- (Topic 4)
A company has deployed a Java Spring Boot application as a pod that runs on Amazon Elastic Kubernetes Service (Amazon EKS) in private subnets. The application needs to write data to an Amazon DynamoDB table. A solutions architect must ensure that the application can interact with the DynamoDB table without exposing traffic to the internet.
Which combination of steps should the solutions architect take to accomplish this goal? (Choose two.)

1. A. Attach an IAM role that has sufficient privileges to the EKS pod.
2. B. Attach an IAM user that has sufficient privileges to the EKS pod.
3. C. Allow outbound connectivity to the DynamoDB table through the private subnets’ network ACLs.
4. D. Create a VPC endpoint for DynamoDB.
5. E. Embed the access keys in the Java Spring Boot code.

Correct Answer: AD
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc- endpoints-dynamodb.html
https://aws.amazon.com/about-aws/whats-new/2019/09/amazon-eks-adds-support-to- assign-iam-permissions-to-kubernetes-service-accounts/

- (Topic 4)
A company uses Amazon EC2 instances to host its internal systems. As part of a deployment operation, an administrator tries to use the AWS CLI to terminate an EC2 instance. However, the administrator receives a 403 (Access Denied) error message.
The administrator is using an IAM role that has the following IAM policy attached:

What is the cause of the unsuccessful request?

1. A. The EC2 instance has a resource-based policy with a Deny statement.
2. B. The principal has not been specified in the policy statement
3. C. The "Action" field does not grant the actions that are required to terminate the EC2 instance.
4. D. The request to terminate the EC2 instance does not originate from the CIDR blocks 192.0.2.0/24 or 203.0 113.0/24

Correct Answer: D

- (Topic 3)
A company is experiencing sudden increases in demand. The company needs to provision large Amazon EC2 instances from an Amazon Machine image (AMI) The instances will run m an Auto Scaling group. The company needs a solution that provides minimum initialization latency to meet the demand.
Which solution meets these requirements?

1. A. Use the aws ec2 register-image command to create an AMI from a snapshot Use AWS Step Functions to replace the AMI in the Auto Scaling group
2. B. Enable Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot Provision an AMI by using the snapshot Replace the AMI m the Auto Scaling group with the new AMI
3. C. Enable AMI creation and define lifecycle rules in Amazon Data Lifecycle Manager (Amazon DLM) Create an AWS Lambda function that modifies the AMI in the Auto Scaling group
4. D. Use Amazon EventBridge (Amazon CloudWatch Events) to invoke AWS Backup lifecycle policies that provision AMIs Configure Auto Scaling group capacity limits as an event source in EventBridge

Correct Answer: B
Enabling Amazon Elastic Block Store (Amazon EBS) fast snapshot restore on a snapshot allows you to quickly create a new Amazon Machine Image (AMI) from a snapshot, which can help reduce the initialization latency when provisioning new instances. Once the AMI is provisioned, you can replace the AMI in the Auto Scaling group with the new AMI. This will ensure that new instances are launched from the updated AMI and are able to meet the increased demand quickly.

- (Topic 4)
A company hosts an internal serverless application on AWS by using Amazon API Gateway and AWS Lambda. The company's employees report issues with high latency when they begin using the application each day. The company wants to reduce latency.
Which solution will meet these requirements?

1. A. Increase the API Gateway throttling limit.
2. B. Set up a scheduled scaling to increase Lambda provisioned concurrency before employees begin to use the application each day.
3. C. Create an Amazon CloudWatch alarm to initiate a Lambda function as a target for the alarm at the beginning of each day.
4. D. Increase the Lambda function memory.

Correct Answer: B
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. Lambda scales automatically based on the incoming requests, but it may take some time to initialize new instances of your function if there is a sudden increase in demand. This may result in high latency or cold starts for your application. To avoid this, you can use provisioned concurrency, which ensures that your function is initialized and ready to respond at any time. You can also set up a scheduled scaling policy that increases the provisioned concurrency before employees begin to use the application each day, and decreases it when the demand is low. References: https://docs.aws.amazon.com/lambda/latest/dg/configuration-concurrency.html

- (Topic 3)
A company uses a payment processing system that requires messages for a particular payment ID to be received in the same order that they were sent Otherwise, the payments might be processed incorrectly.
Which actions should a solutions architect take to meet this requirement? (Select TWO.)

1. A. Write the messages to an Amazon DynamoDB table with the payment ID as the partition key
2. B. Write the messages to an Amazon Kinesis data stream with the payment ID as the partition key.
3. C. Write the messages to an Amazon ElastiCache for Memcached cluster with the payment ID as the key
4. D. Write the messages to an Amazon Simple Queue Service (Amazon SQS) queue Set the message attribute to use the payment ID
5. E. Write the messages to an Amazon Simple Queue Service (Amazon SQS) FIFO queu
6. F. Set the message group to use the payment ID.

Correct Answer: BE
1) SQS FIFO queues guarantee that messages are received in the exact order they are sent. Using the payment ID as the message group ensures all messages for a payment ID are received sequentially. 2) Kinesis data streams can also enforce ordering on a per partition key basis. Using the payment ID as the partition key will ensure strict ordering of messages for each payment ID.