A company built an ecommerce website on AWS using a three-tier web architecture. The application is Java-based and composed of an Amazon CloudFront distribution, an Apache web server layer of Amazon EC2 instances in an Auto Scaling group, and a backend Amazon Aurora MySQL database. Last month, during a promotional sales event, users reported errors and timeouts while adding items to their shopping carts. The operations team recovered the logs created by the web servers and reviewed Aurora DB cluster performance metrics. Some of the web servers were terminated before logs could be collected and the Aurora metrics were not sufficient for query performance analysis. Which combination of steps must the solutions architect take to improve application performance visibility during peak traffic events? (Choose three.)
A. Configure the Aurora MySQL DB cluster to publish slow query and error logs to AmazonCloudWatch Logs.
B. Implement the AWS X-Ray SDK to trace incoming HTTP requests on the EC2 instancesand implement tracing of SQL queries with the X-Ray SDK for Java.
C. Configure the Aurora MySQL DB cluster to stream slow query and error logs to AmazonKinesis
D. Install and configure an Amazon CloudWatch Logs agent on the EC2 instances to sendthe Apache logs to CloudWatch Logs.
E. Enable and configure AWS CloudTrail to collect and analyze application activity fromAmazon EC2 and Aurora.
F. Enable Aurora MySQL DB cluster performance benchmarking and publish the stream toAWS X-Ray.
A company provides a software as a service (SaaS) application that runs in the AWS Cloud. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The instances are in an Auto Scaling group and are distributed across three Availability Zones in a single AWS Region. The company is deploying the application into additional Regions. The company must provide static IP addresses for the application to customers so that the customers can add the IP addresses to allow lists. The solution must automatically route customers to the Region that is geographically closest to them. Which solution will meet these requirements?
A. Create an Amazon CloudFront distribution. Create a CloudFront origin group. Add theNLB for each additional Region to the origin group. Provide customers with the IP addressranges of the distribution's edge locations.
B. Create an AWS Global Accelerator standard accelerator. Create a standard acceleratorendpoint for the NLB in each additional Region. Provide customers with the GlobalAccelerator IP address.
C. Create an Amazon CloudFront distribution. Create a custom origin for the NLB in eachadditional Region. Provide customers with the IP address ranges of the distribution's edgelocations.
D. Create an AWS Global Accelerator custom routing accelerator. Create a listener for thecustom routing accelerator. Add the IP address and ports for the NLB in each additionalRegion. Provide customers with the Global Accelerator IP address.
A company has a project that is launching Amazon EC2 instances that are larger than required. The project's account cannot be part of the company's organization in AWS Organizations due to policy restrictions to keep this activity outside of corporate IT. The company wants to allow only the launch of t3.small EC2 instances by developers in the project's account. These EC2 instances must be restricted to the us-east-2 Region. What should a solutions architect do to meet these requirements?
A. Create a new developer account. Move all EC2 instances, users, and assets into useast-2. Add the account to the company's organization in AWS Organizations. Enforce a tagging policy that denotes Region affinity.
B. Create an SCP that denies the launch of all EC2 instances except t3.small EC2instances in us-east-2. Attach the SCP to the project's account.
C. Create and purchase a t3.small EC2 Reserved Instance for each developer in us-east-2.Assign each developer a specific EC2 instance with their name as the tag.
D. Create an IAM policy than allows the launch of only t3.small EC2 instances in us-east-2.Attach the policy to the roles and groups that the developers use in the project's account.
A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs. The company needs to increase visibility into details of AWS Billing and Cost Management There are various accounts associated with AWS Organizations, including many development and production accounts There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed using AWS CloudFormation with consistent tagging. Management requires cost center numbers and project ID numbers for all existing and future DynamoDB tables and RDS instances. Which strategy should the solutions architect provide to meet these requirements?
A. Use Tag Editor to tag existing resources Create cost allocation tags to define the costcenter and project ID and allow 24 hours for tags to propagate to existing resources.
B. Use an AWS Config rule to alert the finance team of untagged resources Create acentralized AWS Lambda based solution to tag untagged RDS databases and DynamoDBresources every hour using a cross-account role.
C. Use Tag Editor to tag existing resources Create cost allocation tags to define the costcenter and project ID Use SCPs to restrict resource creation that do not have the costcenter and project ID on the resource.
D. Create cost allocation tags to define the cost center and project ID and allow 24 hoursfor tags to propagate to existing resources Update existing federated roles to restrictprivileges to provision resources that do not include the cost center and project ID on theresource.
A company wants to migrate its website from an on-premises data center onto AWS. At the same time, it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency. The company's security policy states that privileges and network permissions must be configured according to best practice, using least privilege. A Solutions Architect must create a containerized architecture that meets the security requirements and has deployed the application to an Amazon ECS cluster. What steps are required after the deployment to meet the requirements? (Choose two.)
A. Create tasks using the bridge network mode.
B. Create tasks using the awsvpc network mode.
C. Apply security groups to Amazon EC2 instances, and use IAM roles for EC2 instancesto access other resources.
D. Apply security groups to the tasks, and pass IAM credentials into the container at launchtime to access other resources.
E. Apply security groups to the tasks, and use IAM roles for tasks to access otherresources.
A company is migrating an application from on-premises infrastructure to the AWS Cloud. During migration design meetings, the company expressed concerns about the availability and recovery options for its legacy Windows file server. The file server contains sensitive business-critical data that cannot be recreated in the event of data corruption or data loss. According to compliance requirements, the data must not travel across the public internet. The company wants to move to AWS managed services where possible. The company decides to store the data in an Amazon FSx for Windows File Server file system. A solutions architect must design a solution that copies the data to another AWS Region for disaster recovery (DR) purposes. Which solution will meet these requirements?
