A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received. Which solution will meet these requirements?

Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application receives an order. Configure the SQS FIFO queue to invoke an AWS Lambda function for processing.

Amazon SNS: SNS is a publish-subscribe service. It doesn't guarantee message order.

API Gateway Authorizer: Authorizers are used for authentication and authorization, not for managing message order.

Amazon SQS Standard Queue: Standard SQS queues do not guarantee message order. upvoted 3 times

Amazon SNS: SNS is a publish-subscribe service. It doesn't guarantee message order.

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of credential management. What should a solutions architect do to accomplish this goal?

Use AWS Secrets Manager. Turn on automatic rotation.

Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate the credential file to the S3 bucket. Point the application to the S3 bucket.

Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2 instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume. Show Suggested Answer by Sinaneos at Oct. 8, 2022, 10:15 a.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments SinaneosHighly Voted 2 years, 9 months ago Selected Answer: A B is wrong because parameter store does not support auto rotation, unless the customer writes it themselves, A is the answer. upvoted 102 times 17Master2 years, 8 months ago READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources. This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. upvoted 31 times hro1 year, 3 months ago A - additionally, Aurora manages the settings for the secret and rotates the secret every seven days by default. upvoted 3 times iCcma2 years, 8 months ago ty bro, I was confused about that and you just mentioned the "key" phrase, B doesn't support autorotation upvoted 3 times cookieMrHighly Voted 2 years ago Selected Answer: A Option A: Using AWS Secrets Manager and enabling automatic rotation is the recommended solution for minimizing the operational overhead of credential management. AWS Secrets Manager provides a secure and centralized service for storing and managing secrets, such as database credentials. By leveraging Secrets Manager, the application can retrieve the database credentials programmatically at runtime, eliminating the need to store them locally in a file. Enabling automatic rotation ensures that the database credentials are regularly rotated without manual intervention, enhancing security and compliance. upvoted 8 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: A Use AWS Secrets Manager with automatic rotation enabled to securely manage Aurora database credentials, eliminate manual updates, and minimize operational overhead. upvoted 1 times trieu812001112 weeks, 4 days ago Selected Answer: A A is correct upvoted 1 times hossex53 weeks, 3 days ago Selected Answer: A a is the answer upvoted 1 times Kamatchi3 months, 2 weeks ago Selected Answer: A This is asked in the exam I have taken today upvoted 2 times MundiChor4 months, 2 weeks ago Selected Answer: A Order of elimination:

Use AWS Secrets Manager. Turn on automatic rotation.

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53. What should a solutions architect do to meet these requirements?

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.

Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint Configure Route 53 to route traffic to the CloudFront distribution.

Create an Amazon CloudFront distribution that has the S3 bucket as an origin. Create an AWS Global Accelerator standard accelerator that has the ALB and the CloudFront distribution as endpoints. Create a custom domain name that points to the accelerator DNS name. Use the custom domain name as an endpoint for the web application.

Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has the S3 bucket as an endpoint. Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content. Point the other domain name to the accelerator DNS name for static content. Use the domain names as endpoints for the web application. Show Suggested Answer by D2w at Oct. 10, 2022, 3:12 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments Kartikey140Highly Voted 9 months, 3 weeks ago Answer is A Explanation - AWS Global Accelerator vs CloudFront • They both use the AWS global network and its edge locations around the world • Both services integrate with AWS Shield for DDoS protection. • CloudFront • Improves performance for both cacheable content (such as images and videos) • Dynamic content (such as API acceleration and dynamic site delivery) • Content is served at the edge • Global Accelerator • Improves performance for a wide range of applications over TCP or UDP • Proxying packets at the edge to applications running in one or more AWS Regions. • Good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP • Good for HTTP use cases that require static IP addresses • Good for HTTP use cases that required deterministic, fast regional failover upvoted 126 times Mihailo341 year ago A, adding to the excellent explanation by Kartikey140, the solution under C uses a custom DNS name, the question specifies: "The company is using its own domain name registered with Amazon Route 53" upvoted 7 times daizy2 years, 5 months ago By creating a CloudFront distribution that has both the S3 bucket and the ALB as origins, the company can reduce latency for both the static and dynamic data. The CloudFront distribution acts as a content delivery network (CDN), caching the data closer to the users and reducing the latency. The company can then configure Route 53 to route traffic to the CloudFront distribution, providing improved performance for the web application. upvoted 19 times kanwengHighly Voted 9 months, 3 weeks ago Selected Answer: A Q: How is AWS Global Accelerator different from Amazon CloudFront? A: AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions. Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services integrate with AWS Shield for DDoS protection. upvoted 42 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: A se Amazon CloudFront with multiple origins (S3 + ALB) and Route 53 routing to CloudFront to optimize performance, simplify architecture, and reduce latency globally for both static and dynamic web content. upvoted 1 times Juju662 months, 3 weeks ago Selected Answer: A Option C is wrong , because: This option introduces additional complexity and cost by using AWS Global Accelerator. CloudFront alone can handle the distribution of both static and dynamic content effectively. upvoted 1 times SamKuo6 months, 3 weeks ago Selected Answer: C AWS Global Accelerator:Dynamic content CloudFront:static content upvoted 1 times

Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the CloudFront distribution.

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions. Which solution will meet these requirements with the LEAST operational overhead?

Ya el servicio cómo tál es para el uso que se requiere. upvoted 1 times Clouddon1 week, 3 days ago Selected Answer: A Use AWS Secrets Manager with automatic rotation and multi-Region replication to securely manage and rotate Amazon RDS for MySQL credentials with the least operational overhead. upvoted 1 times MundiChor4 months, 2 weeks ago Selected Answer: A Capability to rotate secrets and tight coupling with RDS upvoted 1 times Vandaman4 months, 3 weeks ago Selected Answer: A No other explanation necessary upvoted 1 times Mrigraj125 months, 2 weeks ago Selected Answer: A A is the right answer as it takes minutes to setup. so least operational head upvoted 1 times trinh_le8 months, 1 week ago Selected Answer: A A: correct - the secret manager supports rotating credentials B: incorrect - Parameter Store does not perform any cryptographic operations. Instead, it relies on AWS KMS to encrypt and decrypt secure string parameter values C and D: incorrect - handles through Lambda, require more operational overhead upvoted 2 times SilentMilli9 months, 3 weeks ago Selected Answer: A AWS Secrets Manager is a secrets management service that enables you to store, manage, and rotate secrets such as database credentials, API keys, and SSH keys. Secrets Manager can help you minimize the operational overhead of rotating credentials for your Amazon RDS for MySQL databases across multiple Regions. With Secrets Manager, you can store the credentials as secrets and use multi-Region secret replication to replicate the secrets to the required Regions. You can then configure Secrets Manager to rotate the secrets on a schedule so that the credentials are rotated automatically without the need for manual intervention. This can help reduce the risk of secrets being compromised and minimize the operational overhead of credential management. upvoted 5 times

Use the RDS API to rotate the secrets. Show Suggested Answer by rein_chau at Oct. 8, 2022, 3:28 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments rein_chauHighly Voted 2 years, 9 months ago Selected Answer: A A is correct. upvoted 24 times PhucVuuHighly Voted 9 months, 3 weeks ago Selected Answer: A Keywords: - rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions - LEAST operational overhead A: Correct - AWS Secrets Manager supports - Encrypt credential for RDS, DocumentDb, Redshift, other DBs and key/value secret. - multi-region replication. - Remote base on schedule B: Incorrect - Secure string parameter only apply for Parameter Store. All the data in AWS Secrets Manager is encrypted C: Incorrect - don't mention about replicate S3 across region. D: Incorrect - So many steps compare to answer A =)) upvoted 15 times jucejaraMost Recent 5 days, 5 hours ago Selected Answer: A

Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.

Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoD

Ya el servicio cómo tál es para el uso que se requiere. upvoted 1 times Clouddon1 week, 3 days ago Selected Answer: A Use AWS Secrets Manager with automatic rotation and multi-Region replication to securely manage and rotate Amazon RDS for MySQL credentials with the least operational overhead. upvoted 1 times MundiChor4 months, 2 weeks ago Selected Answer: A Capability to rotate secrets and tight coupling with RDS upvoted 1 times Vandaman4 months, 3 weeks ago Selected Answer: A No other explanation necessary upvoted 1 times Mrigraj125 months, 2 weeks ago Selected Answer: A A is the right answer as it takes minutes to setup. so least operational head upvoted 1 times trinh_le8 months, 1 week ago Selected Answer: A A: correct - the secret manager supports rotating credentials B: incorrect - Parameter Store does not perform any cryptographic operations. Instead, it relies on AWS KMS to encrypt and decrypt secure string parameter values C and D: incorrect - handles through Lambda, require more operational overhead upvoted 2 times SilentMilli9 months, 3 weeks ago Selected Answer: A AWS Secrets Manager is a secrets management service that enables you to store, manage, and rotate secrets such as database credentials, API keys, and SSH keys. Secrets Manager can help you minimize the operational overhead of rotating credentials for your Amazon RDS for MySQL databases across multiple Regions. With Secrets Manager, you can store the credentials as secrets and use multi-Region secret replication to replicate the secrets to the required Regions. You can then configure Secrets Manager to rotate the secrets on a schedule so that the credentials are rotated automatically without the need for manual intervention. This can help reduce the risk of secrets being compromised and minimize the operational overhead of credential management. upvoted 5 times

A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance. The database's performance degrades quickly as application load increases. The application handles more read requests than write transactions. The company wants a solution that will automatically scale the database to meet the demand of unpredictable read workloads while maintaining high availability. Which solution will meet these requirements?

Its the only one that offers right level of scaling and availability upvoted 2 times OBIOHAnze1 year, 1 month ago Selected Answer: C Here's why C is the best solution: Amazon Aurora: A managed, high-performance MySQL-compatible relational database engine. Multi-AZ deployment: Ensures high availability in case of an AZ failure. Aurora Auto Scaling with Aurora Replicas: Automatically scales read replicas based on traffic, improving read performance. upvoted 3 times A_jaa1 year, 6 months ago Selected Answer: C Answer-c upvoted 1 times

Use Amazon Redshift with a single node for leader and compute functionality.

Use Amazon RDS with a Single-AZ deployment Configure Amazon RDS to add reader instances in a different Availability Zone.

Use Amazon ElastiCache for Memcached with EC2 Spot Instances. Show Suggested Answer by D2w at Oct. 10, 2022, 3:28 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments D2wHighly Voted 2 years, 9 months ago Selected Answer: C C, AURORA is 5x performance improvement over MySQL on RDS and handles more read requests than write,; maintaining high availability = Multi- AZ deployment upvoted 51 times BuruguduystunstugudunstuyHighly Voted 2 years, 6 months ago Selected Answer: C Option C, using Amazon Aurora with a Multi-AZ deployment and configuring Aurora Auto Scaling with Aurora Replicas, would be the best solution to meet the requirements. Aurora is a fully managed, MySQL-compatible relational database that is designed for high performance and high availability. Aurora Multi-AZ deployments automatically maintain a synchronous standby replica in a different Availability Zone to provide high availability. Additionally, Aurora Auto Scaling allows you to automatically scale the number of Aurora Replicas in response to read workloads, allowing you to meet the demand of unpredictable read workloads while maintaining high availability. This would provide an automated solution for scaling the database to meet the demand of the application while maintaining high availability. upvoted 25 times Buruguduystunstugudunstuy2 years, 6 months ago Option A, using Amazon Redshift with a single node for leader and compute functionality, would not provide high availability. Option B, using Amazon RDS with a Single-AZ deployment and configuring RDS to add reader instances in a different Availability Zone, would not provide high availability and would not automatically scale the number of reader instances in response to read workloads. Option D, using Amazon ElastiCache for Memcached with EC2 Spot Instances, would not provide a database solution and would not meet the requirements. upvoted 9 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: C Use Amazon Aurora with Multi-AZ deployment and Auto Scaling Aurora Replicas to meet unpredictable read demand with high availability, performance, and minimal operational overhead. upvoted 1 times melvis83 months, 3 weeks ago Selected Answer: C Using aurora is the best answer for this issue since aurora is ideal for upredictable workloads and we can manage read heavy workloads by deploying the database with aurora replicas upvoted 2 times Tjazz047 months ago Selected Answer: C Keyword: High Availability Only letter C has multi-AZ deployment. Also, it automatically scales replicas for unpredictable read workload upvoted 2 times VINVIN998 months, 3 weeks ago Selected Answer: C CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC upvoted 1 times PaulGa11 months ago Selected Answer: C Ans

Use Amazon Redshift with a single node for leader and compute functionality.

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud. Which solution will meet these requirements?

Option D AWS Firewall Manager sounds similar, but it's not a service that can do traiffic inspection. upvoted 1 times satyaammm6 months, 2 weeks ago Selected Answer: C AWS Firewall Manager is the only one that actually helps direct the network traffic in AWS. GuardDuty and AWS Firewall Manager recognized inspection against threats. upvoted 1 times Tjazz047 months ago Selected Answer: C C is the most appropriate when it comes to traffic flow inspection and filtering upvoted 1 times cookieMr9 months, 3 weeks ago Selected Answer: C AWS Network Firewall is a managed network firewall service that allows you to define firewall rules to filter and inspect network traffic. You can create rules to define the traffic that should be allowed or blocked based on various criteria such as source/destination IP addresses, protocols, ports, and more. With AWS Network Firewall, you can implement traffic inspection and filtering capabilities within the production VPC, helping to protect the network traffic. In the context of the given scenario, AWS Network Firewall can be a suitable choice if the company wants to implement traffic inspection and filtering directly within the VPC without the need for traffic mirroring. It provides an additional layer of security by enforcing specific rules for traffic filtering, which can help protect the production environment. upvoted 3 times

Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VP

Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.

Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VP

Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VP

A company hosts a data lake on AWS. The data lake consists of data in Amazon S3 and Amazon RDS for PostgreSQL. The company needs a reporting solution that provides data visualization and includes all the data sources within the data lake. Only the company's management team should have full access to all the visualizations. The rest of the company should have only limited access. Which solution will meet these requirements?

Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate users and groups.

Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate IAM roles.

Create an AWS Glue table and crawler for the data in Amazon S3. Create an AWS Glue extract, transform, and load (ETL) job to produce reports. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports.

