- (Exam Topic 3)
A company is using Amazon API Gateway to deploy a private REST API that will provide access to sensitive data. The API must be accessible only from an application that is deployed in a VPC. The company deploys the API successfully. However, the API is not accessible from an Amazon EC2 instance that is deployed in the VPC.
Which solution will provide connectivity between the EC2 instance and the API?

1. A. Create an interface VPC endpoint for API Gatewa
2. B. Attach an endpoint policy that allows apigateway:* action
3. C. Disable private DNS naming for the VPC endpoin
4. D. Configure an API resource policy that allows access from the VP
5. E. Use the VPC endpoint's DNS name to access the API.
6. F. Create an interface VPC endpoint for API Gatewa
7. G. Attach an endpoint policy that allows the execute-api:lnvoke actio
8. H. Enable private DNS naming for the VPC endpoin
9. I. Configure an APIresource policy that allows access from the VPC endpoin
10. J. Use the API endpoint's DNS names to accessthe AP
11. K. Most Voted
12. L. Create a Network Load Balancer (NLB) and a VPC lin
13. M. Configure private integration between API Gateway and the NL
14. N. Use the API endpoint's DNS names to access the API.
15. O. Create an Application Load Balancer (ALB) and a VPC Lin
16. P. Configure private integration between API Gateway and the AL
17. Q. Use the ALB endpoint's DNS name to access the API.

Correct Answer: B
According to the AWS documentation1, to access a private API from a VPC, you need to do the following:
Create an interface VPC endpoint for API Gateway in your VPC. This creates a private connection between your VPC and API Gateway.
Attach an endpoint policy to the VPC endpoint that allows the execute-api:lnvoke action for your private API. This grants permission to invoke your API from the VPC.
Enable private DNS naming for the VPC endpoint. This allows you to use the same DNS names for your private APIs as you would for public APIs.
Configure a resource policy for your private API that allows access from the VPC endpoint. This controls who can access your API and under what conditions.
Use the API endpoint’s DNS names to access the API from your VPC. For example, https://api-id.execute-api.region.amazonaws.com/stage.

- (Exam Topic 2)
A company wants to use AWS for disaster recovery for an on-premises application. The company has hundreds of Windows-based servers that run the application. All the servers mount a common share.
The company has an RTO of 15 minutes and an RPO of 5 minutes. The solution must support native failover and fallback capabilities.
Which solution will meet these requirements MOST cost-effectively?

1. A. Create an AWS Storage Gateway File Gatewa
2. B. Schedule daily Windows server backup
3. C. Save the data lo Amazon S3. During a disaster, recover the on-premises servers from the backu
4. D. During failbac
5. E. run the on-premises servers on Amazon EC2 instances.
6. F. Create a set of AWS CloudFormation templates to create infrastructur
7. G. Replicate all data to Amazon Elastic File System (Amazon EFS) by using AWS DataSyn
8. H. During a disaster, use AWS CodePipeline to deploy the templates to restore the on-premises server
9. I. Fail back the data by using DataSync.
10. J. Create an AWS Cloud Development Kit (AWS CDK) pipeline to stand up a multi-site active-active environment on AW
11. K. Replicate data into Amazon S3 by using the s3 sync comman
12. L. During a disaster, swap DNS endpoints to point to AW
13. M. Fail back the data by using the s3 sync command.
14. N. Use AWS Elastic Disaster Recovery to replicate the on-premises server
15. O. Replicate data to an Amazon FSx for Windows File Server file system by using AWS DataSyn
16. P. Mount the file system to AWS server
17. Q. During a disaster, fail over the on-premises servers to AW
18. R. Fail back to new or existing servers by using Elastic Disaster Recovery.

Correct Answer: D

- (Exam Topic 2)
A software-as-a-service (SaaS) provider exposes APIs through an Application Load Balancer (ALB). The ALB connects to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster that is deployed in the
us-east-I Region. The exposed APIs contain usage of a few non-standard REST methods: LINK, UNLINK, LOCK, and UNLOCK.
Users outside the United States are reporting long and inconsistent response times for these APIs. A solutions architect needs to resolve this problem with a solution that minimizes operational overhead.
Which solution meets these requirements?

1. A. Add an Amazon CloudFront distributio
2. B. Configure the ALB as the origin.
3. C. Add an Amazon API Gateway edge-optimized API endpoint to expose the API
4. D. Configure the ALB as the target.
5. E. Add an accelerator in AWS Global Accelerato
6. F. Configure the ALB as the origin.
7. G. Deploy the APIs to two additional AWS Regions: eu-west-l and ap-southeast-2. Add latency-based routing records in Amazon Route 53.

