- (Exam Topic 3)
A company owns a chain of travel agencies and is running an application in the AWS Cloud. Company employees use the application to search for information about travel destinations. Destination content is updated four times each year.
Two fixed Amazon EC2 instances serve the application. The company uses an Amazon Route 53 public hosted zone with a multivalue record of travel.example.com that returns the Elastic IP addresses for the EC2 instances. The application uses Amazon DynamoDB as its primary data store. The company uses a self-hosted Redis instance as a caching solution.
During content updates, the load on the EC2 instances and the caching solution increases drastically. This increased load has led to downtime on several occasions. A solutions architect must update the application so that the application is highly available and can handle the load that is generated by the content updates. Which solution will meet these requirements?

1. A. Set up DynamoDB Accelerator (DAX) as in-memory cach
2. B. Update the application to use DA
3. C. Create an Auto Scaling group for the EC2 instance
4. D. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the AL
5. E. Update the Route 53 record to use a simple routing policy that targets the ALB's DNS alia
6. F. Configure scheduled scaling for the EC2 instances before the content updates.
7. G. Set up Amazon ElastiCache for Redi
8. H. Update the application to use ElastiCach
9. I. Create an Auto Scaling group for the EC2 instance
10. J. Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distributio
11. K. Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution's DNS alia
12. L. Manually scale up EC2 instances before the content updates.
13. M. Set up Amazon ElastiCache for Memcache
14. N. Update the application to use ElastiCache Create an Auto Scaling group for the EC2 instance
15. O. Create an Application Load Balancer (ALB). Set the Auto Scaling group as a target for the AL
16. P. Update the Route 53 record to use a simple routing policy that targets the ALB's DNS alia
17. Q. Configure scheduled scaling for the application before the content updates.
18. R. Set up DynamoDB Accelerator (DAX) as in-memory cach
19. S. Update the application to use DA
20. T. Create an Auto Scaling group for the EC2 instance
21. . Create an Amazon CloudFront distribution, and set the Auto Scaling group as an origin for the distributio
22. . Update the Route 53 record to use a simple routing policy that targets the CloudFront distribution's DNS alia
23. . Manually scale up EC2 instances before the content updates.

Correct Answer: A
This option allows the company to use DAX to improve the performance and reduce the latency of the DynamoDB queries by caching the results in memory1. By updating the application to use DAX, the company can reduce the load on the DynamoDB tables and avoid throttling errors1. By creating an Auto Scaling group for the EC2 instances, the company can adjust the number of instances based on the demand and ensure high availability2. By creating an ALB, the company can distribute the incoming traffic across multiple EC2 instances and improve fault tolerance3. By updating the Route 53 record to use a simple routing policy that targets the ALB’s DNS alias, the company can route users to the ALB endpoint and leverage its health checks and load balancing features4. By configuring scheduled scaling for the EC2 instances before the content updates, the company can anticipate and handle traffic spikes during peak periods5.
References:
What is Amazon DynamoDB Accelerator (DAX)?
What is Amazon EC2 Auto Scaling?
What is an Application Load Balancer?
Choosing a routing policy
Scheduled scaling for Amazon EC2 Auto Scaling

- (Exam Topic 3)
A financial services company sells its software-as-a-service (SaaS) platform for application compliance to
large global banks. The SaaS platform runs on AWS and uses multiple AWS accounts that are managed in an organization in AWS Organizations. The SaaS platform uses many AWS resources globally.
For regulatory compliance, all API calls to AWS resources must be audited, tracked for changes, and stored in a durable and secure data store.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create a new AWS CloudTrail trai
2. B. Use an existing Amazon S3 bucket in the organization's management account to store the log
3. C. Deploy the trail to all AWS Region
4. D. Enable MFA delete and encryption on the S3 bucket.
5. E. Create a new AWS CloudTrail trail in each member account of the organizatio
6. F. Create new Amazon S3 buckets to store the log
7. G. Deploy the trail to all AWS Region
8. H. Enable MFA delete and encryption on the S3 buckets.
9. I. Create a new AWS CloudTrail trail in the organization's management accoun
10. J. Create a new Amazon S3 bucket with versioning turned on to store the log
11. K. Deploy the trail for all accounts in the organizatio
12. L. Enable MFA delete and encryption on the S3 bucket.
13. M. Create a new AWS CloudTrail trail in the organization's management accoun
14. N. Create a new Amazon S3 bucket to store the log
15. O. Configure Amazon Simple Notification Service (Amazon SNS) to send log-file delivery notifications to an external management system that will track the log
16. P. Enable MFA delete and encryption on the S3 bucket.