Create an AWS Glue table and crawler for the data in Amazon S3. Use Amazon Athena Federated Query to access data within Amazon RDS for PostgreSQL. Generate reports by using Amazon Athena. Publish the reports to Amazon S3. Use S3 bucket policies to limit access to the reports. Show Suggested Answer by rein_chau at Oct. 8, 2022, 4:02 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments rodriiviruHighly Voted 2 years, 9 months ago Selected Answer: B B upvoted 71 times BoboChow2 years, 9 months ago Agree with you upvoted 3 times PhucVuuHighly Voted 9 months, 3 weeks ago Selected Answer: B Keywords: - Data lake on AWS. - Consists of data in Amazon S3 and Amazon RDS for PostgreSQL. - The company needs a reporting solution that provides data VISUALIZATION and includes ALL the data sources within the data lake. A - Incorrect: Amazon QuickSight only support users(standard version) and groups (enterprise version). users and groups only exists without QuickSight. QuickSight don't support IAM. We use users and groups to view the QuickSight dashboard B - Correct: as explained in answer A and QuickSight is used to created dashboard from S3, RDS, Redshift, Aurora, Athena, OpenSearch, Timestream C - Incorrect: This way don't support visulization and don't mention how to process RDS data D - Incorrect: This way don't support visulization and don't mention how to combine data RDS and S3 upvoted 62 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: B Use Amazon QuickSight to build dashboards from S3 and RDS sources and control access using users and groups — providing a secure, interactive, and scalable reporting solution for your data lake. upvoted 1 times Sanki_263 months, 1 week ago Selected Answer: B Amazon QuickSight is a data visualization service that allows you to create interactive dashboards and reports from various data sources, including Amazon S3 and Amazon RDS for PostgreSQL. You can connect all the data sources and create new datasets in QuickSight, and then publish dashboards to visualize the data. You can also share the dashboards with the appropriate users and groups, and control their access levels using IAM roles and permissions. upvoted 2 times Vandaman4 months, 3 weeks ago Selected Answer: B It was the use of users and groups that answered that for me upvoted 1 times FlyingHawk6 months ago Selected Answer: B Amazon QuickSight can handle dynamic data through Direct Query Mode or scheduled data refreshes. It provides real-time or near-real-time visualizations, interactive dashboards, and fine-grained access control, making it the most suitable solution for the company’s requirements. https://aws.amazon.com/blogs/business-intelligence/best-practices-for-amazon-quicksight-spice-and-direct-query-mode/ I saw the question in udemy practice test 5 from Neal Davis, he suggested the correct answer is D, his reasons: option B solves the problem of access sharing with resources but does not take care of delta in data. upvoted 2 times MGKYAING6 months, 2 weeks ago Selected Answer: B Amazon QuickSight is designed for creating visualizations and dashboards, and it can easily connect to a variety of data sources such as Amazon S3 and Amazon RDS for PostgreSQL. You can create an analysis in QuickSight by connecting the required data sources, creating datasets, and then building dashboards. Access control in QuickSight is robust. You can share dashboards with specific users and groups, ensuring that only the management team has full access to all the visualizations, while the rest of the company can have limited access. upvoted 1 times

Create an analysis in Amazon QuickSight. Connect all the data sources and create new datasets. Publish dashboards to visualize the data. Share the dashboards with the appropriate IAM roles.

A company is implementing a new business application. The application runs on two Amazon EC2 instances and uses an Amazon S3 bucket for document storage. A solutions architect needs to ensure that the EC2 instances can access the S3 bucket. What should the solutions architect do to meet this requirement?

Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.

Create an IAM policy that grants access to the S3 bucket. Attach the policy to the EC2 instances.

Create an IAM group that grants access to the S3 bucket. Attach the group to the EC2 instances.

Create an IAM user that grants access to the S3 bucket. Attach the user account to the EC2 instances. Show Suggested Answer by ogerber at Oct. 10, 2022, 4:29 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments sba21Highly Voted 2 years, 9 months ago Selected Answer: A Always remember that you should associate IAM roles to EC2 instances upvoted 103 times BuruguduystunstugudunstuyHighly Voted 2 years, 6 months ago Selected Answer: A The correct option to meet this requirement is A: Create an IAM role that grants access to the S3 bucket and attach the role to the EC2 instances. An IAM role is an AWS resource that allows you to delegate access to AWS resources and services. You can create an IAM role that grants access to the S3 bucket and then attach the role to the EC2 instances. This will allow the EC2 instances to access the S3 bucket and the documents stored within it. Option B is incorrect because an IAM policy is used to define permissions for an IAM user or group, not for an EC2 instance. Option C is incorrect because an IAM group is used to group together IAM users and policies, not to grant access to resources. Option D is incorrect because an IAM user is used to represent a person or service that interacts with AWS resources, not to grant access to resources. upvoted 75 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: A Use an IAM role attached to the EC2 instances to securely and efficiently grant access to the Amazon S3 bucket. upvoted 1 times jr15216752871 week, 4 days ago Selected Answer: A only A upvoted 1 times satyaammm6 months, 2 weeks ago Selected Answer: A Only IAM role is suitable here as policies are added to IAM groups or users. Moreover, IAM groups cannot be attached to a resource and attaching IAM user credentials to a IAM role in risky and thereby not suitable. upvoted 3 times Tjazz047 months ago Selected Answer: A Ans. A Here's why: IAM Role: Roles are designed to be assumed by entities like EC2 instances. By creating an IAM role with the necessary permissions to access the S3 bucket and attaching this role to the EC2 instances, you ensure that the instances can securely access the S3 bucket without needing to manage long-term credentials. IAM Policy: While policies define permissions, they need to be attached to roles or users. Attaching a policy directly to EC2 instances is not possible. IAM Group: Groups are used to manage permissions for multiple users, not instances. IAM User: Users are intended for individual people or applications, not for EC2 instances. By using an IAM role, you follow AWS best practices for security and manageability. If you have any more questions or need further clarification, feel free to ask! upvoted 2 times EzKkk8 months ago Selected Answer: A IAM Role + EC2 instance = go-to solution upvoted 1 times PaulGa11 months ago Selected Answer: A Ans A - as per "Buruguduystunstugudunstuy" response. upvoted 1 times A_jaa1 year, 6 months ago Selected Answer: A Answer-A upvoted 2 times

Create an IAM role that grants access to the S3 bucket. Attach the role to the EC2 instances.

An application development team is designing a microservice that will convert large images to smaller, compressed images. When a user uploads an image through the web interface, the microservice should store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function, and store the image in its compressed form in a different S3 bucket. A solutions architect needs to design a solution that uses durable, stateless components to process the images automatically. Which combination of actions will meet these requirements? (Choose two.)

Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket.

Configure the Lambda function to use the Amazon Simple Queue Service (Amazon SQS) queue as the invocation source. When the SQS message is successfully processed, delete the message in the queue.

Configure the Lambda function to monitor the S3 bucket for new uploads. When an uploaded image is detected, write the file name to a text file in memory and use the text file to keep track of the images that were processed.

