A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in a VPC. An Amazon RDS for MySQL DB instance contains the data The company needs the ability to automatically detect and respond to suspicious or unexpected behavior in its AWS environment. The company already has added AWS WAF to its architecture. What should a solutions architect do next to protect against threats?
A. Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge tofilter for GuardDuty findings and to Invoke an AWS Lambda function to adjust the AWSWAF rules.
B. Use AWS Firewall Manager to perform threat detection. Configure Amazon EventBridgeto filter for Firewall Manager findings and to invoke an AWS Lambda function to adjust theAWS WAF web ACL
C. Use Amazon Inspector to perform threat detection and lo update the AWS WAF rules. Create a VPC network ACL to limit access to the web application.
D. Use Amazon Macie to perform threat detection and to update the AWS WAF rules.Create a VPC network ACL to limit access to the web application.
A company is storing petabytes of data in Amazon S3 Standard The data is stored in multiple S3 buckets and is accessed with varying frequency The company does not know access patterns for all the data. The company needs to implement a solution for each S3 bucket to optimize the cost of S3 usage. Which solution will meet these requirements with the MOST operational efficiency?
A. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucketto S3 Intelligent-Tiering.
B. Use the S3 storage class analysis tool to determine the correct tier for each object in theS3 bucket. Move each object to the identified storage tier.
C. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucketto S3 Glacier Instant Retrieval.
D. Create an S3 Lifecycle configuration with a rule to transition the objects in the S3 bucketto S3 One Zone-Infrequent Access (S3 One Zone-IA).
A company needs to optimize its Amazon S3 storage costs for an application that generates many files that cannot be recreated Each file is approximately 5 MB and is stored in Amazon S3 Standard storage. The company must store the files for 4 years before the files can be deleted The files must be immediately accessible The files are frequently accessed in the first 30 days of object creation, but they are rarely accessed after the first 30 days. Which solution will meet these requirements MOST cost-effectively
A. Create an S3 Lifecycle policy to move the files to S3 Glacier Instant Retrieval 30 daysafter object creation. Delete the files 4 years after object creation.
B. Create an S3 Lifecycle policy to move the files to S3 One Zone-Infrequent Access (S3One Zone-IA) 30 days after object creation Delete the files 4 years after object creation.
C. Create an S3 Lifecycle policy to move the files to S3 Standard-Infrequent Access (S3Standard-IA) 30 days after object creation Delete the files 4 years after object creation.
D. Create an S3 Lifecycle policy to move the files to S3 Standard-Infrequent Access (S3Standard-IA) 30 days after object creation. Move the files to S3 Glacier Flexible Retrieval 4years after object creation.
A company is planning to migrate data to an Amazon S3 bucket The data must be encrypted at rest within the S3 bucket The encryption key must be rotated automatically every year. Which solution will meet these requirements with the LEAST operational overhead?
A. Migrate the data to the S3 bucket. Use server-side encryption with Amazon S3 managedkeys (SSE-S3). Use the built-in key rotation behavior of SSE-S3encryption keys.
B. Create an AWS Key Management Service (AWS KMS) customer managed key Enableautomatic key rotation Set the S3 bucket's default encryption behavior to use the customermanaged KMS key. Migrate the data to the S3 bucket.
C. Create an AWS Key Management Service (AWS KMS) customer managed key Set theS3 bucket's default encryption behavior to use the customer managed KMS key. Migratethe data to the S3 bucket. Manually rotate the KMS key every year.
D. Use customer key material to encrypt the data Migrate the data to the S3 bucket. Createan AWS Key Management Service (AWS KMS) key without key material Import thecustomer key material into the KMS key. Enable automatic key rotation.
An online photo-sharing company stores Hs photos in an Amazon S3 bucket that exists in the us-west-1 Region. The company needs to store a copy of all new photos in the us-east- 1 Region. Which solution will meet this requirement with the LEAST operational effort?
A. Create a second S3 bucket in us-east-1. Use S3 Cross-Region Replication to copyphotos from the existing S3 bucket to the second S3 bucket.
B. Create a cross-origin resource sharing (CORS) configuration of the existing S3 bucket.Specify us-east-1 in the CORS rule's AllowedOngm element.
