase five times over one year. Its application is
hosted in one region and uses an Amazon RDS MySQL database, an ELB Application
Load Balancer, and Amazon ECS to host the website and its microservices. Which design
changes shouldA Solutions Architect recommend to support the expected growth?
(Choose two.)

A. Move static files from ECS to Amazon S3

E. Create RDS read replicas and change the application to use these

replicas QUESTION: 5

A company needs to quickly ensure that all files created in an Amazon S3 bucket in us-
east-1 are also available in another bucket in ap-southeast-2. Which option represents the
SIMPLIEST way to implement this design?
D. Enable versioning and configure cross-region replication from the bucket in us-east- 1 to
the bucket in ap-southeast-2.

QUESTION: 7

A web application is running on Amazon EC2 instances behind an Elastic Load

Balancing Application Load Balancer (ALB). The EC2 instances should receive no
traffic, except for web requests to the application.
Based on these requirements, what security group rules should be put on the Amazon EC2
instances?

A. An inbound rule allowing traffic from the security group attached to

the ALB QUESTION: 8

A Solutions Architect is reviewingAn application that writes data to an Amazon DynamoDB

table on a daily basis. Random table reads occur many times per second. The company
needs to allow thousands of low-latency reads and avoid any negative impact to the rest
of the application What should the Solutions Architect do to meets the company's goals?

A. Use DynamoDB Accelerator to cache

reads QUESTION: 9

As part of a migration strategy,A Solutions Architect needs to analyze workloads that can
be optimized for performance and cost. The Solutions Architect has identified a stateless
application that serves static content as a potential candidate to move to the cloud. The
Solutions Architect has the flexibility to choose an identity solution between Facebook,
Twitter, and Amazon.
Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead
for this migration?

C. Use Amazon Cognito for managing identities, and migrate the application to run on
Amazon S3, Amazon API Gateway, and AWS Lambda.

QUESTION: 10

A Solutions Architect is designing a shared file system for a company. Multiple users will
be
accessing it at any given time. Different teams will have their own directories, and the
company wants to secure files so that users can access only files owned by their team.
How should the Solutions Architect design this?

A. Use Amazon EFS and control permissions by using file-level permissions.

QUESTION: 11

A company has a legacy application using a proprietary file system and plans to migrate the
application to AWS.
Which storage service should the company use?

C. Amazon EBS
QUESTION: 12

A website keeps a record of user actions using a globally unique identifier (GUID) retrieve
from Amazon Aurora in place of the user name within the audit record security protocols
state that the GUID state that the GUID content must not leave the company's VPN. As the
web traffic has increase, the number of web servers and azure read replicas has also
increased to keep up with the user record for the GUID.
What should be done to reduce the number of read replicas required while improving
performance?

B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user
name and GUID there Retrieve the GUID from ElastiCache when required

QUESTION: 13
A Solutions Architect is designing the architecture for a new three-tier web-based ecommerce
site that must be available 24/7. Requests are expected to range from 100 to 10,000
each minute. Usage can vary depending on time of day, holidays, and promotions. The
design should be able to handle these volumes, with the ability to handle higher volumes
if necessary. How should the Architect design the architecture to ensure the web tier is
cost-optimized and can handle the expected traffic? (Select two.)

A. Launch Amazon EC2 instances in an Auto Scaling group behind an ELB.

C. Create an CloudFront distribution pointing to static content in Amazon S3.

QUESTION: 14

A Solutions Architect is designing a new application that needs to access data in a

different AWS account located within the same region. The data must not be accessed over
the Internet. Which solution will meet these requirements with the LOWEST cost?

B.Establish a VPC Peering connection between accounts.

QUESTION: 15

A gaming application is heavily dependent on caching and uses Amazon ElastiCache for
Redis. The application performance was recently degraded due to failure of the cache
node. What shouldA Solutions Architect recommend to minimize performance
degradation in the future?

C.Configure ElastiCache Multi-AZ with automatic failover

QUESTION: 16
A company is migrating an on-premises application to AWS. The application currently uses
their corporate message broker, passing messages between layers by using the MQTT
protocol.
Because of time and budget constraints, the company cannot rewrite the application and
cannot manage a new message broker on the EC2 instances.
Which service shouldA Solutions Architect use to allow the customer to migrate the
application to AWS?

C. Amazon MQ

QUESTION: 17

A bank is writing new software that is heavily dependent upon the database transactions
for write consistency. The application will also occasionally generate reports on data in
the database, and will do joins across multiple tables. The database must automatically scale
as the amount of data grows.
Which AWS service should be used to run the database?

B. Amazon Aurora

QUESTION: 18

A company is implementing a data lake solution on Amazon S3. Its security policy
mandates that the data stored in Amazon S3 should be encrypted at rest.
Which options can achieve this? (Select TWO.)

B. Use S3 server-side encryption with customer-provided keys (SSE-C).

D. Use client-side encryption before ingesting the data to Amazon S3 using encryption
keys.

QUESTION: 19

A Solutions architect designed a system based on amazon kinesis data streams. After
the workflow was put into production, the company noticed it performed slowly and
identified kinesis data streams as the problem.
One of the streams has a total of 10 Mb's throughput? What should the solutions
architect recommend to improve performance?

D. Run the update shardCount command to increase the number of shards in the
stream.

QUESTION: 20

A company is launchingAn application that it expects to be very popular. The company needs
a database that can scale with the rest of the application. The schema will change frequently.
The
application cannot afford any downtime for database changes. Which AWS service allows the
company to achieve these objectives?

B. Amazon DynamoDB

QUESTION: 21

A company is developingAn application to deliver dynamic content to users the globe. The
content should to customize according to a user's device and be delivered with very low
latency.
Which service should be used?

D. Lamba@Edge

QUESTION: 22

A Solutions Architect is building a new feature using Lambda to create metadata when a user
uploads a picture to Amazon S3. All metadata must be indexed. Which AWS service should
the architect use to store this metadata?

B.Amazon DynamoDB

QUESTION: 23

A social networking portal experiences latency and throughput issues due to an

increased number of users.Application servers use very large datasets from an Amazon
RDS database, which creates a performance bottleneck on the database.
Which AWS service should be used to improve performance?

C.Amazon ElastiCache

QUESTION: 24

A Solutions Architect has designed a VPC that meets all necessary security requirements
for their organization. Any applications deployed in the organization must use this VPC
design. How can project teams deploy, manage, and delete VPCs that meet this design
with the LEAST administrative effort?

A. DeployAn AWS CloudFormation template that defines components of the VPC.

QUESTION: 25

A credit card processing application, hosted on an on-premises server, needs to

communicate
directly with a database hosted on an Amazon EC2 instance running in a private subnet
of a VPC. Compliance requirements state that end-to-end communication should be
encrypted. Which solution will ensure that this requirement is met?

C. Use HTTPS for traffic over a VPN connection between the VPC and the onpremises
datacenter.

QUESTION: 26

A Solutions Architect needs to design an architecture for a new, mission-critical batch

processing billing application. The application is required to run Monday, Wednesday, and
Friday from 5 AM to 11 AM.
Which is the MOST cost-effective Amazon EC2 pricing model?

C. Scheduled Reserved

Instances QUESTION: 27

A Solutions Architect is designing a solution to monitor weather changes by the minute.

The frontend application is hosted on Amazon EC2 instances. The backend must be scalable
to a virtually unlimited size, and data retrieval must occur with minimal latency. Which AWS
service should the Architect use to store the data and achieve these requirements?

B.Amazon DynamoDB

QUESTION: 28

A company’s policy requires that all data stored in Amazon S3 is encrypted. The
company wants to use the option with the least overhead and does not want to
manage any encryption keys. Which of the following options will meet the company's
requirements?

C.Server Side Encryption (SSE-S3)

QUESTION: 29

A company is running its application in a single region on Amazon EC2 with Amazon EBS
and Amazon S3 part of the storage design.
What should be done to reduce data transfer costs?

C. Create an Amazon CloudFront distribution with Amazon S3 as the

origin QUESTION: 30
A Security team reviewed their company's VPC Flow Logs and found that traffic is
being directed to the internet. The application in the VPC uses Amazon EC2 instances for
compute and Amazon S3 for storage. The company's goal is to eliminate internet access
and allow the application to continue to function.
What change should be made in the VPC before updating the route table?

B. Create a VPC endpoint for Amazon S3

access QUESTION: 31

A company runs a legacy application with a single-tier architecture on an Amazon EC2

instance. Disk I/O is low, with occasional small spikes during business hours. The company
requires the instance to be stopped from 8 PM to 8 AM daily.
Which storage option is MOST appropriate for this workload?

B. Amazon EBS General Purpose SSD (gp2) storage

QUESTION: 32

A company is designing a failover strategy in Amazon Route 53 for its resources between
two AWS Regions. The company must have the ability to route a user's traffic to the
region with least latency, and if both regions are healthy, Route 53 should route traffic
to resources in both regions. Which strategy should the Solutions Architect
recommend?

B. Configure active-passive failover using Route 53 latency DNS records.

QUESTION: 33

An application uses an Amazon SQS queue as a transport mechanism to deliver data

to a group of EC2 instances for processing. The application owner wants to add a
mechanism to archive the incoming data without modifying application code on the EC2
instances. How can this application be re-architected to archive the data without
modifying the processing instances?

B.Use an Amazon SNS topic to fan out the data to the SQS queue in addition to a
Lambda function that records the data to an S3 bucket.

QUESTION: 34

A Solutions Architect is designing the architecture forA web application that will be hosted on
AWS. Internet users will access the application using HTTP and HTTPS. How should the
Architect design the traffic control requirements?
C.Allow inbound ports for HTTP and HI IPS in the security group used by the web
servers

QUESTION: 35

A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto

Scaling group behind an ELB. The support team has the following operational
requirements:
1 They get an alert when the requests per second go over
50,000 2 They get an alert when latency goes over 5
seconds
3 They can validate how many times a day users call the API requesting highly-sensitive data
Which combination of steps does the Architect need to take to satisfy these operational
requirements? (Select two.)

B. Create a custom CloudWatch metric to monitor the API for data access.

D. Ensure that detailed monitoring for the EC2 instances is enabled.

QUESTION: 36

A Solutions Architect has been given the following requirements forA company’s
VPC: 1 The solution is a two-tiered application withA web tier and a database
tier.
2 All web traffic to the environment must be directed from the Internet toAn application
Load Balancer.
3 The web servers and the databases should not obtain public IP addresses or be
directly accessible from the public Internet.
4 Because of security requirements, databases may not share a route table or subnet with
any other service.
5 The environment must be highly available within the same VPC for all services.
What is the minimum number of subnets that the Solutions Architect will need based on these
requirements and best practices?

C. 4

QUESTION: 37

An organization uses Amazon S3 to store video content served via its website. It only has
rights to deliver this content to users within its own country and needs to restrict access.
How can the organization ensure that these files are only accessible from within its
country?

B. Use Amazon CloudFront and Geo Restriction to allow access only to users inside the
organization's country

QUESTION: 38
A Solutions Architect is designingA web application that will be hosted on Amazon
EC2 instances in a public subnet. The web application uses a MySQL database in a private
subnet. The database should be accessible to database administrators. Which of the
following options should the Architect recommend? (Choose two.)

A. Create a bastion host in a public subnet, and use the bastion host to
connect to the database.

D. Create an IPSec VPN tunnel between the customer site and the VPC, and use the
VPN tunnel to connect to the database.

QUESTION: 39

A customer is looking for a storage archival solution for 1,000 TB of data. The customer
requires that the solution be durable and data be available within a few hours of
requesting it, but not exceeding a day. The solution should be as cost-effective as
possible. To meet security compliance policies, data must be encrypted at rest. The
customer expects they will need to fetch the data two times in a year.
Which storage solution shouldA Solutions Architect recommend to meet these requirements?

D. Copy data to Amazon S3 with server-side encryption. Configure lifecycle management

policies to move data to Amazon Glacier after 0 days.

QUESTION: 40

A client reports that they want see an audit log of any changes made to AWS resources in
their account. What can the client do to achieve this?

B. Enable AWS CloudTrail logs to be delivered to an Amazon S3

bucket QUESTION: 41

A Solutions Architect is designing a solution that will include a database in Amazon

RDS. Corporate security policy mandates that the database, its logs, and its backups
are all encrypted. Which is the MOST efficient option to fulfill the security policy using
Amazon RDS?

A. Launch an Amazon RDS instance with encryption enabled. Enable encryption for logs and
backups.

QUESTION: 42
Two Auto Scaling applications, Application A and Application B, currently run within a
shared set of subnets. A Solutions Architect wants to make sure that Application A can
make requests to Application B, but Application B should be denied from making
requests to Application Which is the SIMPLEST solution to achieve this policy?

A. Using security groups that reference the security groups of the other

application QUESTION: 43

A Solutions Architect needs to use AWS to implement pilot light disaster recovery for a
three- tier web application hosted in an on-premises datacenter. Which solution allows rapid
provision of working, fully-scaled production environment?

B.Continuously replicate the production database server to Amazon RDS. Create one
application load balancer and register on-premises servers. Configure ELB Application Load
Balancer to automatically deploy Amazon EC2 instances for application and additional
servers if the on-premises application is down.

QUESTION: 44

Application servers currently deployed in a private subnet require the ability to

integrate with a third-party service accessible through the Internet. Which changes are
required to provide outbound Internet connectivity in the VPC without providing inbound
Internet connectivity to the application servers?

B. Create a NAT Gateway and attach an Internet Gateway to the

VPC. QUESTION: 45

An application stores data in an Amazon RDS MySQL DB instance. The database traffic
primarily consists of read queries, which are overwhelming the current database.A Solutions
Architect wants to scale the database.
What combination of steps will achieve the goal? (Choose two.)

B. Migrate the MySQL database to Amazon Aurora

D. Create read replicas in different Availability Zones

QUESTION: 46

A Solutions Architect is creatingAn application running in an Amazon VPC that needs to

access AWS Systems Manager Parameter Store. Network security rules prohibit any route
table entry with a 0.0.0.0/0 destination.
What infrastructure addition will allow access to the AWS service while meeting the
requirements?

D. AWS

PrivateLink

QUESTION: 47

A company wants to migrateA three-tier web application to AWS. The company wants to
control the placement of the instances and have visibility into underlying sockets and cores
for licensing purposes.
Which compute model shouldA Solutions Architect choose to accomplish this task?