Launch an Amazon EC2 instance to monitor an Amazon Simple Queue Service (Amazon SQS) queue. When items are added to the queue, log the file name in a text file on the EC2 instance and invoke the Lambda function. E. Configure an Amazon EventBridge (Amazon CloudWatch Events) event to monitor the S3 bucket. When an image is uploaded, send an alert to an Amazon ample Notification Service (Amazon SNS) topic with the application owner's email address for further processing. Show Suggested Answer by ogerber at Oct. 10, 2022, 4:34 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments BuruguduystunstugudunstuyHighly Voted 2 years, 6 months ago Selected Answer: AB To design a solution that uses durable, stateless components to process images automatically, a solutions architect could consider the following actions: Option A involves creating an SQS queue and configuring the S3 bucket to send a notification to the queue when an image is uploaded. This allows the application to decouple the image upload process from the image processing process and ensures that the image processing process is triggered automatically when a new image is uploaded. Option B involves configuring the Lambda function to use the SQS queue as the invocation source. When the SQS message is successfully processed, the message is deleted from the queue. This ensures that the Lambda function is invoked only once per image and that the image is not processed multiple times. upvoted 43 times Buruguduystunstugudunstuy2 years, 6 months ago Option C is incorrect because it involves storing state (the file name) in memory, which is not a durable or scalable solution. Option D is incorrect because it involves launching an EC2 instance to monitor the SQS queue, which is not a stateless solution. Option E is incorrect because it involves using Amazon EventBridge (formerly Amazon CloudWatch Events) to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic, which is not related to the image processing process. upvoted 24 times hsinchang1 year, 11 months ago So storing states invokes the stateless principle, nice understanding! upvoted 2 times op222331 year, 9 months ago A stateless system sends a request to the server and relays the response (or the state) back without storing any information. On the other hand, stateful systems expect a response, track information, and resend the request if no response is received upvoted 4 times sba21Highly Voted 2 years, 9 months ago Selected Answer: AB It looks like A-B upvoted 15 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: AB Use S3 → SQS → Lambda with stateless processing logic for a durable, scalable, and serverless image processing pipeline. upvoted 1 times vadps1 month, 1 week ago Selected Answer: AB AB: S3-SQS-Lambda upvoted 1 times EzKkk8 months ago Selected Answer: AB High level flow: Web (1) -> Internet (2) -> Uploaded image bucket (3) -> Compressed image bucket (4) Let's break this down. Image uploading (1)(2)(3): If the image's size is big, multi upload is a MUST. If you want to accelerate the process, you can also use Acceleration Transfer with additional fee. Image compressing (3)(4): SQS Simple Queue can directly integrate with S3 events. For every image uploaded, S3 event will create a message in SQS queue. After that, Lambda can be invoked to compress the image and then upload the image to destination bucket. upvoted 2 times PhucVuu9 months, 3 weeks ago Selected Answer: AB Keywords: - Store the image in an Amazon S3 bucket, process and compress the image with an AWS Lambda function. - Durable, stateless components to process the images automatically A,B: Correct - SQS has message retention function(store message) default 4 days(can increate update 14 days) so that you can re-run lambda if there are any errors when processing the images. C: Incorrect - Lambda function just run the request then stop, the max tmeout is 15 mins. So we cannot store data in the ram of Lambda function. D: Incorrect - we can trigger Lambda dirrectly from SQS no need EC2 instance in this case E: Incorrect - It kinds of manually step -> the owner has to read email then process it :)) upvoted 9 times

Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure the S3 bucket to send a notification to the SQS queue when an image is uploaded to the S3 bucket.

A company has a three-tier web application that is deployed on AWS. The web servers are deployed in a public subnet in a VPC. The application servers and database servers are deployed in private subnets in the same VPC. The company has deployed a third-party virtual firewall appliance from AWS Marketplace in an inspection VPC. The appliance is configured with an IP interface that can accept IP packets. A solutions architect needs to integrate the web application with the appliance to inspect all traffic to the application before the traffic reaches the web server. Which solution will meet these requirements with the LEAST operational overhead?

Deploy a Gateway Load Balancer in the inspection VP

Create a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.

Create an Application Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.

Create a Gateway Load Balancer endpoint to receive the incoming packets and forward the packets to the appliance. Show Suggested Answer by CloudGuru99 at Oct. 8, 2022, 3:23 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments CloudGuru99Highly Voted 2 years, 9 months ago Answer is D . Use Gateway Load balancer upvoted 49 times pm2229Highly Voted 9 months, 3 weeks ago It's D, Coz.. Gateway Load Balancer is a new type of load balancer that operates at layer 3 of the OSI model and is built on Hyperplane, which is capable of handling several thousands of connections per second. Gateway Load Balancer endpoints are configured in spoke VPCs originating or receiving traffic from the Internet. This architecture allows you to perform inline inspection of traffic from multiple spoke VPCs in a simplified and scalable fashion while still centralizing your virtual appliances. upvoted 48 times jucejaraMost Recent 5 days, 4 hours ago Selected Answer: D Esta solución utiliza el servicio Gateway Load Balancer (GWLB), que está diseñado específicamente para inspección de tráfico a través de dispositivos virtuales de terceros, como firewalls, IDS/IPS, etc., con mínima sobrecarga operativa. Ventajas de GWLB: Permite escalar automáticamente los dispositivos de inspección. Se integra fácilmente con appliances de terceros desde AWS Marketplace. Permite enrutamiento transparente del tráfico a través del dispositivo para inspección. Puede usarse junto con puntos finales de Gateway Load Balancer (GWLBe) en otras VPC, como la VPC de la aplicación, sin cambios significativos en la arquitectura. upvoted 1 times Clouddon1 week, 3 days ago Selected Answer: D Use Gateway Load Balancer (GWLB) in the inspection VPC with Gateway Load Balancer Endpoints in the application VPC to efficiently and transparently route traffic through the third-party firewall appliance — achieving deep packet inspection with minimal operational overhead. upvoted 1 times surajkrishnamurthy5 months ago Selected Answer: D 3rd Party Virtual Appliances ---> Gateway Loadbalancer upvoted 4 times EllenLiu7 months ago Selected Answer: D we're able to load balance some of the incoming traffic through to those virtual appliances where they can perform some kind of inspection. - Used in front of virtual appliances such as: - firewalls, - IDS: intrusion detection systems - IPS: intrusion prevention systems - DPI: deep packet inspection systems - Operates at Layer 3 – listens for all packets on all ports - Forwards traffic to the TG specified in the listener rules - GLB and virtual appliances Exchanges traffic using the GENEVE protocol on port 6081 upvoted 1 times carlton_agesa6 months ago In this context, "using the GENEVE protocol" refers to the method by which the Global Load Balancer (GLB) and the virtual appliances (like firewalls and intrusion detection systems) communicate and exchange traffic. GENEVE (Generic Network Virtualization Encapsulation) is a protocol that encapsulates packets for efficient transport over a network, allowing for flexible and scalable network virtualization. It operates on port 6081, enabling the load balancer to forward traffic to the specified target groups (TG) based on the listener rules. Credits: AI answer upvoted 2 times

Create a Network Load Balancer in the public subnet of the application's VPC to route the traffic to the appliance for packet inspection.

A company wants to improve its ability to clone large amounts of production data into a test environment in the same AWS Region. The data is stored in Amazon EC2 instances on Amazon Elastic Block Store (Amazon EBS) volumes. Modifications to the cloned data must not affect the production environment. The software that accesses this data requires consistently high I/O performance. A solutions architect needs to minimize the time that is required to clone the production data into the test environment. Which solution will meet these requirements?

