A company is launching a new gaming application. The company will use Amazon EC2 Auto Scaling groups to deploy the application. The application stores user data in a relational database. The company has office locations around the world that need to run analytics on the user data in the database. The company needs a cost-effective database solution that provides cross-Region disaster recovery with low-latency read performance across AWS Regions. Which solution will meet these requirements?
A. Create an Amazon ElastiCache for Redis cluster in the Region where the application is
deployed. Create read replicas in Regions where the company offices are located. Ensure
the company offices read from the read replica instances.
B. Create Amazon DynamoDB global tables. Deploy the tables to the Regions where the company offices are located and to the Region where the application is deployed. Ensure that each company office reads from the tables that are in the same Region as the office.
C. Create an Amazon Aurora global database. Configure the primary cluster to be in the Region where the application is deployed. Configure the secondary Aurora replicas to be in the Regions where the company offices are located. Ensure the company offices read from the Aurora replicas.
D. Create an Amazon RDS Multi-AZ DB cluster deployment in the Region where the application is deployed. Ensure the company offices read from read replica instances.
How can trade data from DynamoDB be ingested into an S3 data lake for near realtime analysis?
A. Use DynamoDB Streams to invoke a Lambda function that writes to S3.
B. Use DynamoDB Streams to invoke a Lambda function that writes to Data Firehose, which writes to S3.
C. Enable Kinesis Data Streams on DynamoDB. Configure it to invoke a Lambda function that writes to S3.
D. Enable Kinesis Data Streams on DynamoDB. Use Data Firehose to write to S3.
A logistics company is creating a data exchange platform to share shipment status information with shippers. The logistics company can see all shipment information and metadata. The company distributes shipment data updates to shippers. Each shipper should see only shipment updates that are relevant to their company. Shippers should not see the full detail that is visible to the logistics company. The company creates an Amazon Simple Notification Service (Amazon SNS) topic for each shipper to share data. Some shippers use a mobile app to submit shipment status updates. The company needs to create a data exchange platform that provides each shipper specific access to the data that is relevant to their company. Which solution will meet these requirements with the LEAST operational overhead?
A. Ingest the shipment updates from the mobile app into Amazon Simple Queue Service
(Amazon SQS). Publish the updates to the SNS topic. Apply a filter policy to rewrite the
body of each message.
B. Ingest the shipment updates from the mobile app into Amazon Simple Queue Service (Amazon SQS). Use an AWS Lambda function to consume the updates from Amazon SQS and rewrite the body of each message. Publish the updates to the SNS topic.
C. Ingest the shipment updates from the mobile app into a second SNS topic. Publish the updates to the shipper SNS topic. Apply a filter policy to rewrite the body of each message.
D. Ingest the shipment updates from the mobile app into Amazon Simple Queue Service (Amazon SQS). Filter and rewrite the messages in Amazon EventBridge Pipes. Publish the updates to the SNS topic.
A company has developed an API using Amazon API Gateway REST API and AWS Lambda. How can latency be reduced for users worldwide?
A. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable
content encoding to compress data in transit.
B. Deploy the REST API as a Regional API endpoint. Enable caching. Enable content encoding to compress data in transit.
C. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.
D. Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.
A company has developed an API using Amazon API Gateway REST API and AWS Lambda. How can latency be reduced for users worldwide?
A. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Enable
content encoding to compress data in transit.
B. Deploy the REST API as a Regional API endpoint. Enable caching. Enable content encoding to compress data in transit.
C. Deploy the REST API as an edge-optimized API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.
D. Deploy the REST API as a Regional API endpoint. Enable caching. Configure reserved concurrency for Lambda functions.
A company hosts an Amazon EC2 instance in a private subnet in a new VPC. The VPC also has a public subnet that has the default route set to an internet gateway. The private subnet does not have outbound internet access. The EC2 instance needs to have the ability to download monthly security updates from an outside vendor. However, the company must block any connections that are initiated from the internet. Which solution will meet these requirements?
