- (Topic 4)
A company has created a multi-tier application for its ecommerce website. The website uses an Application Load Balancer that resides in the public subnets, a web tier in the public subnets, and a MySQL cluster hosted on Amazon EC2 instances in the private subnets. The MySQL database needs to retrieve product catalog and pricing information that is hosted on the internet by a third-party provider. A solutions architect must devise a strategy that maximizes security without increasing operational overhead. What should the solutions architect do to meet these requirements?

1. A. Deploy a NAT instance in the VP
2. B. Route all the internet-based traffic through the NAT instance.
3. C. Deploy a NAT gateway in the public subnet
4. D. Modify the private subnet route table to direct all internet-bound traffic to the NAT gateway.
5. E. Configure an internet gateway and attach it to the VP
6. F. Modify the private subnet route table to direct internet-bound traffic to the internet gateway.
7. G. Configure a virtual private gateway and attach it to the VP
8. H. Modify the private subnet route table to direct internet-bound traffic to the virtual private gateway.

Correct Answer: B
To allow the MySQL database in the private subnets to access the internet without exposing it to the public, a NAT gateway is a suitable solution. A NAT gateway enables instances in a private subnet to connect to the internet or other AWS services, but prevents the internet from initiating a connection with those instances. A NAT gateway resides in the public subnets and can handle high throughput of traffic with low latency. A NAT gateway is also a managed service that does not require any operational overhead. References:
✑ NAT Gateways
✑ NAT Gateway Pricing

- (Topic 2)
An application runs on Amazon EC2 instances across multiple Availability Zones The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer The application performs best when the CPU utilization of the EC2 instances is at or near 40%.
What should a solutions architect do to maintain the desired performance across all instances in the group?

1. A. Use a simple scaling policy to dynamically scale the Auto Scaling group
2. B. Use a target tracking policy to dynamically scale the Auto Scaling group
3. C. Use an AWS Lambda function to update the desired Auto Scaling group capacity.
4. D. Use scheduled scaling actions to scale up and scale down the Auto Scaling group

Correct Answer: B
https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html

- (Topic 4)
An ecommerce company stores terabytes of customer data in the AWS Cloud. The data contains personally identifiable information (Pll). The company wants to use the data in three applications. Only one of the applications needs to process the Pll. The Pll must be removed before the other two applications process the data.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Store the data in an Amazon DynamoDB tabl
2. B. Create a proxy application layer to intercept and process the data that each application requests.
3. C. Store the data in an Amazon S3 bucke
4. D. Process and transform the data by using S3 Object Lambda before returning the data to the requesting application.
5. E. Process the data and store the transformed data in three separate Amazon S3 buckets so that each application has its own custom datase
6. F. Point each application to its respectiveS3 bucket.
7. G. Process the data and store the transformed data in three separate Amazon DynamoDB tables so that each application has its own custom datase
8. H. Point each application to its respective DynamoDB table.

Correct Answer: B
https://aws.amazon.com/blogs/aws/introducing-amazon-s3-object-lambda- use-your-code-to-process-data-as-it-is-being-retrieved-from-s3/
S3 Object Lambda is a new feature of Amazon S3 that enables customers to add their own code to process data retrieved from S3 before returning it to the application. By using S3 Object Lambda, the data can be processed and transformed in real-time, without the need to store multiple copies of the data in separate S3 buckets or DynamoDB tables.
In this case, the Pll can be removed from the data by the code added to S3 Object Lambda before returning the data to the two applications that do not need to process Pll. The one application that requires Pll can be pointed to the original S3 bucket where the Pll is still stored.
Using S3 Object Lambda is the simplest and most cost-effective solution, as it eliminates the need to maintain multiple copies of the same data in different buckets or tables, which can result in additional storage costs and operational overhead.

- (Topic 3)
A company has an application that places hundreds of .csv files into an Amazon S3 bucket every hour. The files are 1 GB in size. Each time a file is uploaded, the company needs to convert the file to Apache Parquet format and place the output file into an S3 bucket.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Create an AWS Lambda function to download the .csv files, convert the files to Parquet format, and place the output files in an S3 bucke
2. B. Invoke the Lambda function for each S3 PUT event.
3. C. Create an Apache Spark job to read the .csv files, convert the files to Parquet format, and place the output files in an S3 bucke
4. D. Create an AWS Lambda function for each S3 PUT event to invoke the Spark job.
5. E. Create an AWS Glue table and an AWS Glue crawler for the S3 bucket where the application places the .csv file
6. F. Schedule an AWS Lambda function to periodically use Amazon Athena to query the AWS Glue table, convert the query results into Parquet format, and place the output files into an S3 bucket.
7. G. Create an AWS Glue extract, transform, and load (ETL) job to convert the .csv files to Parquet format and place the output files into an S3 bucke
8. H. Create an AWS Lambda function for each S3 PUT event to invoke the ETL job.

Correct Answer: D
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/three-aws-glue-etl-job-types-for-converting-data-to-apache-parquet.html

- (Topic 4)
A company needs a solution to prevent photos with unwanted content from being uploaded to the company's web application. The solution must not involve training a machine learning (ML) model. Which solution will meet these requirements?

1. A. Create and deploy a model by using Amazon SageMaker Autopilo
2. B. Create a real-time endpoint that the web application invokes when new photos are uploaded.
3. C. Create an AWS Lambda function that uses Amazon Rekognition to detect unwanted conten
4. D. Create a Lambda function URL that the web application invokes when new photos are uploaded.
5. E. Create an Amazon CloudFront function that uses Amazon Comprehend to detect unwanted conten
6. F. Associate the function with the web application.
7. G. Create an AWS Lambda function that uses Amazon Rekognition Video to detectunwanted conten
8. H. Create a Lambda function URL that the web application invokes when new photos are uploaded.

Correct Answer: B
The solution that will meet the requirements is to create an AWS Lambda function that uses Amazon Rekognition to detect unwanted content, and create a Lambda function URL that the web application invokes when new photos are uploaded. This solution does not involve training a machine learning model, as Amazon Rekognition is a fully managed service that provides pre-trained computer vision models for image and video analysis. Amazon Rekognition can detect unwanted content such as explicit or suggestive adult content, violence, weapons, drugs, and more. By using AWS Lambda, the company can create a serverless function that can be triggered by an HTTP request from the web application. The Lambda function can use the Amazon Rekognition API to analyze the uploaded photos and return a response indicating whether they contain unwanted content or not.
The other solutions are not as effective as the first one because they either involve training a machine learning model, do not support image analysis, or do not work with photos. Creating and deploying a model by using Amazon SageMaker Autopilot involves training a machine learning model, which is not required for the scenario. Amazon SageMaker Autopilot is a service that automatically creates, trains, and tunes the best machine learning models for classification or regression based on the data provided by the user. Creating an Amazon CloudFront function that uses Amazon Comprehend to detect unwanted content does not support image analysis, as Amazon Comprehend is a natural language processing service that analyzes text, not images. Amazon Comprehend can extract insights and relationships from text such as language, sentiment, entities, topics, and more. Creating an AWS Lambda function that uses Amazon Rekognition Video to detect unwanted content does not work with photos, as Amazon Rekognition Video is designed for analyzing video streams, not static images. Amazon Rekognition Video can detect activities, objects, faces, celebrities, text, and more in video streams.
References:
✑ Amazon Rekognition
✑ AWS Lambda
✑ Detecting unsafe content - Amazon Rekognition
✑ Amazon SageMaker Autopilot
✑ Amazon Comprehend