- (Topic 2)
A company is running several business applications in three separate VPCs within me us- east-1 Region. The applications must be able to communicate between VPCs. The applications also must be able to consistently send hundreds to gigabytes of data each day to a latency-sensitive application that runs in a single on-premises data center.
A solutions architect needs to design a network connectivity solution that maximizes cost- effectiveness
Which solution moots those requirements?

1. A. Configure three AWS Site-to-Site VPN connections from the data center to AWS Establish connectivity by configuring one VPN connection for each VPC
2. B. Launch a third-party virtual network appliance in each VPC Establish an iPsec VPN tunnel between the Data center and each virtual appliance
3. C. Set up three AWS Direct Connect connections from the data center to a Direct Connect gateway in us-east-1 Establish connectivity by configuring each VPC to use one of the Direct Connect connections
4. D. Set up one AWS Direct Connect connection from the data center to AW
5. E. Create a transit gateway, and attach each VPC to the transit gatewa
6. F. Establish connectivity between the Direct Connect connection and the transit gateway.

Correct Answer: D
https://docs.aws.amazon.com/whitepapers/latest/aws-vpc-connectivity-options/aws-direct-connect-aws-transit-gateway.html

- (Topic 3)
A company needs to create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster to host a digital media streaming application. The EKS cluster will use a managed node group that is backed by Amazon Elastic Block Store (Amazon EBS) volumes for storage. The company must encrypt all data at rest by using a customer managed key that is stored in AWS Key Management Service (AWS KMS)
Which combination of actions will meet this requirement with the LEAST operational overhead? (Select TWO.)

1. A. Use a Kubernetes plugin that uses the customer managed key to perform data encryption.
2. B. After creation of the EKS cluster, locate the EBS volume
3. C. Enable encryption by using the customer managed key.
4. D. Enable EBS encryption by default in the AWS Region where the EKS cluster will be create
5. E. Select the customer managed key as the default key.
6. F. Create the EKS cluster Create an IAM role that has cuwlicy that grants permission to the customer managed ke
7. G. Associate the role with the EKS cluster.
8. H. Store the customer managed key as a Kubernetes secret in the EKS cluste
9. I. Use the customer managed key to encrypt the EBS volumes.

Correct Answer: CD
EBS encryption by default is a feature that enables encryption for all new EBS volumes and snapshots created in a Region1. EBS encryption by default uses a service managed key or a customer managed key that is stored in AWS KMS1. EBS encryption by default is suitable for scenarios where data at rest must be encrypted by using a customer managed key, such as the digital media streaming application in the scenario1.
To meet the requirements of the scenario, the solutions architect should enable EBS encryption by default in the AWS Region where the EKS cluster will be created. The solutions architect should select the customer managed key as the default key for encryption1. This way, all new EBS volumes and snapshots created in that Region will be encrypted by using the customer managed key.
EKS encryption provider support is a feature that enables envelope encryption of Kubernetes secrets in EKS with a customer managed key that is stored in AWS KMS2
. Envelope encryption means that data is encrypted by data encryption keys (DEKs) using AES-GCM; DEKs are encrypted by key encryption keys (KEKs) according to configuration in AWS KMS3. EKS encryption provider support is suitable for scenarios where secrets must be encrypted by using a customer managed key, such as the digital media streaming application in the scenario2.
To meet the requirements of the scenario, the solutions architect should create the EKS cluster and create an IAM role that has a policy that grants permission to the customer managed key. The solutions architect should associate the role with the EKS cluste2r. This way, the EKS cluster can use envelope encryption of Kubernetes secrets with the customer managed key.

- (Topic 4)
A social media company is building a feature for its website. The feature will give users the ability to upload photos. The company expects significant increases in demand during large events and must ensure that the website can handle the upload traffic from users.
Which solution meets these requirements with the MOST scalability?

1. A. Upload files from the user's browser to the application server
2. B. Transfer the files to an Amazon S3 bucket.
3. C. Provision an AWS Storage Gateway file gatewa
4. D. Upload files directly from the user's browser to the file gateway.
5. E. Generate Amazon S3 presigned URLs in the applicatio
6. F. Upload files directly from the user's browser into an S3 bucket.
7. G. Provision an Amazon Elastic File System (Amazon EFS) file system Upload files directly from the user's browser to the file system

Correct Answer: C
This approach allows users to upload files directly to S3 without passing through the application servers, reducing the load on the application and improving scalability. It leverages the client-side capabilities to handle the file uploads and offloads the processing to S3.

- (Topic 1)
A company is designing an application. The application uses an AWS Lambda function to receive information through Amazon API Gateway and to store the information in an Amazon Aurora PostgreSQL database.
During the proof-of-concept stage, the company has to increase the Lambda quotas significantly to handle the high volumes of data that the company needs to load into the database. A solutions architect must recommend a new design to improve scalability and minimize the configuration effort.
Which solution will meet these requirements?

1. A. Refactor the Lambda function code to Apache Tomcat code that runs on Amazon EC2 instance
2. B. Connect the database by using native Java Database Connectivity (JDBC) drivers.
3. C. Change the platform from Aurora to Amazon DynamoD
4. D. Provision a DynamoDB Accelerator (DAX) cluste
5. E. Use the DAX client SDK to point the existing DynamoDB API calls at the DAX cluster.
6. F. Set up two Lambda function
7. G. Configure one function to receive the informatio
8. H. Configure the other function to load the information into the databas
9. I. Integrate the Lambda functions by using Amazon Simple Notification Service (Amazon SNS).
10. J. Set up two Lambda function
11. K. Configure one function to receive the informatio
12. L. Configure the other function to load the information into the databas
13. M. Integrate the Lambda functions by using an Amazon Simple Queue Service (Amazon SQS) queue.

Correct Answer: B
bottlenecks can be avoided with queues (SQS).

- (Topic 2)
A company has two applications: a sender application that sends messages with payloads to be processed and a processing application intended to receive the messages with payloads. The company wants to implement an AWS service to handle messages between the two applications. The sender application can send about 1.000 messages each hour. The messages may take up to 2 days to be processed. If the messages fail to process, they must be retained so that they do not impact the processing of any remaining messages.
Which solution meets these requirements and is the MOST operationally efficient?

1. A. Set up an Amazon EC2 instance running a Redis databas
2. B. Configure both applications to use the instanc
3. C. Store, process, and delete the messages, respectively.
4. D. Use an Amazon Kinesis data stream to receive the messages from the sender applicatio
5. E. Integrate the processing application with the Kinesis Client Library (KCL).
6. F. Integrate the sender and processor applications with an Amazon Simple Queue Service(Amazon SQS) queu
7. G. Configure a dead-letter queue to collect the messages that failed to process.
8. H. Subscribe the processing application to an Amazon Simple Notification Service (Amazon SNS) topic to receive notifications to proces
9. I. Integrate the sender application to write to the SNS topic.

Correct Answer: C
https://aws.amazon.com/blogs/compute/building-loosely-coupled-scalable-c-applications-with-amazon-sqs-and-amazon-sns/ https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-dead-letter-queues.html