- (Exam Topic 1)
A company with global offices has a single 1 Gbps AWS Direct Connect connection to a single AWS Region. The company's on-premises network uses the connection to communicate with the company's resources in the AWS Cloud. The connection has a single private virtual interface that connects to a single VPC.
A solutions architect must implement a solution that adds a redundant Direct Connect connection in the same Region. The solution also must provide connectivity to other Regions through the same pair of Direct Connect connections as the company expands into other Regions.
Which solution meets these requirements?

1. A. Provision a Direct Connect gatewa
2. B. Delete the existing private virtual interface from the existing connectio
3. C. Create the second Direct Connect connectio
4. D. Create a new private virtual interlace on each connection, and connect both private victual interfaces to the Direct Connect gatewa
5. E. Connect the Direct Connect gateway to the single VPC.
6. F. Keep the existing private virtual interfac
7. G. Create the second Direct Connect connectio
8. H. Create a new private virtual interface on the new connection, and connect the new private virtual interface to the single VPC.
9. I. Keep the existing private virtual interfac
10. J. Create the second Direct Connect connectio
11. K. Create a new public virtual interface on the new connection, and connect the new public virtual interface to the single VPC.
12. L. Provision a transit gatewa
13. M. Delete the existing private virtual interface from the existing connection.Create the second Direct Connect connectio
14. N. Create a new private virtual interface on each connection, and connect both private virtual interfaces to the transit gatewa
15. O. Associate the transit gateway with the single VPC.

Correct Answer: A
A Direct Connect gateway is a globally available resource. You can create the Direct Connect gateway in any Region and access it from all other Regions. The following describe scenarios where you can use a Direct Connect gateway.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/direct-connect-gateways-intro.html

- (Exam Topic 3)
A North American company with headquarters on the East Coast is deploying a new web application running on Amazon EC2 in the us-east-1 Region. The application should dynamically scale to meet user demand and maintain resiliency. Additionally, the application must have disaster recover capabilities in an active-passive configuration with the us-west-1 Region.
Which steps should a solutions architect take after creating a VPC in the us-east-1 Region?

1. A. Create a VPC in the us-west-1 Regio
2. B. Use inter-Region VPC peering to connect both VPC
3. C. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in theus-east-1 Regio
4. D. Deploy EC2 instances across multiple AZs in each Region as part of an Auto Scalinggroup spanning both VPCs and served by the ALB.
5. E. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Regio
6. F. Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the AL
7. G. Deploy the same solution to the us-west-1 Regio
8. H. Create an Amazon Route 53 record set with a failover routing policy and health checks enabled to provide high availability across both Regions.
9. I. Create a VPC in the us-west-1 Regio
10. J. Use inter-Region VPC peering to connect both VPC
11. K. Deploy an Application Load Balancer (ALB) that spans both VPC
12. L. Deploy EC2 instances across multiple Availability Zones as part of an Auto Scaling group in each VPC served by the AL
13. M. Create an Amazon Route 53 record that points to the ALB.
14. N. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Regio
15. O. Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the AL
16. P. Deploy the same solution to the us-west-1 Regio
17. Q. Create separate Amazon Route 53 records in each Region that point to the ALB in the Regio
18. R. Use Route 53 health checks to provide high availability across both Regions.

Correct Answer: B

- (Exam Topic 2)
A solutions architect is designing a solution to process events. The solution must have the ability to scale in and out based on the number of events that the solution receives. If a processing error occurs, the event must move into a separate queue for review.
Which solution will meet these requirements?

1. A. Send event details to an Amazon Simple Notification Service (Amazon SNS) topi
2. B. Configure an AWS Lambda function as a subscriber to the SNS topic to process the event
3. C. Add an on-failure destination to the functio
4. D. Set an Amazon Simple Queue Service (Amazon SQS) queue as the target.
5. E. Publish events to an Amazon Simple Queue Service (Amazon SQS) queu
6. F. Create an Amazon EC2 Auto Scaling grou
7. G. Configure the Auto Scaling group to scale in and out based on the ApproximateAgeOfOldestMessage metric of the queu
8. H. Configure the application to write failed messages to a dead-letter queue.
9. I. Write events to an Amazon DynamoDB tabl
10. J. Configure a DynamoDB stream for the tabl
11. K. Configure the stream to invoke an AWS Lambda functio
12. L. Configure the Lambda function to process the events.
13. M. Publish events to an Amazon EventBridge event bu
14. N. Create and run an application on an Amazon EC2 instance with an Auto Scaling group that isbehind an Application Load Balancer (ALB). Set the ALB as the event bus targe
15. O. Configure the event bus to retry event
16. P. Write messages to a dead-letter queue if the application cannot process the messages.

