Get Real AWS-Solutions-Architect-Professional Quesions Pass Amazon Certification Exams Easily [Q64-Q88]

Get Real AWS-Solutions-Architect-Professional Quesions Pass Amazon Certification Exams Easily

AWS-Solutions-Architect-Professional Dumps are Available for Instant Access

NEW QUESTION 64
A company is hosting a three-tier web application in an on-premises environment Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database. A solutions architect must design a scalable and highly available solution to meet the demand of
200,000 daily users.
Which steps should the solutions architect take to design an appropriate solution?

• A. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon ECS cluster of Spot Instances spanning three Availability Zones. The stack should launch an Amazon RDS MySQL DB instance with a Snapshot deletion policy. Use an Amazon Route
  53 alias record to route traffic from the company's domain to the ALB.
• B. Use AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance The environment should launch a Network Load Balancer (NLB) in front of an Amazon EC2 Auto Scaling group in multiple Availability Zones. Use an Amazon Route
  53 alias record to route traffic from the company's domain to the NLB.
• C. Use AWS Elastic Beanstalk to create an automatically scaling web server environment that 6pans two separate Regions with an Application Load Balancer (ALB) in each Region. Create a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a cross-Region read replica. Use Amazon Route 53 with a geoproximrty routing policy to route traffic between the two Regions.
• D. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zones. The stack should launch a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a Retain deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.

Answer: C

 

NEW QUESTION 65
A company's web application uses an Amazon RDS PostgreSQL DB instance to store its application data.
During the financial closing period at the start of every month. Accountants run large queries that impact the database's performance due to high usage. The company wants to minimize the impact that the reporting activity has on the web application.
What should a solutions architect do to reduce the impact on the database with the LEAST amount of effort?

• A. Create a Multi-AZ database and direct reporting traffic to the standby.
• B. Create an Amazon Redshift database and direct reporting traffic to the Amazon Redshift database.
• C. Create a cross-Region read replica and direct reporting traffic to the replica.
• D. Create a read replica and direct reporting traffic to the replica.

Answer: D

 

NEW QUESTION 66
A company needs to run a software package that has a license that must be run on the same physical host for the duration of its use. The software package is only going to be used for 90 days. The company requires patching and restarting of all instances every 30 days.
How can these requirements be met using AWS?

• A. Run a dedicated instance with auto-placement disabled.
• B. Run the instance on a licensed host with termination set for 90 days.
• C. Run an On-Demand instance with a Reserved Instance to ensure consistent placement.
• D. Run the instance on a dedicated host with Host Affinity set to Host.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/how-dedicated-hosts-work.html

 

NEW QUESTION 67
A user is creating a PIOPS volume. What is the maximum ratio the user should configure between PIOPS
and the volume size?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: A

Explanation:
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly
database workloads that are sensitive to storage performance and consistency in random access I/O
throughput. A provisioned IOPS volume can range in size from 10 GB to 1 TB and the user can provision
up to 4000 IOPS per volume.
The ratio of IOPS provisioned to the volume size requested can be a maximum of 30; for example, a
volume with 3000 IOPS must be at least 100 GB.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

NEW QUESTION 68
One of the AWS account owners faced a major challenge in June as his account was hacked and the hacker deleted all the data from his AWS account. This resulted in a major blow to the business.
Which of the below mentioned steps would not have helped in preventing this action?

• A. Setup an MFA for each user as well as for the root account user.
• B. Create an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions.
• C. Do not share the AWS access and secret access keys with others as well do not store it inside programs, instead use IAM roles.
• D. Take a backup of the critical data to offsite / on premise.

Answer: B

Explanation:
Explanation
AWS security follows the shared security model where the user is as much responsible as Amazon. If the user wants to have secure access to AWS while hosting applications on EC2, the first security rule to follow is to enable MFA for all users. This will add an added security layer. In the second step, the user should never give his access or secret access keys to anyone as well as store inside programs. The better solution is to use IAM roles. For critical data of the organization, the user should keep an offsite/ in premise backup which will help to recover critical data in case of security breach. It is recommended to have AWS AMIs and snapshots as well as keep them at other regions so that they will help in the DR scenario. However, in case of a data security breach of the account they may not be very helpful as hacker can delete that.
Therefore, creating an AMI and a snapshot of the data at regular intervals as well as keep a copy to separate regions, would not have helped in preventing this action.

