- (Topic 3)
An IAM user made several configuration changes to AWS resources m their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.
Which service should the solutions architect use to find the desired information?

1. A. Amazon GuardDuty
2. B. Amazon Inspector
3. C. AWS CloudTrail
4. D. AWS Config

Correct Answer: C
The best option is to use AWS CloudTrail to find the desired information. AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of AWS account activities. CloudTrail can be used to log all changes made to resources in an AWS account, including changes made by IAM users, EC2 instances, AWS management console, and other AWS services. By using CloudTrail, the solutions architect can identify the IAM user who made the configuration changes to the security group rules.

- (Topic 1)
A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1MB to 500 GB. The total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements?

1. A. Create an S3 bucket Create an IAM role that has permissions to write to the S3 bucke
2. B. Use the AWS CLI to copy all files locally to the S3 bucket.
3. C. Create an AWS Snowball Edge jo
4. D. Receive a Snowball Edge device on premise
5. E. Use the Snowball Edge client to transfer data to the devic
6. F. Return the device so that AWS can import the data into Amazon S3.
7. G. Deploy an S3 File Gateway on premise
8. H. Create a public service endpoint to connect to the S3 File Gateway Create an S3 bucket Create a new NFS file share on the S3 File Gateway Point the new file share to the S3 bucke
9. I. Transfer the data from the existing NFS file share to the S3 File Gateway.
10. J. Set up an AWS Direct Connect connection between the on-premises network and AW
11. K. Deploy an S3 File Gateway on premise
12. L. Create a public virtual interlace (VIF) to connect to the S3 File Gatewa
13. M. Create an S3 bucke
14. N. Create a new NFS file share on the S3 File Gatewa
15. O. Point the new file share to the S3 bucke
16. P. Transfer the data from the existing NFS file share to the S3 File Gateway.

Correct Answer: B
The basic difference between Snowball and Snowball Edge is the capacity they provide. Snowball provides a total of 50 TB or 80 TB, out of which 42 TB or 72 TB is available, while Amazon Snowball Edge provides 100 TB, out of which 83 TB is available.

- (Topic 4)
An ecommerce application uses a PostgreSQL database that runs on an Amazon EC2 instance. During a monthly sales event, database usage increases and causes database connection issues for the application. The traffic is unpredictable for subsequent monthly sales events, which impacts the sales forecast. The company needs to maintain performance when there is an unpredictable increase in traffic.
Which solution resolves this issue in the MOST cost-effective way?

1. A. Migrate the PostgreSQL database to Amazon Aurora Serverless v2.
2. B. Enable auto scaling for the PostgreSQL database on the EC2 instance to accommodate increased usage.
3. C. Migrate the PostgreSQL database to Amazon RDS for PostgreSQL with a larger instance type
4. D. Migrate the PostgreSQL database to Amazon Redshift to accommodate increased usage

Correct Answer: A
Amazon Aurora Serverless v2 is a cost-effective solution that can automatically scale the database capacity up and down based on the application’s needs. It can handle unpredictable traffic spikes without requiring any provisioning or management of database instances. It is compatible with PostgreSQL and offers high performance, availability, and durability1. References: 1: AWS Ramp-Up Guide: Architect2, page 312: AWS Certified Solutions Architect - Associate exam guide3, page 9.

- (Topic 3)
A solutions architect needs to design a system to store client case files. The files are core company assets and are important. The number of files will grow over time.
The files must be simultaneously accessible from multiple application servers that run on Amazon EC2 instances. The solution must have built-in redundancy.
Which solution meets these requirements?

1. A. Amazon Elastic File System (Amazon EFS)
2. B. Amazon Elastic Block Store (Amazon EBS)
3. C. Amazon S3 Glacier Deep Archive
4. D. AWS Backup

Correct Answer: A
Amazon EFS provides a simple, scalable, fully managed file system that can be simultaneously accessed from multiple EC2 instances and provides built-in redundancy. It is optimized for multiple EC2 instances to access the same files, and it is designed to be highly available, durable, and secure. It can scale up to petabytes of data and can handle thousands of concurrent connections, and is a cost-effective solution for storing and accessing large amounts of data.

- (Topic 4)
A company runs a container application by using Amazon Elastic Kubernetes Service (Amazon EKS). The application includes microservices that manage customers and place orders. The company needs to route incoming requests to the appropriate microservices.
Which solution will meet this requirement MOST cost-effectively?

1. A. Use the AWS Load Balancer Controller to provision a Network Load Balancer.
2. B. Use the AWS Load Balancer Controller to provision an Application Load Balancer.
3. C. Use an AWS Lambda function to connect the requests to Amazon EKS.
4. D. Use Amazon API Gateway to connect the requests to Amazon EKS.

Correct Answer: B
An Application Load Balancer is a type of Elastic Load Balancer that operates at the application layer (layer 7) of the OSI model. It can distribute incoming traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can also route requests based on the content of the request, such as the host name, path, or query parameters1.
The AWS Load Balancer Controller is a controller that helps you manage Elastic Load Balancers for your Kubernetes cluster. It can provision Application Load Balancers or Network Load Balancers when you create Kubernetes Ingress or Service resources2.
By using the AWS Load Balancer Controller to provision an Application Load Balancer for your Amazon EKS cluster, you can achieve the following benefits:
✑ You can route incoming requests to the appropriate microservices based on the
rules you define in your Ingress resource. For example, you can route requests with different host names or paths to different microservices that handle customers and orders2.
✑ You can improve the performance and availability of your container applications by
distributing the load across multiple targets and enabling health checks and automatic scaling1.
✑ You can reduce the cost and complexity of managing your load balancers by using
a single controller that integrates with Amazon EKS and Kubernetes. You do not need to manually create or configure load balancers or update them when your cluster changes2.