Solutions Architect Professional (Page 20)

During a security audit of a Service team’s application, a Solutions Architect discovers that a username and password for an Amazon RDS database and a set ofAWS IAM user credentials can be viewed in the AWS Lambda function code.The Lambda function uses the username and password to run queries on the database, and it uses the IAM credentials to call AWS services in a separate management account.The Solutions Architect is concerned that the credentials could grant inappropriate access to anyone who can view the Lambda code.The management account and the Service team’s account are in separate AWS Organizations organizational units (OUs).Which combination of changes should the Solutions Architect make to improve the solution’s security? (Choose two.)Read More →

A company has five development teams that have each created five AWS accounts to develop and host applications.To track spending, the development teams log in to each account every month, record the current cost from the AWS Billing and Cost Management console, and provide the information to the company’s finance team.The company has strict compliance requirements and needs to ensure that resources are created only in AWS Regions in the United States.However, some resources have been created in other Regions.A solutions architect needs to implement a solution that gives the finance team the ability to track and consolidate expenditures for all the accounts.The solution also must ensure that the company can create resources only in Regions in the United States.Which combination of steps will meet these requirements in the MOST operationally efficient way? (Choose three.)Read More →

A company is having issues with a newly deployed serverless infrastructure that uses Amazon API Gateway, Amazon Lambda, and Amazon DynamoDB.In a steady state, the application performs as expected.However, during peak load, tens of thousands of simultaneous invocations are needed and user requests fail multiple times before succeeding.The company has checked the logs for each component, focusing specifically on Amazon CloudWatch Logs for Lambda.There are no errors logged by the services or applications.What might cause this problem?Read More →

A company needs to migrate its customer transactions database from on premises to AWS.The database resides on an Oracle DB instance that runs on a Linux server.According to a new security requirement, the company must rotate the database password each year.Which solution will meet these requirements with the LEAST operational overhead?Read More →

A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing ReservedInstances.This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution.Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Choose two.)Read More →

A company has a project that is launching Amazon EC2 instances that are larger than required.The project’s account cannot be part of the company’s organization in AWS Organizations due to policy restrictions to keep this activity outside of corporate IT.The company wants to allow only the launch of t3.small EC2 instances by developers in the project’s account.These EC2 instances must be restricted to the us-east-2 Region.What should a solutions architect do to meet these requirements?Read More →

A Solutions Architect wants to make sure that only AWS users or roles with suitable permissions can access a new Amazon API Gateway endpoint.The SolutionsArchitect wants an end-to-end view of each request to analyze the latency of the request and create service maps.How can the Solutions Architect design the API Gateway access control and perform request inspections?Read More →

A company needs to monitor a growing number of Amazon S3 buckets across two AWS Regions.The company also needs to track the percentage of objects that are encrypted in Amazon S3.The company needs a dashboard to display this information for internal compliance teams.Which solution will meet these requirements with the LEAST operational overhead?Read More →

A company experienced a breach of highly confidential personal information due to permission issues on an Amazon S3 bucket.The Information Security team has tightened the bucket policy to restrict access.Additionally, to be better prepared for future attacks, these requirements must be met:✑ Identify remote IP addresses that are accessing the bucket objects.✑ Receive alerts when the security policy on the bucket is changed.✑ Remediate the policy changes automatically.Which strategies should the Solutions Architect use?Read More →

A company is deploying a new application on AWS.The application consists of an Amazon Elastic Kubernetes Service (Amazon EKS) cluster and an Amazon Elastic Container Registry (Amazon ECR) repository.The EKS cluster has an AWS managed node group.The company’s security guidelines state that all resources on AWS must be continuously scanned for security vulnerabilities.Which solution will meet this requirement with the LEAST operational overhead?Read More →