 

NEW QUESTION 69
You've been hired to enhance the overall security posture for a very large e-commerce site. They have a well architected multi-tier application running in a VPC that uses ELBs in front of both the web and the app tier with static assets served directly from S3. They are using a combination of RDS and DynamoDB for their dynamic data and then archiving nightly into S3 for further processing with EMR. They are concerned because they found questionable log entries and suspect someone is attempting to gain unauthorized access.
Which approach provides a cost effective scalable mitigation to this kind of attack?

• A. Add previously identified hostile source IPs as an explicit INBOUND DENY NACL to the web tier subnet.
• B. Add a WAF tier by creating a new ELB and an AutoScaling group of EC2 Instances running a host-based WAF. They would redirect Route 53 to resolve to the new WAF tier ELB. The WAF tier would their pass the traffic to the current web tier The web tier Security Groups would be updated to only allow traffic from the WAF tier Security Group
• C. Recommend that they lease space at a DirectConnect partner location and establish a 1G DirectConnect connection to their VPC they would then establish Internet connectivity into their space, filter the traffic in hardware Web Application Firewall (WAF). And then pass the traffic through the DirectConnect connection into their application running in their VPC.
• D. Remove all but TLS 1.2 from the web tier ELB and enable Advanced Protocol Filtering. This will enable the ELB itself to perform WAF functionality.

Answer: B

 

NEW QUESTION 70
A Solutions Architect has been asked to look at a company's Amazon Redshift cluster, which has quickly become an integral part of its technology and supports key business process. The Solutions Architect is to increase the reliability and availability of the cluster and provide options to ensure that if an issue arises, the cluster can either operate or be restored within four hours.
Which of the following solution options BEST addresses the business need in the most cost-effective manner?

• A. Create two identical Amazon Redshift clusters in different regions (one as the primary, one as the secondary). Use Amazon S3 cross-region replication from the primary to secondary). Use Amazon S3 cross-region replication from the primary to secondary region, which triggers an AWS Lambda function to populate the cluster in the secondary region.
• B. Use Amazon Kinesis Data Firehose to collect the data ahead of ingestion into Amazon Redshift and create clusters using AWS CloudFormation in another region and stream the data to both clusters.
• C. Ensure that the Amazon Redshift cluster has been set up to make use of Auto Scaling groups with the nodes in the cluster spread across multiple Availability Zones.
• D. Ensure that the Amazon Redshift cluster creation has been template using AWS CloudFormation so it can easily be launched in another Availability Zone and data populated from the automated Redshift back-ups stored in Amazon S3.

Answer: D

Explanation:
https://aws.amazon.com/redshift/faqs/?nc1=h_ls Q: What happens to my data warehouse cluster availability and data durability if my data warehouse cluster's Availability Zone (AZ) has an outage? If your Amazon Redshift data warehouse cluster's Availability Zone becomes unavailable, you will not be able to use your cluster until power and network access to the AZ are restored. Your data warehouse cluster's data is preserved so you can start using your Amazon Redshift data warehouse as soon as the AZ becomes available again. In addition, you can also choose to restore any existing snapshots to a new AZ in the same Region. Amazon Redshift will restore your most frequently accessed data first so you can resume queries as quickly as possible.
FROM 37

 

NEW QUESTION 71
A company standardized its method of deploying applications to AWS using AWS CodePipeline and AWS Cloud Formation. The applications are in Typescript and Python. The company has recently acquired another business that deploys applications to AWS using Python scripts.
Developers from the newly acquired company are hesitant to move their applications under CloudFormation because it would require than they learn a new domain-specific language and eliminate their access to language features, such as looping.
How can the acquired applications quickly be brought up to deployment standards while addressing the developers' concerns?

