A company uses a service to collect metadata from applications that the company hosts on premises.
Consumer devices such as TVs and internet radios access the applications. Many older devices do not
support certain HTTP headers and exhibit errors when these headers are present in responses. The
company has configured an on-premises load balancer to remove the unsupported headers from
responses sent to older devices, which the company identified by the User-Agent headers.
The company wants to migrate the service to AWS, adopt serverless technologies, and retain the
ability to support the older devices. The company has already migrated the applications into a set of
AWS Lambda functions.
Which solution will meet these requirements?
D
Explanation:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html
A company is running a traditional web application on Amazon EC2 instances. The company needsto
refactor the application as microservices that run on containers. Separate versions of the application
exist in two distinct environments: production and testing. Load for the application is variable, but
the minimum load and the maximum load are known. A solutions architect needs to design the
updated application with a serverless architecture that minimizes operational complexity.
Which solution will meet these requirements MOST cost-effectively?
B
Explanation:
minimizes operational + microservices that run on containers = AWS Elastic Beanstalk
A company has a multi-tier web application that runs on a fleet of Amazon EC2 instances behind an
Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB and the Auto
Scaling group are replicated in a backup AWS Region. The minimum value and the maximum value
for the Auto Scaling group are set to zero. An Amazon RDS Multi-AZ DB instance stores the
application’s dat
a. The DB instance has a read replica in the backup Region. The application presents an endpoint to
end users by using an Amazon Route 53 record.
The company needs to reduce its RTO to less than 15 minutes by giving the application the ability to
automatically fail over to the backup Region. The company does not have a large enough budget for
an active-active strategy.
What should a solutions architect recommend to meet these requirements?
B
Explanation:
an AWS Lambda function in the backup region to promote the read replica and modify the Auto
Scaling group values, and then configuring Route 53 with a health check that monitors the web
application and sends an Amazon SNS notification to the Lambda function when the health check
status is unhealthy. Finally, the application's Route 53 record should be updated with a failover policy
that routes traffic to the ALB in the backup region when a health check failure occurs. This approach
provides automatic failover to the backup region when a health check failure occurs, reducing the
RTO to less than 15 minutes. Additionally, this approach is cost-effective as it does not require an
active-active strategy.
A company is hosting a critical application on a single Amazon EC2 instance. The application uses an
Amazon ElastiCache for Redis single-node cluster for an in-memory data store. The application uses
an Amazon RDS for MariaDB DB instance for a relational database. For the application to function,
each piece of the infrastructure must be healthy and must be in an active state.
A solutions architect needs to improve the application's architecture so that the infrastructure can
automatically recover from failure with the least possible downtime.
Which combination of steps will meet these requirements? (Select THREE.)
A,D,F
Explanation:
Option A is correct because using an Elastic Load Balancer and an Auto Scaling group with a
minimum capacity of two instances can improve the availability and scalability of the EC2 instances
that host the application. The load balancer can distribute traffic across multiple instances and the
Auto Scaling group can replace any unhealthy instances automatically1
Option D is correct because modifying the DB instance to create a Multi-AZ deployment that extends
across two Availability Zones can improve the availability and durability of the RDS for MariaDB
database. Multi-AZ deployments provide enhanceddata protection and minimize downtime by
automatically failing over to astandby replica in another Availability Zone in case of a planned or
unplanned outage4
Option F is correct because creating a replication group for the ElastiCache for Redis cluster and
enabling Multi-AZ on the cluster can improve the availability and fault tolerance of the in-memory
data store. A replication group consists of a primary node and up to five read-only replica nodes that
are synchronized with the primary node using asynchronous replication. Multi-AZ allows automatic
failover to one of the replicas if the primary node fails or becomes unreachable6
Reference: 1: https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-
balancing-works.html 2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/burstable-performance-instances-unlimited-mode.html 3:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html 4:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html 5:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoScaling.html 6:
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.Redis.Groups.html
A retail company is operating its ecommerce application on AWS. The application runs on Amazon
EC2 instances behind an Application Load Balancer (ALB). The company uses an Amazon RDS DB
instance as the database backend. Amazon CloudFront is configured with one origin that points to
the ALB. Static content is cached. Amazon Route 53 is used to host all public zones.