Take EBS snapshots of the production EBS volumes. Turn on the EBS fast snapshot restore feature on the EBS snapshots. Restore the snapshots into new EBS volumes. Attach the new EBS volumes to EC2 instances in the test environment. Show Suggested Answer by BoboChow at Oct. 12, 2022, 6:22 a.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments UWSFishHighly Voted 2 years, 8 months ago Selected Answer: D https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-fast-snapshot-restore.html Amazon EBS fast snapshot restore (FSR) enables you to create a volume from a snapshot that is fully initialized at creation. This eliminates the latency of I/O operations on a block when it is accessed for the first time. Volumes that are created using fast snapshot restore instantly deliver all of their provisioned performance. upvoted 55 times PhucVuuHighly Voted 9 months, 3 weeks ago Selected Answer: D Keywords: - Modifications to the cloned data must not affect the production environment. - Minimize the time that is required to clone the production data into the test environment. A: Incorrect - we can do this But it is not minimize the time as requirement. B: Incorrect - This approach use same EBS volumes for produciton and test. If we modify test then it will be affected prodution environment. C: Incorrect - EBS snapshot will create new EBS volumes. It can not restore from existing volumes. D: Correct - Turn on the EBS fast snapshot restore feature on the EBS snapshots -> no latency on first use upvoted 43 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: D Use EBS snapshots with Fast Snapshot Restore enabled to create fully-initialized, high-performance EBS volumes for the test environment — ensuring fast, safe, and performant data cloning without affecting production. upvoted 1 times se7en1022 months, 3 weeks ago Selected Answer: D EBS Snapshots: Taking snapshots of the production EBS volumes allows you to create point-in-time backups of the data without impacting the production environment. Fast Snapshot Restore: Enabling the EBS fast snapshot restore feature allows you to restore the snapshots to new EBS volumes much more quickly than standard restoration. This significantly reduces the time required to clone the data. New EBS Volumes: By restoring the snapshots into new EBS volumes, you ensure that the test environment is completely isolated from the production environment, allowing for modifications without any risk to production data. High I/O Performance: EBS volumes provide high I/O performance, which is essential for the software accessing the data in the test environment. upvoted 1 times PaulGa11 months ago Selected Answer: D Ans D - as per PhucVuu response... what's to debate... upvoted 1 times 1e2252211 months, 2 weeks ago Selected Answer: D Ye its d cuh upvoted 1 times 1dfed2b1 year, 4 months ago Selected Answer: C https://docs.aws.amazon.com/ebs/latest/userguide/ebs-restoring-volume.html Its

Take EBS snapshots of the production EBS volumes. Restore the snapshots onto EC2 instance store volumes in the test environment.

Configure the production EBS volumes to use the EBS Multi-Attach feature. Take EBS snapshots of the production EBS volumes. Attach the production EBS volumes to the EC2 instances in the test environment.

reate a new volume from the snapshot. Use the create-volume command. For --snapshot-id, specify the ID of the snapshot to use. For -- availability-zone, specify the same Availability Zone as the instance. Configure the remaining parameters as needed. upvoted 2 times lsomas1 year, 4 months ago Answer is D because volumes that are created using fast snapshot restore instantly deliver all of their provisioned performance. Volumes created from normal snapshots will take time to initialize upvoted 2 times awsgeek751 year, 6 months ago Selected Answer: D A: Can work but long cloning time B: Wrong as multi attach will mean changes by test will affect production C: Slow D: Fast restore makes this a quicker option upvoted 3 times

Take EBS snapshots of the production EBS volumes. Restore the snapshots onto EC2 instance store volumes in the test environment.

AWS-SAA-C02

Authored by Vu Hung

Information Technology (IT)

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection. The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must minimize operational complexity. Which solution meets these requirements?

está correto porque o S3 Transfer Acceleration é compatível com a transferência de alta velocidade. upvoted 1 times

Upload the data from each site to an S3 bucket in the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3 bucket. Then remove the data from the origin S3 bucket.

Schedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region. Use S3 Cross- Region Replication to copy objects to the destination S3 bucket.

is not minimize operational and fast when compare to answer A upvoted 22 times d01vectmoy3 weeks, 1 day ago you can see all latest information about saa c03 exam - > https://link2.it/4MU5R upvoted 1 times RuffyitHighly Voted 9 months, 3 weeks ago General line: Collect huge amount of the files across multiple continents Conditions: High speed Internet connectivity Task: aggregate the data from all in a single S3 bucket Requirements: as quick as possible, minimize operational complexity Correct answer A: S3 Transfer Acceleration because: - ideally works with objects for long-distance transfer (uses Edge Locations) - can speed up content transfers to and from S3 as much as 50-500% - use cases: mobile & web application uploads and downloads, distributed office transfers, data exchange with trusted partners. Generally for sharing of large data sets between companies, customers can set up special access to their S3 buckets with accelerated uploads to speed data exchanges and the pace of innovation. B - about disaster recovery C - about transferring data between your local environment and the AWS Cloud D - about disaster recovery upvoted 12 times pentium751 year, 6 months ago C, we DO have a "local environment" (a "site") that collect data, and THAT data must go to "the AWS cloud". Why not C? The stem says nothing about large objects, which would be a requirement for the "multipart upload" that is mentioned. upvoted 3 times jake99Most Recent 1 day, 20 hours ago Selected Answer: A A is the Corect Option I’ve tried a few mock test platforms, but SkillCertExams stood out. Their content is top-notch and very similar to what you see on the actual exam. upvoted 1 times DovanDu3 days, 3 hours ago Selected Answer: A Vote A upvoted 1 times JKDemon2 weeks, 4 days ago Selected Answer: A A: least complex B,D: could work but they’re more complex C: high-speed internet connection, so no snowball devices required upvoted 1 times BrantD1 month ago Selected Answer: A Least operation complexity. upvoted 1 times clfigueiredo122 months ago Selected Answer: U

está correto porque o S3 Transfer Acceleration é compatível com a transferência de alta velocidade. upvoted 1 times

Answer explanation

S3 Transfer Acceleration is the best solution for fast, global uploads to a single S3 bucket with minimal operational complexity.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket. Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing architecture. What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

Use Amazon Redshift to load all the content into one place and run the SQL queries as needed.

Use Amazon CloudWatch Logs to store the logs. Run SQL queries as needed from the Amazon CloudWatch console.

Use Amazon Athena directly with Amazon S3 to run the queries as needed.

Use AWS Glue to catalog the logs. Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed. Show Suggested Answer by airraid2010 at Oct. 9, 2022, 2:21 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments airraid2010Highly Voted 2 years, 9 months ago Answer: C Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using standard SQL. With a few actions in the AWS Management Console, you can point Athena at your data stored in Amazon S3 and begin using standard SQL to run ad-hoc queries and get results in seconds. upvoted 73 times BoboChow2 years, 9 months ago I agree C is the answer upvoted 2 times tt792 years, 9 months ago C is right. upvoted 1 times PhucVuuHighly Voted 2 years, 3 months ago Selected Answer: C Keyword: - Queries will be simple and will run on-demand. - Minimal changes to the existing architecture. A: Incorrect - We have to do 2 step. load all content to Redshift and run SQL query (This is simple query so we can you Athena, for complex query we will apply Redshit) B: Incorrect - Our query will be run on-demand so we don't need to use CloudWatch Logs to store the logs. C: Correct - This is simple query we can apply Athena directly on S3 D: Incorrect - This take 2 step: use AWS Glue to catalog the logs and use Spark to run SQL query upvoted 47 times DovanDuMost Recent 2 days, 23 hours ago Selected Answer: C Vote C upvoted 1 times hossex53 weeks, 3 days ago Selected Answer: C its c bro upvoted 1 times clfigueiredo122 months ago Selected Answer: C C está certo. upvoted 1 times K_SAA2 months ago Selected Answer: C Because the query is simples and run on demand so C is the correct answer B: use aws cloudwatch is not designed for this use-case because cloudwatch do not support SQL queries and the log json is stored in S3 and cloudwatch can not directly query from s3. Cloudwatch only support its own queries syntax not standard SQL A: use aws RedShift is not considered the right option since you would need to load all log data into Redshift, which is required more worked and high operational overhead, it goes against the requirement of this use-case queries is simple and running on demand D: use aws glue and Amazon EMR is more complex in setup and high operational overhead In conclusion, use Amazon athena is the right option, its simple and serverless meaning no infrastructure to manage. upvoted 1 times topitexamcom2 months, 1 week ago Selected Answer: C C is the right answer upvoted 1 times Bl_124 months, 3 weeks ago Selected Answer: A Redshift is query upvoted 1 times sumanl755 months, 1 week ago Selected Answer: C C Correct answer. Athena integrates seamlessly with S3 and allows you to run simple SQL queries in no time. When working with Apache Spark or with SQL in S3, using this service is the best option upvoted 1 times

Use Amazon Redshift to load all the content into one place and run the SQL queries as needed.

