- (Exam Topic 3)
A company needs to retain its AWS CloudTrail logs for 3 years. The company is enforcing CloudTrail across a set of AWS accounts by using AWS Organizations from the parent account. The CloudTrail target S3 bucket is configured with S3 Versioning enabled. An S3 Lifecycle policy is in place to delete current objects after 3 years.
After the fourth year of use of the S3 bucket, the S3 bucket metrics show that the number of objects has continued to rise. However, the number of new CloudTrail logs that are delivered to the S3 bucket has remained consistent.
Which solution will delete objects that are older than 3 years in the MOST cost-effective manner?

1. A. Configure the organization’s centralized CloudTrail trail to expire objects after 3 years.
2. B. Configure the S3 Lifecycle policy to delete previous versions as well as current versions.
3. C. Create an AWS Lambda function to enumerate and delete objects from Amazon S3 that are older than 3 years.
4. D. Configure the parent account as the owner of all objects that are delivered to the S3 bucket.

Correct Answer: B
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/best-practices-security.html#:~:text=The%20Cloud

- (Exam Topic 3)
A company collects data from a large number of participants who use wearabledevices.The company stores the data in an Amazon DynamoDB table and uses applications to analyze the data. The data workload is constant and predictable. The company wants to stay at or below its forecasted budget for DynamoDB.
Whihc solution will meet these requirements MOST cost-effectively?

1. A. Use provisioned mode and DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA). Reserve capacity for the forecasted workload.
2. B. Use provisioned mode Specify the read capacity units (RCUs) and write capacity units (WCUs).
3. C. Use on-demand mod
4. D. Set the read capacity unite (RCUs) and write capacity units (WCUs) high enough to accommodate changes in the workload.
5. E. Use on-demand mod
6. F. Specify the read capacity units (RCUs) and write capacity units (WCUs) with reserved capacity.

Correct Answer: C

- (Exam Topic 3)
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

1. A. Use a VPC endpoint for DynamoDB.
2. B. Use a NAT gateway in a public subnet.
3. C. Use a NAT instance in a private subnet.
4. D. Use the internet gateway attached to the VPC.

Correct Answer: A
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you don't need an internet gateway, a NAT device, or a virtual private gateway in your VPC. You use endpoint policies to control access to DynamoDB. Traffic between your VPC and the AWS service does not leave the Amazon network.

- (Exam Topic 1)
A company has a website hosted on AWS. The website is behind an Application Load Balancer (ALB) that is configured to handle HTTP and HTTPS separately. The company wants to forward all requests to the website so that the requests will use HTTPS.
What should a solutions architect do to meet this requirement?

1. A. Update the ALB's network ACL to accept only HTTPS traffic
2. B. Create a rule that replaces the HTTP in the URL with HTTPS.
3. C. Create a listener rule on the ALB to redirect HTTP traffic to HTTPS.
4. D. Replace the ALB with a Network Load Balancer configured to use Server Name Indication (SNI).

Correct Answer: C
https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/
How can I redirect HTTP requests to HTTPS using an Application Load Balancer? Last updated: 2020-10-30 I want to redirect HTTP requests to HTTPS using Application Load Balancer listener rules. How can I do this? Resolution Reference:
https://aws.amazon.com/premiumsupport/knowledge-center/elb-redirect-http-to-https-using-alb/

- (Exam Topic 2)
A company is planning to build a high performance computing (HPC) workload as a service solution that Is hosted on AWS A group of 16 AmazonEC2Ltnux Instances requires the lowest possible latency for
node-to-node communication. The instances also need a shared block device volume for high-performing
storage.
Which solution will meet these requirements?

1. A. Use a duster placement grou
2. B. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon E BS) volume to all the instances by using Amazon EBS Multi-Attach
3. C. Use a cluster placement grou
4. D. Create shared 'lie systems across the instances by using Amazon Elastic File System (Amazon EFS)
5. E. Use a partition placement grou
6. F. Create shared tile systems across the instances by using Amazon Elastic File System (Amazon EFS).
7. G. Use a spread placement grou
8. H. Attach a single Provisioned IOPS SSD Amazon Elastic Block Store (Amazon EBS) volume to all the instances by using Amazon EBS Multi-Attach

Correct Answer: A