Solutions Architect Professional (Page 80)

A company is running a serverless application that consists of several AWS Lambda functions and Amazon DynamoDB tables.The company has created new functionality that requires the Lambda functions to access an Amazon Neptune DB cluster.The Neptune DB cluster is located in three subnets in a VPC.Which of the possible solutions will allow the Lambda functions to access the Neptune DB cluster and DynamoDB tables? (Choose two.)Read More →

A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC.The company needs to integrate the application with a new service from an external provider.The external provider supports only requests that come from public IPv4 addresses that are in an allow list.The company must provide a single public IP address to the external provider before the application can start using the new service.Which solution will give the application the ability to access the new service?Read More →

A company is running multiple workloads in the AWS Cloud.The company has separate units for software development.The company uses AWS Organizations and federation with SAML to give permissions to developers to manage resources in their AWS accounts.The development units each deploy their production workloads into a common production account.Recently, an incident occurred in the production account in which members of a development unit terminated an EC2 instance that belonged to a different development unit.A solutions architect must create a solution that prevents a similar incident from happening in the future.The solution also must allow developers the possibility to manage the instances used for their workloads.Which strategy will meet these requirements?Read More →

A company is planning to migrate 1,000 on-premises servers to AWS.The servers run on several VMware clusters in the company’s data center.As part of the migration plan, the company wants to gather server metrics such as CPU details, RAM usage, operating system information, and running processes.The company then wants to query and analyze the data.Which solution will meet these requirements?Read More →

A company runs an e-commerce platform with front-end and e-commerce tiers.Both tiers run on LAMP stacks with the front-end instances running behind a load balancing appliance that has a virtual offering on AWS.Currently, the Operations team uses SSH to log in to the instances to maintain patches and address other concerns.The platform has recently been the target of multiple attacks, including:✑ A DDoS attack.✑ An SQL injection attack.✑ Several successful dictionary attacks on SSH accounts on the web servers.The company wants to improve the security of the e-commerce platform by migrating to AWS.The company’s Solutions Architects have decided to use the following approach:✑ Code review the existing application and fix any SQL injection issues.✑ Migrate the web application to AWS and leverage the latest AWS Linux AMI to address initial security patching.✑ Install AWS Systems Manager to manage patching and allow the system administrators to run commands on all instances, as needed.allWhat additional steps will addressof the identified attack types while providing high availability and minimizing risk?Read More →

A company hosts a Git repository in an on-premises data center.The company uses webhooks to invoke functionality that runs in the AWS Cloud.The company hosts the webhook logic on a set of Amazon EC2 instances in an Auto Scaling group that the company set as a target for an Application Load Balancer (ALB).The Git server calls the ALB for the configured webhooks.The company wants to move the solution to a serverless architecture.Which solution will meet these requirements with the LEAST operational overhead?Read More →

A company wants to migrate its on-premises data center to the AWS Cloud.This includes thousands of virtualized Linux and Microsoft Windows servers, SAN storage, Java and PHP applications with MYSQL, and Oracle databases.There are many dependent services hosted either in the same data center or externally.The technical documentation is incomplete and outdated.A solutions architect needs to understand the current environment and estimate the cloud resource costs after the migration.Which tools or services should solutions architect use to plan the cloud migration? (Choose three.)Read More →

A company has 10 accounts that are part of an organization in AWS Organizations.AWS Config is configured in each account.All accounts belong to either the Prod OU or the NonProd OU.The company has set up an Amazon EventBridge rule in each AWS account to notify an Amazon Simple Notification Service (Amazon SNS) topic when an Amazon EC2 security group inbound rule is created with 0.0.0.0/0 as the source.The company’s security team is subscribed to the SNS topic.For all accounts in the NonProd OU, the security team needs to remove the ability to create a security group inbound rule that includes 0.0.0.0/0 as the source.Which solution will meet this requirement with the LEAST operational overhead?Read More →

A company is launching a web-based application in multiple regions around the world.The application consists of both static content stored in a private AmazonS3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB).The company requires that the static and dynamic application content be accessible through Amazon CloudFront only.Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choose three.)Read More →

A company is using Amazon OpenSearch Service to analyze data.The company loads data into an OpenSearch Service cluster with 10 data nodes from an Amazon S3 bucket that uses S3 Standard storage.The data resides in the cluster for 1 month for read-only analysis.After 1 month, the company deletes the index that contains the data from the cluster.For compliance purposes, the company must retain a copy of all input data.The company is concerned about ongoing costs and asks a solutions architect to recommend a new solution.Which solution will meet these requirements MOST cost-effectively?Read More →