Summer Sale Special - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sntaclus

A company runs an intranet application on premises. The company wants to configure a cloud backup of the application. The company has selected AWS Elastic Disaster Recovery for this solution.

The company requires that replication traffic does not travel through the public internet. The application also must not be accessible from the internet. The company does not want this solution to consume all available network bandwidth because other applications require bandwidth.

Which combination of steps will meet these requirements? (Select THREE.)

A.

Create a VPC that has at least two private subnets, two NAT gateways, and a virtual private gateway.

B.

Create a VPC that has at least two public subnets, a virtual private gateway, and an internet gateway.

C.

Create an AWS Site-to-Site VPN connection between the on-premises network and the target AWS network.

D.

Create an AWS Direct Connect connection and a Direct Connect gateway between the on-premises network and the target AWS network.

E.

During configuration of the replication servers, select the option to use private IP addresses for data replication.

F.

During configuration of the launch settings for the target servers, select the option to ensure that the Recovery instance ' s private IP address matches the source server ' s private IP address.

A company has a website that runs on four Amazon EC2 instances that are behind an Application Load Balancer (ALB). When the ALB detects that an EC2 instance is no longer available, an Amazon CloudWatch alarm enters the ALARM state. A member of the company ' s operations team then manually adds a new EC2 instance behind the ALB.

A solutions architect needs to design a highly available solution that automatically handles the replacement of EC2 instances. The company needs to minimize downtime during the switch to the new solution.

Which set of steps should the solutions architect take to meet these requirements?

A.

Delete the existing ALB. Create an Auto Scaling group that is configured to handle the web application traffic. Attach a new launch template to the Auto Scaling group. Create a new ALB. Attach the Auto Scaling group to the new ALB. Attach the existing EC2 instances to the Auto Scaling group.

B.

Create an Auto Scaling group that is configured to handle the web application traffic. Attach a new launch template to the Auto Scaling group. Attach the Auto Scaling group to the existing ALB. Attach the existing EC2 instances to the Auto Scaling group.

C.

Delete the existing ALB and the EC2 instances. Create an Auto Scaling group that is configuredto handle the web application traffic. Attach a new launch template to the Auto Scaling group. Create a new ALB. Attach the Auto Scaling group to the new ALB. Wait for the Auto Scaling group to launch the minimum number of EC2 instances.

D.

Create an Auto Scaling group that is configured to handle the web application traffic. Attach a new launch template to the Auto Scaling group. Attach the Auto Scaling group to the existing ALB. Wait for the existing ALB to register the existing EC2 instances with the Auto Scaling group.

A company is using Amazon API Gateway to deploy a private REST API that will provide access to sensitive data. The API must be accessible only from an application that is deployed in a VPC. The company deploys the API successfully. However, the API is not accessible from an Amazon EC2 instance that is deployed in the VPC.

Which solution will provide connectivity between the EC2 instance and the API?

A.

Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that allows apigateway:* actions. Disable private DNS naming for the VPC endpoint. Configure an API resource policy that allows access from the VPC. Use the VPC endpoint ' s DNS name to access the API.

B.

Create an interface VPC endpoint for API Gateway. Attach an endpoint policy that allows the execute-api:lnvoke action. Enable private DNS naming for the VPC endpoint. Configure an API resource policy that allows access from the VPC endpoint. Use the API endpoint ' s DNS names to access the API. Most Voted

C.

Create a Network Load Balancer (NLB) and a VPC link. Configure private integration between API Gateway and the NLB. Use the API endpoint ' s DNS names to access the API.

D.

Create an Application Load Balancer (ALB) and a VPC Link. Configure private integration between API Gateway and the ALB. Use the ALB endpoint ' s DNS name to access the API.

A mobile gaming company is expanding into the global market. The company ' s game servers run in the us-east-1 Region. The game ' s client application uses UDP to communicate with the game servers and needs to be able to connect to a set of static IP addresses.

The company wants its game to be accessible on multiple continents. The company also wants the game to maintain its network performance and global availability.

Which solution meets these requirements?

A.

Provision an Application Load Balancer (ALB) in front of the game servers. Create an Amazon CloudFront distribution that has no geographical restrictions. Set the ALB as the origin. Perform DNS lookups for the cloudfront.net domain name. Use the resulting IP addresses in the game ' s client application.

