A company is launching a new application that will be hosted on Amazon EC2 instances. A solutions architect needs to design a solution that does not allow public IPv4 access that originates from the internet. However, the solution must allow the EC2 instances to make outbound IPv4 internet requests.
A. Deploy a NAT gateway in public subnets in both Availability Zones. Create and
configure one route table for each private subnet.
B. Deploy an internet gateway in public subnets in both Availability Zones. Create and
configure a shared route table for the private subnets.
C. Deploy a NAT gateway in public subnets in both Availability Zones. Create and configure a shared route table for the private subnets.
D. Deploy an egress-only internet gateway in public subnets in both Availability Zones. Create and configure one route table for each private subnet.
A company runs HPC workloads requiring high IOPS. Which combination of steps will meet these requirements? (Select TWO)
A. Use Amazon EFS as a high-performance file system.
B. Use Amazon FSx for Lustre as a high-performance file system.
C. Create an Auto Scaling group of EC2 instances. Use Reserved Instances. Configure a spread placement group. Use AWS Batch for analytics.
D. Use Mountpoint for Amazon S3 as a high-performance file system.
E. Create an Auto Scaling group of EC2 instances. Use mixed instance types and a cluster placement group. Use Amazon EMR for analytics.
A website uses EC2 instances with Auto Scaling and EFS. How can the company optimize costs?
A. Reconfigure the Auto Scaling group to set a desired number of instances. Turn off
scheduled scaling.
B. Create a new launch template version that uses larger EC2 instances.
C. Reconfigure the Auto Scaling group to use a target tracking scaling policy.
D. Replace the EFS volume with instance store volumes.
A company has customers located across the world. The company wants to use automation to secure its systems and network infrastructure The company's security team must be able to track and audit all incremental changes to the infrastructure. Which solution will meet these requirements?
A. Use AWS Organizations to set up the infrastructure. Use AWS Config to track changes
B. Use AWS Cloud Formation to set up the infrastructure. Use AWS Config to track changes.
C. Use AWS Organizations to set up the infrastructure. Use AWS Service Catalog to track changes.
D. Use AWS Cloud Formation to set up the infrastructure. Use AWS Service Catalog to track changes.
A company is designing a web application with an internet-facing Application Load Balancer (ALB). The company needs the ALB to receive HTTPS web traffic from the public internet. The ALB must send only HTTPS traffic to the web application servers hosted on the Amazon EC2 instances on port 443. The ALB must perform a health check of the web application servers over HTTPS on port 8443. Which combination of configurations of the security group that is associated with the ALB will meet these requirements? (Select THREE.)
A. Allow HTTPS inbound traffic from 0.0.0.0/0 for port 443.
B. Allow all outbound traffic to 0.0.0.0/0 for port 443.
C. Allow HTTPS outbound traffic to the web application instances for port 443.
D. Allow HTTPS inbound traffic from the web application instances for port 443. ALBs
E. Allow HTTPS outbound traffic to the web application instances for the health check on port 8443.
F. Allow HTTPS inbound traffic from the web application instances for the health check on port 8443.
A company wants to create an API to authorize users by using JSON Web Tokens (JWTs). The company needs to support dynamic access to multiple AWS services by using pathbased routing. Which solution will meet these requirements?
A. Deploy an Application Load Balancer behind an Amazon API Gateway REST API.
Configure 1AM authorization.
B. Deploy an Application Load Balancer behind an Amazon API Gateway HTTP API. Use Amazon Cognito for authorization.
C. Deploy a Network Load Balancer behind an Amazon API Gateway REST API. Use an AWS Lambda function as a custom authorizer.
D. Deploy a Network Load Balancer behind an Amazon API Gateway HTTP API. Use Amazon Cognito for authorization.
A company runs a production database on Amazon RDS for MySQL. The company wants to upgrade the database version for security compliance reasons. Because the database contains critical data, the company wants a quick solution to upgrade and test functionality without losing any data. Which solution will meet these requirements with the LEAST operational overhead?
A. Create an RDS manual snapshot. Upgrade to the new version of Amazon RDS for
MySQL.
B. Use native backup and restore. Restore the data to the upgraded new version of Amazon RDS for MySQL.
C. Use AWS Database Migration Service (AWS DMS) to replicate the data to the upgraded new version of Amazon RDS for MySQL.
D. Use Amazon RDS Blue/Green Deployments to deploy and test production changes.
A solutions architect is designing an application that helps users fill out and submit registration forms. The solutions architect plans to use a two-tier architecture that includes a web application server tier and a worker tier. The application needs to process submitted forms quickly. The application needs to process each form exactly once. The solution must ensure that no data is lost. Which solution will meet these requirements?
A. Use an Amazon Simple Queue Service {Amazon SQS) FIFO queue between the web
application server tier and the worker tier to store and forward form data.
B. Use an Amazon API Gateway HTTP API between the web application server tier and the worker tier to store and forward form data.
C. Use an Amazon Simple Queue Service (Amazon SQS) standard queue between the web application server tier and the worker tier to store and forward form data.
D. Use an AWS Step Functions workflow. Create a synchronous workflow between the web application server tier and the worker tier that stores and forwards form data.
A company tracks customer satisfaction by using surveys that the company hosts on its website. The surveys sometimes reach thousands of customers every hour. Survey results are currently sent in email messages to the company so company employees can manually review results and assess customer sentiment. The company wants to automate the customer survey process. Survey results must be available for the previous 12 months. Which solution will meet these requirements in the MOST scalable way?
A. Send the survey results data to an Amazon API Gateway endpoint that is connected to
an Amazon Simple Queue Service (Amazon SQS) queue. Create an AWS Lambda
function to poll the SQS queue, call Amazon Comprehend for sentiment analysis, and save
the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the
future.
B. Send the survey results data to an API that is running on an Amazon EC2 instance. Configure the API to store the survey results as a new record in an Amazon DynamoDB table, call Amazon Comprehend for sentiment analysis, and save the results in a second DynamoDB table. Set the TTL for all records to 365 days in the future.
C. Write the survey results data to an Amazon S3 bucket. Use S3 Event Notifications to invoke an AWS Lambda function to read the data and call Amazon Rekognition for sentiment analysis. Store the sentiment analysis results in a second S3 bucket. Use S3 Lifecycle policies on each bucket to expire objects after 365 days.
D. Send the survey results data to an Amazon API Gateway endpoint that is connected to an Amazon Simple Queue Service (Amazon SQS) queue. Configure the SQS queue to invoke an AWS Lambda function that calls Amazon Lex for sentiment analysis and saves the results to an Amazon DynamoDB table. Set the TTL for all records to 365 days in the future.
A company runs an order management application on AWS. The application allows customers to place orders and pay with a credit card. The company uses an Amazon CloudFront distribution to deliver the application. A security team has set up logging for all incoming requests. The security team needs a solution to generate an alert if any user modifies the logging configuration. Options (Select TWO):
A. Configure an Amazon EventBridge rule that is invoked when a user creates or modifies
a CloudFront distribution. Add the AWS Lambda function as a target of the EventBridge
rule.
B. Create an Application Load Balancer (ALB). Enable AWS WAF rules for the ALB. Configure an AWS Config rule to detect security violations.
C. Create an AWS Lambda function to detect changes in CloudFront distribution logging. Configure the Lambda function to use Amazon Simple Notification Service (Amazon SNS) to send notifications to the security team.
D. Set up Amazon GuardDuty. Configure GuardDuty to monitor findings from the CloudFront distribution. Create an AWS Lambda function to address the findings.
E. Create a private API in Amazon API Gateway. Use AWS WAF rules to protect the private API from common security problems.