C.EC2 Dedicated

Hosts QUESTION: 48

A company wants to expand its web services from us-east-1 into ap-southeast-1. The
company stores a large amount of static content on its website, and recently received
complaints about slow loading speeds and the website timing out. What should be done
to meet the expansion goal while also addressing the latency and timeout issues?

D. Use Amazon S3 to store the static content and configure an Amazon CloudFront
distribution.

QUESTION: 49

Which tool analyzes account resources and provides a detailed inventory of changes over
time?

A. AWS Config

QUESTION: 50

A manufacturing company captures data from machines running at customer sites. Currently,
thousands of machines send data every 5 minutes, and this is expected to grow to hundreds
of thousands of machines in the near future. The data is logged with the intent to be
analyzed in the future as needed.
What is the SIMPLEST method to store this streaming data at scale?

A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.

QUESTION: 51

A Solutions architect needs to convert potential single points of failure to a highly-available

configuration. The currently architecture contains amazon EC2 instances with databases
running in one availability zone.
Web-tier resources have not been given public addresses, but still require internet access.
Which solution should the architect use to maintain high availability?

C.Use ELB Classic Load Balancer with the database tier Deploy Amazon EC2 instances
in two Availability Zones and enable Multi-AZ RDS Deploy NAT gateways in both
Availability Zones

QUESTION: 52

A user is designing a new service that receives location updates from 3,600 rental cars
every hour. The cars upload their location to an Amazon S3 bucket. Each location must
be checked for distance from the original rental location.
Which services will process the updates and automatically scale?

D. Amazon S3 events and AWS

Lambda QUESTION: 53

A company has many applications on Amazon EC2 instances running in Auto Scaling
groups. Company policies require that data on the attached Amazon EBS volume must
be retained. Which actions will meet this requirement without impacting
performance?

B. Disable DeleteOnTermination for the Amazon EBS volumes.

QUESTION: 54

A Solution Architect has a two-tier application with a single Amazon EC2 instance web
server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-
architecting the application for high availability by adding instances in a second
Availability Zone. Which additional services will improve the availability of the
application? (Choose two.)

A. Auto Scaling group

C. ELB Classic Load Balancer

QUESTION: 55

A Solutions Architect is designing a log-processing solution that requires storage that

supports up to 500 MB/s throughput. The data is sequentially accessed by an Amazon EC2
instance.
Which Amazon storage type satisfies these requirements?

C. EBS Throughput Optimized HDD (st1)

QUESTION: 56
A company plans to use AWS for all new batch processing workloads. The company's
developers use Docker containers for the new batch processing. The system design
must accommodate critical and non-critical batch processing workloads 24/7. How shouldA
Solutions Architect design this architecture in a cost-efficient manner?

C. Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one
with Spot Instances.

QUESTION: 57

A company is launching a dynamic website, and the Operations team expects up to 10

times the traffic on the launch date. This website is hosted on Amazon EC2 instances and
traffic is distributed by Amazon Route 53.
A Solutions Architect must ensure that there is enough backend capacity to meet user
demands. The Operations team wants to scale down as quickly as possible after the
launch. What is the MOST cost-effective and fault-tolerant solution that will meet the
company's customer demands? (Choose two.)

A. Set upAn application Load Balancer to distribute traffic to multiple EC2 instances

B.Set up an Auto Scaling group across multiple Availability Zones for the website, and
create scale- out and scale-in policies

QUESTION: 58
A Solutions Architect is designing a disaster recovery (DR) environment in a separate
AWS region from an application's primary workload. The application uses a multi-tier
architecture, and only the RDS instance will have frequent changes. The application
installation process takes 60 minutes on average. The disaster recovery plan must have an
RPO of less than 90 minutes and an RTO of less than 30 minutes.
Which of the following would enable the Solutions Architect to meet these requirements?
(Select TWO.)
C.A cross-region Amazon EC2 Amazon Machine Image (AMI) copy
E. Amazon Cloud Watch Events in the primary region that trigger the failover to the DR
region

QUESTION: 59
A web application running on Amazon EC2 instances writes data synchronously to an
Amazon DynamoDB table configured for 60 write capacity units. During normal
operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s
during peak hours. The application is currently throttling errors from the DynamoDB table
during peak hours. What is the MOST cost-efficient change to support the increased traffic
with minimal changes to the application?
D. Configure Amazon DynamoDB Auto Scaling to handle the extra demand.
 QUESTION: 60

A company hasA web application running in a Docker container that connects to a

MySQL server in an on-premises data center. The deployment and maintenance of this
application are becoming time-consuming and slowing down new feature releases. The
company wants to migrate the application to AWS and use services that helps facilitate
infrastructure management
and deployment.
Which architectures should the company consider on AWS? (Choose two.)

A. Amazon ECS for the web application, and an Amazon RDS for MySQL for the
database.

C.AWS Elastic Beanstalk Docker Single Container for the web application, and an
Amazon RDS for MySQL for the database.

QUESTION: 61

A to use an Amazon VPC to deployA web application consisting of an elastic

load balancer, a fleet of web and application servers, and an Amazon RDS MySQL
database that should not be accessible from the Internet. The proposed design must be
highly available and distributed over two Availability Zones.
What would be the MOST appropriate VPC design for this specific use case?

D. Two public subnets for the elastic load balancer, two private subnets for the web
servers, and two private subnets for RDS.

QUESTION: 62

An application runs on EC2 instances behind an Elastic Load Balancing Application

Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability
Zones. The application provides a RESTful interface with both synchronous and
asynchronous operations. The asynchronous operations require up to 5 minutes to
complete. Although the application must remain available at all times, after business
hours, the traffic going to the application is greatly reduced and often results in the Auto
Scaling group running the minimum number of On-Demand Instances. What should the
Solutions Architect recommend to optimize the cost of the environment after business
hours?
C. Purchase Reserved Instances for the minimum number of Auto Scaling instances.

QUESTION: 63

A Solutions Architect has been asked to deliver video content stored on Amazon S3 to
specific users from Amazon CloudFront while restricting access by unauthorized users. How
can the
Architect implement a solution to meet these requirements?

B. Store the videos as private objects in Amazon S3, and let CloudFront serve the objects
by using only Origin Access Identity (OAI).

QUESTION: 64

A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely

What is the MOST cost-effective way to store the data in AWS?
D. Amazon Glacier

QUESTION: 65

A development team is buildingAn application with front-end and backend application tiers.
Each tier consists of Amazon EC2 instances behind an ELB Classic Load Balancer.
The instances run in Auto Scaling groups across multiple Availability Zones. The network
team has allocated the 10.0.0.0/24 address space for this application. Only the front-end
load balancer should be exposed to the Internet. There are concerns about the limited
size of the address space and the ability of each tier to scale.
What should the VPC subnet design be in each Availability Zone?
C. One public subnet for the load balancer tier and one shared private subnet
for the application tiers.

QUESTION: 66
A Solutions Architect is trying to bring a data warehouse workload to an Amazon EC2
instance. The data will reside in Amazon EBS volumes and full table scans will be executed
frequently.
What type of Amazon EBS volume would be most suitable in this scenario?
A. Throughput Optimized HDD (st1)

QUESTION: 67
A company plans to deploy a new application in AWS that reads and writes
information to a database. The company wants to deploy the application in two different
AWS Regions in an active- active configuration. The databases need to replicate to
keep information in sync.
C. Amazon DynamoDB with global tables

QUESTION: 68
A company wants to migrate a highly transactional database to AWS. Requirements state
that the database has more than 6 TB of data and will grow exponentially. Which solution
shouldA Solutions Architect recommend?
A. Amazon Aurora

QUESTION: 69
A university is running an internal web application on AWS that students can access
from the university network to check their exam results. The web application runs on
Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto
Scaling is currently configured to add a new web server when CPU is greater than 80% for
5 minutes. DynamoDB is configured to increase both read and write capacity units by
five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each
Monday, and 80% of students, attempt to access their unique result within the first 30
minutes. Despite Auto Scaling being enabled, students are complaining of slow response
times and errors when they view the site. There are no performance complaints after 9:30
a.m. on Monday. Which recommendation shouldA Solutions Architect make to improve
performance in a cost- effective manner?
C. Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down
after 9:30 a.m.

QUESTION: 70
A company has a Node.js application running on Amazon EC2 that currently retrieves data
for customers from a DynamoDB table. The company is seeing many repeat queries for
the same items, and the number of queries is continuing to increase as the application
gains popularity. What solution will reduce the number of read capacity units (RCUs)
required while minimizing the amount of refactoring that must be done to the
application?
C. Use Amazon DynamoDB Accelerator (DAX) to provide a caching layer

QUESTION: 71
A company is moving to AWS. Management has identified a set of approved AWS services
that meet all deployment requirements. The company would like to restrict access to all
other unapproved services to which employees would have access. Which solution
meets these requirements with the LEAST amount of operational overhead?
C.Configure AWS Organizations. Create an organizational unit (OU) and place all
AWS accounts into the OU. Apply a service control policy (SCP) to the OU that denies
the use of certain services.

QUESTION: 72
A company is setting up a new website for online sales. The company will haveA web tier and
a database tier. The web tier consists of load-balanced, auto-scaled Amazon EC2 instances
in multiple Availability Zones (AZs). The database tier is an Amazon RDS Multi-AZ
deployment.
The EC2 instances must connect securely to the
database. How should the resources be launched?
D. EC2 instances: private subnet
RDS database instances: private subnet
Load balancer: public subnet
QUESTION: 73
A company is developing a new stateless web service with low memory requirements.
The service needs to scale based on demand.
What is the MOST cost-effective solution?
D. Deploy the application onto a container with an Amazon ECS EC2 launch type

QUESTION: 74
A Solutions Architect is designingA three-tier web application that will allow customers
to upload pictures fromA mobile application. The application will then generate a thumbnail
of the picture and return a message to the user confirming that the image was successfully
uploaded. Generation of the thumbnail may take up to 5 seconds. To provide a sub second
response time to the customers uploading the images, the Solutions Architect wants to
separate the web tier from the application tier.
Which service would allow the presentation tier to asynchronously dispatch the request to the
application tier?
D. Amazon SQS
QUESTION: 75
A customer owns a MySQL database that is accessed by various clients who expect, at
most, 100 ms latency on requests. Once a record is stored in the database, it rarely
changed. Clients only access one record at a time. Database access has been increasing
exponentially due to increased client demand. The resultant load will soon exceed the
capacity of the most expensive hardware available for purchase. The customer wants to
migrate to AWS, and is willing to change database systems.
Which service would alleviate the database load issue and offer virtually unlimited
scalability for the future?
B. Amazon DynamoDB

QUESTION: 76
After reviewing their logs, a startup company noticed large, random spikes in traffic to their
web application. The company wants to configure a cost-efficient Auto Scaling solution to
support high availability of the web application.
Which scaling plan shouldA Solutions Architect recommend to meet the company's
needs?
A. Dynamic

QUESTION: 77
A Solutions Architect needs to build a resilient data warehouses using amazon Rehshift. The
architect needs to rebuild the Redshift cluster in another region. Which approach can
architect take to address this requirement?
B.Modify the Redshift cluster to take snapshots of the Amazon EBS volumes each day
sharing those snapshots with the other region

QUESTION: 78
A company wants to analyze all of its sales information aggregated over the last 12
months. The company expects there to be over 10TB of data from multiple sources.
What service should be used?
D. Amazon Redshift

QUESTION: 79
An organization regularly backs up their application data. The application backups are
required to be stored on Amazon S3 for a certain amount of time. The backups should
be accessed instantly in the event of a disaster recovery.
Which of the following Amazon S3 storage classes would be the MOST cost-effective option
to meet the needs of this scenario?
B. Standard Storage Class
QUESTION: 80
An e-commerce application is hosted in AWS. The last time a new product was launched, the
application experienced a performance issue due to an enormous spike in traffic.
Management decided that capacity must be doubled the week after the product is
launched. Which is the MOST efficient way for management to ensure that capacity
requirements are met?
B. Add a Dynamic Scaling policy.

QUESTION: 81
A user is testing a new service that receives location updates from 3,600 rental cars every
hour.
Which service will collect data and automatically scale to accommodate production workload?
B. Amazon Kinesis Firehose

QUESTION: 82
A company needs to capture all client connection information from its Application Load
Balancer every five minutes. This data will be used to analyze traffic patterns and
troubleshoot the application.
How canA Solutions Architect meet this requirement?
B. Enable Access Logs on the Application Load Balancer.

QUESTION: 83
A company is writing a new service running on Amazon EC2 that must create thumbnail
images of thousands of images in a large archive. The system will write scratch data to
storage during the process.
Which storage service is best suited for this scenario?
A. EC2 instance store

QUESTION: 84
A Solution Architect is designingA three-tier web application. The Architect wants to
restrict access to the database tier to accept traffic from theApplication servers only.
However, theseApplication servers are in an Auto Scaling group and may vary in quantity.
How should the Architect configure the database servers to meet the requirements?
B.Configure the database security group to allow database traffic from the application
server security group.

QUESTION: 85
A team has An application that detects new objects being uploaded into an Amazon S3
bucket. The uploads trigger a Lambda function to write object metadata into an Amazon
DynamoDB table and RDS PostgreSQL database.
Which action should the team take to ensure high availability?
C.Enable multi-AZ on the RDS PostgreSQL database.
QUESTION: 86
A Solutions Architect is buildingAn online shopping application where users will be able
to browse items, add items to a cart, and purchase the items. Images of items will
be stored in Amazon S3 buckets organized by item category. When an item is no
longer available for purchase, the item image will be deleted from the S3 bucket.
Occasionally, during testing, item images deleted from the S3 bucket are still visible to some
users.
What is a flaw in this design approach?
B. Amazon S3 DELETE requests are eventually consistent, which may cause other
users to view items that have already been purchased

QUESTION: 87
Which Service would you alleviate the database load issue and offer virtually unlimited
scalability for the future?
B. Amazon DynamoDB

QUESTION: 88
A Solutions Architect must create a solution whereby user access to multiple Amazon Aurora
MySQL databases is securely managed with short-lived connection credentials. How can the
Solutions Architect meet these requirements?
D. Use AWS KMS to securely save the connection secrets, and use the secrets while
connecting.