Correct Answer: A
Amazon Simple Notification Service (Amazon SNS) is a fully managed pub/sub messaging service that enables users to send messages to multiple subscribers1. Users can send event details to an Amazon SNS topic and configure an AWS Lambda function as a subscriber to the SNS topic to process the events. Lambda is a serverless compute service that runs code in response to events and automatically manages the underlying compute resources2. Users can add an on-failure destination to the function and set an Amazon Simple Queue
Service (Amazon SQS) queue as the target. Amazon SQS is a fully managed message queuing service that enables users to decouple and scale microservices, distributed systems, and serverless applications3. This way, if a processing error occurs, the event will move into the separate queue for review.
Option B is incorrect because publishing events to an Amazon SQS queue and creating an Amazon EC2 Auto Scaling group will not have the ability to scale in and out based on the number of events that the solution receives. Amazon EC2 is a web service that provides secure, resizable compute capacity in the cloud. Auto Scaling is a feature that helps users maintain application availability and allows them to scale their EC2 capacity up or down automatically according to conditions they define. However, for this use case, using SQS and EC2 will not take advantage of the serverless capabilities of Lambda and SNS.
Option C is incorrect because writing events to an Amazon DynamoDB table and configuring a DynamoDB stream for the table will not have the ability to move events into a separate queue for review if a processing error occurs. Amazon DynamoDB is a fully managed key-value and document database that delivers
single-digit millisecond performance at any scale. DynamoDB Streams is a feature that captures data
modification events in DynamoDB tables. Users can configure the stream to invoke a Lambda function, but they cannot configure an on-failure destination for the function.
Option D is incorrect because publishing events to an Amazon EventBridge event bus and setting an Application Load Balancer (ALB) as the event bus target will not have the ability to move events into a separate queue for review if a processing error occurs. Amazon EventBridge is a serverless event bus service that makes it easy to connect applications with data from a variety of sources. An ALB is a load balancer that distributes incoming application traffic across multiple targets, such as EC2 instances, containers, IP addresses, Lambda functions, and virtual appliances. Users can configure EventBridge to retry events, but they cannot configure an on-failure destination for the ALB.

- (Exam Topic 3)
An ecommerce company runs an application on AWS. The application has an Amazon API Gateway API that invokes an AWS Lambda function. The data is stored in an Amazon RDS for PostgreSQL DB instance.
During the company's most recent flash sale, a sudden increase in API calls negatively affected the application's performance. A solutions architect reviewed the Amazon CloudWatch metrics during that time and noticed a significant increase in Lambda invocations and database connections. The CPU utilization also was high on the DB instance.
What should the solutions architect recommend to optimize the application's performance?

1. A. Increase the memory of the Lambda functio
2. B. Modify the Lambda function to close the database connections when the data is retrieved.
3. C. Add an Amazon ElastiCache for Redis cluster to store the frequently accessed data from the RDS database.
4. D. Create an RDS proxy by using the Lambda consol
5. E. Modify the Lambda function to use the proxy endpoint.
6. F. Modify the Lambda function to connect to the database outside of the function's handle
7. G. Check for an existing database connection before creating a new connection.

Correct Answer: C
This option will optimize the application’s performance by reducing the overhead of opening and closing database connections for each Lambda invocation. An RDS proxy is a fully managed database proxy for Amazon RDS that makes applications more scalable, more resilient to database failures, and more secure1. It allows applications to pool and share connections established with the database, improving database efficiency and application scalability1. By creating an RDS proxy by using the Lambda console, you can easily configure your Lambda function to use the proxy endpoint instead of the direct database endpoint2. This will enable your Lambda function to reuse existing connections from the proxy’s connection pool, reducing the latency and CPU utilization caused by establishing new connections for each invocation. It will also prevent connection saturation or exhaustion on the database, which can degrade performance or cause errors3.

- (Exam Topic 2)
A company has a website that runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are in an Auto Scaling group. The ALB is associated with an AWS WAF web ACL.
The website often encounters attacks in the application layer. The attacks produce sudden and significant increases in traffic on the application server. The access logs show that each attack originates from different IP addresses. A solutions architect needs to implement a solution to mitigate these attacks.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create an Amazon CloudWatch alarm that monitors server acces
2. B. Set a threshold based on access by IP addres
3. C. Configure an alarm action that adds the IP address to the web ACL’s deny list.
4. D. Deploy AWS Shield Advanced in addition to AWS WA
5. E. Add the ALB as a protected resource.
6. F. Create an Amazon CloudWatch alarm that monitors user IP addresse
7. G. Set a threshold based on access by IP addres
8. H. Configure the alarm to invoke an AWS Lambda function to add a deny rule in the application server’s subnet route table for any IP addresses that activate the alarm.
9. I. Inspect access logs to find a pattern of IP addresses that launched the attack
10. J. Use an Amazon Route 53 geolocation routing policy to deny traffic from the countries that host those IP addresses.

Correct Answer: C
"The AWS WAF API supports security automation such as blacklisting IP addresses that exceed request limits, which can be useful for mitigating HTTP flood attacks." >
https://aws.amazon.com/blogs/security/how-to-protect-dynamic-web-applications-against-ddos-attacks-by-using