After an update of the application, the ALB occasionally returns a 502 status code (Bad Gateway)
error. The root cause is malformed HTTP headers that are returned to the ALB. The webpage returns
successfully when a solutions architect reloads the webpage immediately after the error occurs.
While the company is working on the problem, the solutions architect needs to provide a custom
error page instead of the standard ALB error page to visitors.
Which combination of steps will meet this requirement with the LEAST amount of operational
overhead? (Choose two.)
C,E
Explanation:
"Save your custom error pages in a location that is accessible to CloudFront. We recommend that you
store them in an Amazon S3 bucket, and that you don’t store them in the same place as the rest of
your website or application’s content. If you store the custom error pages on the same origin as your
website or application, and the origin starts to return 5xx errors, CloudFront can’t get the custom
error pages because the origin server is
unavailable."https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/GeneratingCustomErrorResponses.html
A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions
architect must implement a solution that the company can use to share a common network across
multiple accounts.
The company's infrastructure team has a dedicated infrastructure account that has a VPC. The
infrastructure team must use this account to manage the network. Individual accounts cannot have
the ability to manage their own networks. However, individual accounts must be able to create AWS
resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements?
(Select TWO.)
A,E
Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/sharing-managed-prefix-lists.html
A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS
application is consumed through several API calls. The third-party SaaS application also runs on AWS
inside a VPC.
The company will consume the third-party SaaS application from inside a VPC. The company has
internal security policies that mandate the use of private connectivity that does not traverse the
internet. No resources that run in the company VPC are allowed to be accessed from outside the
company’s VPC. All permissions must conform to the principles of least privilege.
Which solution meets these requirements?
A
Explanation:
Reference architecture -https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html
Note from documentation that Interface Endpoint is at client side
A company needs to implement a patching process for its servers. The on-premises servers and
Amazon EC2 instances use a variety of tools to perform patching. Management requires a single
report showing the patch status of all the servers and instances.
Which set of actions should a solutions architect take to meet these requirements?
A
Explanation:
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-patch.html
A company is running an application on several Amazon EC2 instances in an Auto Scaling group
behind an Application Load Balancer. The load on the application varies throughout the day, and EC2
instances are scaled in and out on a regular basis. Log files from the EC2 instances are copied to a
central Amazon S3 bucket every 15 minutes. The security team discovers that log files are missing
from some of the terminated EC2 instances.
Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated
EC2 instances?
B
Explanation:
https://docs.aws.amazon.com/autoscaling/ec2/userguide/adding-lifecycle-hooks.html
- Refer to Default Result section - If the instance is terminating, both abandon and continue allow the
instance to terminate. However, abandon stops any remaining actions, such as other lifecycle hooks,
and continue allows any other lifecycle hooks to complete.
https://aws.amazon.com/blogs/infrastructure-and-automation/run-code-before-terminating-an-ec2-
auto-scaling-instance/
https://github.com/aws-samples/aws-lambda-lifecycle-hooks-function
https://github.com/aws-samples/aws-lambda-lifecycle-hooks-
function/blob/master/cloudformation/template.yaml
A company is using multiple AWS accounts The DNS records are stored in a private hosted zone for
Amazon Route 53 in Account A The company's applications and databases are running in Account B.
A solutions architect win deploy a two-net application In a new VPC To simplify the configuration, the
db.example com CNAME record set tor the Amazon RDS endpoint was created in a private hosted
zone for Amazon Route 53.
During deployment, the application failed to start. Troubleshooting revealed that db.example com is
not resolvable on the Amazon EC2 instance The solutions architect confirmed that the record set was
created correctly in Route 53.