• A. Create CloudFormation templates and re-use parts of the Python scripts as instance user data. Use the AWS Cloud Development Kit (AWS CDK) to deploy the application using these templates. Incorporate the AWS CDK into CodePipeline and deploy the application to AWS using these templates.
• B. Use a third-party resource provisioning engine inside AWS CodeBuild to standardize the deployment processes of the existing and acquired company. Orchestrate the CodeBuild job using CodePipeline.
• C. Define the AWS resources using Typescript or Python. Use the AWS Cloud Development Kit (AWS CDK) to create CloudFormation templates from the developers' code, and use the AWS CDK to create CloudFormation stacks. Incorporate the AWS CDK as a CodeBuild job in CodePipeline.
• D. Standardize on AWS OpsWorks. Integrate OpsWorks with CodePipeline. Have the developers create Chef recipes to deploy their applications on AWS.

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/cdk/latest/guide/codepipeline_example.html
By using the AWS CDK, the developers can define the AWS resources using the familiar Typescript or Python programming languages, rather than learning a new domain-specific language like CloudFormation.
The AWS CDK then generates the CloudFormation templates, allowing the company to standardize on CloudFormation for deployment while still leveraging the developers' expertise in Typescript or Python. The AWS CDK can be integrated as a CodeBuild job in CodePipeline, making it part of the standardized deployment process.

 

NEW QUESTION 72
A financial company is building a system to generate monthly, immutable bank account statements for its users. Statements are stored in Amazon S3. Users should have immediate access to their monthly statements for up to 2 years. Some users access their statements frequently, whereas others rarely access their statements.
The company's security and compliance policy requires that the statements be retained for at least 7 years.
What is the MOST cost-effective solution to meet the company's needs?

• A. Create an S3 bucket with Object Lock disabled. Store statements in S3 Standard. Define an S3 Lifecycle policy to transition the data to S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days. Define another S3 Lifecycle policy to move the data to S3 Glacier Deep Archive after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
• B. Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
• C. Create an S3 bucket with versioning disabled. Store statements in S3 One Zone-Infrequent Access (S3 One Zone-IA). Define an S3 Lifecyde policy to move the data to S3 Glacier Deep Archive after 2 years.
  Attach an S3 Glader Vault Lock policy with deny delete permissions for archives less than 7 years old.
• D. Create an S3 bucket with versioning enabled. Store statements in S3 Intelligent-Tiering. Use same-Region replication to replicate objects to a backup S3 bucket. Define an S3 Lifecycle policy for the backup S3 bucket to move the data to S3 Glacier. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.

Answer: B

Explanation:
Explanation
https://aws.amazon.com/about-aws/whats-new/2018/11/s3-object-lock/
Create an S3 bucket with Object Lock enabled. Store statements in S3 Intelligent-Tiering. Enable compliance mode with a default retention period of 2 years. Define an S3 Lifecycle policy to move the data to S3 Glacier after 2 years. Attach an S3 Glacier Vault Lock policy with deny delete permissions for archives less than 7 years old.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html

 

NEW QUESTION 73
A data analytics company has an Amazon Redshift cluster that consists of several reserved nodes. The duster is experiencing unexpected bursts of usage because a team of employees is compiling a deep audit analysis report The queries to generate the report are complex read queries and are CPU intensive.
Business requirements dictate that the cluster must be able to service read and write queries at at) times A solutions architect must devise a solution that accommodates the bursts of usage Which solution meets these requirements MOST cost-effectively?

• A. Turn on the Concurrency Scaling feature for the Amazon Redshift duster
• B. Deploy an AWS Lambda function to add capacity to the Amazon Redshift duster by using an elastic resize operation when the duster's CPU metrics in Amazon CloudWatch leach 80%.
• C. Provision an Amazon EMR duster Offload the complex data processing tasks
• D. Deploy an AWS Lambda function to add capacity to the Amazon Redshift cluster by using a classic resize operation when the duster's CPU metrics in Amazon CloudWatch reach 80%.