QUESTION: 89
A Solutions Architect is designing a stateful web application that will run for one year
(24/7) and then be decommissioned. Load on this platform will be constant, using a
number of r4.8xlarge instances. Key drivers for this system include high availability, but
elasticity is not required.
What is the MOST cost-effective way to purchase compute for this platform?
C. Standard Reserved Instances

QUESTION: 90
A Solutions Architect is designingAn application that will run on Amazon ECS
behindAn application Load Balancer (ALB). For security reasons, the Amazon EC2 host
instances for the ECS cluster are in a private subnet.
What should be done to ensure that the incoming traffic to the host instances is from the
ALB only?
C. Modify the security group used by the EC2 cluster to allow incoming traffic from the
security group used by the ALB only.

QUESTION: 91
A Solutions Architect is designing an Amazon VPC. Applications in the VPC must have
private connectivity to Amazon DynamoDB in the sameAWS Region.
The design should route DynamoDB traffic through:
A. VPC peering connection.
QUESTION: 92
What conditions could cause a Multi-AZ Amazon RDS failover to occur? (Choose two.)
C. An Availability Zone becomes unavailable
E. A failure of the primary database instance

QUESTION: 93
An application provides a feature that allows users to securely download private and personal
files. The web server is currently overwhelmed with serving files for download.A
Solutions architect must find a more effective solution to reduce web server load and
costs and must allow users to download only their own files.
Which solution meets all requirements?
A. Store the files security on Amazon S3 and have the application generation on
Amazon S3 pre- signed URL for the user to download.

QUESTION: 94
A company is building a critical ingestion service on AWS that will receive 1,000
incoming events per second. The events must be processed in order, and no events may be
lost. Multiple applications will need to process each event. The company will expose the
service as RESTful calls through an API Gateway.
What shouldA Solutions Architect use to receive the events based on these
requirements?
A. Amazon Kinesis Data Stream

QUESTION: 95
A three-tier application is being created to host small news articles. The application is
expected to serve millions of users. When breaking news occurs, the site must handle very
large spikes in traffic without significantly impacting database performance. Which
design meets these requirements while minimizing costs?
D. Use Amazon DynamoDB Accelerator (DAX) to cache read operations to the database

QUESTION: 96
A client has set up an Auto Scaling group associated with a load balancer. The client
has noticed that instances launched by the Auto Scaling group are reported unhealthy as
the result of an Elastic Load Balancing (ELB) health check, but these unhealthy instances
are not being terminated. What canA Solutions Architect do to ensure that the instances
marked unhealthy will be terminated and replaced?
C. Change the health check type to ELB for the Auto Scaling group.

QUESTION: 97
A photo-sharing website running on AWS allows users to generate thumbnail images of
photos stored in Amazon S3. An Amazon DynamoDB table maintains the locations of
photos, and thumbnails are easily re-created from the originals if they are accidentally
deleted. How should the thumbnail images be stored to ensure the LOWEST cost?
B. Amazon S3
QUESTION: 98
An application runs on Amazon EC2 instances in multiple Availability Zones (AZs) behindAn
application Load Balancer. The load balancer is in public subnets; the EC2 instances are in
private subnets and must not be accessible from the internet. The EC2 instances must
call external services on the internet. If one AZ becomes unavailable, the remaining EC2
instances must still be able to call the external services.
How should these requirements be met?
D. Create a NAT gateway in each AZ. Update the route tables for each private subnet to
direct internet-bound traffic to the NAT gateway.

QUESTION: 99
A company is deploying a reporting application on Amazon EC2. The application is
expected to generate 1,000 documents every hour and each document will be 800 MB.
The company is concerned about strong data consistency and file locking, as various
applications hosted on other EC2 instances will process the report documents in parallel
when they become available. What storage solution will meet these requirements with the
LEAST amount of administrative overhead?
A. Amazon EFS

QUESTION: 100
A Solutions Architect is designingA customer order processing application that will likely have
high usage spikes. What should the Architect do to ensure that customer orders are not
lost before being written toan Amazon RDS database? (Choose two.)
C.Have the orders written into an Amazon SQS queue.
D. Scale the number of processing nodes based on pending order volume.

QUESTION: 101
As part of securing an API layer built on Amazon API gateway,A Solutions Architect has
to authorize users who are currently authenticated by an existing identity provider. The
users must be denied access for a period of one hour after three unsuccessful attempts. How
can the Solutions Architect meet these requirements?
B. Use an API Gateway custom authorizer to invokeAn AWS Lambda function to validate
each user's identity.

QUESTION: 102
An application running on Amazon EC2 has been experiencing performance issues when
accessing an Amazon RDS for Oracle database. The database has been provisioned correctly
for average workloads, but there are several usage spikes each day that have saturated
the database, causing the application to time out. The application is write-heavy,
updating information more often than reading information.A Solutions Architect has
been asked to reviewthe application design. What should the Solutions Architect
recommend to improve performance?
D. Change the Amazon RDS instance storage type from General Purpose SSD to
provisioned IOPS SSD.
QUESTION: 103
An interactive, dynamic website runs on Amazon EC2 instances in a single subnet behind
an ELB Classic Load Balancer.
Which design changes will make the site more highly available?
A. Move some Amazon EC2 instances to a subnet in a different way.

QUESTION: 104
A company has askedA Solutions Architect to ensure that data is protected during data
transfer to and from Amazon S3.
Use of which service will protect the data in transit?
B.HTTPS

QUESTION: 105
A Solutions Architect must migrate a monolithic on-premises application to AWS. It isA web
application with a load balancer, web server, application server, and relational database.
The key requirement driving the migration is that the application should perform better
and be more elastic. Which of the following architectures would meet these
requirements?
C.Re-platform the application asA three-tier application. Use Elastic Load Balancing for
incoming requests. Use EC2 for web and application tiers. Use RDS at the database
tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier.

QUESTION: 106
A customer has a legacy application with a large amount of data. The files accessed by
the application are approximately 10 GB each, but are rarely accessed. However, when
files are accessed, they are retrieved sequentially. The customer is migrating the application
to AWS and would like to use Amazon EC2 and Amazon EBS.
What is the LEAST expensive EBS volume type for this use case?
A. Cold HDD (sc1)

QUESTION: 107
A prediction process requires access to a trained model that is stored in an Amazon S3
bucket. The process takes a few seconds to process an image and make a prediction. The
process is not overly resource-intensive, does not require any specialized hardware, and
takes less than 512 MB of memory to run.
What would be the MOST effective compute solution for this use case?
C. AWS Lambda functions

QUESTION: 108
A company is launching a new static website on Amazon S3 and Amazon CloudFront. The
company wants to ensure that all request go thought only Cloud front.
How CanA Solution Architect meet this requirement?
C.Create Cloud Front origin access identity (OAI), then update the S3 bucket policy to allow
the OAI read access.
QUESTION: 109
A company has a legal requirement to store point-in-time copies of its Amazon RDS
PostGreSQL database instance in facilities that are at least 200 miles apart. Use of which of
the following provides the easiest way to comply with this requirement?
D. Cross-region snapshot copy

QUESTION: 110
A company hostsA website on premises. The website has a mix of static and dynamic
content, but users experience latency when loading static files.
Which AWS service can help reduce latency?
A. Amazon CloudFront with on-premises servers as the origin

QUESTION: 111
A mobile application serves scientific articles from individual files in an Amazon S3 bucket.
Articles older than 30 days are rarely read. Articles older than 60 days no longer need to be
available through the application, but the application owner would like to keep them for
historical purposes. Which cost-effective solution BEST meets these requirements?
C. Create lifecycle rules to move files older than 30 days to Amazon S3 Standard Infrequent
Access and move files older than 60 days to Amazon Glacier.

QUESTION: 112
An insurance company stores all documents related to annual policies for the duration of
the policies. The documents are created once and then stored until they are required,
typically at the end of the policy. A document must be capable of being retrieved
immediately. The company is now
Which service shouldA Solutions Architect recommend as a cost-effective solution that
meets the company's requirements?
B. Amazon S3 Standard-Infrequent Access

QUESTION: 113
A Solutions Architect plans to migrate NAT instances to NAT gateway. The Architect has NAT
instances with scripts to manage high availability.
What is the MOST efficient method to achieve similar high availability with NAT
gateway?
B.Launch a NAT gateway in each Availability Zone.

QUESTION: 114
A Solutions Architect needs to design a solution that will allow Website Developers to deploy
static web content without managing server infrastructure. All web content must be accessed
over HTTPS with a custom domain name. The solution should be scalable as the
company continues to grow.
Which of the following will provide the MOST cost-effective solution?
C.Amazon CloudFront with an Amazon S3 bucket origin
QUESTION: 115
A Solutions Architect must design an Amazon DynamoDB table to store data about
customer activities. The data is used to analyze recent customer behavior, so data
that is less than a week old is heavily accessed and older data is accessed infrequently.
Data that is more than one month old never needs to be referenced by the application,
but needs to be archived for year-end analytics.
What is the MOST cost-efficient way to meet these requirements? (Choose two.)
C. Create separate tables for each week's data with higher throughput for the current
week.
E. Export the old table data from DynamoDB to Amazon S3 using AWS Data Pipeline, and
delete the old table.

QUESTION: 116
Developers are creating a new online transaction processing (OLTP) application for a small
database that is very read-write intensive. A single table in the database is updated
continuously throughout the day, and the developers want to ensure that the database
performance is consistent. Which Amazon EBS storage option will achieve the MOST
consistent performance to help maintain application performance?
C. Provisioned IOPS SSD

QUESTION: 117
A company is looking for a fully-managed solution to store its players' state information
for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which
can scale according to the incoming traffic. The request can be routed to any of the
nodes, therefore, the state information must be stored in a centralized database. The
players' state information needs to be read with strong consistency and needs
conditional updates for any changes.
Which service would be MOST cost-effective, and scale seamlessly?
B. Amazon DynamoDB

QUESTION: 118
An online retailer has a series of flash sales occurring every Friday Sales traffic will
increase during the sales only and the platform will handle the increased load. The platform
isA three- tier application The web tier runs on Amazon EC2 instances behindAn
application Load Balancer. Amazon CloudFront is used to reduce web server load, but
many requests for dynamic content must go to the web servers. What should be done
to the web tier to reduce costs without impacting performance or reliability?
B. Purchase scheduled Reserved Instances.

QUESTION: 119
A Solutions Architect is designing a high-performance computing job that runs on Amazon
EC2 instances in private subnets. To allow the application to download patches, the
infrastructure must be altered to allow the instances to access external endpoints. Any
changes to the infrastructure must involve minimal ongoing systems management effort.
What will allow the EC2 instances to access the endpoint while meeting these
requirements?
A. NAT gateway
QUESTION: 120
When designing an Amazon SQS message-processing solution, messages in the queue
must be processed before the maximum retention time has elapsed. Which actions will
meet this requirement? (Choose two.)
C.Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based
on the queue length
D. Increase the SQS queue attribute for the message retention period

QUESTION: 121
A company hasAn application that accesses a MySQL database installed on a single
EC2 instance. The instance recently experienced a fault and brought down the entire
application for several hours. The company wants to address the issue but is concerned
about spending too much time modifying application code or managing the legacy
application. What should the Solutions Architect recommend to remove this single point of
failure with the FEWEST changes to the application code and the LEAST amount of
administrative effort?
C.Migrate the database to an RDS MySQL Multi-AZ DB instance, and point
theApplication servers to the new RDS instance.

QUESTION: 122
An application produces monthly reports that must be immediately accessible for up to 7
days. After 7 days, the data can be archived. Compliance policies require that the
archived data be retrievable within 24 hours of a request.
What is the MOST cost-effective approach to satisfy the compliance requirement?
D. Store the data in Amazon S3 Standard storage with a lifecycle rule to transition the
data to the GLACIER storage class after 7 days

QUESTION: 123
A company hosts a popular web application. The web application connects to a
database running in a private VPC subnet. The web servers must be accessible only to
customers on an SSL connection. The RDS MySQL database server must be accessible
only from the web servers. How should the Architect design a solution to meet the
requirements without impacting running applications?
B.Open an HTTPS port on the security group for web servers and set the source to
0.0.0.0/0. Open the MySQL port on the database security group and attach it to the
MySQL instance. Set the source to Web Server Security Group.

QUESTION: 124
A Solutions Architect is designing a new web application on Amazon EC2. The system
must make application-specific metrics, such as application security events, available to the
SysOps teams. How should the solutions Architect enable this in the design?
C.Install the Amazon CloudWatch Logs agent on the application instances. Design
the application to store events in application log files
QUESTION: 125
A website experiences unpredictable traffic. During peak traffic times, the database is unable
to keep up with the write request. Which AWS service will help decouple the web
application from the database?
A. Amazon SQS

QUESTION: 126
An application is running on Amazon EC2 instances behindAn application Load Balancer.
The instances run in an Auto Scaling group across multiple Availability Zones. Four instances
are required to handle a predictable traffic load. The Solutions Architect wants to ensure that
the operation is fault-tolerant up to the loss of one Availability Zone. Which is the MOST
cost- efficient way to meet these requirements?
A. Deploy two instances in each of three Availability Zones.

QUESTION: 127
An application is running on an Amazon EC2 instance in a private subnet. The
application needs to read and write data onto Amazon Kinesis Data Streams, and corporate
policy requires that this traffic should not go to the internet.
How can these requirements be met?
A. Configure a NAT gateway in a public subnet and route all traffic to Amazon Kinesis
through the NAT gateway.

QUESTION: 128
A Solutions Architect is designing an architecture forA mobile gaming application. The
application is expected to be very popular. The Architect needs to prevent the Amazon RDS
MySQL database from becoming a bottleneck due to frequently accessed queries.
C. ELB Classic Load Balancer in front of the web application tier

QUESTION: 129
A Solutions Architect is designing a multi-tier application consisting ofAn application Load
Balancer, an Amazon RDS database instance, and an Auto Scaling group on Amazon EC2
instances. Each tier is in a separate subnet. There are some EC2 instances in the subnet
that belong to another application. The RDS database instance should accept traffic only
from the EC2 instances in the Auto Scaling group. What should be done to meet these
requirements?
B. Configure the inbound rules on the security group associated with the RDS
database instance. Set the source to the security group associated with instances in the
Auto Scaling group.

