Questions are available here.
A company has many AWS accounts that individual business groups own. One of the accounts was recently compromised. The attacker launched a large number of instances, resulting in a high bill for that account.
The company addressed the security breach, but a solutions architect needs to develop a solution to prevent excessive spending in all accounts. Each business group wants to retain full control of its AWS account.
Which solution should the solutions architect recommend to meet these requirements?
A company has multiple AWS accounts in an organization in AWS Organizations. The company has integrated its on-premises Active Directory with AWS Single Sign-On (AWS SSO) to grant Active Directory users least privilege permissions to manage infrastructure across all the accounts.
A solutions architect must integrate a third-party monitoring solution that requires read-only access across all AWS accounts. The monitoring solution will run in its own AWS account.
What should the solutions architect do to provide the monitoring solution with the required permissions?
A team is building an HTML form that is hosted in a public Amazon S3 bucket. The form uses JavaScript to post data to an Amazon API Gateway API endpoint. The API endpoint is integrated with AWS Lambda functions. The team has tested each method in the API Gateway console and has received valid responses.
Which combination of steps must the team complete so that the form can successfully post to the API endpoint and receive a valid response? (Select TWO.)
D, E – Cross-origin resource sharing (CORS) is a browser security feature that restricts HTTP requests that initiate from scripts that run in the browser. CORS is typically required to build web applications that access APIs that are hosted on a different domain or origin. You can enable CORS to allow requests to your API from a web application that is hosted on a different domain. For example, if your API is hosted on https://api_id.executeapi.region.amazonaws.com/ and you want to call your API from a web application that is hosted on bucketname.s3.website-region, your API must support CORS. Option E is required for the HTML form to be served through a website endpoint.
Option A is incorrect because the CORS header must be configured to be returned by the dynamic response from the API endpoint. The configuration of CORS for the S3 bucket does not help. Option B is incorrect because there is no advantage to serving a static webpage from a web server that runs on Amazon EC2 instead of from an S3 bucket. Option C is incorrect because API Gateway has a default quota of 10,000 requests per second for each AWS Region. If necessary, you can increase this quota.
A company has two AWS accounts: one account for production workloads and one account for development workloads. A development team and an operations team create and manage these workloads. The company needs a security strategy that meets the following requirements:
Which strategy will meet these requirements?
A) In the production account:
In the development account:
B) In the production account:
C) In the development account:
D) In the production account:
A solutions architect needs to reduce costs for a big data application. The application environment consists of hundreds of devices that send events to Amazon Kinesis Data Streams. The device ID is used as the partition key, so each device gets a separate shard. Each device sends between 50 KB and 450 KB of data each second. An AWS Lambda function polls the shards, processes the data, and stores the result in Amazon S3.
Every hour, another Lambda function runs an Amazon Athena query against the result data to identify outliers. This Lambda function places the outliers in an Amazon Simple Queue Service (Amazon SQS) queue. An Amazon EC2 Auto Scaling group of two EC2 instances monitors the queue and runs a 30-second process to address the outliers. The devices submit an average of 10 outlying values every hour.
Which combination of changes to the application will MOST reduce costs? (Select TWO.)
A company operates an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. After an order is successfully processed, the application immediately posts order data to a third-party affiliate’s external tracking system that pays sales commissions for order referrals.
During a successful marketing promotion, the number of EC2 instances increased from 2 to 20. The application continued to work correctly during this time. However, the increased request rate overwhelmed the third-party affiliate and resulted in failed requests.
Which combination of architectural changes should a solutions architect make to ensure that the entire process functions correctly under load? (Select TWO.)
B, D – In option B, the use of an Amazon Simple Queue Service (Amazon SQS) queue will decouple the main application from calls to the affiliate. This change will protect the main application from the reduced capacity of the affiliate. Additionally, failed requests can automatically return to the queue. In option D, a decreased number of concurrent invocations will prevent the affiliate application from getting overwhelmed.
Although option A will reduce the load on the Amazon EC2 instances, this solution will not reduce the number of requests to the affiliate application. Although option C will allow the AWS Lambda function to wait longer for the external call to return, this solution will not reduce the load on the overwhelmed affiliate application. Option E is incorrect because an increase in memory will have no effect on the interaction between the Lambda function and the affiliate tracking system.
A company has built an online ticketing web application on AWS. The application is hosted on AWS App Runner and uses images that are stored in an Amazon Elastic Container Registry (Amazon ECR) repository. The application stores data in an Amazon Aurora MySQL DB cluster. The company has set up a domain name in Amazon Route 53.
The company needs to deploy the application across two AWS Regions in an active-active configuration.
Which combination of steps will meet these requirements with the LEAST change to the architecture? (Select THREE.)
A, D, F – AWS App Runner is a fully managed service that developers can use to quickly deploy containerized web applications with images that are stored in an Amazon Elastic Container Registry (Amazon ECR) repository. Option A is correct because Cross-Region Replication makes a copy of the repository in a second AWS Region. Option D is correct because you can use Route 53 to host the custom domain name and to route traffic to resources in multiple AWS Regions. Option F is correct because Amazon Aurora global databases extend across multiple Regions and are designed for globally distributed applications.
Option B is incorrect because a VPC endpoint will not provide access to an image that is stored in a different Region. In option C, no such configuration exists in App Runner. Although option E would work, the introduction of Amazon DynamoDB would require more change to the architecture than the use of an Aurora global database. The question asks for the least change to the architecture.
A company has deployed a multi-tier web application in the AWS Cloud. The application consists of the following tiers:
All the EC2 instances are using Intel-based x86 CPUs. A solutions architect needs to modernize the infrastructure to achieve better performance. The solution must minimize the operational overhead of the application.
Which combination of actions should the solutions architect take to meet these requirements? (Select TWO.)
B, C – In option B, by placing the web tier behind an Application Load Balancer (ALB), you can improve availability and scalability of the web tier. The ALB serves as the single point of contact for clients and distributes incoming application traffic to the Amazon EC2 instances. Option C is correct because Amazon Aurora Serverless provides high performance and high availability with reduced operational complexity.
Option A is incorrect because additional EC2 instances will not minimize operational overhead. A managed service would be a better option. Option D is incorrect because the application includes Windows instances, which are not available for Graviton2. Option E is incorrect because a company-managed load balancer will not minimize operational overhead.