Answer: A

 

NEW QUESTION 74
A large company runs workloads in VPCs that are deployed of AWS accounts. Each VPC consists of public subnets and private subnets that span across multiple Availability Zones. NAT gateway are deployed in the public subnets and allow outbound connectivity to the internet from the private subnets.
A solution architect is working on a hub-and-spoke design. All private subnets in the spoke VPCs must route traffic to the internal through an aggress VPC. The solutions architect already has deployed has deployed a NAT gateway in an egress VPC in a central AWS account.
Which set of additional steps should the solution architect take to meet these requirements?

• A. Create peering connections between the egress VPC and the spoke VPCs. Configure the required routing to allow access to the internet.
• B. Create a transit gateway In every account. Attach the NAT gateway to the gateway configure the required routing to allow access to the internet.
• C. Create a transit gateway and share it with the existing AWS accounts. Attach existing VPCs to the transit gateway. Configure routing to allow access to the internet.
• D. Create an AWS privateLink connection between the egress VPC and the spoke VPCs. Configure the require routing to allow access to the internet.

Answer: C

 

NEW QUESTION 75
An organization has developed an application which provides a smarter shopping experience. They need to show a demonstration to various stakeholders who may not be able to access the in premise application so they decide to host a demo version of the application on AWS.
Consequently, they will need a fixed elastic IP attached automatically to the instance when it is launched.
In this scenario which of the below mentioned options will not help assign the elastic IP automatically?

• A. Launch instance with VPC and assign an elastic IP to the primary network interface.
• B. Provide an elastic IP in the user data and setup a bootstrapping script which will fetch that elastic IP and assign it to the instance.
• C. Write a script which will fetch the instance metadata on system boot and assign the public IP using that metadata.
• D. Create a controlling application which launches the instance and assigns the elastic IP based on the parameter provided when that instance is booted.

Answer: C

Explanation:
Explanation
EC2 allows the user to launch On-Demand instances. If the organization is using an application temporarily only for demo purposes the best way to assign an elastic IP would be:
Launch an instance with a VPC and assign an EIP to the primary network interface. This way on every instance start it will have the same IP Create a bootstrapping script and provide it some metadata, such as user data which can be used to assign an EIP Create a controller instance which can schedule the start and stop of the instance and provide an EIP as a parameter so that the controller instance can check the instance boot and assign an EIP The instance metadata gives the current instance data, such as the public/private IP. It can be of no use for assigning an EIP.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

 

NEW QUESTION 76
A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.
Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed.
Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts Which solution meets these requirements with the LEAST amount of operational overhead?

• A. Create AWS WAF rules in the management account of the organization. Use AWS Lambda environment variables to store account numbers and OUs to manage Update environment variables as needed to add or remove accounts or OUs Create cross-account IAM roles in member accounts. Assume the roles by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts
• B. Deploy an organization-wide AWS Conng rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources. Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.
• C. Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage Update the parameter as needed to add or remove accounts or OUs Use an Amazon EventBridge (Amazon CloudWatch Events) rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account
• D. Use AWS Control Tower to manage AWS WAF rules across accounts in the organization. Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage Update AWS KMS as needed to add or remove accounts or OUs. Create IAM users in member accounts Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts

Answer: B

 

NEW QUESTION 77
A large company has a business-critical application that runs in a single AWS Region. The application consists of multiple Amazon EC2 instances and an amazon RDS Multi-AZ DB instance. The EC2 instances run in an Amazon EC2 Scaling group across multiple Availability Zones.
A solution architect is implementing a disaster recovery (DR) plan for the application. The solution architect has created a pilot light application deployments in a new Region, which Is referred as the RD Region. The DR environment has an Auto Scaling group with a single EC2 instance and a read replica of the RDS DB instance.
The solution architect must automate a failover from the primary application environment to the pilot light environment in the DR Region.
Which solution meets the requirements with the MOST operational efficiency?

