- (Topic 1)
A company runs an ecommerce application on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales based on CPU utilization metrics. The ecommerce application stores the transaction data in a MySQL 8.0 database that is hosted on a large EC2 instance.
The database's performance degrades quickly as application load increases. The application handles more read requests than write transactions. The company wants a solution that will automatically scale the database to meet the demand of unpredictable read workloads while maintaining high availability.
Which solution will meet these requirements?

1. A. Use Amazon Redshift with a single node for leader and compute functionality.
2. B. Use Amazon RDS with a Single-AZ deployment Configure Amazon RDS to add reader instances in a different Availability Zone.
3. C. Use Amazon Aurora with a Multi-AZ deploymen
4. D. Configure Aurora Auto Scaling with Aurora Replicas.
5. E. Use Amazon ElastiCache for Memcached with EC2 Spot Instances.

Correct Answer: C
AURORA is 5x performance improvement over MySQL on RDS and handles more read requests than write,; maintaining high availability = Multi-AZ deployment

- (Topic 4)
A 4-year-old media company is using the AWS Organizations all features feature set fo organize its AWS accounts. According to he company's finance team, the billing information on the member accounts
must not be accessible to anyone, including the root user of the member accounts. Which solution will meet these requirements?

1. A. Add all finance team users to an IAM grou
2. B. Attach an AWS managed policy named Billing to the group.
3. C. Attach an identity-based policy to deny access to the billing information to all users, including the root user.
4. D. Create a service control policy (SCP) to deny access to the billing informatio
5. E. Attach the SCP to the root organizational unit (OU).
6. F. Convert from the Organizations all features feature set to the Organizations consolidated billing feature set.

Correct Answer: C
Service Control Policies (SCP): SCPs are an integral part of AWS Organizations and allow you to set fine-grained permissions on the organizational units (OUs) within your AWS Organization. SCPs provide central control over the maximum permissions that can be granted to member accounts, including the root user. Denying Access to Billing Information: By creating an SCP and attaching it to the root OU, you can explicitly deny access to billing information for all accounts within the organization. SCPs can be used to restrict access to various AWS services and actions, including billing- related services. Granular Control: SCPs enable you to define specific permissions and restrictions at the organizational unit level. By denying access to billing information at the root OU, you can ensure that no member accounts, including root users, have access to the billing information.

- (Topic 4)
A company is using AWS Key Management Service (AWS KMS) keys to encrypt AWS Lambda environment variables. A solutions architect needs to ensure that the required permissions are in place to decrypt and use the environment variables.
Which steps must the solutions architect take to implement the correct permissions? (Choose two.)

1. A. Add AWS KMS permissions in the Lambda resource policy.
2. B. Add AWS KMS permissions in the Lambda execution role.
3. C. Add AWS KMS permissions in the Lambda function policy.
4. D. Allow the Lambda execution role in the AWS KMS key policy.
5. E. Allow the Lambda resource policy in the AWS KMS key policy.

Correct Answer: BD
B and D are the correct answers because they ensure that the Lambda execution role has the permissions to decrypt and use the environment variables, and that the AWS KMS key policy allows the Lambda execution role to use the key. The Lambda execution role is an IAM role that grants the Lambda function permission to access AWS resources, such as AWS KMS. The AWS KMS key policy is a resource-based policy that controls access to the key. By adding AWS KMS permissions in the Lambda execution role and allowing the Lambda execution role in the AWS KMS key policy, the solutions architect can implement the correct permissions for encrypting and decrypting environment variables. References:
✑ AWS Lambda Execution Role
✑ Using AWS KMS keys in AWS Lambda

- (Topic 1)
A company is implementing a shared storage solution for a media application that is hosted m the AWS Cloud The company needs the ability to use SMB clients to access data The solution must he fully managed.
Which AWS solution meets these requirements?

1. A. Create an AWS Storage Gateway volume gatewa
2. B. Create a file share that uses the required client protocol Connect the application server to the file share.
3. C. Create an AWS Storage Gateway tape gateway Configure (apes to use Amazon S3 Connect the application server lo the tape gateway
4. D. Create an Amazon EC2 Windows instance Install and configure a Windows file share role on the instanc
5. E. Connect the application server to the file share.
6. F. Create an Amazon FSx for Windows File Server tile system Attach the fie system to the origin serve
7. G. Connect the application server to the file system

Correct Answer: D
https://aws.amazon.com/fsx/lustre/
Amazon FSx has native support for Windows file system features and for the industry- standard Server Message Block (SMB) protocol to access file storage over a network. https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html

- (Topic 4)
A company runs applications on AWS that connect to the company's Amazon RDS database. The applications scale on weekends and at peak times of the year. The company wants to scale the database more effectively for its applications that connect to the database.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use Amazon DynamoDB with connection pooling with a target group configuration for the databas
2. B. Change the applications to use the DynamoDB endpoint.
3. C. Use Amazon RDS Proxy with a target group for the databas
4. D. Change the applications to use the RDS Proxy endpoint.
5. E. Use a custom proxy that runs on Amazon EC2 as an intermediary to the databas
6. F. Change the applications to use the custom proxy endpoint.
7. G. Use an AWS Lambda function to provide connection pooling with a target group configuration for the databas
8. H. Change the applications to use the Lambda function.

Correct Answer: B
Amazon RDS Proxy is a fully managed, highly available database proxy for Amazon Relational Database Service (RDS) that makes applications more scalable, more resilient to database failures, and more secure1. RDS Proxy allows applications to pool and share connections established with the database, improving database efficiency and application scalability2. RDS Proxy also reduces failover times for Aurora and RDS databases by up to 66% and enables IAM authentication and Secrets Manager integration for database access1. RDS Proxy can be enabled for most applications with no code changes2.