A company currently runs an on-premises stock trading application by using Microsoft Windows Server. The company wants to migrate the application to the AWS Cloud. The company needs to design a highly available solution that provides low-latency access to block storage across multiple Availability Zones. Which solution will meet these requirements with the LEAST implementation effort?
A. Configure a Windows Server cluster that spans two Availability Zones on Amazon EC2
instances. Install the application on both cluster nodes. Use Amazon FSx for Windows File
Server as shared storage between the two cluster nodes.
B. Configure a Windows Server cluster that spans two Availability Zones on Amazon EC2
instances. Install the application on both cluster nodes Use Amazon Elastic Block Store
(Amazon EBS) General Purpose SSD (gp3) volumes as storage attached to the EC2
instances. Set up application-level replication to sync data from one EBS volume in one
Availability Zone to another EBS volume in the second Availability Zone.
C. Deploy the application on Amazon EC2 instances in two Availability Zones Configure
one EC2 instance as active and the second EC2 instance in standby mode. Use an
Amazon FSx for NetApp ONTAP Multi-AZ file system to access the data by using Internet
Small Computer Systems Interface (iSCSI) protocol.
D. Deploy the application on Amazon EC2 instances in two Availability Zones. Configure
one EC2 instance as active and the second EC2 instance in standby mode. Use Amazon
Elastic Block Store (Amazon EBS) Provisioned IOPS SSD (io2) volumes as storage
attached to the EC2 instances. Set up Amazon EBS level replication to sync data from one
io2 volume in one Availability Zone to another io2 volume in the second Availability Zone.
A company is migrating its databases to Amazon RDS for PostgreSQL. The company is migrating its applications to Amazon EC2 instances. The company wants to optimize costs for long-running workloads. Which solution will meet this requirement MOST cost-effectively?
A. Use On-Demand Instances for the Amazon RDS for PostgreSQL workloads. Purchase a
1 year Compute Savings Plan with the No Upfront option for the EC2 instances.
B. Purchase Reserved Instances for a 1 year term with the No Upfront option for the
Amazon RDS for PostgreSQL workloads. Purchase a 1 year EC2 Instance Savings Plan
with the No Upfront option for the EC2 instances.
C. Purchase Reserved Instances for a 1 year term with the Partial Upfront option for the
Amazon RDS for PostgreSQL workloads. Purchase a 1 year EC2 Instance Savings Plan
with the Partial Upfront option for the EC2 instances.
D. Purchase Reserved Instances for a 3 year term with the All Upfront option for the Amazon RDS for PostgreSQL workloads. Purchase a 3 year EC2 Instance Savings Plan with the All Upfront option for the EC2 instances.
A company hosts an application in a private subnet. The company has already integrated the application with Amazon Cognito. The company uses an Amazon Cognito user pool to authenticate users. The company needs to modify the application so the application can securely store user documents in an Amazon S3 bucket. Which combination of steps will securely integrate Amazon S3 with the application? (Select TWO.)
A. Create an Ama2on Cognito identity pool to generate secure Amazon S3 access tokens
for users when they successfully log in.
B. Use the existing Amazon Cognito user pool to generate Amazon S3 access tokens for users when they successfully log in.
C. Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.
D. Create a NAT gateway in the VPC where the company hosts the application. Assign a
policy to the S3 bucket to deny any request that is not initiated from Amazon Cognito.
E. Attach a policy to the S3 bucket that allows access only from the users' IP addresses.
A company hosts its application on several Amazon EC2 instances inside a VPC. The company creates a dedicated Amazon S3 bucket for each customer to store their relevant information in Amazon S3. The company wants to ensure that the application running on EC2 instances can securely access only the S3 buckets that belong to the company's AWS account. Which solution will meet these requirements with the LEAST operational overhead?
A. Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the 1AM
instance profile policy to provide access to only the specific buckets that the application
needs.
B. Create a NAT gateway in a public subnet with a security group that allows access to
only Amazon S3 Update the route tables to use the NAT Gateway.
C. Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the 1AM
instance profile policy with a Deny action and the following condition key:
D. Create a NAT Gateway in a public subnet Update route tables to use the NAT Gateway
Assign bucket policies for all buckets with a Deny action and the following condition key:
A company wants to standardize its Amazon Elastic Block Store (Amazon EBS) volume encryption strategy. The company also wants to minimize the cost and configuration effort required to operate the volume encryption check. Which solution will meet these requirements?
A. Write API calls to describe the EBS volumes and to confirm the EBS volumes are
encrypted. Use Amazon EventBridge to schedule an AWS Lambda function to run the API
calls.
B. Write API calls to describe the EBS volumes and to confirm the EBS volumes are
encrypted. Run the API calls on an AWS Fargate task.
