- (Exam Topic 2)
A company has an application that runs as a ReplicaSet of multiple pods in an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. The EKS cluster has nodes in multiple Availability Zones. The application generates many small files that must be accessible across all running instances of the application. The company needs to back up the files and retain the backups for 1 year.
Which solution will meet these requirements while providing the FASTEST storage performance?

1. A. Create an Amazon Elastic File System (Amazon EFS) file system and a mount target for each subnet that contains nodes in the EKS cluste
2. B. Configure the ReplicaSet to mount the file syste
3. C. Direct the application to store files in the file syste
4. D. Configure AWS Backup to back up and retain copies of the data for 1 year.
5. E. Create an Amazon Elastic Block Store (Amazon EBS) volum
6. F. Enable the EBS Multi-Attach feature.Configure the ReplicaSet to mount the EBS volum
7. G. Direct the application to store files in the EBS volum
8. H. Configure AWS Backup to back up and retain copies of the data for 1 year.
9. I. Create an Amazon S3 bucke
10. J. Configure the ReplicaSet to mount the S3 bucke
11. K. Direct the application to store files in the S3 bucke
12. L. Configure S3 Versioning to retain copies of the dat
13. M. Configure an S3 Lifecycle policy to delete objects after 1 year.
14. N. Configure the ReplicaSet to use the storage available on each of the running application pods to store the files locall
15. O. Use a third-party tool to back up the EKS cluster for 1 year.

Correct Answer: A
In the past, EBS can be attached only to one ec2 instance but not anymore but there are limitations like - it works only on io1/io2 instance types and many others as described here. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volumes-multi.html EFS has shareable storage
In terms of performance, Amazon EFS is optimized for workloads that require high levels of aggregate throughput and IOPS, whereas EBS is optimized for low-latency, random access I/O operations. Amazon EFS is designed to scale throughput and capacity automatically as your storage needs grow, while EBS volumes can be resized on demand.

- (Exam Topic 3)
A company wants to migrate its on-premises application to AWS. The database for the application stores structured product data and temporary user session data. The company needs to decouple the product data from the user session data. The company also needs to implement replication in another AWS Region for disaster recovery.
Which solution will meet these requirements with the HIGHEST performance?

1. A. Create an Amazon RDS DB instance with separate schemas to host the product data and the user session dat
2. B. Configure a read replica for the DB instance in another Region.
3. C. Create an Amazon RDS DB instance to host the product dat
4. D. Configure a read replica for the DB instance in another Regio
5. E. Create a global datastore in Amazon ElastiCache for Memcached to host the user session data.
6. F. Create two Amazon DynamoDB global table
7. G. Use one global table to host the product data Use the other global table to host the user session dat
8. H. Use DynamoDB Accelerator (DAX) for caching.
9. I. Create an Amazon RDS DB instance to host the product dat
10. J. Configure a read replica for the DB instance in another Regio
11. K. Create an Amazon DynamoDB global table to host the user session data

Correct Answer: B

- (Exam Topic 1)
An application is using an Amazon RDS for MySQL Multi-AZ DB instance in the us-east-1 Region. After a failover test, the application lost the connections to the database and could not re-establish the connections. After a restart of the application, the application re-established the connections.
A solutions architect must implement a solution so that the application can re-establish connections to the database without requiring a restart.
Which solution will meet these requirements?

1. A. Create an Amazon Aurora MySQL Serverless v1 DB instanc
2. B. Migrate the RDS DB instance to the Aurora Serverless v1 DB instanc
3. C. Update the connection settings in the application to point to the Aurora reader endpoint.
4. D. Create an RDS prox
5. E. Configure the existing RDS endpoint as a targe
6. F. Update the connection settings in the application to point to the RDS proxy endpoint.
7. G. Create a two-node Amazon Aurora MySQL DB cluste
8. H. Migrate the RDS DB instance to the Aurora DB cluste
9. I. Create an RDS prox
10. J. Configure the existing RDS endpoint as a targe
11. K. Update the connection settings in the application to point to the RDS proxy endpoint.
12. L. Create an Amazon S3 bucke
13. M. Export the database to Amazon S3 by using AWS Database Migration Service (AWS DMS). Configure Amazon Athena to use the S3 bucket as a data stor
14. N. Install the latest Open Database Connectivity (ODBC) driver for the applicatio
15. O. Update the connection settings in the application to point to the Athena endpoint

Correct Answer: B
Amazon RDS Proxy is a fully managed database proxy service for Amazon Relational Database Service (RDS) that makes applications more scalable, resilient, and secure. It allows applications to pool and share connections to an RDS database, which can help reduce database connection overhead, improve scalability, and provide automatic failover and high availability.

- (Exam Topic 1)
A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost lor cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.
Which actions should a solutions architect take to resolve the problem and prevent it from happening in the future? (Select THREE.)

1. A. Create an AWS Config rule in each account to find resources with missing tags.
2. B. Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing.
3. C. Use Amazon Inspector in the organization to find resources with missing tags.
4. D. Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing.
5. E. Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.
6. F. Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.

Correct Answer: ABE
https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.htm

- (Exam Topic 2)
A company is implementing a serverless architecture by using AWS Lambda functions that need to access a Microsoft SQL Server DB instance on Amazon RDS. The company has separate environments for development and production, including a clone of the database system.
The company's developers are allowed to access the credentials for the development database. However, the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access. This key must be rotated on a regular basis.
What should a solutions architect do in the production environment to meet these requirements?

1. A. Store the database credentials in AWS Systems Manager Parameter Store by using a SecureString parameter that is encrypted by an AWS Key Management Service (AWS KMS) customer managed ke
2. B. Attach a role to each Lambda function to provide access to the SecureString paramete
3. C. Restrict access to the Securestring parameter and the customer managed key so that only the IT security team can access the parameter and the key.
4. D. Encrypt the database credentials by using the AWS Key Management Service (AWS KMS) default Lambda ke
5. E. Store the credentials in the environment variables of each Lambda functio
6. F. Load the credentials from the environment variables in the Lambda cod
7. G. Restrict access to the KMS key o that only the IT security team can access the key.
8. H. Store the database credentials in the environment variables of each Lambda functio
9. I. Encrypt the environment variables by using an AWS Key Management Service (AWS KMS) customer managed ke
10. J. Restrict access to the customer managed key so that only the IT security team can access the key.
11. K. Store the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customermanaged ke
12. L. Attach a role to each Lambda function to provide access to the secre
13. M. Restrict access to the secret and the customer managed key so that only the IT security team can access the secret and the key.

Correct Answer: D
Storing the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customer managed key will enable encrypting and managing the credentials securely1. AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services2. Attaching a role to each Lambda function to provide access to the secret will enable retrieving the credentials programmatically1. Restricting access to the secret and the customer managed key so that only members of the IT security team’s IAM user group can access them will enable meeting the security requirements1.