SAP-C02 (Page 46)

A company uses AWS CloudFormation to deploy applications within multiple VPCs that are all attached to a transit gateway.Each VPC that sends traffic to the public internet must send the traffic through a shared services VPC.Each subnet within a VPC uses the default VPC route table, and the traffic is routed to the transit gateway.The transit gateway uses its default route table for any VPC attachment.A security audit reveals that an Amazon EC2 instance that is deployed within a VPC can communicate with an EC2 instance that is deployed in any of the company’s other VPCs.A solutions architect needs to limit the traffic between the VPCs.Each VPC must be able to communicate only with a predefined, limited set of authorized VPCs.What should the solutions architect do to meet these requirements?Read More →

An online retail company hosts its stateful web-based application and MySQL database in an on-premises data center on a single server.The company wants to increase its customer base by conducting more marketing campaigns and promotions.In preparation, the company wants to migrate its application and database to AWS to increase the reliability of its architecture.Which solution should provide the HIGHEST level of reliability?Read More →

A company is running an application on Amazon EC2 instances in the AWS Cloud.The application is using a MongoDB database with a replica set as its data tier.The MongoDB database is installed on systems in the company’s on-premises data center and is accessible through an AWS Direct Connect connection to the data center environment.A solutions architect must migrate the on-premises MongoDB database to Amazon DocumentDB (with MongoDB compatibility).Which strategy should the solutions architect choose to perform this migration?Read More →

A company hosts a community forum site using an Application Load Balancer (ALB) and a Docker application hosted in an Amazon ECS cluster.The site data is stored in Amazon RDS for MySQL and the container image is stored in ECR.The company needs to provide their customers with a disaster recovery SLA with an RTO of no more than 24 hours and RPO of no more than 8 hours.Which of the following solutions is the MOST cost-effective way to meet the requirements?Read More →

A solutions architect at a large company needs to set up network security for outbound traffic to the internet from all AWS accounts within an organization in AWS Organizations.The organization has more than 100 AWS accounts, and the accounts route to each other by using a centralized AWS Transit Gateway.Each account has both an internet gateway and a NAT gateway for outbound traffic to the internet.The company deploys resources only into a single AWS Region.The company needs the ability to add centrally managed rule-based filtering on all outbound traffic to the internet for all AWS accounts in the organization.The peak load of outbound traffic will not exceed 25 Gbps in each Availability Zone.Which solution meets these requirements?Read More →

A company is using AWS CodePipeline for the CI/CD of an application to an Amazon EC2 Auto Scaling group.All AWS resources are defined in AWS CloudFormation templates.The application artifacts are stored in an Amazon S3 bucket and deployed to the Auto Scaling group using instance user data scripts.As the application has become more complex, recent resource changes in the CloudFormation templates have caused unplanned downtime.How should a solutions architect improve the CI/CD pipeline to reduce the likelihood that changes in the templates will cause downtime?Read More →

A scientific company needs to process text and image data from an Amazon S3 bucket.The data is collected from several radar stations during a live, time-critical phase of a deep space mission.The radar stations upload the data to the source S3 bucket.The data is prefixed by radar station identification number.The company created a destination S3 bucket in a second account.Data must be copied from the source S3 bucket to the destination S3 bucket to meet a compliance objective.This replication occurs through the use of an S3 replication rule to cover all objects in the source S3 bucket.One specific radar station is identified as having the most accurate data.Data replication at this radar station must be monitored for completion within 30 minutes after the radar station uploads the objects to the source S3 bucket.What should a solutions architect do to meet these requirements?Read More →

A solutions architect is reviewing an application’s resilience before launch.The application runs on an Amazon EC2 instance that is deployed in a private subnet of a VPC.The EC2 instance is provisioned by an Auto Scaling group that has a minimum capacity of 1 and a maximum capacity of 1.The application stores data on an Amazon RDS for MySQL DB instance.The VPC has subnets configured in three Availability Zones and is configured with a single NAT gateway.The solutions architect needs to recommend a solution to ensure that the application will operate across multiple Availability Zones.Which solution will meet this requirement?Read More →

A company is planning to migrate an Amazon RDS for Oracle database to an RDS for PostgreSQL DB instance in another AWS account.A solutions architect needs to design a migration strategy that will require no downtime and that will minimize the amount of time necessary to complete the migration.The migration strategy must replicate all existing data and any new data that is created during the migration.The target database must be identical to the source database at completion of the migration process.All applications currently use an Amazon Route 53 CNAME record as their endpoint for communication with the RDS for Oracle DB instance.The RDS for Oracle DB instance is in a private subnet.Which combination of steps should the solutions architect take to meet these requirements? (Choose three.)Read More →

A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs.The company needs to increase visibility into details of AWS Billing and Cost Management.There are various accounts associated with AWS Organizations, including many development and production accounts.There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed using AWS CloudFormation with consistent tagging.Management requires cost center numbers and project ID numbers for all existing and future DynamoDB tables and RDS instances.Which strategy should the solutions architect provide to meet these requirements?Read More →