QUESTION: 130
A company must collect temperature data from thousands of remote weather devices.
The company must also store this data in a data warehouse to run aggregations and
visualizations. Which services will meet these requirements? (Choose two.)
A. Amazon Kinesis Data Firehouse
C.Amazon Redshift
QUESTION: 131
A company is storing application data in Amazon S3 buckets across multiple AWS
regions. Company policy requires that encryption keys be generated at the company
headquarters, but the encryption keys may be stored in AWS after generation. The
Solutions Architect plans to configure cross-region replication.
Which solution will encrypt the data whole requiring the LEAST amount of operational
overhead?
D. Configure S3 buckets to use Server Side Encryptjon with AWS KMS-Managed Keys
(SSF- KMS) with imported key material in both regions

QUESTION: 132
A Solutions Architect must build a secure document -storage platform that allows clients to
access data stored on Amazon S3. Documents must be readily available for the first 15
days. After that, documents need not be readily available, and storage costs should be
reduced as much as possible.
Which of the following approaches will satisfy these requirements?
D. Create a lifecycle rule to transition the documents from the STANDARD storage class to
the GLACIER storage class after 15 days.

QUESTION: 133
A company is using Amazon S3 as its local repository for weekly analysis reports. One of
the company-wide requirements is to secure data at rest using encryption. The company
chose Amazon S3 server-side encryption. The company wants to know how the object is
decrypted when a GET request is issued. Which of the following answers this
question?
C. Amazon S3 manages encryption and decryption automatically.

QUESTION: 134
As part of a migration strategy,A Solutions Architect needs to analyze workloads that can
be optimized for performance and cost. The Solutions Architect has identified a stateless
application that serves static content as a potential candidate to move to the cloud. The
Solutions Architect has the flexibility to choose an identity solution between Facebook,
Twitter, and Amazon. Which AWS solution offers flexibility and ease of use, and the LEAST
operational overhead for this migration?
B. Use a third-party solution for managing identities, and migrate the application to run on
Amazon S3, EC2 Spot Instances, and Amazon EC2.

QUESTION: 136
A company hasA web application that makes requests to a backend API service. The
API service is behind an Elastic Load Balancer running on Amazon EC2 instances.
Most backend API service endpoint calls finish very quickly, but one endpoint that
makes calls to create objects in an external service takes a long time to complete
These long-running calls are
causing client timeouts and increasing overall system latency What should be done to
minimize the system throughput impact of the slow-running endpoint?
D. Use Amazon ElastiCache for Redis to cache responses from the external service
QUESTION:
137
A Solutions Architect needs to build a resilient data warehouse using Amazon Redshift. The
Architect needs to rebuild the Redshift cluster in another region. Which approach can the
Architect take to address this requirement?
A. Modify the Redshift cluster and configure cross-region snapshots to the other region.

QUESTION: 138
A company’s Amazon RDS MySQL DB instance may be rebooted for maintenance and to
apply patches. This database is critical and potential user disruption must be minimized. What
should the Solution Architect do in this scenario?
C. Set RDS MySQL to Multi-AZ.

QUESTION: 139
A company has instances in private subnets that require outbound access to the internet.
This requires:
B. Updating the route table associated with the subnet to point internet traffic through a
NAT gateway.

QUESTION: 140
A Solutions Architect is developing a new web application on AWS. The services must scale
to support an increasing load. The Architect wants to focus on software development and
deploying new features rather than provisioning or managing servers.
Which AWS service is appropriate?
B.Elastic Beanstalk

QUESTION: 141
A data-processing application runs on an i3.large EC2 instance with a single 100 GB EBS
gp2 volume. The application stores temporary data in a small database (less than 30 GB)
located on the EBS root volume. The application is struggling to process the data fast
enough, andA Solutions Architect has determined that the I/O speed of the temporary
database is the bottleneck. What is the MOST cost-efficient way to improve the database
response times?
C.Move the temporary database onto instance storage.

QUESTION: 142
A Solutions Architect is designing a solution to store a large quantity of event data in
Amazon S3. The Architect anticipates that the workload will consistently exceed 100
requests each second. What should the Architect do in Amazon S3 to optimize
performance?
A. Randomize a key name prefix.
QUESTION:
147
A company is rolling out a new web service, but is unsure how many customers the service
will attract. However, the company is unwilling to accept any downtime. What couldA
Solutions Architect recommend to the company in order to keep track of customers'
current session data?
D. Amazon DynamoDB

QUESTION: 144
A Solutions Architect is designing a photo application on AWS. Every time a user
uploads a photo to Amazon S3, the Architect must insert a new item to a DynamoDB table.
Which AWS- managed service is the BEST fit to insert the item?
B. AWS Lambda

QUESTION: 145
A Solutions Architect is building a WordPress-based web application hosted on AWS using
Amazon EC2.
This application serves as a blog for an international internet security company. The
application must be geographically redundant and scalable. It must separate the public
Amazon EC2 web servers from the private Amazon RDS database, it must be highly
available, and it must support dynamic port routing.
Which combination of AWS services or capabilities will meet these requirements?
B. Amazon Route 53, Auto Scaling withAn application Load Balancer, and Amazon
CloudFront

QUESTION: 146
A web server will be provisioned on two Amazon EC2 instances withAn application Load
Balancer.
Which of the following configurations will allow traffic on HTTP and HTTPS when configuringA
Security group to apply to each of these servers?
B. Allow incoming traffic to HTTP and HTTPS ports.

QUESTION: 147
A customer is deploying a production portal application on AWS. The database tier
has structured data. The company requires a solution that is easily manageable
and highly available.
How can these requirements be met?
B. Use Amazon RDS with a multiple Availability Zone option.

QUESTION: 148
During performance testing of an application, the Amazon RDS database caused a
performance bottleneck.
What steps can be taken to improve the database performance? (Choose two.)
B.Change the RDS database instance to multiple Availability Zones.
C.Redirect read queries to RDS read replicas.
QUESTION:
149
A retail company runs hourly flash sales and has a performance issue on its Amazon RDS
for PostgreSQL database. The Database Administrators have identified that the issue
with performance happens when finance and marketing employees refresh sales
dashboards that are used for reporting real-time sales data.
What should be done to resolve the issue without impacting performance?
A. Create a Read Replica of the RDS PostgroSQL database and point Hie dashboards
at the Read Replica

QUESTION: 150
An organization runsAn online voting system for a television program. During
broadcasts, hundreds of thousands of votes are submitted within minutes and sent to
a front-end fleet of auto- scaled Amazon EC2 instances. The EC2 instances push the
votes to an RDBMS database. The database is unable to keep up with the front-end
connection requests.
What is the MOST efficient and cost-effective way of ensuring that votes are processed in a
timely manner?
A. Each front-end node should send votes to an Amazon SQS queue. Provision worker
instances to read the SQS queue and process the message information into RDBMS
database.

QUESTION: 151
An application stores data in an Amazon RDS PostgreSQL Multi-AZ database instance.
The ratio of read requests to write requests is about 2 to 1. Recent increases in traffic are
causing very high latency.
How can this problem be corrected?
C. Create a read replica and send half of all traffic to it.

QUESTION: 152
A company’s new web application running on Amazon EC2 across multiple Availability Zones
(AZs) will be heavily accessed during regular business hours After business hours, usage will
be minimal. What fleet-scaling approach should be used to size the EC2 fleet to handle
the
traffic demands?
C. Scheduled scaling

QUESTION: 153
A Solutions Architect is designing a new application that will be hosted on EC2 instances.
This application has the following traffic requirements:
1 Accept HTTP(80)/HTTPS(443) traffic from the Internet.
2 Accept FTP(21) traffic from the finance team servers at 10.10.2.0/24.
Which of the following AWS CloudFormation snippets correctly declares inbound security
group rules that meet the requirements and prevent unauthorized access to additional
services on the instance?
C.[{
"IpProtocol" : "tcp",
"Cidrlp" : "0.0.0.0/0""Cidrlp" : "10.10.2.0/24"
QUESTION:
159
How can a user track memory usage in an EC2 instance?
D. Place an agent on the EC2 instance to push memory usage to an Amazon
CloudWatch custom metric.

QUESTION: 155
A large media site has multiple applications in Amazon ECS.A Solutions Architect needs
to use content metadata and route traffic to specific services. What is the MOST efficient
method to perform this task?
D. Use Amazon CloudFront to manage and route traffic to the correct service.

QUESTION: 156
A Solutions Architect is deploying a new production MySQL database on AWS. It is critical
that the database is highly available.
What should the Architect do to achieve this goal with Amazon RDS?
B. Enable multi-AZ to create a standby database in a different Availability Zone.

QUESTION: 157
A Solutions Architect needs to configure scaling policies based on Amazon CloudWatch
metrics for an Auto Scaling group. The application running on the instances is memory
intensive.
How can the Architect meet this requirement?
B.Publish custom metrics to CloudWatch from the application.

QUESTION: 158
A company wants to improve the performance of their web application after receiving
customer complaints. An analysis concluded that the same complex database queries were
causing increased latency.
What shouldA Solutions Architect recommend to improve the application's performance?
C.Integrate Amazon ElastiCache into the application.

QUESTION: 159
A Solutions Architect is designingA web application that is running on an Amazon EC2
instance. The application stores data in DynamoDB. The Architect needs to secure
access to the DynamoDB table. What combination of steps does AWS recommend to
achieve secure authorization? (Select two.)
C.Create an 1AM role with permissions to write to the DynamoDB table.
D. Attach an 1AM role to the Amazon EC2 instance.

QUESTION: 160
A company hasA website running on Amazon EC2. The application DNS name points to
an Elastic IP address associated with the EC2 instance. In the event of an attack on the
website coming from a specific IP address, the company wants a way to block the offending
IP address. Which tool or service shouldA Solutions Architect recommend to block the IP
address?
B. Network ACL
QUESTION: 161
A company is storing data in an Amazon DynamoDB table and needs to take daily
backups and retain them for 6 months. How should the Solutions Architect meet these
requirements without impacting the production workload?
B.Use AWS Data Pipeline and create a scheduled job to back up the DynamoDB table
daily

QUESTION: 162
A Solutions Architect hasA three-tier web application that serves customers worldwide.
Analysis reveals that product images take more time to load than expected.
Which action will improve the image load time?
C.Use an Amazon CloudFront distribution for product images

QUESTION: 163
A Solutions Architect is designingAn application on AWS that will connect to the onpremise
data center through a VPN connection. The solution must be able to log network traffic
over the VPN. Which service logs this network traffic?
B.Amazon VPC flow logs

QUESTION: 164
An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3
buckets. Which steps canA Solutions Architect take to ensure that the calls are made without
exposing credentials?
C.Create an 1AM role granting least privilege and assign it to the Amazon EC2 instance
profile.

QUESTION: 165
A Solutions Architect is designing a solution forA media company that will stream large
amounts of data from an Amazon EC2 instance. The data streams are typically large and
sequential, and must be able to support up to 500 MB/s.
Which storage type will meet the performance requirements of this application?
D. EBS Throughput Optimized HDD

QUESTION: 166
A customer owns a simple API for their website that receives about 1,000 requests each
day and has an average response time of 50 ms. It is currently hosted on one c4.large
instance. Which changes to the architecture will provide high availability at the
LOWEST cost?
B.Recreate the API using Amazon API Gateway and use AWS Lambda as the
service backend.

QUESTION: 167
A company uses Amazon S3 for storing a variety of files.A Solutions Architect needs to
design a feature that will allow users to instantly restore any deleted files within 30 days
of deletion.
Which is the MOST cost-efficient solution?
C.Enable versioning and create a lifecycle policy to remove expired versions after 30
days.
QUESTION:
168
A company is developing several critical long-running applications hosted on Docker. How
shouldA Solutions Architect design a solution to meet the scalability and orchestration
requirements on AWS?
A. Use Amazon ECS and Service Auto Scaling.

QUESTION: 169
A company wants to improve latency by hosting images within a public Amazon S3
bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access
to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to
continue proper functionality.
What should be done after making the bucket private to restrict access with the LEAST
operational overhead?
B.Create a CloudFront origin access identity and update the bucket policy to grant
access to it.

QUESTION: 170
A Solution Architect is designing a disaster recovery solution for a 5 TB Amazon
Redshift cluster. The recovery site must be at least 500 miles (805 kilometers) from
the live site. How should the Architect meet these requirements?
B. Take a snapshot of the cluster and copy it to another Availability Zone.

QUESTION: 171
A Solutions Architect is designing a VPC. Instances in a private subnet must be able to
establish IPv6 traffic to the Internet. The design must scale automatically and not incur any
additional cost.
This can be accomplished with:
A. an egress-only internet gateway

QUESTION: 172
A company is using AWS Key Management Service (AWS KMS) to secure their Amazon
RDS databases. An auditor has recommended that the company log all use of their AWS
KMS keys. What is the SIMPLEST solution?
B.Use AWS CloudTrail to log AWS KMS key usage.

QUESTION: 173
A popular e-commerce application runs on AWS. The application encounters performance
issues. The database is unable to handle the amount of queries and load during peak
times. The database is running on the RDS Aurora engine on the largest instance size
available. What shouldAn Administrator do to improve performance?
D. Create one or more read replicas.
QUESTION:
178
A company maintainsAn application on an on-premises server. The company wants to
automatically redirect users to a static maintenance page hosted on Amazon S3 when the
application is unavailable.
What is the MOST efficient method to ensure the users are automatically redirected?
A. Use an Amazon Route 53 failover routing policy, and configure the application as
primary and the Amazon S3 static page as secondary.

QUESTION: 175
A company requires that the source, destination, and protocol of all IP packets be recorded
when traversing a private subnet. What is the MOST secure and reliable method of
accomplishing this goal.
A. Create VPC flow logs on the subnet.

QUESTION: 176
A Solutions Architect is asked to improve the fault tolerance of an existing Python application.
The web application places 1-MB images is an S3 bucket. The application then uses a single
t2.large instance to transform the image to include a watermark with the company's
brand before writing the image back to the S3 bucket.
What should the Solutions Architect recommend to increase the fault tolerance of the
solution?
C. Convert the code to a Lambda function triggered by Amazon S3 events.

QUESTION: 177
A Solutions Architect is designing solution with AWS Lambda where different
environments require different database passwords. What should the Architect do to
accomplish this in a secure and scalable way?
C. Use encrypted AWS Lambda environmental variables.