C. Create an AWS Identity and Access Management (1AM) policy that requires the use of
tags on EBS volumes. Use AWS Cost Explorer to display resources that are not properly
tagged. Encrypt the untagged resources manually.
D. Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to
flag the volume if it is not encrypted.
An online gaming company hosts its platform on Amazon EC2 instances behind Network Load Balancers (NLBs) across multiple AWS Regions. The NLBs can route requests to targets over the internet. The company wants to improve the customer playing experience by reducing end-to-end load time for its global customer base. Which solution will meet these requirements?
A. Create Application Load Balancers (ALBs) in each Region to replace the existing NLBs.
Register the existing EC2 instances as targets for the ALBs in each Region.
B. Configure Amazon Route 53 to route equally weighted traffic to the NLBs in each
Region.
C. Create additional NLBs and EC2 instances in other Regions where the company has
large customer bases.
D. Create a standard accelerator in AWS Global Accelerator. Configure the existing NLBs
as target endpoints.
A company has stored millions of objects across multiple prefixes in an Amazon S3 bucket by using the Amazon S3 Glacier Deep Archive storage class. The company needs to delete all data older than 3 years except for a subset of data that must be retained. The company has identified the data that must be retained and wants to implement a serverless solution. Which solution will meet these requirements?
A. Use S3 Inventory to list all objects. Use the AWS CLI to create a script that runs on an
Amazon EC2 instance that deletes objects from the inventory list.
B. Use AWS Batch to delete objects older than 3 years except for the data that must be
retained
C. Provision an AWS Glue crawler to query objects older than 3 years. Save the manifest
file of old objects. Create a script to delete objects in the manifest.
D. Enable S3 Inventory. Create an AWS Lambda function to filter and delete objects.
Invoke the Lambda function with S3 Batch Operations to delete objects by using the
inventory reports.
A solutions architect needs to connect a company's corporate network to its VPC to allow on-premises access to its AWS resources. The solution must provide encryption of all traffic between the corporate network and the VPC at the network layer and the session layer. The solution also must provide security controls to prevent unrestricted access between AWS and the on-premises systems. Which solution meets these requirements?
A. Configure AWS Direct Connect to connect to the VPC. Configure the VPC route tables
to allow and deny traffic between AWS and on premises as required.
B. Create an 1AM policy to allow access to the AWS Management Console only from a
defined set of corporate IP addresses Restrict user access based on job responsibility by
using an 1AM policy and roles
C. Configure AWS Site-to-Site VPN to connect to the VPC. Configure route table entries to
direct traffic from on premises to the VPC. Configure instance security groups and network
ACLs to allow only required traffic from on premises.
D. Configure AWS Transit Gateway to connect to the VPC. Configure route table entries to
direct traffic from on premises to the VPC. Configure instance security groups and network
ACLs to allow only required traffic from on premises.
A company currently stores 5 TB of data in on-premises block storage systems. The company's current storage solution provides limited space for additional data. The company runs applications on premises that must be able to retrieve frequently accessed data with low latency. The company requires a cloud-based storage solution. Which solution will meet these requirements with the MOST operational efficiency?
A. Use Amazon S3 File Gateway Integrate S3 File Gateway with the on-premises
applications to store and directly retrieve files by using the SMB file system.
B. Use an AWS Storage Gateway Volume Gateway with cached volumes as iSCSt targets.
C. Use an AWS Storage Gateway Volume Gateway with stored volumes as iSCSI targets.
D. Use an AWS Storage Gateway Tape Gateway. Integrate Tape Gateway with the onpremises applications to store virtual tapes in Amazon S3.
A company has a three-tier web application that processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer. The processing tier consists of EC2 instances. The company decoupled the web tier and processing tier by using Amazon Simple Queue Service (Amazon SQS). The storage layer uses Amazon DynamoDB. At peak times some users report order processing delays and halts. The company has noticed that during these delays, the EC2 instances are running at 100% CPU usage, and the SQS queue fills up. The peak times are variable and unpredictable. The company needs to improve the performance of the application Which solution will meet these requirements?
A. Use scheduled scaling for Amazon EC2 Auto Scaling to scale out the processing tier
instances for the duration of peak usage times. Use the CPU Utilization metric to determine
when to scale.
B. Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier. Use target
utilization as a metric to determine when to scale.
C. Add an Amazon CloudFront distribution to cache the responses for the web tier. Use
HTTP latency as a metric to determine when to scale.
D. Use an Amazon EC2 Auto Scaling target tracking policy to scale out the processing tier
instances. Use the ApproximateNumberOfMessages attribute to determine when to scale.