B.

Provision game servers in each AWS Region. Provision an Application Load Balancer in front of the game servers. Create an Amazon Route 53 latency-based routing policy for the game ' s client application to use with DNS lookups.

C.

Provision game servers in each AWS Region. Provision a Network Load Balancer (NLB) in front of the game servers. Create an accelerator in AWS Global Accelerator, and configure endpoint groups in each Region. Associate the NLBs with the corresponding Regional endpoint groups. Point the game client ' s application to the Global Accelerator endpoints.

D.

Provision game servers in each AWS Region. Provision a Network Load Balancer (NLB) in front of the game servers. Create an Amazon CloudFront distribution that has no geographical restrictions. Set the NLB as the origin. Perform DNS lookups for the cloudfront.net domain name. Use the resulting IP addresses in the game ' s client application.

An events company runs a ticketing platform on AWS. The company ' s customers configure and schedule their events on the platform The events result in large increases of traffic to the platform The company knows the date and time of each customer ' s events

The company runs the platform on an Amazon Elastic Container Service (Amazon ECS) cluster The ECS cluster consists of Amazon EC2 On-Demand Instances that are in an Auto Scaling group. The Auto Scaling group uses a predictive scaling policy

The ECS cluster makes frequent requests to an Amazon S3 bucket to download ticket assets The ECS cluster and the S3 bucket are in the same AWS Region and the same AWS account Traffic between the ECS cluster and the S3 bucket flows across a NAT gateway

The company needs to optimize the cost of the platform without decreasing the platform ' s availability

Which combination of steps will meet these requirements? (Select TWO)

A.

Create a gateway VPC endpoint for the S3 bucket

B.

Add another ECS capacity provider that uses an Auto Scaling group of Spot Instances Configure the new capacity provider strategy to have the same weight as the existing capacity provider strategy

C.

Create On-Demand Capacity Reservations for the applicable instance type for the time period of the scheduled scaling policies

D.

Enable S3 Transfer Acceleration on the S3 bucket

E.

Replace the predictive scaling policy with scheduled scaling policies for the scheduled events

A company is running a compute workload by using Amazon EC2 Spot Instances that are in an Auto Scaling group. The launch template uses two placement groups and a single instance type.

Recently, a monitoring system reported Auto Scaling instance launch failures that correlated with longer wait times for system users. The company needs to improve the overall reliability of the workload.

Which solution will meet this requirement?

A.

Replace the launch template with a launch configuration to use an Auto Scaling group thatuses attribute-based instance type selection.

B.

Create a new launch template version that uses attribute-based instance type selection. Configure the Auto Scaling group to use the new launch template version.

C.

Update the launch template Auto Scaling group to increase the number of placement groups.

D.

Update the launch template to use a larger instance type.

A company is designing its network configuration in the AWS Cloud. The company uses AWS Organizations to manage a multi-account setup. The company has three OUs. Each OU contains more than 100 AWS accounts. Each account has a single VPC, and all the VPCs in each OU are in the same AWS Region.

The CIDR ranges for all the AWS accounts do not overlap. The company needs to implement a solution in which VPCs in the same OU can communicate with each other but cannot communicatewith VPCs in other OUs.

Which solution will meet these requirements with the LEAST operational overhead?

A.

Create an AWS CloudFormation stack set that establishes VPC peering between accounts in each OU. Provision the stack set in each OU.

B.

In each OU, create a dedicated networking account that has a single VPC. Share this VPC with all the other accounts in the OU by using AWS Resource Access Manager (AWS RAM). Create a VPC peering connection between the networking account and each account in the OU.

C.

Provision a transit gateway in an account in each OU. Share the transit gateway across the organization by using AWS Resource Access Manager (AWS RAM). Create transit gateway VPC attachments for each VPC.

D.

In each OU, create a dedicated networking account that has a single VPC. Establish a VPN connection between the networking account and the other accounts in the OU. Use third-party routing software to route transitive traffic between the VPCs.

A company stores a static website on Amazon S3. AWS Lambda functions retrieve content from an S3 bucket and serve the content as a website. An Application Load Balancer (ALB) directs incoming traffic to the Lambda functions. An Amazon CloudFront distribution routes requests to the ALB.