Which combination of steps should the solutions architect take to resolve this issue? (Select TWO )
C,E
Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/private-hosted-zone-different-
account/
A company used Amazon EC2 instances to deploy a web fleet to host a blog site The EC2 instances
are behind an Application Load Balancer (ALB) and are configured in an Auto ScaSng group The web
application stores all blog content on an Amazon EFS volume.
The company recently added a feature 'or Moggers to add video to their posts, attracting 10 times
the previous user traffic At peak times of day. users report buffering and timeout issues while
attempting to reach the site or watch videos
Which is the MOST cost-efficient and scalable deployment that win resolve the issues for users?
C
Explanation:
https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-https-connection-fails/
Using an Amazon S3 bucket
Using a MediaStore container or a MediaPackage channel
Using an Application Load Balancer
Using a Lambda function URL
Using Amazon EC2 (or another custom origin)
Using CloudFront origin groups
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/restrict-access-to-load-balancer.html
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS
Region. The company's on-premises network uses the connection to communicate with the
company's resources in the AWS Cloud. The connection has a single private virtual interface that
connects to a single VPC.
A solutions architect must implement a solution that adds a redundant Direct Connect connection in
the same Region. The solution also must provide connectivity to other Regions through the same pair
of Direct Connect connections as the company expands into other Regions.
Which solution meets these requirements?
A
Explanation:
A Direct Connect gateway is a globally available resource. You can create the Direct Connect gateway
in any Region and access it from all other Regions. The following describe scenarios where you can
use a Direct Connect gateway.https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html
A company has a web application that allows users to upload short videos. The videos are stored on
Amazon EBS volumes and analyzed by custom recognition software for categorization.
The website contains stat c content that has variable traffic with peaks in certain months. The
architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web
application and EC2 instances running in an Auto Scaling group to process an Amazon SQS queue The
company wants to re-architect the application to reduce operational overhead using AWS managed
services where possible and remove dependencies on third-party software.
Which solution meets these requirements?
C
Explanation:
Option C is correct because hosting the web application in Amazon S3, storing the uploaded videos in
Amazon S3, and using S3 event notifications to publish events to the SQS queue reduces the
operational overhead of managing EC2 instances and EBS volumes. Amazon S3 can serve static
content such as HTML, CSS, JavaScript, and media files directly from S3 buckets. Amazon S3 can also
trigger AWS Lambda functions through S3 event notifications when new objects are created or
existing objects are updated or deleted. AWS Lambda can process the SQS queue with an AWS
Lambda function that calls the Amazon Rekognition API to categorize thevideos. This solution
eliminates the need for custom recognition software and third-party dependencies345
Reference: 1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html 2:
https://aws.amazon.com/efs/pricing/ 3:https://docs.aws.amazon.com/AmazonS3/latest/userguide/WebsiteHosting.html 4:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/NotificationHowTo.html 5:
https://docs.aws.amazon.com/rekognition/latest/dg/what-
is.html 6:https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html
A company has a serverless application comprised of Amazon CloudFront, Amazon API Gateway, and
AWS Lambda functions. The current deployment process of the application code is to create a new
version number of the Lambda function and run an AWS CLI script to update. If the new function
version has errors, another CLI script reverts by deploying the previous working version of the
function. The company would like to decrease the time to deploy new versions of the application
logic provided by the Lambda functions, and also reduce the time to detect and revert when errors
are identified.
How can this be accomplished?
B
Explanation:
https://aws.amazon.com/about-aws/whats-new/2017/11/aws-lambda-supports-traffic-shifting-and-
phased-deployments-with-aws-codedeploy/
A company is using an on-premises Active Directory service for user authentication. The company
wants to use the same authentication service to sign in to the company's AWS accounts, which are
using AWS Organizations. AWS Site-to-Site VPN connectivity already exists between the on-premises
environment and all the company's AWS accounts.
The company's security policy requires conditional access to the accounts based on user groups and
roles. User identities must be managed in a single location.
Which solution will meet these requirements?
D
Explanation:
https://aws.amazon.com/blogs/aws/new-attributes-based-access-control-with-aws-single-sign-on/