• A. Create a cron task that runs every 5 minutes by using one of the applications EC2 instances in the primary Region. Configure the corn task to check whether the application is available. Upon failure the cron task notifies a system operator and attempts to restart the application service.
• B. publish an application available metric to Amazon CloudWatch in the DR Region from the application environment in the primary Region. Create a CloudWatch alarm in the DR Region that in invoked when the application availability metric steps being delivered. Configure the CloudWatch alarm to send a notification to an Amazon Simple and to add EC2 instances to the Auto Scaling group.
• C. Create a cron task that runs every 5 minutes by using one of the applications EC2 instances in the primary Region. Configure the corn task to check whether the application is available. Upon failure, the cron task notifies a systems operator and attempts to restart the application services.
• D. Publish an application availability metric to Amazon CloudWatch in the DR Region from the application environment in the primary Region. Create a CloudWatch alarm in the DR Region that is invoked when the application availability metric stops being delivered. Configure the CloudWatch alarm to send a notification to an Amazon Simple Notification Service (Amazon SNS) topic in the DR Region. Add an email subscription to the SNS topic that sends messages to the application owner.
  Upon notification instruct a systems operator to sign in to the AWS Management Console and initiate failover operations for the application.

Answer: D

 

NEW QUESTION 78
A company wants to migrate its on-premises data center to the AWS Cloud. This includes thousands of virtualized Linux and Microsoft Windows servers SAN storage, Java and PHP applications with MySQL, and Oracle databases. There are many dependent services hosted either in the same data center or externally. The technical documentation is incomplete and outdated A solutions architect needs to understand the current environment and estimate the cloud resource costs after the migration Which tools or services should the solutions architect use to plan the cloud migration? (Select THREE.)

• A. AWS Migration Hub
• B. Amazon Inspector
• C. AWS Application Discovery Service
• D. AWS X-Ray
• E. AWS Cloud Adoption Readiness Tool (CART)
• F. AWS SMS

Answer: A,C,E

 

NEW QUESTION 79
A company is running an application in the AWS Cloud. Recent application metrics show inconsistent response times and a significant increase in error rates. Calls to third-party services are causing the delays.
Currently, the application calls third-party services synchronously by directly invoking an AWS Lambda function.
A solutions architect needs to decouple the third-party service calls and ensure that all the calls are eventually completed.
Which solution will meet these requirements?

• A. Use an Amazon Simple Notification Service (Amazon SNS) topic to store events and Invoke the Lambda function.
• B. Use an AWS Step Functions state machine to pass events to the Lambda function.
• C. Use an Amazon Simple Queue Service (Amazon SQS) queue to store events and invoke the Lambda function.
• D. Use an Amazon EventBridge rule to pass events to the Lambda function.

Answer: C

Explanation:
Explanation
Using an SQS queue to store events and invoke the Lambda function will decouple the third-party service calls and ensure that all the calls are eventually completed. SQS allows you to store messages in a queue and process them asynchronously, which eliminates the need for the application to wait for a response from the third-party service. The messages will be stored in the SQS queue until they are processed by the Lambda function, even if the Lambda function is currently unavailable or busy. This will ensure that all the calls are eventually completed, even if there are delays or errors.
AWS Step Functions state machines can also be used to pass events to the Lambda function, but it would require additional management and configuration to set up the state machine, which would increase operational overhead.
Amazon EventBridge rule can also be used to pass events to the Lambda function, but it would not provide the same level of decoupling and reliability as SQS.
Using Amazon Simple Notification Service (Amazon SNS) topic to store events and Invoke the Lambda function, is similar to SQS, but SNS is a publish-subscribe messaging service and SQS is a queue service. SNS is used for sending messages to multiple recipients, SQS is used for sending messages to a single recipient, so SQS is more appropriate for this use case.
References:
* AWS SQS
* AWS Step Functions
* AWS EventBridge
* AWS SNS

 

NEW QUESTION 80
A user is thinking to use EBS PIOPS volume.
Which of the below mentioned options is a right use case for the PIOPS EBS volume?