The company has set up an AWS Certificate Manager (ACM) certificate on the HTTPS listener of the ALB. The company needs all users to communicate with the website through HTTPS. HTTP users must not receive an error.

Which combination of steps will meet these requirements? (Select THREE.)

A.

Configure the ALB with a TCP listener on port 443 for passthrough to backend systems.

B.

Create an S3 bucket policy that denies access to the S3 bucket if the aws:SecureTransport request is false.

C.

Configure HTTP to HTTPS redirection on the S3 bucket.

D.

Set the origin protocol policy to HTTPS Only for CloudFront.

E.

Set the viewer protocol policy to HTTPS Only for CloudFront.

F.

Set the viewer protocol policy to Redirect HTTP to HTTPS for CloudFront.

A company is using AWS CloudFormation to deploy its infrastructure. The company is concerned that, if a production CloudFormation stack is deleted, important data stored in Amazon RDS databases or Amazon EBS volumes might also be deleted.

How can the company prevent users from accidentally deleting data in this way?

A.

Modify the CloudFormation templates to add a DeletionPolicy attribute to RDS and EBS resources.

B.

Configure a stack policy that disallows the deletion of RDS and EBS resources.

C.

Modify 1AM policies to deny deleting RDS and EBS resources that are tagged with an " awsrcloudformation: stack-name " tag.

D.

Use AWS Config rules to prevent deleting RDS and EBS resources.

A company is subject to regulatory audits of its financial information. External auditors who use a single AWS account need access to the company ' s AWS account. A solutions architect must provide the auditors with secure, read-only access to the company ' s AWS account. The solution must comply with AWS security best practices.

Which solution will meet these requirements?

A.

In the company ' s AWS account, create resource policies for all resources in the account to grant access to the auditors ' AWS account. Assign a unique external ID to the resource policy.

B.

In the company ' s AWS account create an IAM role that trusts the auditors ' AWS account Create an IAM policy that has the required permissions. Attach the policy to the role. Assign a unique external ID to the role ' s trust policy.

C.

In the company ' s AWS account, create an IAM user. Attach the required IAM policies to the IAM user. Create API access keys for the IAM user. Share the access keys with the auditors.

D.

In the company ' s AWS account, create an IAM group that has the required permissions Create an IAM user in the company s account for each auditor. Add the IAM users to the IAM group.

A company hosts a multi-tier data processing application that consists of a static web application frontend and APIs that are hosted on multiple Amazon EC2 instances. The application stores search data on a single-node Amazon OpenSearch Service cluster that runs on an EC2 instance. The application stores additional data in a PostgreSQL database that runs on another EC2 instance. An NGINX server that is hosted on an EC2 instance serves the web application.

The company has experienced some support issues with the application and wants to modernize the application.

Which solution meets these requirements with the LEAST operational overhead?

A.

Create an Amazon ECS cluster that runs on AWS Fargate. Configure the ECS cluster to pull images from the Amazon ECR public repositories for OpenSearch Service, PostgreSQL, and NGINX and from a private repository for the APIs.

B.

Host the web application on Amazon CloudFront by using an Amazon S3 origin. Use OpenSearch Service to store the search data and migrate the PostgreSQL database to an Amazon Aurora PostgreSQL cluster. Run the APIs on AWS App Runner.

C.

Create an Amazon EKS cluster that has a managed node group. Configure the EKS cluster to pull images from the Amazon ECR public repositories for OpenSearch Service, PostgreSQL, and NGINX and from a private repository for the APIs.

D.

Configure AWS App Runner to pull images from the Amazon ECR public repositories for OpenSearch Service, PostgreSQL, and NGINX and from a private repository for the APIs. Deploy the images to App Runner.

A company has several AWS Lambda functions written in Python. The functions are deployed with the .zip package deployment type. The functions use a Lambda layer that contains common libraries and packages in a .zip file. The Lambda .zip packages and the Lambda layer .zip file are stored in an Amazon S3 bucket.

The company must implement automatic scanning of the Lambda functions and the Lambda layer to identify CVEs. A subset of the Lambda functions must receive automated code scans to detect potential data leaks and other vulnerabilities. The code scans must occur only for selected Lambda functions, not all the Lambda functions.