Answer explanation

Amazon Athena allows direct, on-demand SQL queries on S3 data with minimal changes and operational overhead.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations. Which solution meets these requirements with the LEAST amount of operational overhead?

Add the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.

Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.

Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.

Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy. Show Suggested Answer by Rock08 at Oct. 9, 2022, 1:28 p.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments udeHighly Voted 2 years, 9 months ago Selected Answer: A aws:PrincipalOrgID Validates if the principal accessing the resource belongs to an account in your organization. upvoted 80 times BoboChow2 years, 9 months ago the condition key aws:PrincipalOrgID can prevent the members who don't belong to your organization to access the resource upvoted 22 times NaneyerockyHighly Voted 9 months, 3 weeks ago Selected Answer: A Condition keys: AWS provides condition keys that you can query to provide more granular control over certain actions. The following condition keys are especially useful with AWS Organizations: aws:PrincipalOrgID – Simplifies specifying the Principal element in a resource-based policy. This global key provides an alternative to listing all the account IDs for all AWS accounts in an organization. Instead of listing all of the accounts that are members of an organization, you can specify the organization ID in the Condition element. aws:PrincipalOrgPaths – Use this condition key to match members of a specific organization root, an OU, or its children. The aws:PrincipalOrgPaths condition key returns true when the principal (root user, IAM user, or role) making the request is in the specified organization path. A path is a text representation of the structure of an AWS Organizations entity. upvoted 26 times Sleepy_Lazy_Coder1 year, 11 months ago are we not choosing ou because the least overhead term was use? option B also seems correct upvoted 5 times EMPERBACH1 year, 2 months ago As there are many OU, you need more effort to list down OU path. And question mention about least management overhead to allow users in Organization, not single OU. upvoted 3 times BlackMamba_41 year, 10 months ago Exactly upvoted 1 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: A Use aws:PrincipalOrgID in the bucket policy for a clean, scalable, and low-maintenance solution to restrict access to AWS Organization members. upvoted 1 times K_SAA2 months ago Selected Answer: A A: use aws PrincipalOrgID global condition key with a with a reference to the organization ID to the S3 bucket policy is the correct answer because the company wants to limit access to only user within the organization. B: is also be considered since the company wanted to limit access to s3 bucket within organization not mention to specific Organizational unit. if you or the company wanted to restrict access to S3 bucket by specific OU consider option B C: use AWS cloudtrail to monitor action of users within organization, which is more complex and high operational overhead D: tag each user and use aws:PrincipalTag global condition key to the S3 bucket policy. You would have to tag each user manually, which is required more work overhead upvoted 1 times ernie19762 months, 1 week ago Selected Answer: A This solution es the most simple comparing to other alternatives, just modify one parameter. aws:PrincipalOrgID upvoted 1 times Wylla3 months, 2 weeks ago Selected Answer: A aws:PrincipalOrgID - global key provides an alternative to listing all the account IDs for all AWS accounts in an organization. upvoted 1 times

Add the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.

Answer explanation

Using aws:PrincipalOrgID in the S3 bucket policy restricts access to users within the AWS Organization with the least operational overhead.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet. Which solution will provide private network connectivity to Amazon S3?

Create a gateway VPC endpoint to the S3 bucket.

Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.

upvoted 2 times Austinlorenzmccoy1 year, 7 months ago Thank you so much upvoted 1 times D2wHighly Voted 2 years, 9 months ago Selected Answer: A VPC endpoint allows you to connect to AWS services using a private network instead of using the public Internet upvoted 32 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: A Use a Gateway VPC Endpoint for S3 to enable secure, private access to the S3 bucket from EC2 without internet connectivity. upvoted 1 times K_SAA2 months ago Selected Answer: A Keywords: log store in s3, Ec2 instance need to access to s3 bucket without internet A: use gateway vpc endpoint allow private network connectivity to s3 bucket without publishing to internet B: Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket since the question need ec2 instance stay in vpc access to s3 bucket privately but this way do not grant access to s3 bucket C: Create an instance profile on Amazon EC2 to allow S3 access. This way only authorization access to s3 bucket, not grant private network connectivity to s3 bucket since this also need internet access

Create an Amazon API Gateway API with a private link to access the S3 endpoint. Since API gateway acts like a proxy receive requests from outside and forward to the request to aws services like lambda, etc, not using for s3 access upvoted 1 times ernie19762 months, 1 week ago Selected Answer: A It is a simple communication between EC2 and S3, it is no needed to go out to internet, so and endopint is the best solution. upvoted 1 times Palee2 months, 2 weeks ago Selected Answer: A A is correct upvoted 1 times melvis83 months, 3 weeks ago Selected Answer: A The correct answer is A because a gateway endpoint allows us to securely and cost efficiently access either an S3 or Amazon DynamoDB database within our VPC upvoted 1 times

Create a gateway VPC endpoint to the S3 bucket.

Answer explanation

A gateway VPC endpoint allows private network connectivity from EC2 to S3 without internet access.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time. What should a solutions architect propose to ensure users see all of their documents at once?

Copy the data so both EBS volumes contain all the documents is not correct because when user send request to one instance on a specific AZ they only see the documents from that EBS AZ not both upvoted 1 times Palee2 months, 2 weeks ago Selected Answer: C C is correct upvoted 1 times melvis83 months, 3 weeks ago Selected Answer: C The correct anszwer to this question is C question EBS volumes are AZ locked so when transferring the architecture to a different AZ the data can no longer be received by users whereas with EFS volume we can EC2 instances across AZs upvoted 1 times kimardamina3 months, 3 weeks ago Selected Answer: C My immediate understanding was the fact that EFS is multi az and will make it less complex as a solution for this. upvoted 1 times francisizme4 months, 1 week ago Selected Answer: C Not A: because it requires sync between the EBS volumes which is complex and not scalable. Not B: It's not scalable if the LB only directs user to one instance Not D: Impractical. The application will need to have a mechanism to merge the responses coming from 2 instance upvoted 1 times

This ensures high availability, scalability, and consistent data access across Availability Zones with minimal operational overhead. upvoted 1 times Yaredd3 weeks, 2 days ago Selected Answer: C EFS is best suited for multi AZ and EC2 distribution upvoted 1 times hossex53 weeks, 3 days ago Selected Answer: C c is correct upvoted 1 times K_SAA2 months ago Selected Answer: C Problem each EC2 instance has its own EBS volume, and EBS volume is specific for AZ specific so when user send request to specific ec2 instance they only see the response from each EBS volume not all because EBS volume do not sever for cross region problem C: use EFS because EFS a fully managed and network file system can be mounted to mutiple ec2 instances across mutiple AZ so user can see all documents response from EFS instead of subset of documents

Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS

Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server Show Suggested Answer by D2w at Oct. 10, 2022, 11:39 a.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments D2wHighly Voted 2 years, 9 months ago Selected Answer: C Concurrent or at the same time key word for EFS upvoted 56 times mikey2000Highly Voted 2 years, 7 months ago Ebs doesnt support cross az only reside in one Az but Efs does, that why it's c upvoted 41 times pbpally2 years, 2 months ago And just for clarification to others, you can have COPIES of the same EBS volume in one AZ and in another via EBS Snapshots, but don't confuse that with the idea of having some sort of global capability that has concurrent copying mechanisms. upvoted 10 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: C Implement Amazon EFS as shared storage for all EC2 instances behind the AL

Answer explanation

Amazon EFS provides shared storage accessible by EC2 instances across AZs, ensuring all users see all documents.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1 MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth. Which solution will meet these requirements?