• A. Mongo DB
• B. Analytics
• C. Log processing
• D. System boot volume

Answer: A

Explanation:
Explanation
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput.
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput business applications, database workloads, such as NoSQL DB, RDBMS, etc.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

NEW QUESTION 81
True or False: In Amazon ElastiCache, you can use Cache Security Groups to configure the cache
clusters that are part of a VPC.

• A. True, but only when you configure the cache clusters using the Cache Security Groups from the
  console navigation pane.
• B. FALSE
• C. True, this is applicable only to cache clusters that are running in an Amazon VPC environment.
• D. TRUE

Answer: B

Explanation:
Amazon ElastiCache cache security groups are only applicable to cache clusters that are not running in
an Amazon Virtual Private Cloud environment (VPC). If you are running in an Amazon Virtual Private
Cloud, Cache Security Groups is not available in the console navigation pane.
Reference:
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheSecurityGroup.html

 

NEW QUESTION 82
A company's service for video game recommendations has just gone viral The company has new users from all over the world The website for the service is hosted on a set of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The website consists of static content with different resources being loaded depending on the device type.
Users recently reported that the load time for the website has increased Administrators are reporting high loads on the EC2 instances that host the service.
Which set actions should a solutions architect take to improve response times?

• A. Create a separate ALB for each device type. Create one Auto Scaling group behind each ALB Use Amazon Route 53 to route to different ALBs depending on the User-Agent HTTP header
• B. Move content to Amazon S3 Create an Amazon CloudFront distribution to serve content out of the S3 bucket Use the User-Agent HTTP header to load different content
• C. Move content to Amazon S3 Create an Amazon CloudFront distribution to serve content out of the S3 bucket Use Lambda@Edge to load different resources based on the User-Agent HTTP header
• D. Create separate Auto Scaling groups based on device types Switch to a Network Load Balancer (NLB) Use the User-Agent HTTP header in the NLB to route to a different set of EC2 instances.

Answer: B

 

NEW QUESTION 83
A company has a 24 TB MySQL database in its on-permission data center that grows at the rate of 10 GB per day. The data center is connected to the company's AWS infrastructure with a 50 Mbps VPN connection.
The company is migrating the application and workload to AWS. The application code is already installed and tested on Amazon EC2. The company now needs to migrate the database and wants to go live on AWS within
3 weeks.
Which of the following approaches meets the schedule with LEAST downtime?

• A. 1. Use a VM Import/Export service to import a snapshot of the on-premises database into AWS.
  2. Launch a new EC2 instance from the snapshot.
  3. Set up ongoing database replication from on premises to the EC2 database over the VPN.
  4. Stop the replication.
• B. 1. Take the on-premises application offline
  2. Create a database export locally using database-native tools
  3. Import that into AWS using AWS Snowball
  4. Launch an Amazon RDS Aurora DB instance
  5. Load the data in the RDS Aurora DB instance from the export
  6. Change the DNS entry to point to the Amazon RDS Aurora DS instance
  7. Put the Amazon EC? hosted application online
• C. 1. Create a database export locally using database-native tools
  2. Import that into AWS using AWS Snowball
  3. Launch an Amazon RDS Aurora DB instance
  4. Load the data in the RDS Aurora DB instance from the export
  5. Set up database replication from the on premises database to the ROS Aurora DB instate over the VPN
  6. Change the DNS entry Co point lo the RDS Aurora DB instance
  7. Stop the replication
• D. 1. Launch an AWS DMS instance Launch an Amazon RDS Aurora MySQL DB instance
  2. Configure the AWS DMS instance with on-premises and Amazon RDS MySQL database information.
  3. Start the replication task within AWS DMS over the VPN.
  4. Change the DNS entry to point to the Amazon RDS MYSQL database.
  5. Stop the replication.

Answer: A

 

NEW QUESTION 84
A company is migrating a subset of its application APIs from Amazon EC2 instances to run on a serverless infrastructure. The company has set up Amazon API Gateway, AWS Lambda, and Amazon DynamoDB for the new application. The primary responsibility of the Lambda function is to obtain data from a third-party Software as a Service (SaaS) provider. For consistency, the Lambda function is attached to the same virtual private cloud (VPC) as the original EC2 instances.
Test users report an inability to use this newly moved functionality, and the company is receiving 5xx errors from API Gateway. Monitoring reports from the SaaS provider shows that the requests never made it to its systems. The company notices that Amazon CloudWatch Logs are being generated by the Lambda functions. When the same functionality is tested against the EC2 systems, it works as expected.
What is causing the issue?

