- (Exam Topic 2)
A company's web application is running on Amazon EC2 instances behind an Application Load Balancer. The company recently changed its policy, which now requires the application to be accessed from one specific country only.
Which configuration will meet this requirement?

1. A. Configure the security group for the EC2 instances.
2. B. Configure the security group on the Application Load Balancer.
3. C. Configure AWS WAF on the Application Load Balancer in a VPC.
4. D. Configure the network ACL for the subnet that contains the EC2 instances.

Correct Answer: C
https://aws.amazon.com/about-aws/whats-new/2017/10/aws-waf-now-supports-geographic-match/

- (Exam Topic 2)
A company has a Windows-based application that must be migrated to AWS. The application requires the use of a shared Windows file system attached to multiple Amazon EC2 Windows instances that are deployed across multiple Availability Zones.
What should a solutions architect do to meet this requirement?

1. A. Configure AWS Storage Gateway in volume gateway mod
2. B. Mount the volume to each Windows instance.
3. C. Configure Amazon FSx for Windows File Serve
4. D. Mount the Amazon FSx file system to each Windows instance.
5. E. Configure a file system by using Amazon Elastic File System (Amazon EFS). Mount the EFS file system to each Windows instance.
6. F. Configure an Amazon Elastic Block Store (Amazon EBS) volume with the required siz
7. G. Attach each EC2 instance to the volum
8. H. Mount the file system within the volume to each Windows instance.

Correct Answer: B

- (Exam Topic 2)
A company wants to build a scalable key management Infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

1. A. Use multifactor authentication (MFA) to protect the encryption keys.
2. B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
3. C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys
4. D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

Correct Answer: B
https://aws.amazon.com/kms/faqs/#:~:text=If%20you%20are%20a%20developer%20who%20needs%20to%20d

- (Exam Topic 3)
A company has launched an Amazon RDS for MySQL D6 instance Most of the connections to the database come from serverless applications. Application traffic to the database changes significantly at random intervals At limes of high demand, users report that their applications experience database connection rejection errors.
Which solution will resolve this issue with the LEAST operational overhead?

1. A. Create a proxy in RDS Proxy Configure the users' applications to use the DB instance through RDS Proxy
2. B. Deploy Amazon ElastCache for Memcached between the users' application and the DB instance
3. C. Migrate the DB instance to a different instance class that has higher I/O capacit
4. D. Configure the users' applications to use the new DB instance.
5. E. Configure Multi-AZ for the DB instance Configure the users' application to switch between the DB instances.

Correct Answer: A

- (Exam Topic 3)
A company is building a new dynamic ordering website. The company wants to minimize server maintenance and patching. The website must be highly available and must scale read and write capacity as quickly as possible to meet changes in user demand.
Which solution will meet these requirements?

1. A. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon DynamoDB with on-demand capacity for the database Configure Amazon CloudFront to deliver the website content
2. B. Host static content in Amazon S3 Host dynamic content by using Amazon API Gateway and AWS Lambda Use Amazon Aurora with Aurora Auto Scaling for the database Configure Amazon CloudFront to deliver the website content
3. C. Host al the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 Instances Use an Application Load Balancer to distribute traffic Use Amazon DynamoDB with provisioned write capacity for the database
4. D. Host at the website content on Amazon EC2 instances Create an Auto Scaling group to scale the EC2 instances Use an Application Load Balancer to distribute traffic Use Amazon Aurora with Aurora Auto Scaling for the database

Correct Answer: A