C. Create a second S3 bucket in us-east-1 across multiple Availability Zones. Create an S3Lifecycle rule to save photos into the second S3 bucket,
D. Create a second S3 bucket In us-east-1. Configure S3 event notifications on objectcreation and update events to Invoke an AWS Lambda function to copy photos from theexisting S3 bucket to the second S3 bucket.
A robotics company is designing a solution for medical surgery The robots will use advanced sensors, cameras, and Al algorithms to perceive their environment and to complete surgeries. The company needs a public load balancer in the AWS Cloud that will ensure seamless communication with backend services. The load balancer must be capable of routing traffic based on the query strings to different target groups. The traffic must also be encrypted Which solution will meet these requirements?
A. Use a Network Load Balancer with a certificate attached from AWS Certificate Manager(ACM) Use query parameter-based routing
B. Use a Gateway Load Balancer. Import a generated certificate in AWS Identity andAccess Management (1AM). Attach the certificate to the load balancer. Use HTTP pathbasedrouting.
C. Use an Application Load Balancer with a certificate attached from AWS CertificateManager (ACM). Use query parameter-based routing.
D. Use a Network Load Balancer. Import a generated certificate in AWS Identity andAccess Management (1AM). Attach the certificate to the load balancer. Use queryparameter-based routing.
A company's application is running on Amazon EC2 instances within an Auto Scaling group behind an Elastic Load Balancing (ELB) load balancer Based on the application's history, the company anticipates a spike in traffic during a holiday each year. A solutions architect must design a strategy to ensure that the Auto Scaling group proactively increases capacity to minimize any performance impact on application users. Which solution will meet these requirements?
A. Create an Amazon CloudWatch alarm to scale up the EC2 instances when CPUutilization exceeds 90%.
B. Create a recurring scheduled action to scale up the Auto Scaling group before theexpected period of peak demand
C. Increase the minimum and maximum number of EC2 instances in the Auto Scalinggroup during the peak demand period
D. Configure an Amazon Simple Notification Service (Amazon SNS) notification to sendalerts when there are autoscaling:EC2_INSTANCE_LAUNCH events.
A company manages a data lake in an Amazon S3 bucket that numerous applications access The S3 bucket contains a unique prefix for each application The company wants to restrict each application to its specific prefix and to have granular control of the objects under each prefix. Which solution will meet these requirements with the LEAST operational overhead?
A. Create dedicated S3 access points and access point policies for each application.
B. Create an S3 Batch Operations job to set the ACL permissions for each object in the S3bucket
C. Replicate the objects in the S3 bucket to new S3 buckets for each application. Createreplication rules by prefix
D. Replicate the objects in the S3 bucket to new S3 buckets for each application Creatededicated S3 access points for each application
A company is migrating its workloads to AWS. The company has sensitive and critical data in on-premises relational databases that run on SQL Server instances. The company wants to use the AWS Cloud to increase security and reduce operational overhead for the databases. Which solution will meet these requirements?
A. Migrate the databases to Amazon EC2 instances. Use an AWS Key ManagementService (AWS KMS) AWS managed key for encryption.
B. Migrate the databases to a Multi-AZ Amazon RDS for SQL Server DB instance Use anAWS Key Management Service (AWS KMS) AWS managed key for encryption.
C. Migrate the data to an Amazon S3 bucket Use Amazon Macie to ensure data security
D. Migrate the databases to an Amazon DynamoDB table. Use Amazon CloudWatch Logsto ensure data security
A company runs workloads in the AWS Cloud The company wants to centrally collect security data to assess security across the entire company and to improve workload protection. Which solution will meet these requirements with the LEAST development effort?
A. Configure a data lake in AWS Lake Formation Use AWS Glue crawlers to ingest thesecurity data into the data lake.
B. Configure an AWS Lambda function to collect the security data in csv format. Upload thedata to an Amazon S3 bucket
C. Configure a data lake in Amazon Security Lake to collect the security data Upload thedata to an Amazon S3 bucket.
D. Configure an AWS Database Migration Service (AWS DMS) replication instance to loadthe security data into an Amazon RDS cluster