Solutions Architect Professional (Page 58)

A solutions architect has implemented a SAML 2.0 federated identity solution with their company’s on-premises identity provider (IdP) to authenticate users’ access to the AWS environment.When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted.However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment.Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.)Read More →

A company has a single AWS master billing account, which is the root of the AWS Organizations hierarchy.The company has multiple AWS accounts within this hierarchy, all organized into organization units (OUs).More OUs and AWS accounts will continue to be created as other parts of the business migrate applications to AWS.These business units may need to use different AWS services.The Security team is implementing the following requirements for all current and future AWS accounts:✑ Control policies must be applied across all accounts to prohibit AWS servers.✑ Exceptions to the control policies are allowed based on valid use cases.Which solution will meet these requirements with minimal optional overhead?Read More →

A company is creating a solution that can move 400 employees into a remote working environment in the event of an unexpected disaster.The user desktops have a mix of Windows and Linux operating systems.Multiple types of software, such as web browsers and mail clients, are installed on each desktop.A solutions architect needs to implement a solution that can be integrated with the company’s on-premises Active Directory to allow employees to use their existing identity credentials.The solution must provide multifactor authentication (MFA) and must replicate the user experience from the existing desktops.Which solution will meet these requirements?Read More →

A company’s site reliability engineer is performing a review of Amazon FSx for Windows File Server deployments within an account that the company acquired.Company policy states that all Amazon FSx file systems must be configured to be highly available across Availability Zones.During the review, the site reliability engineer discovers that one of the Amazon FSx file systems used a deployment type of Single-AZ 2.A solutions architect needs to minimize downtime while aligning this Amazon FSx file system with company policy.What should the solutions architect do to meet these requirements?Read More →

A company wants to design a disaster recovery (DR) solution for an application that runs in the company’s data center.The application writes to an SMB file share and creates a copy on a second file share.Both file shares are in the data center.The application uses two types of files: metadata files and image files.The company wants to store the copy on AWS.The company needs the ability to use SMB to access the data from either the data center or AWS if a disaster occurs.The copy of the data is rarely accessed but must be available within 5 minutes.Read More →

A company recently deployed a new application that runs on a group of Amazon EC2 Linux instances in a VPC.In a peered VPC, the company launched an EC2Linux instance that serves as a bastion host.The security group of the application instances allows access only on TCP port 22 from the private IP of the bastion host.The security group of the bastion host allows access to TCP port 22 from 0.0.0.0/0 so that system administrators can use SSH to remotely log in to the application instances from several branch offices.While looking through operating system logs on the bastion host, a cloud engineer notices thousands of failed SSH logins to the bastion host from locations around the world.The cloud engineer wants to change how remote access is granted to the application instances and wants to meet the following requirements:✑ Eliminate brute-force SSH login attempts.✑ Retain a log of commands run during an SSH session.✑ Retain the ability to forward ports.Which solution meets these requirements for remote access to the application instances?Read More →

A company is migrating a legacy application from an on-premises data center to AWS.The application consists of a single application server and a Microsoft SQL Server database server.Each server is deployed on a VMware VM that consumes 500 TB of data across multiple attached volumes.The company has established a 10 Gbps AWS Direct Connect connection from the closest AWS Region to its on-premises data center.The Direct Connect connection is not currently in use by other services.Which combination of steps should a solutions architect take to migrate the application with the LEAST amount of downtime? (Choose two.)Read More →

A company has an existing on-premises three-tier web application.The Linux web servers serve content from a centralized file share on a NAS server because the content is refreshed several times a day from various sources.The existing infrastructure is not optimized and the company would like to move to AWS in order to gain the ability to scale resources up and down in response to load.On-premises and AWS resources are connected using AWS Direct Connect.How can the company migrate the web infrastructure to AWS without delaying the content refresh process?Read More →

A company has implemented an ordering system using an event-driven architecture.During initial testing, the system stopped processing orders.Further log analysis revealed that one order message in an Amazon Simple Queue Service (Amazon SQS) standard queue was causing an error on the backend and blocking all subsequent order messages.The visibility timeout of the queue is set to 30 seconds, and the backend processing timeout is set to 10 seconds.A solutions architect needs to analyze faulty order messages and ensure that the system continues to process subsequent messages.Which step should the solutions architect take to meet these requirements?Read More →

A company is migrating an on-premises application and a MySQL database to AWS.The application processes highly sensitive data, and new data is constantly updated in the database.The data must not be transferred over the internet.The company also must encrypt the data in transit and at rest.The database is 5 TB in size.The company already has created the database schema in an Amazon RDS for MySQL DB instance.The company has set up a 1 Gbps AWS Direct Connect connection to AWS.The company also has set up a public VIF and a private VIF.A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime.Which solution will meet these requirements?Read More →