QUESTION: 178
A Solutions architect is designing a multi-tier application consisting ofAn application load
balancer, an amazon rds database instance, and an auto scaling group of amazon ec2
instances. Each tier is in a separate subnet. There are some ec2 instances in the subnet that
belong to another application. The rds database instance should accept traffic only from the
ec2 instances in the auto scaling group. What should be done to meet these
requirements?
C. Configure the outbound rules on the security group associated with Die Auto Scaling
group Set the destination to the security group associated with the RDS database
instance

QUESTION: 179
A team is launching a marketing campaign and the peak database read activity in Amazon
Aurora for MySQL is expected to increase.A Solutions Architect decides to add two Read
Replicas to the cluster.
How should the Solutions Architect ensure that the connections for read activities are load
balanced?
A. Reader endpoint for Amazon Aurora
QUESTION: 180
A company has thousands of files stored in an Amazon S3 bucket that has a welldefined
access pattern. The files are accessed byAn application multiple times a day for the first 30
days. Files are rarely accessed within the next 90 days. After that, the files are never
accessed again.
During the first 120 days, accessing these files should never take more than a few
seconds. Which lifecycle policy should be used for the S3 objects to minimize costs based on
the access pattern?
B.Use Amazon S3 Standard storage for the first 30 days. Then move the files to
Amazon S3 Standard- Infrequent Access (S3 Standard-IA) for the next 90 days. Allow
the data to expire after that.

QUESTION: 181
A Solutions Architect needs to design a centralized logging solution for a group of web
applications running on Amazon EC2 instances. The solution requires minimal
development effort due to budget constraints.
Which of the following should the Architect recommend?
B. Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.

QUESTION: 182
An application launched on Amazon EC2 instances needs to publish personally identifiable
information (Pll) about customers using Amazon SNS. The application is launched in private
subnets within an Amazon VPC.
Which is the MOST secure way to allow the application to access service endpoints in the
same region?
B.Use AWS PrivateLink

QUESTION: 183
A Solutions Architect is designing a microservices-based application using Amazon ECS. The
application includes a WebSocket component, and the traffic needs to be distributed between
microservices based on the URL.
Which service should the Architect choose to distribute the workload?
C.ELB Application Load Balancer

QUESTION: 184
An organization is currently hosting a large amount of frequently accessed data consisting
of key-value pairs and semi-structured documents in their data center. They are planning to
move this data to AWS.
Which of one of the following services MOST effectively meets their needs?
C. Amazon DynamoDB
QUESTION: 185
A web application runs on 10 EC2 instances launched from a single customer Amazon
Machine Image (AMI). The EC2 instances are behind an Internet Application Load
Balancer.
Amazon Route 53 provides DNS for the application.
How shouldA Solutions Architect automate recovery whenA web server instance stops
replying to request?
A. Launch the instances in an Auto Scaling group with an Elastic Load Balancing health
check.

QUESTION: 186
To meet compliance standards,A company must have encrypted archival data storage. Data
will be accessed infrequently, with lead times well in advance of when archived data
must be recovered. The company requires that the storage be secure, durable, and
provided at the lowest price per 1TB of data stored.
What type of storage should be used?
C. Amazon Glacier

QUESTION: 187
An application stack includes an Elastic Load Balancer in a public subnet, a fleet of
Amazon EC2 instances in an Auto Scaling group, and an Amazon RDS MySQL cluster.
Users connect to the application from the Internet. TheApplication servers and
database must be secure.
How shouldA Solutions Architect perform this task?
B. Create a private subnet for the Amazon EC2 instances and a private subnet for the
Amazon RDS cluster.

QUESTION: 188
A media company askedA Solutions Architect to design a highly available storage solution
to serve as a centralized document store for their Amazon EC2 instances. The storage
solution needs to be POSIX-compliant, scale dynamically, and be able to serve up to 100
concurrent EC2 instances.
Which solution meets these requirements?
D. Create an Amazon Elastic File System (Amazon EFS) to store and share the
documents.

QUESTION: 189
A Solutions Architect is designingA web application. The web and application tiers need to
access the Internet, but they cannot be accessed from the Internet.
Which of the following steps is required?
B.Launch a NAT gateway in the public subnet and add a route to it from the private
subnet.

QUESTION: 190
A Solutions Architect was tasked with reviewing several templates that build VPCs and
ensuring that they meet specific security requirements. After reviewing the templates, the
Architect realizes that all of the templates are missing important security best practices. What
should the Architect do to implement security best practices in an efficient manner?
QUESTION: 185
C.Provide the teams a nested AWS CloudFormation template that builds the VPC
correctly
QUESTION: 191
An Administrator is hostingAn application on a single Amazon EC2 instance, which users
can access by the public hostname. The administrator is adding a second instance, but
does not want users to have to decide between many public hostnames. Which AWS
service will decouple the users from specific Amazon EC2 instances?
D. Amazon ELB

QUESTION: 192
A company uses AWS Elastic Beanstalk to deployA web application running on
c4.large instances. Users are reporting high latency and failed requests. Further
investigation reveals that the EC2 instances are running at or near 100% CPU utilization.
What shouldA Solutions Architect do to address the performance issues?
B. Modify the scaling triggers in Elastic Beanstalk to use the CPUUtilization metric.

QUESTION: 193
A Solutions Architect is designingAn application that will encrypt all data in an Amazon
Redshift cluster. Which action will encrypt the data at rest?
B. Use the AWS KMS Default Customer master key.

QUESTION: 194
An online company wants to conduct real-time sentiment analysis about its products from its
social media channels using SQL.
Which of the following solutions has the LOWEST cost and operational burden?
B. Configure the input stream using Amazon Kinesis Data Streams. Use Amazon
Kinesis Data Analytics to write SQL queries against the stream.

QUESTION: 195
A Solutions Architect is designingAn application that is expected to have millions of
users. The Architect needs options to store session data.
Which option is the MOST performant?
A. Amazon ElastiCache

QUESTION: 196
A Solutions Architect is buildingAn application on AWS that will require 20,000 IOPS on
a particular volume to support a media event. Once the event ends, the IOPS need is no
longer required. The marketing team asks the Architect to build the platform to optimize
storage without incurring downtime.
How should the Architect design the platform to meet these requirements?
B.Change the EBS volume type to Provisioned IOPS.
QUESTION:
197
A legacy application needs to interact with local storage using iSCSI. A team needs to design
a reliable storage solution to provision all new storage on AWS. Which storage solution meets
the legacy application requirements?
C.AWS Storage Gateway in stored mode for the legacy application storage to write
data to Amazon S3.

QUESTION: 198
A web application experiences high compute costs due to serving a high amount of static web
content. How should the web server architecture be designed to be the MOST cost-efficient?
B. Create an Amazon CloudFront distribution to pull static content from an Amazon S3
bucket.

QUESTION: 199
A Solution Architect is investigating purchasing options for a batch processing application
on Amazon EC2 The batch job downloads an image from an Amazon S3 bucket, adds
copyright information and uploads it back to Amazon S3, it normally takes 5 to 10 hours
process all the files uploaded each week The application has built-in capabilities to
process files in parallel, recover from the instance and continue the processing from
where it left off. What is the MOST cost-effective purchasing option the Solutions
Architect can recommend?
B.Spot Instances

QUESTION: 200
An on-premises database is experiencing significant performance problems when running
SQL queries. With 10 users, the lookups are performing as expected. As the number of
users increases, the lookups take three times longer than expected to return values to an
application. Which action shouldA Solutions Architect take to maintain performance as
the user count increases?
C.Configure Amazon RDS with additional read replicas.

QUESTION: 201
A Solution Architect is designing a two-tier application for maximum security, withA web tier
running on EC2 instances and the data stored in an RDS DB instance. The web tier
should accept user access only through HTTPS connections (port 443) from the Internet, an
the data must be encrypted in transit to and from the database.
What combination of steps will MOST securely meet the stated requirements? (Choose
two.)
A. CreateA Security group for the web tier instances that allows inbound traffic only
over port 443.
D. Configure the web servers to communicate with RDS by using SSL, and issue
certificates to the web tier EC2 instances.
QUESTION:
207
A Solutions Architect is designing a new social media application. The application must
provide a secure method for uploading profile photos. Each user should be able to
upload a profile photo into a shared storage location for one week after their profile is
created.
Which approach will meet all of these requirements?
C. Use Amazon S3 with the default private access policy and generate presigned URLs
each time a new site profile is created.

QUESTION: 203
An organization has a long-running image processing application that runs on Spot
Instances that will be terminated when interrupted. A highly available workload must be
designed to respond to Spot Instance interruption notices. The solution must include a
twominute warning when there is not enough capacity.
How can these requirements be met?
A. Use Amazon CloudWatch Events to invokeAn AWS Lambda function that can
launch On- Demand Instances.

QUESTION: 204
A Solutions Architect is designing a ride-sharing application. The application needs
consistent and single-digit millisecond latency. In addition, the application must integrate
with a highly scalable and fully managed database service to track GPS coordinates and
user data for all rides. Which database service should the Solutions Architect use to meet
these performance requirements ?
C. Amazon DynamoDB.

QUESTION: 205
A company will run different data analytics jobs on large petabyte-scale datasets, Using
standard SQL and existing business intelligence tools. The data is mostly structured, but part
of the data unstructured and resides in Amazon S3.
What Technologies should be used to support this use case?
B. Amazon Redshift with Amazon Redshift Spectrum.

QUESTION: 206
A company needs to use AWS resources to expand capacity forA website hosted
in an onpremises data center. The AWS resources will include load balancers, Auto
Scaling, and Amazon EC2 instances that will access an on-premises database.
Network connectivity has been established, but no traffic is going to the AWS
environment.
How should Amazon Route 53 be configured to distribute load to the AWS environment?
(Select TWO.)
A. Set up a weighted routing policy, distributing the workload between the load balancer
and the
on- premises environment.
B.Set up an A record to point the DNS name to the IP address of the load balancer.
QUESTION: 207
An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance.
Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show
excessive wait time.
What solution should be implemented to improve database performance using
persistent storage?
A. Migrate the data on the Amazon EBS volume to an SSD-backed volume.

QUESTION: 208
An application currently stores objects in Amazon S3-Standard. The application accesses
new objects frequently for one week. After one week, they are accessed occasionally for
analysis batch jobs.A Solutions Architect has been asked to reduce storage costs for the
application while allowing immediate access for batch jobs.
How can costs be reduced without reducing data durability?
D. Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3
Standard- Infrequent Access storage after 7 days.

QUESTION: 209
A news organization plans to migrate their 20 TB video archive to AWS. The files are
rarely accessed, but when they are, a request is made in advance and a 3 to 5-hour
retrieval time frame is acceptable. However, when there is a breaking news story, the
editors require access to archived footage within minutes.
Which storage solution meets the needs of this organization while providing the LOWEST
cost of storage?
C. Store the archive in Amazon Glacier and pay the additional charge for expedited
retrieval when needed.

QUESTION: 210
An application runs on Amazon EC2 instances in an Auto Scaling group. When instances are
terminated, the Systems Operations team cannot determine the route cause, because the
logs reside on the terminated instances and are lost.
How can the root cause be determined?
C. Use an Amazon CloudWatch agent to push the logs to Amazon CloudWatch Logs.

QUESTION: 211
A company hasAn application running as a service in Amazon ECS using the Amazon
E.C2 launch type. The application code makes AWS API calls to publish messages to
Amazon SQS What is the MOST secure method of giving the application permission
to publish messages to Amazon SQS?
A. Use AWS IAM to grant SQS permissions to the rote used by the launch configuration tor
the Auto Scaling group of the ECS duster
QUESTION: 212
A Solutions Architect is designing a highly available web application on AWS. The data
served on the website is dynamic and is pulled from Amazon DynamoDB. All users are
geographically close to one another. How can the Solutions Architect make the application
highly available?
C. Host the application on EC2 instances across multiple Availability Zones. Use an Auto
Scaling group coupled withAn application Load Balancer.

QUESTION: 213
A Solutions Architect is designing a database solution that must support a high rate of
random disk reads and writes. It must provide consistent performance, and requires
longterm persistence. Which storage solution BEST meets these requirements?
A. An Amazon EBS Provisioned IOPS volume

QUESTION: 214
A Solutions Architect has five web servers serving requests for a domain. Which of the
following Amazon Route 53 routing policies can distribute traffic randomly among all
healthy web servers?
D. Multivalue Answer

QUESTION: 215
A company is evaluating Amazon S3 as a data storage solution for their daily analyst
reports. The company has implemented stringent requirements concerning the security of
the data at rest. Specifically, the CISO asked for the use of envelope encryption with
separate permissions for the use of an envelope key, automated rotation of the
encryption keys, and visibility into when an encryption key was used and by whom. Which
steps shouldA Solutions Architect take to satisfy the security requirements requested by
the CISO?
C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with
AWS KMS- Managed Keys (SSE-KMS).

QUESTION: 216
A Solutions Architect must design a storage solution for incoming billing reports in CSV
format. The data does not need to be scanned frequently and is discarded after 30 days.
Which service will be MOST cost-effective in meeting these requirements?
C. Write the files to an S3 bucket and use Amazon Athena to query the data.

QUESTION: 217
An application hasA web tier that runs on EC2 instances in a public subnet. The application
tier instances run in private subnets across two Availability Zones. All traffic is IPv4 only, and
each subnet has its own custom route table. A new feature requires that application tier
instances can call an external service over the Internet; however, they must still not be
accessible to Internet traffic. What should be done to allow theApplication servers to
connect to the Internet, maintain high availability, and minimize administrative overhead?
B. Add an Amazon NAT Gateway to each public subnet. Alter each private subnet's route
table to include a route from 0.0.0.0/0 to the NAT Gateway in the same Availability
Zone.
QUESTION: 218
A Solutions Architect is designingAn application on AWS that uses persistent block storage.
Data must be encrypted at rest.
Which solution meets the requirement?
B. Encrypt Amazon EBS volumes on Amazon EC2 instances.

QUESTION: 219
A customer has writtenAn application that uses Amazon S3 exclusively as a data store.
The application works well until the customer increases the rate at which the application is
updating information. The customer now reports that outdated data occasionally appears
when the application accesses objects in Amazon S3.
What could be the problem, given that the application logic is otherwise correct?
D. The application is updating records by overwriting existing objects with the same keys.

QUESTION: 220
A company has two different types of reporting needs on their 200-GB data warehouse:
1 Data scientists run a small number of concurrent ad hoc SQL queries that can take
several minutes each to run.
2 Display screens throughout the company run many fast SQL queries to populate
dashboards. Which design would meet these requirements with the LEAST cost?
D. Use Amazon Redshift for Data Scientists. Run automated dashboard queries
against Redshift and store the results in Amazon ElastiCache. Dashboards query
ElastiCache.

QUESTION: 221
A Solutions Architect is designingA three-tier web application that includes an Auto
Scaling group of Amazon EC2 instances running behind an ELB Classic Load Balancer.
The security team requires that all web servers must be accessible only through the Load
Balancer, and that none of the web servers are directly accessible from the Internet.
How should the Architect meet these requirements?
D. Configure the web tier security group to allow only traffic from the ELB Classic Load
Balancer.

