Solutions Architect Professional (Page 104)

A large company is migrating its entire IT portfolio to AWS.Each business unit in the company has a standalone AWS account that supports both development and test environments.New accounts to support production workloads will be needed soon.The finance department requires a centralized method for payment but must maintain visibility into each group’s spending to allocate costs.The security team requires a centralized mechanism to control IAM usage in all the company’s accounts.What combination of the following options meets the company’s needs with the LEAST effort? (Choose two.)Read More →

A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket.The company requires that only authenticated users are allowed to post content.The application generates a presigned URL that is used to upload objects through a browser interface.Most users are reporting slow upload times for objects larger than 100 MB.What can a Solutions Architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?Read More →

A global company has a mobile app that displays ticket barcodes.Customers use the tickets on the mobile app to attend live events.Event scanners read the ticket barcodes and call a backend API to validate the barcode data against data in a database.After the barcode is scanned, the backend logic writes to the database’s single table to mark the barcode as used.The company needs to deploy the app on AWS with a DNS name of api.example.com.The company will host the database in three AWS Regions around the world.Which solution will meet these requirements with the LOWEST latency?Read More →

A company uses Amazon S3 to host a web application.Currently, the company uses a continuous integration tool running on an Amazon EC2 instance that builds and deploys the application by uploading it to an S3 bucket.A Solutions Architect needs to enhance the security of the company’s platform with the following requirements:✑ A build process should be run in a separate account from the account hosting the web application.✑ A build process should have minimal access in the account it operates in.✑ Long-lived credentials should not be used.As a start, the Development team created two AWS accounts: one for the application named web account process; other is a named build account.Which solution should the Solutions Architect use to meet the security requirements?Read More →

A company is deploying a new application on AWS.The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository.The EKS cluster has an AWS managed node group.The company’s security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities.Which solution will meet this requirement with the LEAST operational overhead?Read More →

A company experienced a breach of highly confidential personal information due to permission issues on an Amazon S3 bucket.The Information Security team has tightened the bucket policy to restrict access.Additionally, to be better prepared for future attacks, these requirements must be met:✑ Identify remote IP addresses that are accessing the bucket objects.✑ Receive alerts when the security policy on the bucket is changed.✑ Remediate the policy changes automatically.Which strategies should the Solutions Architect use?Read More →

A company needs to monitor a growing number of Amazon S3 buckets across two AWS Regions.The company also needs to track the percentage of objects that are encrypted in Amazon S3.The company needs a dashboard to display this information for internal compliance teams.Which solution will meet these requirements with the LEAST operational overhead?Read More →

A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint.The SolutionsArchitect wants an end-to-end view of each request to analyze the latency of the request and create service maps.How can the Solutions Architect design the API Gateway access control and perform request inspections?Read More →

A company has a project that is launching Amazon EC2 instances that are larger than required.The project’s account cannot be part of the company’s organization in AWS Organizations due to policy restrictions to keep this activity outside of corporate IT.The company wants to allow only the launch of t3.small EC2 instances by developers in the project’s account.These EC2 instances must be restricted to the us-east-2 Region.What should a solutions architect do to meet these requirements?Read More →

A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing ReservedInstances.This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution.Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Choose two.)Read More →