Correct Answer: C
Adding an accelerator in AWS Global Accelerator will enable improving the performance of the APIs for local and global users1. AWS Global Accelerator is a service that uses the AWS global network to route traffic to the optimal regional endpoint based on health, client location, and policies1. Configuring the ALB as the origin will enable connecting the accelerator to the ALB that exposes the APIs2. AWS Global Accelerator supports non-standard REST methods such as LINK, UNLINK, LOCK, and UNLOCK3.

- (Exam Topic 3)
An online gaming company needs to optimize the cost of its workloads on AWS. The company uses a dedicated account to host the production environment for its online gaming application and an analytics application.
Amazon EC2 instances host the gaming application and must always be vailable. The EC2 instances run all year. The analytics application uses data that is stored in Amazon S3. The analytics application can be interrupted and resumed without issue.
Which solution will meet these requirements MOST cost-effectively?

1. A. Purchase an EC2 Instance Savings Plan for the online gaming application instance
2. B. Use On-Demand Instances for the analytics application.
3. C. Purchase an EC2 Instance Savings Plan for the online gaming application instance
4. D. Use Spot Instances for the analytics application.
5. E. Use Spot Instances for the online gaming application and the analytics applicatio
6. F. Set up a catalog in AWS Service Catalog to provision services at a discount.
7. G. Use On-Demand Instances for the online gaming applicatio
8. H. Use Spot Instances for the analytics applicatio
9. I. Set up a catalog in AWS Service Catalog to provision services at a discount.

Correct Answer: B
The correct answer is B.
* B. This solution is the most cost-effective because it uses an EC2 Instance Savings Plan for the online gaming application instances, which provides the lowest prices and savings up to 72% compared to On-Demand prices. The EC2 Instance Savings Plan applies to any instance size within the same family and region, regardless of availability zone, operating system, or tenancy. The online gaming application instances run all year and must always be available, so they are not suitable for Spot Instances, which can be interrupted with a two-minute notice. This solution also uses Spot Instances for the analytics application, which can reduce the cost by up to 90% compared to On-Demand prices. The analytics application can be interrupted and resumed without issue, so it is a good fit for Spot Instances, which use spare EC2 capacity. This solution does not require AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts123
* A. This solution is incorrect because it uses On-Demand Instances for the analytics application, which are more expensive than Spot Instances. The analytics application can be interrupted and resumed without issue, so it can benefit from the lower cost of Spot Instances, which use spare EC2 capacity.
* C. This solution is incorrect because it uses Spot Instances for the online gaming application, which can be interrupted with a two-minute notice. The online gaming application instances must always be available, so they are not suitable for Spot Instances, which use spare EC2 capacity. This solution also uses AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts.
* D. This solution is incorrect because it uses On-Demand Instances for the online gaming application, which are more expensive than an EC2 Instance Savings Plan. The online gaming application instances run all year and must always be available, so they are suitable for an EC2 Instance Savings Plan, which provides the lowest prices and savings up to 72% compared to On-Demand prices. This solution also uses AWS Service Catalog, which is a service that helps to create and manage catalogs of IT services that are approved for use on AWS, but does not provide any discounts.
References:
1: EC2 Instance Savings Plans – Amazon Web Services 2: Amazon EC2 Spot Instances 3: Cloud Management and Governance – AWS Service Catalog – Amazon Web Services

- (Exam Topic 3)
A company plans to deploy a new private intranet service on Amazon EC2 instances inside a VPC. An AWS Site-to-Site VPN connects the VPC to the company's on-premises network. The new service must communicate with existing on-premises services The on-premises services are accessible through the use of hostnames that reside in the company example DNS zone This DNS zone is wholly hosted on premises and is available only on the company's private network.
A solutions architect must ensure that the new service can resolve hostnames on the company example domain to integrate with existing services.
Which solution meets these requirements?

1. A. Create an empty private zone in Amazon Route 53 for company example Add an additional NS record to the company's on-premises company example zone that points to the authoritative name servers for the new private zone in Route 53
2. B. Turn on DNS hostnames for the VPC Configure a new outbound endpoint with Amazon Route 53 Resolve
3. C. Create a Resolver rule to forward requests for company example to the on-premises name servers
4. D. Turn on DNS hostnames for the VPC Configure a new inbound resolver endpoint with Amazon Route 53 Resolve
5. E. Configure the on-premises DNS server to forward requests for company example to the new resolver.
6. F. Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required hostname
7. G. Use an Amazon EventBndge rule to run the document when an instance is entering the running state.

Correct Answer: B
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html