QUESTION: 222
A Solutions Architect is developing a new web application on AWS. The Architect expects the
application to become very popular, so the application must scale to support the load.
The Architect wants to focus on software development and deploying new features
without provisioning or managing instances.
What solution is appropriate?
A. Amazon API Gateway and AWS Lambda
QUESTION: 223
An application is scanning an Amazon DynamoDB table that was created with default
settings. The application occasionally reads stale data when it queries the table.
How can this issue be corrected?
C.Update the application to use strongly consistent reads.

QUESTION: 224
A company wants to durably store data in 8 KB chunks. The company will access the data
once every few months. However, when the company does access the data, it must be
done with as little latency as possible.
Which AWS service shouldA Solutions Architect recommend if cost is NOT a factor?
D. Amazon ElastiCache

QUESTION: 225
An application runs in a VPC on Amazon EC2 instances behindAn application Load Balancer.
Traffic to the Amazon EC2 instances must be limited to traffic from the application load
balancer. Based on these Requirements, The Security group Configuration should only allow
traffic from:
C. the security group attached to the application load balancer.

QUESTION: 226
A company deployedA three-tier web application on Amazon EBS backed Amazon
EC2 instances for the web and application tiers, and Amazon RDS for the database
tier. The company is concerned about loss of data in the web and application
tiers.
What is the MOST efficient way to prevent data loss?
B. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule

QUESTION: 227
An organization is deploying Amazon ElastiCache for Redis and requires password
protection to improve their data security posture.
Which solution shouldA Solutions Architect recommend?
B. Redis Auth

QUESTION: 229
A Solutions Architect is considering possible options for improving the security of the data
on an Amazon EBS volume attached to an Amazon EC2 instance. Which solution will
improve the security of the data?
A. Use AWS KMS to encrypt the EBS volume

QUESTION: 230
An organization hosts 10 microservices, each in an Auto Scaling group behind individual
Classic Load Balancers. Each EC2 instance is running at optimal load. Which of the
following actions would allow the organization to reduce costs without impacting
performance?
A. Reduce the number of EC2 instances behind each Classic Load Balancer
QUESTION: 231
A company has a popular multi-player mobile game hosted in its on-premises datacenter. The
current infrastructure can no longer keep up with demand and the company is
considering a move to the cloud.
Which solution shouldA Solutions Architect recommend as the MOST scalable and
costeffective solution to meet these needs?
B.Amazon S3 and Amazon CloudFront

QUESTION: 232
A workload in an Amazon VPC consists of a single web server launched from a custom AMI.
Session state is stored in a database.
How should the Solutions Architect modify this workload to be both highly available and
scalable?
C.Create a launch configuration with the AMI ID of the web server image. Create an
Auto Scaling group using the newly-created launch configuration, and a desired capacity of
two web servers across multiple Availability Zones. Use an ALB to balance traffic
across the Auto
Scaling group.

QUESTION: 233
Employees from several companies useAn application once a year during a specific
30-day period. The periods are different for each company. Traffic to the application
spikes during these 30- day periods.
How can the application be designed to handle these traffic spikes?
C. Use an Auto Scaling group to scale the number of EC2 instances to match the site
traffic.

QUESTION: 234
An application tier currently hosts two web services on the same set of instances, listening on
different ports.
Which AWS service shouldA Solutions Architect use to route traffic to the service based on
the incoming request path?
A. AWS Application Load Balancer

QUESTION: 235
A company plans to migrateA website to AWS to use a serverless architecture. The website
contains both static and dynamic content and is accessed by users across the world.
The website should maintain sessions for returning users to improve the user experience.
Which service shouldA Solutions Architect use for a cost-efficient solution with the LOWEST
latency?
D. Amazon S3, Amazon CloudFront, AWS Lambda, Amazon API Gateway, and Amazon
DynamoDB.
QUESTION: 236
An application calls a service run by a vendor. The Vendor charges based on the
number of calls. The finance department needs to know the number of calls that are made
to the service to validate the billing statements.
How canA Solution Architect design a system to durably store the number of calls without
requiring changes to the application?
B.Decouple application from the service with an Amazon SQS queue
C.publish a custom Amazon CloudWatch metric that counts calls to the service.

QUESTION: 237
A Solutions Architect is designing a solution for a dynamic website, "example.com,"
that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The Architect wants
to ensure that users located in Australia are directed to the website deployed in the Sydney
region and users located in Japan are redirected to the website in the Tokyo region when
they browse to "example.com".
Which service should the Architect use to achieve this goal with the LEAST administrative
effort?
B.Amazon Route 53

QUESTION: 238
A Solution Architect is designingA web application that runs on Amazon EC2 instances
behind a load balancer. All data in transit must be encrypted. Which solutions will meet
the encryption requirement? (Select TWO.)
C.Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL
on EC2 instances.
D. UseAn application Load Balancer (ALB) with an HTTPS listener, then install SSL
certificates on the ALB and EC2 instances.

QUESTION: 239
A Solutions Architect is designing a service that must have four Amazon EC2 instances
running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of
those hours. What is the MOST cost-effective way to provide enough compute?
D. Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled
action to add three EC2 On-Demand instances at 7:30 AM and remove three instances
at 6:10 PM.

QUESTION: 240
An application running in a private subnet accesses an Amazon DynamoDB table. There isA
Security requirement that the data never leave the AWS network.
How should this requirement be met?
D. Create a VPC endpoint for DynamoDB and configure the endpoint policy
QUESTION: 241
A Solution Architect is designingAn application that uses Amazon EBS volumes. The
volumes must be backed up to a different region.
How should the Architect meet this requirement?
C.Create EBS snapshots and then copy them to the desired region.

QUESTION: 242
A Solutions Architect is designing the storage layer for a production relational database.
The database will run on Amazon EC2. The database is accessed byAn application that
performs intensive reads and writes, so the database requires the LOWEST random I/O
latency. Which data storage method fulfills the above requirements?
D. Stripe data across multiple Amazon EBS volumes using RAID 0.

QUESTION: 243
A retail company operatesAn e-commerce environment that runs on Amazon EC2
instances behindAn application Load Balancer. The instances run in an Amazon EC2
Auto Scaling group. Images are hosted in an Amazon S3 bucket using a custom
domain name.
During a flash sale with 10,000 simultaneous users, some images on the website are not
loading. What should be done to resolve the performance issue?
C.Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

QUESTION: 244
A Solutions Architect is concerned that the current security group rules for a database tier
are too permissive and may permit requests that should be restricted. Below are the
current security
group permissions for the database tier:
1 Protocol: TCP
2 Port Range: 1433 (MS SQL)
3 Source: ALL
Currently, the only identified resource that needs to connect to the databases is the
application tier consisting of an Auto Scaling group of EC2 instances. What changes can
be made to this security group that would offer the users LEAST privilege?
D. Change the source to the security group ID attached to the application instances.

QUESTION: 245
A company requires operating system permission on a relational database server. What
shouldA Solutions Architect suggest as a configuration for a highly available database
architecture?
A. Multiple EC2 instances in a database replication configuration that uses two Availability
Zones.
QUESTION: 246
A company wants to createAn application that will transmit protected health information
(PHI) to thousands of service consumers in different AWS accounts. TheApplication
servers will sit in private VPC subnets. The routing for the application must be fault
tolerant.
What should be done to meet these requirements?
A. Create a VPC endpoint service and grant permissions to specific service
consumers to create a connection.

QUESTION: 247
A company is using Amazon S3 for backups from an on-premises environment.
Regulatory requirements state that data must be retained for at least 7 years. The
data is infrequently accessed for 35 days, but needs to be instantly available. After
35 days, the data is rarely accessed.
Which combination of actions will provide the MOST cost-effective solution? (Choose
two)
A. Change the backup so the data goes to Amazon S3 Standard-Infrequent
Access (S3 Standard-IA) directly
E. Creates an S3 lifecycle policy that moves the data to the GLACIER storage class after
35 Days

QUESTION: 248
A Solutions Architect is designingA mobile application that will capture receipt images to
track expenses. The Architect wants to store the images on Amazon S3. However,
uploading images through the web server will create too much traffic.
What is the MOST efficient method to store images fromA mobile application on Amazon
S3?
A. Upload directly to S3 using a pre-signed URL.

QUESTION: 249
A Solutions Architect must reviewAn application deployed on EC2 instances that
currently stores multiple 5-GB files on attached instance store volumes. The company
recently experienced a significant data loss after stopping and starting their instances
and wants to prevent the data loss from happening again. The solution should minimize
performance impact and the number of code changes required.
What should the Solutions Architect recommend?
C. Store the application data in Amazon ElastiCache

QUESTION: 250
A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with
support for WebSockets using load balancers.
How can the Architect meet these requirements?
B. ConfigureAn application Load Balancer.
QUESTION: 251
An application generates audit logs of operational activities. Compliance requirements
mandate that the application retain the logs for 5 years.
How can these requirements be met?
A. Save the logs in an Amazon S3 bucket and enable Multi-Factor Authentication Delete
(MFA Delete) on the bucket.

QUESTION: 252
A company has gigabytes of web log files stored in an Amazon S3 bucket.A Solutions
Architect wants to copy those files into Amazon Redshift for analysis. The company's
security policy mandates that data is encrypted at rest both in the Amazon Redshift cluster
and the Amazon S3 bucket.
Which process will fulfill the security requirements?
D. Enable server-side encryption on the Amazon S3 bucket. Launch an encrypted
Amazon Redshift cluster. Copy the data into the Amazon Redshift cluster

QUESTION: 253
A Solutions Architect is designingAn application that requires having six Amazon EC2
instances running at all times. The application will be deployed in the sa-east-1 region,
which has three Availability Zones: sa-east-1 a, sa-east-1 b, and sa-east-1 c. Which
action will provide 100 percent fault tolerance and the LOWEST cost in the event that
one Availability Zone in the region becomes unavailable?
C. Deploy three Amazon EC2 instances in sa-east-1 a, three Amazon EC2 instances in sa-
east- 1 b, and three Amazon EC2 instances in sa-east-1 c

QUESTION: 254
A company’s website receives 50,000 requests each second, and the company wants to
use multiple applications to analyze the navigation patterns of the users on their website so
that the experience can be personalized.
What canA Solutions Architect use to collect page clicks for the website and process them
sequentially for each user?
A. Amazon Kinesis Stream

QUESTION: 255
A Solutions Architect is designing a new workload whereAn AWS Lambda function will
access an Amazon DynamoDB table.
What is the MOST secure means of granting the Lambda function access to the
DynamoDB table?
A. Create an identity and access management (1AM) role with the necessary
permissions to access the DynamoDB table, and assign the role to the Lambda
function.
QUESTION: 256
A Solutions Architect has a multi-layer application running in Amazon VPC. The application
has an ELB Classic Load Balancer as the front end in a public subnet, and an Amazon
EC2-based reverse proxy that performs content-based routing to two backend Amazon
EC2 instances hosted in a private subnet. The Architect sees tremendous traffic growth
and is concerned that the reverse proxy and current backend set up will be insufficient.
Which actions should the Architect take to achieve a cost-effective solution that ensures the
application automatically scales to meet traffic demand? (Select two.)
B.Add Auto Scaling to the Amazon EC2 backend fleet.
E. Replace both the frontend and reverse proxy layers with an ELB Application Load
Balancer.

QUESTION: 257
A Solutions Architect needs to allow developers to have SSH connectivity to web
servers. The requirements are as follows:
1 Limit access to users origination from the corporate network.
2 Web servers cannot have SSH access directly from the
Internet. 3 Web servers reside in a private subnet.
Which combination of steps must the Architect complete to meet these requirements?
(Choose two.)
B. Create a bastion host with security group rules that only allow traffic from the
corporate network.
D. Configure the web servers' security group to allow SSH traffic from a bastion host.

QUESTION: 258
A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their
customers. Their customers are located all around the world and the videos are requested a
lot during peak hours. Customers in Europe complain about experiencing slow
downloaded speeds, and during peak hours, customers in all locations report experiencing
HTTP 500 errors. What canA Solutions Architect do to address these issues?
B.Cache the web content with Amazon CloudFront and use all Edge locations for
content delivery.

QUESTION: 259
A Solutions Architect needs to deploy a node.js-based web application that is highly
available and scales automatically. The Marketing team needs to roll back on
application releases quickly, and they need to have an operational dashboard. The
Marketing team does not want to manage deployment of OS patches to the Linux servers.
Use of which AWS service will satisfy these requirements?
C.AWS Elastic Beanstalk
 QUESTION: 260
A workload consists of downloading an image from an Amazon S3 bucket, processing
the image, and moving it to another Amazon S3 bucket. An Amazon EC2 instance runs a
scheduled task every hour to perform the operation.
How shouldA Solutions Architect redesign the process so that it is highly available?
A. Change the Amazon EC2 instance to compute optimized.

QUESTION: 261
A Solutions Architect is designing a system that will store Personally Identifiable
Information (Pll) in an Amazon S3 bucket. Due to compliance and regulatory requirements,
both the master keys and unencrypted data should never be sent to AWS.
What Amazon S3 encryption technique should the Architect choose?
C. Amazon S3 client-side encryption with a client-side master key

QUESTION: 262
A Solutions Architect is building a multi-tier website. The web servers will be in a public
subnet, and the database servers will be in a private subnet. Only the web servers can
be accessed from the Internet. The database servers must have Internet access for
software updates.
Which solution meets the requirements?
C. Use a NAT Gateway.

QUESTION: 263
An organization designsA mobile application for their customers to upload photos to a site.
The application needs a secure login with MFA. The organization wants to limit the
initial build time and maintenance of the solution.
Which solution shouldA Solutions Architect recommend to meet the requirements?
A. Use Amazon Cognito Identity with SMS-based MFA.

QUESTION: 264
A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate
policy mandates encryption keys be generated and managed on premises. Which solution
should the Architect use to meet the security requirements?
D. SSE-C: Server-side encryption with customer-provided encryption keys

QUESTION: 265
A company’s development team plans to create an Amazon S3 bucket that contains
millions of images. The team wants to maximize the read performance of Amazon S3.
Which naming scheme should the company use?
D. Add a hexadecimal hash as the prefix.
QUESTION: 266
A legacy application running in premises requiresA Solutions Architect to be able to open
a firewall to allow access to several Amazon S3 buckets. The Architect has a VPN connection
to AWS in place.
How should the Architect meet this requirement?
C.Use Amazon API Gateway to do IP whitelisting.