A. Create a destination Amazon S3 bucket in the DR Region. Establish connectivitybetween the FSx for Windows File Server file system in the primary Region and the S3bucket in the DR Region by using Amazon FSx File Gateway. Configure the S3 bucket as acontinuous backup source in FSx File Gateway.
B. Create an FSx for Windows File Server file system in the DR Region. Establishconnectivity between the VPC in the primary Region and the VPC in the DR Region byusing AWS Site-to-Site VPN. Configure AWS DataSync to communicate by using VPNendpoints.
C. Create an FSx for Windows File Server file system in the DR Region. Establishconnectivity between the VPC in the primary Region and the VPC in the DR Region by using VPC peering. Configure AWS DataSync to communicate by using interface VPCendpoints with AWS PrivateLink.
D. Create an FSx for Windows File Server file system in the DR Region. Establishconnectivity between the VPC in the primary Region and the VPC in the DR Region byusing AWS Transit Gateway in each Region. Use AWS Transfer Family to copy filesbetween the FSx for Windows File Server file system in the primary Region and the FSx forWindows File Server file system in the DR Region over the private AWS backbonenetwork.
A company is building an application on AWS. The application sends logs to an Amazon Elasticsearch Service (Amazon ES) cluster for analysis. All data must be stored within a VPC. Some of the company's developers work from home. Other developers work from three different company office locations. The developers need to access Amazon ES to analyze and visualize logs directly from their local development machines. Which solution will meet these requirements?
A. Configure and set up an AWS Client VPN endpoint. Associate the Client VPN endpointwith a subnet in the VPC. Configure a Client VPN self-service portal. Instruct thedevelopers to connect by using the client for Client VPN.
B. Create a transit gateway, and connect it to the VPC. Create an AWS Site-to-Site VPN.Create an attachment to the transit gateway. Instruct the developers to connect by using anOpenVPN client.
C. Create a transit gateway, and connect it to the VPC. Order an AWS Direct Connectconnection. Set up a public VIF on the Direct Connect connection. Associate the public VIFwith the transit gateway. Instruct the developers to connect to the Direct Connectconnection
D. Create and configure a bastion host in a public subnet of the VPC. Configure the bastionhost security group to allow SSH access from the company CIDR ranges. Instruct thedevelopers to connect by using SSH.
A company owns a chain of travel agencies and is running an application in the AWS Cloud. Company employees use the application to search for information about travel destinations. Destination content is updated four times each year. Two fixed Amazon EC2 instances serve the application. The company uses an Amazon Route 53 public hosted zone with a multivalue record of travel.example.com that returns the Elastic IP addresses for the EC2 instances. The application uses Amazon DynamoDB as its primary data store. The company uses a self-hosted Redis instance as a caching solution. During content updates, the load on the EC2 instances and the caching solution increases drastically. This increased load has led to downtime on several occasions. A solutions architect must update the application so that the application is highly available and can handle the load that is generated by the content updates. Which solution will meet these requirements?
A. Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application touse DAX. Create an Auto Scaling group for the EC2 instances. Create an Application LoadBalancer (ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53record to use a simple routing policy that targets the ALB's DNS alias. Configure scheduledscaling for the EC2 instances before the content updates.
B. Set up Amazon ElastiCache for Redis. Update the application to use ElastiCache.Create an Auto Scaling group for the EC2 instances. Create an Amazon CloudFrontdistribution, and set the Auto Scaling group as an origin for the distribution. Update theRoute 53 record to use a simple routing policy that targets the CloudFront distribution'sDNS alias. Manually scale up EC2 instances before the content updates.
C. Set up Amazon ElastiCache for Memcached. Update the application to use ElastiCacheCreate an Auto Scaling group for the EC2 instances. Create an Application Load Balancer(ALB). Set the Auto Scaling group as a target for the ALB. Update the Route 53 record touse a simple routing policy that targets the ALB's DNS alias. Configure scheduled scalingfor the application before the content updates.
D. Set up DynamoDB Accelerator (DAX) as in-memory cache. Update the application touse DAX. Create an Auto Scaling group for the EC2 instances. Create an AmazonCloudFront distribution, and set the Auto Scaling group as an origin for the distribution.Update the Route 53 record to use a simple routing policy that targets the CloudFrontdistribution's DNS alias. Manually scale up EC2 instances before the content updates.
A company that provisions job boards for a seasonal workforce is seeing an increase in traffic and usage. The backend services run on a pair of Amazon EC2 instances behind an Application Load Balancer with Amazon DynamoDB as the datastore. Application read and write traffic is slow during peak seasons. Which option provides a scalable application architecture to handle peak seasons with the LEAST development effort?
A. Migrate the backend services to AWS Lambda. Increase the read and write capacity ofDynamoDB.
B. Migrate the backend services to AWS Lambda. Configure DynamoDB to use globaltables.
C. Use Auto Scaling groups for the backend services. Use DynamoDB auto scaling.
D. Use Auto Scaling groups for the backend services. Use Amazon Simple Queue Service(Amazon SQS) and an AWS Lambda function to write to DynamoDB.
A company has a new application that needs to run on five Amazon EC2 instances in a single AWS Region. The application requires high-through put. low-latency network connections between all to the EC2 instances where the application will run. There is no requirement for the application to be fault tolerant. Which solution will meet these requirements?
A. Launch five new EC2 instances into a cluster placement group. Ensure that the EC2instance type supports enhanced networking.
B. Launch five new EC2 instances into an Auto Scaling group in the same AvailabilityZone. Attach an extra elastic network interface to each EC2 instance.
C. Launch five new EC2 instances into a partition placement group. Ensure that the EC2instance type supports enhanced networking.
D. Launch five new EC2 instances into a spread placement group Attach an extra elasticnetwork interface to each EC2 instance.