Which combination of actions will meet these requirements? (Select THREE.)

A.

Activate Amazon Inspector. Start automated CVE scans.

B.

Activate Lambda standard scanning and Lambda code scanning in Amazon Inspector.

C.

Enable Amazon GuardDuty. Enable the Lambda Protection feature in GuardDuty.

D.

Enable scanning in the Monitor settings of the Lambda functions that need code scans.

E.

Tag Lambda functions that do not need code scans. In the tag, include a key of InspectorCodeExclusion and a value of LambdaCodeScanning.

F.

Use Amazon Inspector to scan the S3 bucket that contains the Lambda .zip packages and the Lambda layer .zip file for code scans.

A company is migrating its on-premises file transfer solution to AWS Transfer Family. The on-premises host includes an SFTP server to receive files, an application that performs a transformation of the files, and a messaging server. The transformations run every 5 minutes. When a transformation is complete, the application sends a message to a queue on the messaging server. The company needs to simplify the solution and reduce the management of the components. What should the company do to meet these requirements with the LEAST operational overhead?

A.

Configure Transfer Family to use Amazon EFS storage. Use a cron job on Amazon EFS to perform the transformations. Configure the cron job to publish a message to an Amazon SNS topic when a file has been transformed.

B.

Configure Transfer Family to use Amazon S3 storage. Use Amazon EMR to perform the transformations. Configure Amazon EMR to send a message to an Amazon SNS topic when a file has been transformed.

C.

Configure Transfer Family to use Amazon S3 storage. Use AWS Glue to perform the transformations after S3 event notifications. Configure AWS Glue to send a message to an Amazon SQS queue when a file has been transformed.

D.

Configure Transfer Family to use Amazon EFS storage. Create an AWS Glue time-based job to run every 5 minutes to initiate an AWS Glue transformation. Configure AWS Glue to send a message to an Amazon SQS queue when a file has been transformed.

A company needs a highly available database solution for an application. The solution must be able to fail over to a secondary AWS Region with an RPO of 5 minutes and an RTO of 20 minutes. The database is approximately 10 TB in size.

Which solution will meet these requirements?

A.

Deploy an Amazon Aurora DB cluster and take snapshots of the cluster every 5 minutes. When each snapshot is complete, copy the snapshot to a secondary Region.

B.

Deploy an Amazon RDS Multi-AZ DB cluster with a cross-Region read replica in a secondary Region. Use an Amazon CloudWatch alarm to invoke an AWS Lambda function that promotes the read replica to become the primary in the event of a failure.

C.

Deploy an Amazon Aurora DB cluster in the primary Region. Configure Amazon EventBridge to target Amazon RDS to create a second cluster in the event of a failure. Use AWS DMS to keep the secondary Region in sync with the primary Region.

D.

Deploy an Amazon RDS Multi-AZ DB cluster in the primary Region with a cross-Region read replica in a secondary Region. Configure automated backups and enable automated failover to promote the read replica to become the primary in the secondary Region.

A company in the United States (US) has acquired a company in Europe. Both companies use the AWS Cloud. The US company has built a new application with a microservices architecture. The US company is hosting the application across five VPCs in the us-east-2 Region. The application must be able to access resources in one VPC in the eu-west-1 Region. However, the application must not be able to access any other VPCs. The VPCs in both Regions have no overlapping CIDR ranges. All accounts are already consolidated in one organization in AWS Organizations. Which solution will meet these requirements MOST cost-effectively?

A.

Create one transit gateway in eu-west-1. Attach the VPCs in us-east-2 and the VPC in eu-west-1 to the transit gateway. Create the necessary route entries in each VPC so that the traffic is routed through the transit gateway.

B.

Create one transit gateway in each Region. Attach the involved subnets to the regional transit gateway. Create the necessary route entries in the associated route tables for each subnet so that the traffic is routed through the regional transit gateway. Peer the two transit gateways.

C.

Create a full mesh VPC peering connection configuration between all the VPCs. Create the necessary route entries in each VPC so that the traffic is routed through the VPC peering connection.

D.

Create one VPC peering connection for each VPC in us-east-2 to the VPC in eu-west-1. Create the necessary route entries in each VPC so that the traffic is routed through the VPC peering connection.