Solutions Architect Professional (Page 34)

A company is running a web application in the AWS Cloud.The application consists of dynamic content that is created on a set of Amazon EC2 instances.The EC2 instances run in an Auto Scaling group that is configured as a target group for an Application Load Balancer (ALB).The company is using an Amazon CloudFront distribution to distribute the application globally.The CloudFront distribution uses the ALB as an origin.The company uses Amazon Route 53 for DNS and has created an A record of www.example.com for the CloudFront distribution.A solutions architect must configure the application so that itis highly available and fault tolerant.Which solution meets these requirements?Read More →

A company has a new security policy.The policy requires the company to log any event that retrieves data from Amazon S3 buckets.The company must save these audit logs in a dedicated S3 bucket.The company created the audit logs S3 bucket in an AWS account that is designated for centralized logging.The S3 bucket has a bucket policy that allows write- only cross-account access.A solutions architect must ensure that all S3 object-level access is being logged for current S3 buckets and future S3 buckets.Which solution will meet these requirements?Read More →

A company has an organization in AWS Organizations that has a large number of AWS accounts.One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts.AWS Site-to-Site VPN connections are configured between all of the company’s global offices and the transit account.The company has AWS Config enabled on all of its accounts.The company’s networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices.Developers will reference this list to gain access to their applications securely.Which solution meets these requirements with the LEAST amount of operational overhead?Read More →

A company is adding a new approved external vendor that only supports IPv6 connectivity.The company’s backend systems sit in the private subnet of anAmazon VPC.The company uses a NAT gateway to allow these systems to communicate with external vendors over IPv4.Company policy requires systems that communicate with external vendors to use a security group that limits access to only approved external vendors.The virtual private cloud (VPC) uses the default network ACL.The Systems Operator successfully assigns IPv6 addresses to each of the backend systems.The Systems Operator also updates the outbound security group to include the IPv6 CIDR of the external vendor (destination).The systems within the VPC are able to ping one another successfully over IPv6.However, these systems are unable to communicate with the external vendor.What changes are required to enable communication with the external vendor?Read More →

A company runs a new application as a static website in Amazon S3.The company has deployed the application to a production AWS account and uses Amazon CloudFront to deliver the website.The website calls an Amazon API Gateway REST API.An AWS Lambda function backs each API method.The company wants to create a CSV report every 2 weeks to show each API Lambda function’s recommended configured memory, recommended cost, and the price difference between current configurations and the recommendations.The company will store the reports in an S3 bucket.Which solution will meet these requirements with the LEAST development time?Read More →

A company is migrating its marketing website and content management system from an on-premises data center to AWS.The company wants the AWS application to be deployed in a VPC with Amazon EC2 instances used for the web servers and an Amazon RDS instance for the database.The company has a runbook document that describes the installation process of the on-premises system.The company would like to base the AWS system on the processes referenced in the runbook document.The runbook document describes the installation and configuration of the operating systems, network settings, the website, and content management system software on the servers.After the migration is complete, the company wants to be able to make changes quickly to take advantage of other AWS features.How can the application and environment be deployed and automated in AWS, while allowing for future changes?Read More →

A company’s factory and automation applications are running in a single VPC.More than 20 applications run on a combination of Amazon EC2, Amazon Elastic Container Service (Amazon ECS), and Amazon RDS.The company has software engineers spread across three teams.One of the three teams owns each application, and each time is responsible for the cost and performance of all of its applications.Team resources have tags that represent their application and team.The teams use IAM access for daily activities.The company needs to determine which costs on the monthly AWS bill are attributable to each application or team.The company also must be able to create reports to compare costs from the last 12 months and to help forecast costs for the next 12 months.A solutions architect must recommend an AWS Billing and Cost Management solution that provides these cost reports.Which combination of actions will meet these requirements? (Choose three.)Read More →

A company wants to migrate its website from an on-premises data center onto AWS.At the same time, it wants to migrate the website to a containerized microservice-based architecture to improve the availability and cost efficiency.The company’s security policy states that privileges and network permissions must be configured according to best practice, using least privilege.A Solutions Architect must create a containerized architecture that meets the security requirements and has deployed the application to an Amazon ECS cluster.What steps are required after the deployment to meet the requirements? (Choose two.)Read More →

An AWS customer has a web application that runs on premises.The web application fetches data from a third-party API that is behind a firewall.The third party accepts only one public CIDR block in each client’s allow list.The customer wants to migrate their web application to the AWS Cloud.The application will be hosted on a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in a VPC.The ALB is located in public subnets.The EC2 instances are located in private subnets.NAT gateways provide internet access to the private subnets.How should a solutions architect ensure that the web application can continue to call the third-party API after the migration?Read More →

As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection.Applications running on AWS have the following endpoints:✑ Application Load Balancer✑ Amazon API Gateway regional endpoint✑ Elastic IP address-based EC2 instances.✑ Amazon S3 hosted websites.✑ Classic Load BalancerThe Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:✑ DDoS protection✑ SQL injection protection✑ IP address whitelist/blacklist✑ HTTP flood protection✑ Bad bot scraper protectionHow should the Solutions Architect design the solution?Read More →