Correct Answer: C
The correct answer is C. This option uses AWS CloudTrail to create a trail in the organization’s management account that applies to all accounts in the organization. This way, the company can centrally manage and audit all API calls to AWS resources across multiple accounts and regions. The company also needs to create a new Amazon S3 bucket with versioning turned on to store the logs. Versioning helps protect against accidental or malicious deletion of log files by keeping multiple versions of each object in the bucket. The company also needs to enable MFA delete and encryption on the S3 bucket to further enhance the security and durability of the data store.
Option A is incorrect because it uses an existing S3 bucket in the organization’s management account to store the logs. This may not be optimal for regulatory compliance, as the existing bucket may have different permissions, encryption settings, or lifecycle policies than a dedicated bucket for CloudTrail logs.
Option B is incorrect because it requires creating a new CloudTrail trail in each member account of the organization. This adds operational overhead and complexity, as the company would need to manage multiple trails and S3 buckets across multiple accounts and regions.
Option D is incorrect because it requires configuring Amazon SNS to send log-file delivery notifications to an external management system that will track the logs. This adds unnecessary complexity and cost, as CloudTrail already provides log-file integrity validation and log-file digest delivery features that can help verify the authenticity and integrity of log files.
Reference: Creating a Trail for an Organization

- (Exam Topic 1)
A company has an asynchronous HTTP application that is hosted as an AWS Lambda function. A public Amazon API Gateway endpoint invokes the Lambda function. The Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions architect needs to redesign the application to support failover to another AWS Region.
Which solution will meet these requirements?

1. A. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
2. B. Create an Amazon Simple Queue Service (Amazon SQS) queu
3. C. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda functio
4. D. Configure the Lambda function to pull messages from the queue for processing.
5. E. Deploy the Lambda function to the us-west-2 Regio
6. F. Create an API Gateway endpoint in us-west-2 to direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
7. G. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Regio
8. H. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.

Correct Answer: B
This solution allows for deploying the Lambda function and API Gateway endpoint to another region, providing a failover option in case of any issues in the primary region. Using Route 53's failover routing policy allows for automatic routing of traffic to the healthy endpoint, ensuring that the application is available even in case of issues in one region. This solution provides a cost-effective and simple way to implement failover while minimizing operational overhead.

- (Exam Topic 3)
A company is running an application in the AWS Cloud. The application uses AWS Lambda functions and Amazon Elastic Container Service (Amazon ECS) containers that run with AWS Fargate technology as its primary compute. The load on the application is irregular. The application experiences long periods of no usage, followed by sudden and significant increases and decreases in traffic. The application is write-heavy and stores data in an Amazon Aurora MySQL database. The database runs on an Amazon RDS memory optimized DB instance that is not able to handle the load.
What is the MOST cost-effective way for the company to handle the sudden and significant changes in traffic?

1. A. Add additional read replicas to the databas
2. B. Purchase Instance Savings Plans and RDS Reserved Instances.
3. C. Migrate the database to an Aurora multi-master DB cluste
4. D. Purchase Instance Savings Plans.
5. E. Migrate the database to an Aurora global databas
6. F. Purchase Compute Savings Plans and RDS Reserved Instances.
7. G. Migrate the database to Aurora Serverless v1. Purchase Compute Savings Plans.

Correct Answer: D

- (Exam Topic 3)
A company is preparing to deploy an Amazon Elastic Kubernetes Service (Amazon EKS) cluster for a workload. The company expects the cluster to support an unpredictable number of stateless pods. Many of the pods will be created during a short time period as the workload automatically scales the number of replicas that the workload uses.
Which solution will MAXIMIZE node resilience?

1. A. Use a separate launch template to deploy the EKS control plane into a second cluster that is separate from the workload node groups.
2. B. Update the workload node group
3. C. Use a smaller number of node groups and larger instances in the node groups.
4. D. Configure the Kubernetes Cluster Autoscaler to ensure that the compute capacity of the workload node groups stays under provisioned.
5. E. Configure the workload to use topology spread constraints that are based on Availability Zone.

Correct Answer: D
Configuring the workload to use topology spread constraints that are based on Availability Zone will maximize the node resilience of the workload node groups. This will ensure that the pods are evenly distributed across different Availability Zones, reducing the impact of failures or disruptions in one
Availability Zone2. This will also improve the availability and scalability of the workload node groups, as they can leverage the low-latency, high-throughput, and highly redundant networking between Availability Zones1.