Create an S3 bucket. Create an IAM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.

upvoted 7 times YDUYGU3 months, 1 week ago DX Lead times are often longer than I month to establish a new connection.That’s why D is the wrong answer on the other hand. upvoted 5 times Gatt2 years, 8 months ago I will add that the question does not specify if the company already has DA in place or not. If they don't have DA in place, it will take a long time (weeks) for DA connectivity to be setup. Another point for B here, as Snowball is much quicker from this perspective. upvoted 10 times pentium751 year, 6 months ago It does, because option D says "SET UP a DirectConnect connection", not "use an existing DirectConnect connection". upvoted 7 times OBIOHAnze1 year, 1 month ago B is the correct answer because the migration needs to be completed as soon as possible with limited bandwidth upvoted 3 times tuloveuHighly Voted 2 years, 9 months ago Selected Answer: B As using the least possible network bandwidth. upvoted 35 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: B Use AWS Snowball Edge for secure, fast, and bandwidth-efficient bulk data migration of 70 TB video files to S3. upvoted 1 times K_SAA2 months ago Selected Answer: B Keywords: large volume data, least network bandwidth and volume data no longer growing B: use aws snowball edge job is more suitable way to migrate large amount of data with least network bandwidth and very fast. You setup aws snowball edge job physically and copy data to aws snowball edge job and send it to aws and then aws will uploads that for you to s3 bucket C is incorrect since this also offer a high network bandwidth to upload D is incorrect since this require heavy setup, take a week to set up aws direct connect and still network bandwidth A: take a longer to upload this large volume data so this option is incorrect upvoted 1 times ernie19762 months, 1 week ago Selected Answer: B It is needed to do with urgency, so no more configuration for using internet or expensive connection as direct connect, just transport it with Edge Snowball is the right way. upvoted 1 times Palee2 months, 2 weeks ago Selected Answer: B D is close to correct but B makes more sense upvoted 1 times

File Gateway uses the Internet, so maximum speed will be at most 1Gbps, so it'll take a minimum of 6.5 days and you use 70TB of Internet bandwidth.

You can achieve speeds of up to 10Gbps with Direct Connect. Total time 15.5 hours and you will use 70TB of bandwidth. However, what's interesting is that the question does not specific what type of bandwidth? Direct Connect does not use your Internet bandwidth, as you will have a dedicate peer to peer connectivity between your on-prem and the AWS Cloud, so technically, you're not using your "public" bandwidth. The requirements are a bit too vague but I think that B is the most appropriate answer, although D might also be correct if the bandwidth usage refers strictly to your public connectivity. upvoted 126 times abhishek_m892 years, 7 months ago and it says, "The total storage is 70 TB and is no longer growing". Thats why it should be

Create an S3 bucket. Create an IAM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3 bucket.

Answer explanation

AWS Snowball Edge enables fast, bandwidth-efficient migration of large data volumes to S3.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second. The company wants to decouple the solution and increase scalability. Which solution meets these requirements?

but i think Kinesis Data Analytics is just wrong, so D is most correct answer. upvoted 3 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: D Use SNS + multiple SQS queues to achieve a highly scalable, decoupled, and reliable architecture for sudden and massive message ingestion and processing. upvoted 1 times clfigueiredo121 month, 3 weeks ago Selected Answer: D Letra D! upvoted 1 times vovanbi942 months, 1 week ago Selected Answer: D D the best choose upvoted 1 times

Configure the consumer applications to read from DynamoDB to process the messages.

Write the messages to Amazon Kinesis Data Streams with a single shard. Use an AWS Lambda function to preprocess messages and store them in Amazon DynamoD

Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon SQS) subscriptions. Configure the consumer applications to process the messages from the queues. This solution uses Amazon SNS and SQS to publish and subscribe to messages respectively, which decouples the system and enables scalability by allowing multiple consumer applications to process the messages in parallel. Additionally, using Amazon SQS with multiple subscriptions can provide increased resiliency by allowing multiple copies of the same message to be processed in parallel. upvoted 19 times SilentMilli2 years, 6 months ago By default, an SQS queue can handle a maximum of 3,000 messages per second. However, you can request higher throughput by contacting AWS Support. AWS can increase the message throughput for your queue beyond the default limits in increments of 300 messages per second, up to a maximum of 10,000 messages per second. It's important to note that the maximum number of messages per second that a queue can handle is not the same as the maximum number of requests per second that the SQS API can handle. The SQS API is designed to handle a high volume of requests per second, so it can be used to send messages to your queue at a rate that exceeds the maximum message throughput of the queue. upvoted 19 times 90142 years, 7 months ago of course, the answer is D upvoted 3 times PhucVuuHighly Voted 9 months, 3 weeks ago Selected Answer: D Keywords: - The number of messages varies drastically - Sometimes increases suddenly to 100,000 each second A: Incorrect - Don't confuse between Kinesis Data Analytics and Kinesis Data Stream =)) Kinesis Data Analytics will get the data from Kinesis Data Stream or Kinesis Data FireHose or MSK (Managed Stream for apache Kafka) for analytic purpose. It can not consume message and send to applications. B: Incorrect - Base on the keywords -> Auto Scaling group not scale well because it need time to check the CPU metric and need time to start up the EC2 and the messages varies drastically. Example: we have to scale from 10 to 100 EC2. Our servers may be down a while when it was scaling. C: Incorrect - Kinesis Data Streams can handle this case but we should increase the more shards but not single shard. D: Correct: We can handle high workload well with fan-out pattern SNS + multiple SQS -> This is good for use case: - The number of messages varies drastically - Sometimes increases suddenly to 100,000 each second upvoted 24 times shinejh05282 years, 3 months ago oh... I confused between Kinesis Data Analytics and Kinesis Data Stream as you mentioned... I solved several this type of questions, but SNS is always about 'notification', so i choose

Answer explanation

SNS with multiple SQS subscriptions decouples producers and consumers, providing scalability for sudden message spikes.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company is migrating a distributed application to AWS. The application serves variable workloads. The legacy platform consists of a primary server that coordinates jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes resiliency and scalability. How should a solutions architect design the architecture to meet these requirements?

Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling to use scheduled scaling.

Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure AWS CloudTrail as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the primary server.

Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure Amazon EventBridge (Amazon CloudWatch Events) as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the compute nodes. Show Suggested Answer by Sinaneos at Oct. 8, 2022, 10:07 a.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments rein_chauHighly Voted 2 years, 9 months ago Selected Answer: B A - incorrect: Schedule scaling policy doesn't make sense. C, D - incorrect: Primary server should not be in same Auto Scaling group with compute nodes. B is correct. upvoted 89 times SinaneosHighly Voted 2 years, 9 months ago Selected Answer: B The answer seems to be B for me: A: doesn't make sense to schedule auto-scaling C: Not sure how CloudTrail would be helpful in this case, at all. D: EventBridge is not really used for this purpose, wouldn't be very reliable upvoted 24 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: B Use SQS to decouple and distribute jobs, and scale EC2 compute nodes dynamically based on queue depth for a highly scalable, resilient, and modernized distributed application architectu upvoted 1 times K_SAA2 months ago Selected Answer: B keywords resilient and scalability application B is the correct answer since we need sqs designed as a destination to consume jobs from mutiple compute notes and use auto scaling group based on the size of the queue A: is not considerd to be a correct answer since if we use scheduled scaling its not optimize in this use case if suddenly the workload unpredictable C: cloudtrail is used for monitoring actions in aws not use for managing the workload D: upvoted 2 times alfteezy913 months, 3 weeks ago Selected Answer: B Decouple with Amazon SQS and EC2 instances can be managed in an auto scaling group for scalability https://docs.aws.amazon.com/prescriptive-guidance/latest/modernization-mainframe-decoupling-patterns/queue.html upvoted 1 times VitMoreira4 months ago Selected Answer: D B doesn't make sense to me because you're scaling based on the queue size and not the requirements of the varying workloads. Eventbridge can act as a trigger for workloads, so it might just cut, although it wouldn't be my first choice. upvoted 1 times MGKYAING6 months, 2 weeks ago Selected Answer: B 1.Amazon SQS for Decoupling: Amazon SQS provides a fully managed message queue to decouple the primary server from the compute nodes. Jobs are sent to the queue, and compute nodes process them independently. This architecture eliminates a single point of failure (the primary server) and increases resilience. 2.Auto Scaling Group for Compute Nodes: EC2 instances managed in an Auto Scaling group process the jobs in the SQS queue. Auto Scaling dynamically adjusts the number of instances based on the queue size, ensuring scalability to handle variable workloads. 3.Scalability Based on Queue Size: Scaling based on the size of the SQS queue ensures that the system adjusts to workload demands efficiently. When the queue grows, more instances are launched; when the queue shrinks, instances are terminated. upvoted 2 times

Answer explanation

Using SQS as a job queue and scaling EC2 compute nodes based on queue size maximizes resiliency and scalability.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after the files are created. After 7 days the files are rarely accessed. The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle management to avoid future storage issues. Which solution will meet these requirements?

Use AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS.

Create an Amazon S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to transition the data to S3 Glacier Deep Archive after 7 days.

Create an Amazon FSx for Windows File Server file system to extend the company's storage space.

Install a utility on each user's computer to access Amazon S3. Create an S3 Lifecycle policy to transition the data to S3 Glacier Flexible Retrieval after 7 days. Show Suggested Answer by Sinaneos at Oct. 8, 2022, 10:11 a.m. Disclaimers: - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.- Trademarks, certification & product names are used for reference only and belong to Amazon. Comments SinaneosHighly Voted 9 months, 3 weeks ago Answer directly points towards file gateway with lifecycles, D is wrong because utility function is vague and there is no need for flexible storage. upvoted 54 times gianola11 months, 2 weeks ago I think B is wrong because they are not asking you to add more room, they are asking you to have more room available. upvoted 1 times Udoyen2 years, 7 months ago Yes it might be vague but how do we keep the low-latency access that only flexible can offer? upvoted 5 times SuperDuperPooperScooper1 year, 11 months ago Low-latency access is only required for the first 7 days, B maintains that fast access for 7 days and only then are the files sent to Glacier Archive upvoted 3 times Nava7021 year, 10 months ago It says low-latency is required for the most recently accessed files, not new ones. So if an older file is retrieved from deep archive, it should then readily be accessible, according to the question, which points toward Flexible retrieval. However the utility portion in the answer D is vague. upvoted 4 times francisizme4 months, 1 week ago D will require users to change how they access files, while B only needs the SMB server to mount the gateway, and then the server can read and write files to S3 just like a normal network drive. upvoted 1 times javitech83Highly Voted 9 months, 3 weeks ago Selected Answer: B B answwer is correct. low latency is only needed for newer files. Additionally, File GW provides low latency access by caching frequently accessed files locally so answer is B upvoted 37 times ClouddonMost Recent 1 week, 3 days ago Selected Answer: B Use Amazon S3 File Gateway with S3 Lifecycle policies to extend on-prem SMB storage while ensuring low-latency access to hot data and cost- efficient lifecycle management of cold data. upvoted 1 times 39sachin2 months ago Selected Answer: B Configured S3 buckets are accessible using the NFS and SMB protocol Most recently used data is cached in the file gateway upvoted 1 times ak2405194 months, 4 weeks ago Selected Answer: B File Gateway helps with lower latency and the files after 7 days should be moved to Glacier as they are no longer being accessed. upvoted 1 times adamatic5 months, 1 week ago Selected Answer: B B extends the storage with s3 gateway and meets lifecycle policy requirements upvoted 1 times Sandy4v9 months, 2 weeks ago B is correct upvoted 1 times

Use AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS.

Answer explanation

S3 File Gateway extends on-prem SMB storage, and S3 Lifecycle policies manage file transitions to Glacier for cost and space efficiency.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

22 questions

Information Security Controls Quiz

Quiz

•

Professional Development

25 questions

DCP Utilization and Maintenance

Quiz

•

Professional Development

23 questions

KUIZ INTERAKTIF: PENGETAHUAN YOUTUBE

Quiz

•

Professional Development

20 questions

From LAS to LUMI Pre-test

Quiz

•

Professional Development

15 questions

Python Chapter 5: Functions

Quiz

•

Professional Development

15 questions

IT Test

Quiz

•

Professional Development

20 questions

HTML, CSS, Terminal & JavaScript

Quiz

•

Professional Development

22 questions

Canvas Workshop Quiz

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

AWS-SAA-C02

S3 Transfer Acceleration is the best solution for fast, global uploads to a single S3 bucket with minimal operational complexity.

Amazon Athena allows direct, on-demand SQL queries on S3 data with minimal changes and operational overhead.

Using aws:PrincipalOrgID in the S3 bucket policy restricts access to users within the AWS Organization with the least operational overhead.

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet. Which solution will provide private network connectivity to Amazon S3?

A gateway VPC endpoint allows private network connectivity from EC2 to S3 without internet access.

Amazon EFS provides shared storage accessible by EC2 instances across AZs, ensuring all users see all documents.

AWS Snowball Edge enables fast, bandwidth-efficient migration of large data volumes to S3.

SNS with multiple SQS subscriptions decouples producers and consumers, providing scalability for sudden message spikes.

Using SQS as a job queue and scaling EC2 compute nodes based on queue size maximizes resiliency and scalability.

S3 File Gateway extends on-prem SMB storage, and S3 Lifecycle policies manage file transitions to Glacier for cost and space efficiency.

A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway REST API to process. The company wants to ensure that orders are processed in the order that they are received. Which solution will meet these requirements?

SQS FIFO queues ensure order of message processing, which is required for order processing in ecommerce.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)