QUESTION: 267
An application has components running in a public subnet and a private subnet. The
components within the private sub net must connect to the internet to receive
updates. How should this be accomplished without moving the components into a
public subnet?
D. Add a NAT gateway to the public subnet and update the private subnet route table.

QUESTION: 268
A customer is running a critical payroll system in a production environment in one data
center and a disaster recovery (DR) environment in another. The application includes load-
balanced web servers and failover for the MySQL database. The customer's DR process is
manual and error- phone. For this reason, management has asked IT to migrate the
application to AWS and make it highly available so that IT no longer has to manually fail
over the environment. How shouldA Solutions Architect migrate the system to AWS?
D. Migrate the production environment to span multiple Availability Zones, using Elastic
Load Balancing and Multi-AZ Amazon RDS. Decommission the DR environment because it
is no longer needed.

QUESTION: 269
A Solutions Architect is designing a solution that includes a managed VPN connection to
monitor whether the VPN connection is up or down, the Architect should use:
C.the CloudWatch TunnelState Metric.

QUESTION: 270
A company hasAn application that stores sensitive data. The company is required by
government regulations to store multiple copies of its data. What would be the MOST resilient
and cost-effective option to meet this requirement?
D. Amazon S3

QUESTION: 271
A company will host a static website within an Amazon S3 bucket. The website will serve
millions of users globally, and the company wants to minimize data transfer costs. What
should the Solutions Architect do to ensure costs are kept to a minimum?
C. Create an Amazon CloudFront distribution, with the S3 bucket as the origin server
QUESTION: 272
A Solutions Architect is helpingA customer migrateAn application to AWS. The
application is composed of a fleet of Linux servers that currently use a shared file system
to read and write data. One of the goals of moving this application to AWS is to increase
the reliability of the storage tier. What solution would increase reliability while minimizing the
operational overhead of managing this infrastructure?
B. Create an EFS file system and mount it to all the servers.

QUESTION: 273
A call center application consists ofA three-tier application using Auto Scaling groups to
automatically scale resources as needed. Users report that every morning at 9:00 AM
the system becomes very slow for about 15 minutes.A Solution Architect determines that a
large percentage of the call center staff starts work at 9:00 AM, so Auto Scaling does not
have enough time to scale out to meet demand. How can the Architect fix the problem?
B. Create an Auto Scaling scheduled action to scale out the necessary resources at 8:30
AM every morning.

QUESTION: 274
A company hosts a two-tier application that consists of a publicly accessible web server
that communicates with a private database. Only HTTPS port 443 traffic to the web server
must be allowed from the Internet.
Which of the following options will achieve these requirements? (Choose two.)
A. Security group rule that allows inbound Internet traffic for port 443.
E. Network ACL rule that allows port 443 for both inbound and outbound for all Internet
traffic.

QUESTION: 275
An organization must process a stream of large-volume hashtag data in real time and needs
to run custom SQL queries on the data to get insights on certain tags. The organization needs
this solution to be elastic and does not want to manage clusters. Which of the following
AWS services meets these requirements?
D. Amazon Kinesis Data Analytics

QUESTION: 276
A company hasAn application that uses Amazon CloudFront for content that is hosted on
an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content.
Which step should the Solutions Architect take to ensure that new content is
displayed?
B.Perform an invalidation on the CloudFront distribution that is serving the content.

QUESTION: 277
A Solutions Architect must select the most cost-efficient architecture for a service that
responds to web requests. These web requests are small and query a DynamoDB table. The
request rate ranges from zero to several hundred each second, without any predictable
patterns. What is the MOST cost-efficient architecture for this service?
C.API Gateway/AWS Lambda
QUESTION: 278
A Solutions Architect is designing an elastic application that will have between 10 and 50
Amazon EC2 concurrent instances running, dependent on load. Each instance must mount
storage that will read and write to the same 50 GB folder.
Which storage type meets the requirements?
B.Amazon EFS

QUESTION: 279
An application requires block storage for file updates. The data is 500 GB and must
continuously sustain 100 MiB/s of aggregate read/write operations. Which storage option is
appropriate for this application?
C.Amazon EBS

QUESTION: 280
A Solutions Architect is developing software on AWS that requires access to multiple
AWS services, including an Amazon EC2 instance. This isA Security sensitive application,
and AWS credentials such as Access Key ID and Secret Access Key need to be
protected and cannot be exposed anywhere in the system.
What security measure would satisfy these requirements?
A. Store the AWS Access Key ID/Secret Access Key combination in software comments.

QUESTION: 281
A company is creatingA web application that allows customers to view photos in their
web browsers. The website is hosted in us-east-1 on Amazon EC2 instances behindAn
application Load Balancer. Users will be located in many places around the world. Which
solution should provide all users with the fastest photo viewing experience?
B.Enable Amazon CloudFront for the website and specify the Application Load Balancer
as the origin.

QUESTION: 282
An organization hosts 10 microservices. each in an Auto Scaling group behind individual
Classic Load Balancers. Each EC2 instance is running at optimal load.
Which of the following actions would allow the organization to reduce costs without impacting
performance?
A. Reduce the number of EC2 instances behind each Classic Load Balancer.

QUESTION: 283
A company has an Amazon RDS database backing its production website. The Sales team
needs to run queries against the database to track training program effectiveness.
Queries against the production database cannot impact performance, and the solution must
be easy to maintain.
How can these requirements be met?
B.Use an Amazon RDS read replica of the production database and allow the team to
query against it.
QUESTION: 284
A company is launching a static website using the zone apex (mycompany.com). The
company wants to use Amazon Route 53 for DNS.
Which steps should the company perform to implement a scalable and cost-effective
solution? (Choose two.)
D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record
to the website endpoint.
E.Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53
name servers.

QUESTION: 285
A Solution Architect is creating a serverless web application that must access mapping data
in hundreds of data files, each containing approximately 30 KB of data. The storage required
is expected to grow to hundreds of terabytes.
Which storage solution is most cost-effective, yet still meets the requirements for this use
case?
D. Amazon DynamoDB

QUESTION: 286
A data analytics startup company asksA Solutions Architect to recommendAn AWS data
store options for indexed data. The data processing engine will generate and input more
than 64 TB of processed data every day, with item sizes reaching up to 300 KB. The
startup is flexible with data storage and is more interested in a database that requires
minimal effort to scale with a growing dataset size.
Which AWS data store service should the Architect recommend?
C. Amazon DynamoDB

QUESTION: 287
A company hostsA website using Amazon API Gateway on the front end. Recently, there
has been heavy traffic on the website and the company wants to control access by
allowing authenticated traffic only.
How should the company limit access to authenticated users only? (Select TWO.)
A. Allow users that are authenticated through Amazon Cognito.
E. Assign permissions in AWS 1AM to allow users.

QUESTION: 288
A Solutions Architect is creating a new relational database. The Compliance team will use the
database, and mandates that data content must be stored across three different Availability
Zones.
Which of the following options should the Architect Use?
A. Amazon Aurora
QUESTION: 289
A Solutions Architect is designing a solution to send Amazon CloudWatch Alarm
notifications to a group of users on a smartphone mobile application. What are the key
steps to this solution? (Choose two.)
A. Configure the CloudWatch Alarm to send the notification to an Amazon SNS topic
whenever there is an alarm.
D. Create the platform endpoints for mobile devices and subscribe the SNS topic with
platform endpoints.

QUESTION: 290
One company wants to share the contents of their Amazon S3 bucket with another
company. Security requirements mandate that only the other company's AWS accounts
have access to the contents of the Amazon S3 bucket.
Which Amazon S3 feature will allow secure access to the Amazon S3 bucket?
A. Bucket policy

QUESTION: 291
A company is launching a marketing campaign on their website tomorrow and expects
a significant increase in traffic. The website is designed as a multi-tiered web architecture,
and the increase in traffic could potentially overwhelm the current design. What shouldA
Solutions Architect do to minimize the effects from a potential failure in one or more of
the tiers?
C. Use Auto Scaling to keep up with the demand.

QUESTION: 292
An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is
against company policy to store passwords in Lambda functions. How canA Solutions
Architect enable the Lambda function to retrieve the database password without violating
company policy?
C. Have the Lambda function use the AWS Systems Manager Parameter Store.

QUESTION: 293
A web application stores all data in an Amazon RDS Aurora database instance.A
Solutions Architect wants to provide access to the data for a detailed report for the
Marketing team, but is concerned that the additional load on the database will affect
the performance of the web application.
How can the report be created without affecting the performance of the application?
A. Create a read replica of the database.

QUESTION: 294
An application server needs to be in a private subnet without access to the Internet. The
solution must retrieve and upload files to an Amazon S3 bucket. How shouldA Solutions
Architect design a solution to meet these requirements?
A. Use Amazon S3 VPC endpoints
QUESTION: 295
A Solutions Architect is developing a solution for sharing files in an organization. The solution
must allow multiple users to access the storage service at once from different virtual
machines and scale automatically. It must also support file-level locking. Which storage
service meets the requirements of this use case?
B.Amazon EFS

QUESTION: 296
A Solutions Architect is designingAn application in AWS. The Architect must not expose
the application or database tier over the Internet for security reasons. The application must be
low- cost and have a scalable front end. The databases and application tier must have only
oneway Internet access to download software and patch updates.
Which solution helps to meet these requirements?
D. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT
Gateway to allow Internet access for private resources.

QUESTION: 297
A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto
Scaling group.
Which of the following factors determine the health check grace period? (Select TWO.)
C. How much of the application code is embedded in the AMI.
E. How long the bootstrap script takes to run.

QUESTION: 298
A company wants to run a static website served through Amazon CloudFront.
What is an advantage of storing the website content in an S3 bucket instead of an EBS
volume?
B. S3 is an origin for CloudFront. EBS volumes would need EC2 instances behind an
Elastic Load Balancing load balancer to be an origin.

QUESTION: 299
During a review of business applications,A Solutions Architect identifies a critical application
with a relational database that was built byA business user and is running on the user's
desktop. To reduce the risk ofA business interruption, the Solutions Architect wants to
migrate the application to a highly available, multi-tiered solution in AWS.
What should the Solutions Architect do to accomplish this with the LEAST amount of
disruption to the business?
D. Use AWS DMS to migrate the backend database to an Amazon RDS Multi-AZ DB
instance. Migrate the application code to AWS Elastic Beanstalk
QUESTION: 300
A company hasAn application that generates invoices and makes the invoices available
online. Invoices are stored as PDFs in an Amazon S3 bucket. Customers typically only
view each invoice during the month it is issued. However, past invoices need to be
immediately available. There are concerns over rising storage costs as the company gains
more customers. What is the MOST cost-effective method to store the data?
D. Use Amazon S3 for current invoices. Set up lifecycle rules to migrate invoices to
Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days

QUESTION: 301
A media company must store 10 TB of audio recordings. Retrieval happens infrequently and
requestors agree on an 8-hour turnaround time.
What is the MOST cost-effective solution to store the files?
D. Amazon Glacier

QUESTION: 303
A Solutions Architect is designing a multicontainer-based web application. Parts of the web
application, /orders and /sale-event, must scale independently while maintaining a single
fully qualified domain name.
Which AWS services will help the Architect build this platform? (select TWO)
A. Amazon ELB Application Load balancer
C. AmazonEC2 Container Service

QUESTION: 304
A Solutions Architect is designing network architecture forAn application that has compliance
requirements.
The application will be hosted on Amazon EC2 instances in a private subnet and will be using
Amazon S3 for storing data. The compliance requirements mandate that the data cannot
traverse the public Internet.
What is the MOST secure way to satisfy this requirement?
C. Use a VPC endpoint.

QUESTION: 305
A web application runs on Amazon EC2 instances behind an ELB Application Load
Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability
Zones. Every night, the Auto Scaling group doubles in size. Traffic analysis shows that
users in a particular region are requesting the same static content stored locally on the EC2
instances. How canA Solutions Architect reduces the need to scale and improve
application performance for the users?
B. Create an Amazon CloudFront distribution for the site and redirect user traffic to the
distribution.
QUESTION: 306
A customer needs to capture all client connection information from their load balancer
every five minutes. The company wants to use data for analyzing traffic patterns and
troubleshooting their applications. Which of the following options meets the customer
requirements?
A. Enable access logs on the load balancer

QUESTION: 307
Which requirements must be met in order forA Solutions Architect to specify that an
Amazon EC2 instance should stop rather than terminate when its Spot Instance is
interrupted? (Choose two.)
B.The Spot Instance request type must be persistent.
C.The root volume must be an Amazon EBS volume.

QUESTION: 308
A customer has a service based out of Oregon, U.S. and Paris, France. The application
is storing data in an S3 bucket located in Oregon, and that data is updated frequently. The
Paris office is experiencing slow response times when retrieving objects. What shouldA
Solutions Architect do to resolve the slow response times for the Paris office?
A. Set up an S3 bucket based in Paris, and enable cross-region replication from the
Oregon bucket to the Paris bucket.

QUESTION: 309
A customer is migrating to AWS and requires applications to access Network File
System shares without code changes. Data is critical and accessed frequently. Which
storage solution shouldA Solutions Architect recommend to maximize availability and
durability?
D. Amazon EFS

QUESTION: 310
An application uses an Amazon RDS MySQL cluster for the database layer. Database
growth requires periodic resizing of the instance. Currently, administrators check the
available disk space manually once a week.
How can this process be improved?
D. Use Auto Scaling to increase storage size.

