- (Exam Topic 2)
A company runs a software-as-a-service (SaaS ) application on AWS. The application comets of AWS Lambda function and an Amazon RDS for MySQL Multi-AZ database During market events the application has a much higher workload than normal Users notice slow response times during the peak periods because of many database connections. The company needs to improve the scalable performance and availability of the database.
Which solution meets these requirements?

1. A. Create an Amazon CloudWatch alarm action that triggers a Lambda function to add an Amazon RDS for MySQL read replica when resource utilization hits a threshold.
2. B. Migrate the database to Amazon Aurora and add a read replica Add a database connection pool outside of the Lambda hardier function.
3. C. Migrate the database to Amazon Aurora and add a read replic
4. D. Use Amazon Route 53 weighted records
5. E. Migrate the database to Amazon Aurora and add an Aurora Replic
6. F. Configure Amazon RDS Proxy to manage database connection pools.

Correct Answer: D

- (Exam Topic 1)
A company has developed a single-page web application in JavaScript. The source code is stored in a single Amazon S3 bucket in the us-east-1 Region. The company serves the web application to a global user base through Amazon CloudFront.
The company wants to experiment with two versions of the website without informing application users. Each version of the website will reside in its own S3 bucket. The company wants to determine which version is most successful in marketing a new product.
The solution must send application users that are based in Europe to the new website design. The solution must send application users that are based in the United States to the current website design. However, some exceptions exist. The company needs to be able to redirect specific users to the new website design, regardless of the users' location.
Which solution meets these requirements?

1. A. Configure two CloudFront distribution
2. B. Configure a geolocation routing policy in Amazon Route 53 to route traffic to the appropriate CloudFront endpoint based on the location of clients.
3. C. Configure a single CloudFront distributio
4. D. Create a behavior with different paths for each version ofthe sit
5. E. Configure Lambda@Edge on the default path to generate redirects and send the client to the correct version of the website.
6. F. Configure a single CloudFront distributio
7. G. Configure an alternate domain name on the distribution.Configure two behaviors to route users to the different S3 origins based on the domain name that the client uses in the HTTP request.
8. H. Configure a single CloudFront distribution with Lambda@Edg
9. I. Use Lambda@Edge to send user requests to different origins based on request attributes.

Correct Answer: A

- (Exam Topic 1)
A team collects and routes behavioral data for an entire company. The company runs a Multi-AZ VPC environment with public subnets, private subnets, and in internet gateway Each public subnet also contains a NAT gateway Most of the company's applications read from and write to Amazon Kinesis Data Streams. Most of the workloads run in private subnets.
A solutions architect must review the infrastructure The solutions architect needs to reduce costs and maintain the function of the applications. The solutions architect uses Cost Explorer and notices that the cost in the EC2-Other category is consistently high A further review shows that NatGateway-Bytes charges are increasing the cost in the EC2-Other category.
What should the solutions architect do to meet these requirements?

1. A. Enable VPC Flow Log
2. B. Use Amazon Athena to analyze the logs for traffic that can be remove
3. C. Ensure that security groups are blocking traffic that is responsible for high costs.
4. D. Add an interface VPC endpoint for Kinesis Data Streams to the VP
5. E. Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.
6. F. Enable VPC Flow Logs and Amazon Detectiv
7. G. Review Detective findings for traffic that is not related to Kinesis Data Streams Configure security groups to block that traffic
8. H. Add an interface VPC endpoint for Kinesis Data Streams to the VPC Ensure that the VPC endpoint policy allows traffic from the applications

Correct Answer: D
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html https://aws.amazon.com/premiumsupport/knowledge-center/vpc-reduce-nat-gateway-transfer-costs/
VPC endpoint policies enable you to control access by either attaching a policy to a VPC endpoint or by using additional fields in a policy that is attached to an IAM user, group, or role to restrict access to only occur via the specified VPC endpoint

- (Exam Topic 1)
A company has developed an application that is running Windows Server on VMware vSphere VMs that the company hosts or premises. The application data is stored in a proprietary format that must be read through the application. The company manually provisioned the servers and the application.
As pan of us disaster recovery plan, the company warns the ability to host its application on AWS temporarily me company's on-premises environment becomes unavailable The company wants the application to return to on-premises hosting after a disaster recovery event is complete The RPO 15 5 minutes.
Which solution meets these requirements with the LEAST amount of operational overhead?

1. A. Configure AWS DataSyn
2. B. Replicate the data lo Amazon Elastic Block Store (Amazon EBS) volumes When the on-premises environment is unavailable, use AWS CloudFormation templates to provision Amazon EC2 instances and attach the EBS volumes
3. C. Configure CloudEndure Disaster Recovery Replicate the data to replication Amazon EC2 instances that are attached to Amazon Elastic Block Store (Amazon EBS) volumes When the on-premises environment is unavailable, use CloudEndure to launch EC2 instances that use the replicated volumes.
4. D. Provision an AWS Storage Gateway We gatewa
5. E. Recreate the data lo an Amazon S3 bucke
6. F. When the on-premises environment is unavailable, use AWS Backup to restore the data to Amazon Elastic Block Store (Amazon EBS) volumes and launch Amazon EC2 instances from these EBS volumes
7. G. Provision an Amazon FS* for Windows File Server file system on AWS Replicate :ne data to the «e system When the on-premoes environment is unavailable, use AWS CloudFormation templates to provision Amazon EC2 instances and use AWS :CloudFofmation::lnit commands to mount the Amazon FSx file shares

Correct Answer: D

- (Exam Topic 1)
A company's AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-tine remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity.
Which combination of steps should the solutions architect take to accomplish this? (Select THREE.)

1. A. Use Amazon EC2 instance profiles with an IAM role.
2. B. Use AWS Secrets Manager to store access keys and secret access keys.
3. C. Use AWS Systems Manager Parameter Store to store database credentials.
4. D. Use a secure fleet of Amazon EC2 bastion hosts (or remote access.
5. E. Use AWS KMS to store database credentials.
6. F. Use AWS Systems Manager Session Manager tor remote access

Correct Answer: ACF
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html