- (Exam Topic 3)
A company runs an application on Amazon EC2 Linux instances across multiple Availability Zones. The application needs a storage layer that is highly available and Portable Operating System Interface (POSIX) compliant. The storage layer must provide maximum data durability and must be shareable across the EC2 instances. The data in the storage layer will be accessed frequency for the first 30 days and will be accessed infrequently alter that time.
Which solution will meet these requirements MOST cost-effectively?

1. A. Use the Amazon S3 Standard storage class Create an S3 Lifecycle policy to move infrequently accessed data to S3 Glacier
2. B. Use the Amazon S3 Standard storage clas
3. C. Create an S3 Lifecycle policy to move infrequently accessed data to S3 Standard-Infrequent Access (EF3 Standard-IA).
4. D. Use the Amazon Elastic File System (Amazon EFS) Standard storage clas
5. E. Create a Lifecycle management policy to move infrequently accessed data to EFS Standard-Infrequent Access (EFS Standard-IA)
6. F. Use the Amazon Elastic File System (Amazon EFS) One Zone storage clas
7. G. Create a Lifecycle management policy to move infrequently accessed data to EFS One Zone-Infrequent Access (EFS One Zone-IA).

Correct Answer: C

- (Exam Topic 3)
A company is designing a shared storage solution for a gaming application that is hosted in the AWS Cloud The company needs the ability to use SMB clients to access data solution must be fully managed.
Which AWS solution meets these requirements?

1. A. Create an AWS DataSync task that shares the data as a mountable file system Mount the file system to the application server
2. B. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instance Connect the application server to the file share
3. C. Create an Amazon FSx for Windows File Server file system Attach the file system to the origin server Connect the application server to the file system
4. D. Create an Amazon S3 bucket Assign an IAM role to the application to grant access to the S3 bucket Mount the S3 bucket to the application server

Correct Answer: C

- (Exam Topic 2)
A security team wants to limit access to specific services or actions in all of the team's AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained.
What should a solutions architect do to accomplish this?

1. A. Create an ACL to provide access to the services or actions.
2. B. Create a security group to allow accounts and attach it to user groups.
3. C. Create cross-account roles in each account to deny access to the services or actions.
4. D. Create a service control policy in the root organizational unit to deny access to the services or actions.

Correct Answer: D
Service control policies (SCPs) are one type of policy that you can use to manage your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization's access control guidelines. See https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html.

- (Exam Topic 1)
A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on-premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-lime analytics. A secure transfer is important because the data is considered sensitive.
Which solution offers the MOST reliable data transfer?

1. A. AWS DataSync over public internet
2. B. AWS DataSync over AWS Direct Connect
3. C. AWS Database Migration Service (AWS DMS) over public internet
4. D. AWS Database Migration Service (AWS DMS) over AWS Direct Connect

Correct Answer: B
These are some of the main use cases for AWS DataSync: • Data migration – Move active datasets rapidly
over the network into Amazon S3, Amazon EFS, or FSx for Windows File Server. DataSync includes automatic encryption and data integrity validation to help make sure that your data arrives securely, intact, and ready to use.
"DataSync includes encryption and integrity validation to help make sure your data arrives securely, intact, and ready to use." https://aws.amazon.com/datasync/faqs/

- (Exam Topic 1)
A company has an AWS Glue extract. transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket.
New data is added to the S3 bucket every day. A solutions architect notices that AWS Glue is processing all the data during each run.
What should the solutions architect do to prevent AWS Glue from reprocessing old data?

1. A. Edit the job to use job bookmarks.
2. B. Edit the job to delete data after the data is processed
3. C. Edit the job by setting the NumberOfWorkers field to 1.
4. D. Use a FindMatches machine learning (ML) transform.

Correct Answer: C
This is the purpose of bookmarks: "AWS Glue tracks data that has already been processed during a previous run of an ETL job by persisting state information from the job run. This persisted state information is called a job bookmark. Job bookmarks help AWS Glue maintain state information and prevent the reprocessing of old data." https://docs.aws.amazon.com/glue/latest/dg/monitor-continuations.html