QUESTION: 311
A company has asked the Solutions Architect to modify its AWS-hosted internal application to
allow for load balancing. The customer requests always come from the company domain
(example.net). The company requires that incoming HTTP and HTTPS traffic is routed based
on the path element of the URL in the request.
Which implementation can satisfy all requirements?
C. Configure a Network Load Balancer and enable cross-zone load balancing to ensure that
all EC2 instances are used.
QUESTION: 312
A restaurant reservation application needs the ability to maintain a waiting list. WhenA
customer tries to reserve a table, and none are available, the customer must be put on
the waiting list, and the application must notify the customer when a table becomes
free. What service should the Solutions Architect recommend to ensure that the system
respects the order in which the customer requests are put onto the waiting list?
C. A FIFO queue in Amazon SQS

QUESTION: 313
A Solutions Architect is designingA web application for document sharing. The users will
upload documents that are then made available to other users. There will be tens of
thousands of these documents. What is the MOST cost-effective storage solution?
B. Amazon S3

QUESTION: 314
A Solutions Architect is buildingAn application that stores object data. Compliance
requirements state that the data stored is immutable. Which service meets these
requirements?
A. Amazon S3

QUESTION: 315
A Solutions Architect is designing a public-facing web application for employees to upload
images to their social media account. The application consists of multiple Amazon EC2
instances behind an elastic load balancer, an Amazon S3 bucket where uploaded images are
stored, and an Amazon DynamoDB table for storing image metadata.
Which AWS service can the Architect use to automate the process of updating metadata in
the DynamoDB table upon image upload?
C. AWS Lambda

QUESTION: 316
A company is migrating its data center to AWS.As part of this migration, there isA three-
tier web application that has strict data-at-rest encryption requirements. The customer
deploys this application on Amazon EC2 using Amazon EBS, and now must provide
encryption at-rest. How can this requirement be met without changing the application?
C. Use encrypted EBS storage volumes with AWS-managed keys.

QUESTION: 317
An e-commerce application places orders in an Amazon SQS queue. When a
message is received, Amazon EC2 worker instances process the request. The EC2
instances are in an Auto Scaling group.
How should the architecture be designed to scale up and down with the LEAST amount of
Operational overhead?
C. Use an Amazon CloudWatch alarm based on the number of visible messages to scale
the Auto Scaling group up or down.
QUESTION: 318
An application publishes Amazon SNS messages in response to several events.An AWS
Lambda function subscribes to these messages. Occasionally the function will fail while
processing a message, so the original event message must be preserved for root cause
analysis. What architecture will meet these requirements without changing the workflow?
B. Configure Lambda to write failures to an SQS Dead Letter Queue.

QUESTION: 319
An application running on AWS Lambda requires an API key to access a third-party
service. The key must be stored securely with audited access to the Lambda function
only.
What is the MOST secure way to store the key?
B. As a secure string in AWS Systems Manager Parameter Store

QUESTION: 320
A Lambda function must execute a query against an Amazon RDS database in a private
subnet. Which steps are required to allow the Lambda function to access the Amazon RDS
database? (Select two.)
A. Create a VPC Endpoint for Amazon RDS.
D. Change the ingress rules of the Amazon RDS security group, allowing the Lambda
security group.

QUESTION: 321
A Solutions Architect is designing a microservice to process records from Amazon
Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The
microservice must be capable of concurrently processing 10,000 records daily as they arrive
in the Kinesis stream. The MOST scalable way to design the microservice is:
C. As a Docker container running on Amazon ECS.

QUESTION: 322
An environment has an Auto Scaling group across two Availability referred to as AZ-a and
AZ-b and a default termination policy AZ-a has four Amazon EC2 instances, and AZ-b has
three EC2 instances. None of the instances is protected from a scale-in. How will Auto
Scaling proceed if there is a scale-in event?
C. Auto Scaling selects the Availability Zone with four LC2 instances and then continues to
Evaluate

QUESTION: 323
Which service shouldAn organization use if it requires an easily managed and scalable
platform to host its web application running on Nginx?
C.AWS Elastic Beanstalk
QUESTION: 324
A media company has deployed a multi-tier architecture on AWS. Web servers are deployed
in two Availability Zones using an Auto Scaling group with a default Auto Scaling
termination policy. The web servers' Auto Scaling group currently has 15 instances running.
Which instance will be terminated first during a scale-in operation?
D. The oldest instance in the group.

QUESTION: 325
A company needs to store data for 5 years. The company will need to have
immediate and highly available access to the data at any point in time, but will not
require frequent access. What lifecycle action should be taked to meet the
requirements while reducing costs?
A. Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent
Access (S3 Standard-IA)

QUESTION: 326
An application relies on messages being sent and received in order. The volume will never
exceed more than 300 transactions each second.
Which service should be used?
A. Amazon SQS

QUESTION: 327
A company is running a series of national TV campaigns. These 30-second advertisements
will introduce sudden traffic peaks targeted at a Node.js application. The company expects
traffic to increase from five requests each minute to more than 5,000 requests each minute.
Which AWS service shouldA Solutions Architect use to ensure traffic surges can be
handled?
D. An Auto Scaling group for EC2 instances

QUESTION: 328
A Solutions Architect needs to design a solution that will enableA Security team to
detect, review, and perform root cause analysis of security incidents that occur in a cloud
environment. The Architect must provide a centralized view of all API events for current
and future AWS regions.
How should the Architect accomplish this task?
D. Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.

QUESTION: 329
An organization runsAn online media site, hosted on-premises. An employee posted a
product review that contained videos and pictures. The review went viral and the organization
needs to handle the resulting spike in website traffic.
What action would provide an immediate solution?
C. Serve the images and videos via an Amazon CloudFront distribution created using the
news site as the origin.
QUESTION: 330
An application runs in a VPC on Amazon EC2 instances behindAn application Load
Balancer. Traffic to the Amazon EC2 instances must be limited to traffic from the
Application Load Balancer. Based on these requirements, the security group
configuration should only allow traffic from:
C. the security group attached to the Application Load Balancer.

QUESTION: 331
A Solutions Architect notices slower response times from an application. The CloudWatch
metrics on the MySQL RDS indicate Read IOPS are high and fluctuate significantly when
the database is under load.
How should the database environment be re-designed to resolve the IOPS fluctuation?
B. Change the storage type to Provisioned IOPS.

QUESTION: 332
A business team requires a structured storage solution to store all ofA company’s historical
sales data.
Currently there are 4 TB of data, which will grow to hundreds of terabytes within a
few years. The team must be able to regularly run queries against the data using
current business intelligence tools. Fast performance is required despite the dataset
growth.
Which solution should the company use?
A. Amazon Redshift

QUESTION: 333
A Solutions Architect is working on a PCI-compliant architecture that needs to call an external
service provider's API. The external provider requires IP whitelisting to verify the calling party.
How should the Solutions Architect provide the external party with the IP addresses for
whitelisting?
A. Use an API Gateway in proxy mode, and provide the API Gateway's IP address to the
external service provider.

QUESTION: 334
A Solutions Architect is architectingA workload that requires a performant objectbased
storage system that must be shared with multiple Amazon EC2 instances.
Which AWS service meets this requirement?
A. Amazon EFS

QUESTION: 335
A media company has more than 100TB of data to be stored and retrieved infrequently.
However, the company occasionally receives requests for data within an hour. The company
needs a low-cost retrieval method to handle the requests.
Which service meets this requirement?
D. Amazon S3 Standard Infrequent Access
QUESTION:
336
A Solutions Architect is defining a shared Amazon S3 bucket where corporate applications
will save objects.
How can the Architect ensure that whenAn application uploads an object to the Amazon S3
bucket, the object is encrypted?
A. Set a CORS configuration.

QUESTION: 337
A company is creatingA web application that will run on an Amazon EC2 instance.
The application on the instance needs access to an Amazon DynamoDB table for
storage. What should be done to meet these requirements?
B.Create an 1AM role and assign the role to the EC2 instance with permissions to
the DynamoDB table.

QUESTION: 338
A client notices that their engineers often make mistakes when creating Amazon SQS
queues for their backend system.
Which action shouldA Solutions Architect recommend to improve this process?
D. Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.

QUESTION: 339
A company is migrating on-premises databases to AWS. The company's backend
application produces a large amount of database queries for reporting purposes, and the
company wants to offload some of those reads to Read Replica, allowing the primary
database to continue performing efficiently.
Which AWS database platforms will accomplish this? (Select TWO.)
A. Amazon RDS for Oracle
B.Amazon RDS for PostgreSQL

QUESTION: 340
A Solutions architect plans to migrate a load balancer tier from a data center to AWS.
Several websites have multiple domains that require secure load balancing. The architect
decides to use Elastic Load balancing application load Balancers. What is the most efficient
method for achieving secure communication?
D. let a third-party certificate manager manage certificates required to all domains and upload
them to the application load balancer.

QUESTION: 341
A Solutions Architect is designing a Lambda function that calls an API to list all running
Amazon RDS instances. How should the request be authorized?
B. Create an 1AM role to the Lambda function with permissions to list all Amazon RDS
instances.
QUESTION:
346
A customer hasAn application that is used by enterprise customers outside of AWS.
Some of these customers use legacy firewalls that cannot whitelist by DNS name, but
whitelist based only on IP address. The application is currently deployed in two Availability
Zones, with one EC2 instance in each that has Elastic IP addresses. The customer wants
to whitelist only two IP addresses, but the two existing EC2 instances cannot sustain the
amount of traffic. What canA Solutions Architect do to support the customer and allow for
more capacity? (Choose two.)
A. Create a Network Load Balancer with an interface in each subnet, and assign a static IP
address to each subnet.
E. Switch the two existing EC2 instances for an Auto Scaling group, and register them with
the Network Load Balancer.

QUESTION: 343
A team has developed a new web application inAn AWS Region that has three
Availability Zones: AZ-a, AZ-b, and AZ-c. This application must be fault tolerant and
needs at least six Amazon EC2 instances running at all times. The application must
tolerate the loss of connectivity to any single Availability Zone so that the application can
continue to run. Which configurations will meet these requirements? (Select TWO )
A. AZ-a with six EC2 instances, AZ-b with six EC2 instances, and AZ-c with no EC2
instances.
E. AZ-awith three EC2 instances,AZ-bwith three EC2 instances, andAZ-c with three EC2
instances.

QUESTION: 344
A Solutions Architect is designing a highly-available website that is served by multiple web
servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to
remove it from the rotation.
What is the MOST efficient way to fulfill this requirement?
D. Use Amazon Route 53 health checks.

QUESTION: 345
A customer set up an Amazon VPC with one private subnet and one public subnet with a
NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will
configure themselves at startup by downloading a bootstrap script from an Amazon S3
bucket with a policy that only allows access from the customer's Amazon EC2 instances and
then deploysAn application through GIT.A Solutions Architect has been asked to design a
solution that provides the highest level of security regarding network connectivity to the
Amazon EC2 instances.
How should the Architect design the infrastructure?
D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic
through the NAT gateway
QUESTION: 346
A company is developing a data lake solution in Amazon S3 to analyze large-scale
datasets. The solution makes infrequent SQL queries only. In addition, the company wants
to minimize infrastructure costs.
Which AWS service should be used to meet these requirements?
A. Amazon Athena

QUESTION: 347
A company has an Amazon RDS-managed online transaction processing system that has
very heavy read and write. The Solutions Architect notices throughput issues with the system.
How can the responsiveness of the primary database be improved?
B.Offload SELECT queries that can tolerate stale data to READ replica.

QUESTION: 348
Legacy applications currently send messages through a single Amazon EC2 instance, which
then routes the messages to the appropriate destinations. The Amazon EC2 instance is a
bottleneck and single point of failure, so the company would like to address these issues.
Which services could address this architectural use case? (Choose two.)
A. Amazon SNS
C. Amazon SQS

QUESTION: 349
A customer has a production application that frequently overwrites and deletes data, the
application requires the most up-to-date version of the data every time it is requested. Which
storage shouldA Solutions Architect recommend to bet accommodate this use case?
B.Amazon RDS

QUESTION: 350
A Solutions Architect must select the storage type for a big data application that requires very
high sequential I/O. The data must persist if the instance is stopped. Which of the
following storage types will provide the best fit at the LOWEST cost for the application?
C.An Amazon EBS throughput optimized HDD volume.

QUESTION: 351
A Solutions Architect must designA web application that will be hosted on AWS, allowing
users to purchase access to premium, shared content that is stored in an S3 bucket. Upon
payment, content will be available for download for 14 days before the user is denied
access. Which of the following would be the LEAST complicated implementation?
C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with
an Amazon S3 origin to provide access to the file through signed URLs. Design the
application to set an expiration of 14 days for the URL
QUESTION: 352
An application runs on multiple Amazon EC2 instances. Each running instance of the
application must have access to a shared file system. Where should the data be stored?
C. Amazon EFS

QUESTION: 353
A Solutions Architect is designing a solution that can monitor memory and disk space
utilization of all Amazon EC2 instances running Amazon Linux and Windows. Which solution
meets this requirement?
B. Custom Amazon CloudWatch metrics.

QUESTION: 354
Users submit requests to a service that takes several minutes to process.A Solutions
Architect needs to ensure that these requests are processed at least once, and that the
service has the ability to handle large increases in the number of requests. How should these
requirements be met?
A. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances
to poll the queue

QUESTION: 355
A company is designingA website that will be hosted on Amazon S3. How should users be
prevented from linking directly to the assets in the S3 bucket?
B.Create an Amazon CloudFront distribution with an Origin Access Identity (OAI) and
update the bucket policy to grant permission to the OAI only.

QUESTION: 356
A company creates business-critical 3D images every night. The images are batchprocessed
every Friday and require an uninterrupted 48 hours to complete. What is the MOST
cost- effective Amazon EC2 pricing model for this scenario?
B. Scheduled Reserved Instances

QUESTION: 357
A Solutions Architect is designing an Amazon VPC that requires access to a remote API
server using IPv6. Resources within the VPC should not be accessed directly from the
Internet.
How should this be achieved?
B. Attach an egress-only internet gateway and update the routing tables

QUESTION: 358
A retail company has sensors placed in its physical retail stores. The sensors send
messages over HTTP when customers interact with in-store product displays.A Solutions
Architect needs to implement a system for processing those sensor messages; the results
must be available for the Data Analysis team. Which architecture should be used to
meet these requirements?
D. Use AWS Direct Connect to connect sensors to DynamoDB so that data can be written
directly to a DynamoDB table where it can be accessed by the Data Analysis team.
QUESTION: 359
An Internet-facing multi-tier web application must be highly available. An ELB Classic
Load Balancer is deployed in front of the web tier. Amazon EC2 instances at the web
application tier are deployed evenly across two Availability Zones. The database is
deployed using RDS Multi- AZ. A NAT instance is launched for Amazon EC2 instances and
database resources to access the Internet. These instances are not assigned with public
IP addresses.
Which component poses a potential single point of failure in this architecture?
B. NAT instance

QUESTION: 360
A Solutions Architect plans to migrate a load balancer tier from a data center to AWS.
Several websites have multiple domains that require secure load balancing. The Architect
decides to use Elastic Load Balancing Application Load Balancers. What is the MOST
efficient method for achieving secure communication?
B. Create an SNI certificate and upload it to the Application Load Balancer