• A. The end-user application is misconfigured to continue using the endpoint backed by EC2 instances.
• B. The throttle limit set on API Gateway is too low and the requests are not making their way through.
• C. API Gateway does not have the necessary permissions to invoke Lambda.
• D. Lambda is in a subnet that does not have a NAT gateway attached to it to connect to the SaaS provider.

Answer: D

 

NEW QUESTION 85
A bank is re-architecting its mainframe-based credit card approval processing application to a cloud-native application on the AWS cloud.
The new application will receive up to 1,000 requests per second at peak load. There are multiple steps to each transaction, and each step must receive the result of the previous step. The entire request must return an authorization response within less than 2 seconds with zero data loss.
Every request must receive a response. The solution must be Payment Card Industry Data Security Standard (PCI DSS)- compliant.
Which option will meet all of the bank's objectives with the LEAST complexity and LOWEST cost while also meeting compliance requirements?

• A. Create an Application Load Balancer with an Amazon ECS cluster on Amazon EC2 Dedicated instances in a target group to process incoming requests. Use Auto Scaling to scale the cluster out/in based on average CPU utilization. Deploy a web service that processes all of the approval steps and returns a JSON object with the approval status.
• B. Deploy the application on Amazon EC2 on Dedicated Instances. Use an Elastic Load Balancer in front of a farm of application servers in an Auto Scaling group to handle incoming requests. Scale out/in based on a custom Amazon CloudWatch metric for the number of inbound requests per second after measuring the capacity of a single instance.
• C. Create an Amazon API Gateway to process inbound requests using a single AWS Lambda task that performs multiple steps and returns a JSON object with the approval status. Open a support case to increase the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the new application.
• D. Create an Amazon API Gateway to process inbound requests using a series of AWS Lambda processes, each with an Amazon SQS input queue. As each step completes, it writes its result to the next step's queue. The final step returns a JSON object with the approval status. Open a support case to increase the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the new application.

Answer: D

 

NEW QUESTION 86
A company stores call recordings on a monthly basis. Statistically, the recorded data may be referenced randomly within a year but accessed rarely after 1 year. Files that are newer than 1 year old must be queried and retrieved as quickly as possible. A delay in retrieving older files is acceptable. A solutions architect needs to store the recorded data at a minimal cost.
Which solution is MOST cost-effective?

• A. Archive individual files in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after
  1 year. Store search metadata in Amazon DynamoDB. Query the files from DynamoDB and retrieve them from Amazon S3 or S3 Glacier.
• B. Archive individual files and store search metadata for each archive in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after 1 year. Query and retrieve the files by searching for metadata from Amazon S3.
• C. Store individual files in Amazon S3 Glacier and store search metadata in object tags created in S3 Glacier Query S3 Glacier tags and retrieve the files from S3 Glacier.
• D. Store individual files in Amazon S3. Use lifecycle policies to move the files to Amazon S3 Glacier after1 year. Query and retrieve the files from Amazon S3 or S3 Glacier.

Answer: D

 

NEW QUESTION 87
Does an AWS Direct Connect location provide access to Amazon Web Services in the region it is associated with as well as access to other US regions?

• A. No, it provides access only to the region it is associated with.
• B. Yes, it provides access but only when there's just one Availability Zone in the region.
• C. Yes, it provides access.
• D. No, it provides access only to the US regions other than the region it is associated with.

Answer: C

Explanation:
Explanation
An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud (US).
References:

 

NEW QUESTION 88
......

Get Instant Access REAL AWS-Solutions-Architect-Professional DUMP Pass Your Exam Easily: https://testking.vceengine.com/AWS-Solutions-Architect-Professional-vce-test-engine.html