A. Configure the private subnet route table to use the internet gateway as the default route.
B. Create a NAT gateway in the public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
C. Create a NAT instance in the private subnet. Configure the private subnet route table to use the NAT instance as the default route.
D. Create a NAT instance in the private subnet. Configure the private subnet route table to use the internet gateway as the default route.
A company hosts an Amazon EC2 instance in a private subnet in a new VPC. The VPC also has a public subnet that has the default route set to an internet gateway. The private subnet does not have outbound internet access. The EC2 instance needs to have the ability to download monthly security updates from an outside vendor. However, the company must block any connections that are initiated from the internet. Which solution will meet these requirements?
A. Configure the private subnet route table to use the internet gateway as the default route.
B. Create a NAT gateway in the public subnet. Configure the private subnet route table to use the NAT gateway as the default route.
C. Create a NAT instance in the private subnet. Configure the private subnet route table to use the NAT instance as the default route.
D. Create a NAT instance in the private subnet. Configure the private subnet route table to use the internet gateway as the default route.
A finance company has a web application that generates credit reports for customers. The company hosts the frontend of the web application on a fleet of Amazon EC2 instances that is associated with an Application Load Balancer (ALB). The application generates reports by running queries on an Amazon RDS for SQL Server database. The company recently discovered that malicious traffic from around the world is abusing the application by submitting unnecessary requests. The malicious traffic is consuming significant compute resources. The company needs to address the malicious traffic. Which solution will meet this requirement?
A. Use AWS WAF to create a web ACL. Associate the web ACL with the ALB. Update the
web ACL to block IP addresses that are associated with malicious traffic.
B. Use AWS WAF to create a web ACL. Associate the web ACL with the ALB. Use the AWS WAF Bot Control managed rule feature.
C. Set up AWS Shield to protect the ALB and the database.
D. Use AWS WAF to create a web ACL. Associate the web ACL with the ALB. Configure the AWS WAF IP reputation rule.
An international company needs to share data from an Amazon S3 bucket to employees who are located around the world. The company needs a secure solution to provide employees with access to the S3 bucket. The employees are already enrolled in AWS 1AM Identity Center. Which solution will meet these requirements with the LEAST operational overhead?
A. Create a help desk application to generate an Amazon S3 presigned URL for each
employee. Configure the presigned URLs to have short expirations. Instruct employees to
contact the company help desk to receive a presigned URL to access the S3 bucket.
B. Create a group for Amazon S3 access in 1AM Identity Center. Add the employees who require access to the S3 bucket to the group. Create an 1AM policy to allow Amazon S3 access from the group. Instruct employees to use the AWS access portal to access the AWS Management Console and navigate to the S3 bucket.
C. Create an Amazon S3 File Gateway. Create one share for data uploads and a second share for data downloads. Set up an SFTP service on an Amazon EC2 instance. Mount the shares to the EC2 instance. Instruct employees to use the SFTP server.
D. Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider option. Use AWS Secrets Manager to manage the user credentials. Instruct employees to use Transfer Family SFTP.
A company needs a solution to automate email ingestion. The company needs to automatically parse email messages, look for email attachments, and save any attachments to an Amazon S3 bucket in near real time. Email volume varies significantly from day to day. Which solution will meet these requirements?
A. Set up email receiving in Amazon Simple Email Service {Amazon SES). Create a rule
set and a receipt rule. Create an AWS Lambda function that Amazon SES can invoke to
process the email bodies and attachments.
B. Set up email content filtering in Amazon Simple Email Service (Amazon SES). Create a content filtering rule based on sender, recipient, message body, and attachments.
C. Set up email receiving in Amazon Simple Email Service (Amazon SES). Configure Amazon SES and S3 Event Notifications to process the email bodies and attachments.
D. Create an AWS Lambda function to process the email bodies and attachments. Use Amazon EventBridge to invoke the Lambda function. Configure an EventBridge rule to listen for incoming emails.