Question:
A company has an application that uses AWS Key Management Service (AWS KMS) to encrypt and decrypt data. The application stores data in an Amazon S3 bucket in an AWS Region. Company security policies require that the data is encryptedbeforebeing uploaded to S3, and decryptedwhen read. The S3 bucket isreplicated to other AWS Regions.
A solutions architect must design a solution so that the application canencrypt and decrypt data across Regionsusingthe same key.
Options:
A company is designing an AWS environment tor a manufacturing application. The application has been successful with customers, and the application ' s user base has increased. The company has connected the AWS environment to the company ' s on-premises data center through a 1 Gbps AWS Direct Connect connection. The company has configured BGP for the connection.
The company must update the existing network connectivity solution to ensure that the solution is highly available, fault tolerant, and secure.
Which solution win meet these requirements MOST cost-effectively?
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays. Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.
A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.
Which solution will meet these requirements?
A utility company collects usage data from smart meters every 5 minutes. Data is sent to API Gateway, processed by Lambda, and stored in DynamoDB. As usage increased, Lambda durations increased and DynamoDB PUTs failed with ProvisionedThroughputExceededException. Lambda also experiences TooManyRequestsException errors.
Which combination of changes will resolve these issues? (Select TWO.)
A company migrated its antivirus solution for 10,000 Amazon EC2 instances to a new software as a service SaaS solution. Fewer than 5% of instances reported in the new SaaS agent. The company suspects that either the new agent failed to load or the new agent’s configuration was altered. The company needs to implement a solution to ensure that all instances consistently run the most recent agent version with a predefined configuration.
Which solution will meet these requirements with the LEAST administrative overhead?
A global ecommerce company has many data centers worldwide. The company needs scalable cloud storage for legacy file applications. Requirements:
Must support iSCSI access from on-premises servers.
Must support point-in-time snapshots via AWS Backup.
Must retain low-latency access to frequently accessed data.Which solution will meet these requirements?
A company manages multiple AWS accounts by using AWS Organizations. Under the root OU. the company has two OUs: Research and DataOps.
Because of regulatory requirements, all resources that the company deploys in the organizationmust reside in the ap-northeast-1 Region. Additionally. EC2 instances that the company deploys in the DataOps OU must use a predefined list of instance types
A solutions architect must implement a solution that applies these restrictions. The solution must maximize operational efficiency and must minimize ongoing maintenance
Which combination of steps will meet these requirements? (Select TWO )
A company has multiple AWS accounts. The company recently had a security audit that revealed many unencrypted Amazon Elastic Block Store (Amazon EBS) volumes attached to Amazon EC2 instances.
A solutions architect must encrypt the unencrypted volumes and ensure that unencrypted volumes will be detected automatically in the future. Additionally, the company wants a solution that can centrally manage multiple AWS accounts with a focus on compliance and security.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)
A company needs to audit the security posture of a newly acquired AWS account. The company’s data security team requires a notification only when an Amazon S3 bucket becomes publicly exposed. The company has already established an Amazon Simple Notification Service (Amazon SNS) topic that has the data security team ' s email address subscribed.
Which solution will meet these requirements?
A delivery company is running a serverless solution in tneAWS Cloud The solution manages user data, delivery information and past purchase details The solution consists of several microservices The central user service stores sensitive data in an Amazon DynamoDB table Several of the other microservices store a copy of parts of the sensitive data in different storage services
The company needs the ability to delete user information upon request As soon as the central user service deletes a user every other microservice must also delete its copy of the data immediately
Which solution will meet these requirements?
Question:
A company hosts an ecommerce site using EC2, ALB, and DynamoDB in one AWS Region. The site uses a custom domain in Route 53. The company wants toreplicate the stack to a second Regionfordisaster recoveryandfaster accessfor global customers.
What should the architect do?
Question:
A company hosts an application that uses several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). During the initial startup of the EC2 instances, the EC2 instances run user data scripts to download critical content for the application from an Amazon S3 bucket.
The EC2 instances are launching correctly. However, after a period of time, the EC2 instances are terminated with the following error message:
“An instance was taken out of service in response to an ELB system health check failure.”
The only recent change to the deployment is that the company added a large amount of critical content to the S3 bucket.
What should a solutions architect do so that the production environment can deploy successfully?
A company consists of two separate business units. Each business unit has its own AWS account within a single organization in AWS Organizations. The business units regularly share sensitive documents with each other. To facilitate sharing, the company created an Amazon S3 bucket in each account and configured two-way replication between the S3 buckets. The S3 buckets have millions of objects.
Recently, a security audit identified that neither S3 bucket has encryption at rest enabled. Company policy requires that all documents must be stored with encryption at rest. The company wants to implement server-side encryption with Amazon S3 managed encryption keys (SSE-S3).
What is the MOST operationally efficient solution that meets these requirements?
A company is using Amazon SageMaker AI Notebook Instances and SageMaker APIs to train machine learning models. The SageMaker AI Notebook Instances are deployed in a VPC that does not have access to or from the internet. Datasets for model training are stored in an Amazon S3 bucket. Interface VPC endpoints provide access to Amazon S3 and the SageMaker APIs.
Occasionally, data scientists require access to a private Git repository to update application packages that they use as part of their workflow. The company must provide access to the Git repository while ensuring that the SageMaker AI Notebook Instances remain isolated from the internet.
Which solution meets these requirements with the LEAST operational overhead?
A company has multiple business units that each have separate accounts on AWS. Each business unit manages its own network with several VPCs that have CIDR ranges that overlap. The company’s marketing team has created a new internal application and wants to make the application accessible to all the other business units. The solution must use private IP addresses only.
Which solution will meet these requirements with the LEAST operational overhead?
