SAP-C01 (Page 36)

A company is migrating an on-premises application and a MySQL database to AWS.The application processes highly sensitive data, and new data is constantly updated in the database.The data must not be transferred over the internet.The company also must encrypt the data in transit and at rest.The database is 5 TB in size.The company already has created the database schema in an Amazon RDS for MySQL DB instance.The company has set up a 1 Gbps AWS Direct Connect connection to AWS.The company also has set up a public VIF and a private VIF.A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime.Which solution will meet these requirements?Read More →

A company has an existing on-premises three-tier web application.The Linux web servers serve content from a centralized file share on a NAS server because the content is refreshed several times a day from various sources.The existing infrastructure is not optimized and the company would like to move to AWS in order to gain the ability to scale resources up and down in response to load.On-premises and AWS resources are connected using AWS Direct Connect.How can the company migrate the web infrastructure to AWS without delaying the content refresh process?Read More →

A company recently deployed a new application that runs on a group of Amazon EC2 Linux instances in a VPC.In a peered VPC, the company launched an EC2Linux instance that serves as a bastion host.The security group of the application instances allows access only on TCP port 22 from the private IP of the bastion host.The security group of the bastion host allows access to TCP port 22 from 0.0.0.0/0 so that system administrators can use SSH to remotely log in to the application instances from several branch offices.While looking through operating system logs on the bastion host, a cloud engineer notices thousands of failed SSH logins to the bastion host from locations around the world.The cloud engineer wants to change how remote access is granted to the application instances and wants to meet the following requirements:✑ Eliminate brute-force SSH login attempts.✑ Retain a log of commands run during an SSH session.✑ Retain the ability to forward ports.Which solution meets these requirements for remote access to the application instances?Read More →

A company’s site reliability engineer is performing a review of Amazon FSx for Windows File Server deployments within an account that the company acquired.Company policy states that all Amazon FSx file systems must be configured to be highly available across Availability Zones.During the review, the site reliability engineer discovers that one of the Amazon FSx file systems used a deployment type of Single-AZ 2.A solutions architect needs to minimize downtime while aligning this Amazon FSx file system with company policy.What should the solutions architect do to meet these requirements?Read More →

A company has a single AWS master billing account, which is the root of the AWS Organizations hierarchy.The company has multiple AWS accounts within this hierarchy, all organized into organization units (OUs).More OUs and AWS accounts will continue to be created as other parts of the business migrate applications to AWS.These business units may need to use different AWS services.The Security team is implementing the following requirements for all current and future AWS accounts:✑ Control policies must be applied across all accounts to prohibit AWS servers.✑ Exceptions to the control policies are allowed based on valid use cases.Which solution will meet these requirements with minimal optional overhead?Read More →

A company wants to use Amazon WorkSpaces in combination with thin client devices to replace aging desktops.Employees use the desktops to access applications that work with clinical trial data.Corporate security policy states that access to the applications must be restricted to only company branch office locations.The company is considering adding an additional branch office in the next 6 months.Which solution meets these requirements with the MOST operational efficiency?Read More →

A company hosts a legacy application that runs on an Amazon EC2 instance inside a VPC without internet access.Users access the application with a desktop program installed on their corporate laptops.Communication between the laptops and the VPC flows through AWS Direct Connect (DX).A new requirement states that all data in transit must be encrypted between users and the VPC.Which strategy should a solutions architect use to maintain consistent network performance while meeting this new requirement?Read More →

A company uses AWS Organizations for a multi-account setup in the AWS Cloud.The company uses AWS Control Tower for governance and uses AWS Transit Gateway for VPC connectivity across accounts.In an AWS application account, the company’s application team has deployed a web application that uses AWS Lambda and Amazon RDS.The company’s database administrators have a separate DBA account and use the account to centrally manage all the databases across the organization.The database administrators use an Amazon EC2 instance that is deployed in the DBA account to access an RDS database that is deployed in the application account.The application team has stored the database credentials as secrets in AWS Secrets Manager in the application account.The application team is manually sharing the secrets with the database administrators.The secrets are encrypted by the default AWS managed key for Secrets Manager in the application account.A solutions architect needs to implement a solution that gives the database administrators access to the database and eliminates the need to manually share the secrets.Which solution will meet these requirements?Read More →

A company wants to change its internal cloud billing strategy for each of its business units.Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit.The company uses AWS Organizations to manage the separate AWS accounts for each business unit.The existing tagging standard in Organizations includes the application, environment, and owner.The cloud governance team wants a centralized solution so each business unit receives monthly reports on its cloud spending.The solution should also send notifications for any cloud spending that exceeds a set threshold.Which solution is the MOST cost-effective way to meet these requirements?Read More →

A video processing company wants to build a machine learning (ML) model by using 600 TB of compressed data that is stored as thousands of files in the company’s on-premises network attached storage system.The company does not have the necessary compute resources on premises for ML experiments and wants to use AWS.The company needs to complete the data transfer to AWS within 3 weeks.The data transfer will be a one-time transfer.The data must be encrypted in transit.The measured upload speed of the company’s internet connection is 100 Mbps, and multiple departments share the connection.Which solution will meet these requirements MOST cost-effectively?Read More →