- (Topic 3)
A solution architect needs to assign a new microsoft for a company’s application. Clients must be able to call an HTTPS endpoint to reach the micoservice. The microservice also must use AWS identity and Access Management (IAM) to authentication calls. The soltions architect will write the logic for this microservice by using a single AWS Lambda function that is written in Go 1.x.
Which solution will deploy the function in the in the MOST operationally efficient way?

1. A. Create an Amazon API Gateway REST AP
2. B. Configure the method to use the Lambda functio
3. C. Enable IAM authentication on the API.
4. D. Create a Lambda function URL for the functio
5. E. Specify AWS_IAM as the authenticationtype.
6. F. Create an Amazon CloudFront distributio
7. G. Deploy the function to Lambda@Edg
8. H. Integrate IAM authentication logic into the Lambda@Edge function.
9. I. Create an Amazon CloudFront distribuio
10. J. Deploy the function to CloudFront Function
11. K. Specify AWS_IAM as the authentication type.

Correct Answer: A
A. Create an Amazon API Gateway REST API. Configure the method to use the Lambda function. Enable IAM authentication on the API. This option is the most operationally efficient as it allows you to use API Gateway to handle the HTTPS endpoint and also allows you to use IAM to authenticate the calls to the microservice. API Gateway also provides many additional features such as caching, throttling, and monitoring, which can be useful for a microservice.

- (Topic 4)
A recent analysis of a company's IT expenses highlights the need to reduce backup costs. The company's chief information officer wants to simplify the on- premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. The company must preserve the existing investment in the on- premises backup applications and workflows.
What should a solutions architect recommend?

1. A. Set up AWS Storage Gateway to connect with the backup applications using the NFS interface.
2. B. Set up an Amazon EFS file system that connects with the backup applications using the NFS interface.
3. C. Set up an Amazon EFS file system that connects with the backup applications using the iSCSI interface.
4. D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSI- virtual tape library (VTL) interface.

Correct Answer: D
it allows the company to simplify the on-premises backup infrastructure and reduce costs by eliminating the use of physical backup tapes. By setting up AWS Storage Gateway to connect with the backup applications using the iSCSI-virtual tape library (VTL) interface, the company can store backup data on virtual tapes in S3 or Glacier. This preserves the existing investment in the on-premises backup applications and workflows while leveraging AWS storage services. References:
✑ AWS Storage Gateway
✑ Tape Gateway

- (Topic 4)
A gaming company wants to launch a new internet-facing application in multiple AWS Regions The application will use the TCP and UDP protocols for communication. The company needs to provide high availability and minimum latency for global users.
Which combination of actions should a solutions architect take to meet these requirements? (Select TWO.)

1. A. Create internal Network Load Balancers in front of the application in each Region.
2. B. Create external Application Load Balancers in front of the application in each Region.
3. C. Create an AWS Global Accelerator accelerator to route traffic to the load balancers in each Region.
4. D. Configure Amazon Route 53 to use a geolocation routing policy to distribute the traffic.
5. E. Configure Amazon CloudFront to handle the traffic and route requests to the application in each Region.

Correct Answer: BC
This combination of actions will provide high availability and minimum latency for global users by using AWS Global Accelerator and Application Load Balancers. AWS Global Accelerator is a networking service that helps you improve the availability, performance, and security of your internet-facing applications by using the AWS global network. It provides two global static public IPs that act as a fixed entry point to your application endpoints, such as Application Load Balancers, in multiple Regions1. Global Accelerator uses the AWS backbone network to route traffic to the optimal regional
endpoint based on health, client location, and policies that you configure. It also offers TCP and UDP support, traffic encryption, and DDoS protection2. Application Load Balancers are external load balancers that distribute incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. They support both HTTP and HTTPS (SSL/TLS) protocols, and offer advanced features such as content-based routing, health checks, and integration with other AWS services3. By creating external Application Load Balancers in front of the application in each Region, you can ensure that the application can handle varying load patterns and scale on demand. By creating an AWS Global Accelerator accelerator to route traffic to the load balancers in each Region, you can leverage the performance, security, and availability of the AWS global network to deliver the best possible user experience.
References: 1: What is AWS Global Accelerator? - AWS Global Accelerator4, Overview section2: Network Acceleration Service - AWS Global Accelerator - AWS5, Why AWS Global Accelerator? section. 3: What is an Application Load Balancer? - Elastic Load Balancing6, Overview section.

- (Topic 1)
A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.
What should the solutions architect do to enable Internet access for the private subnets?

1. A. Create three NAT gateways, one for each public subnet in each A
2. B. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
3. C. Create three NAT instances, one for each private subnet in each A
4. D. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
5. E. Create a second internet gateway on one of the private subnet
6. F. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.
7. G. Create an egress-only internet gateway on one of the public subnet
8. H. Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.

Correct Answer: A
https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-amazon-vpc-nat-gateway-in-the-aws-govcloud-us- region/#:~:text=NAT%20Gateway%20is%20a%20highly,instances%20in%20a%20private
%20subnet.
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html

- (Topic 4)
A company runs an application on a group of Amazon Linux EC2 instances. For compliance reasons, the company must retain all application log files for 7 years. The log files will be analyzed by a reporting tool that must be able to access all the files concurrently.
Which storage solution meets these requirements MOST cost-effectively?

1. A. Amazon Elastic Block Store (Amazon EBS)
2. B. Amazon Elastic File System (Amazon EFS)
3. C. Amazon EC2 instance store
4. D. Amazon S3

Correct Answer: D
https://docs.aws.amazon.com/efs/latest/ug/transfer-data-to-efs.html