- (Topic 2)
A company is building a containerized application on premises and decides to move the application to AWS. The application will have thousands of users soon after li is deployed. The company Is unsure how to manage the deployment of containers at scale. The company needs to deploy the containerized application in a highly available architecture that minimizes operational overhead.
Which solution will meet these requirements?

1. A. Store container images In an Amazon Elastic Container Registry (Amazon ECR) repositor
2. B. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the AWS Fargate launch type to run the container
3. C. Use target tracking to scale automatically based on demand.
4. D. Store container images in an Amazon Elastic Container Registry (Amazon ECR) repositor
5. E. Use an Amazon Elastic Container Service (Amazon ECS) cluster with the Amazon EC2 launch type to run the container
6. F. Use target tracking to scale automatically based on demand.
7. G. Store container images in a repository that runs on an Amazon EC2 instanc
8. H. Run the containers on EC2 instances that are spread across multiple Availability Zone
9. I. Monitor the average CPU utilization in Amazon CloudWatc
10. J. Launch new EC2 instances as needed
11. K. Create an Amazon EC2 Amazon Machine Image (AMI) that contains the container image Launch EC2 Instances in an Auto Scaling group across multiple Availability Zone
12. L. Use an Amazon CloudWatch alarm to scale out EC2 instances when the average CPU utilization threshold is breached.

Correct Answer: A
AWS Fargate is a serverless experience for user applications, allowing the user to concentrate on building applications instead of configuring and managing servers. Fargate also automates resource management, allowing users to easily scale their applications in response to demand.

- (Topic 2)
A gaming company has a web application that displays scores. The application runs on Amazon EC2 instances behind an Application Load Balancer. The application stores data in an Amazon RDS for MySQL database. Users are starting to experience long delays and interruptions that are caused by database read performance. The company wants to improve the user experience while minimizing changes to the application's architecture.
What should a solutions architect do to meet these requirements?

1. A. Use Amazon ElastiCache in front of the database.
2. B. Use RDS Proxy between the application and the database.
3. C. Migrate the application from EC2 instances to AWS Lambda.
4. D. Migrate the database from Amazon RDS for MySQL to Amazon DynamoDB.

Correct Answer: A
ElastiCache can help speed up the read performance of the database by caching frequently accessed data, reducing latency and allowing the application to access the data more quickly. This solution requires minimal modifications to the current architecture, as ElastiCache can be used in conjunction with the existing Amazon RDS for MySQL database.

- (Topic 4)
A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should.be protected throughout the entire application stack, and access to the information should be restricted to certain applications.
Which action should the solutions architect take?

1. A. Configure a CloudFront signed URL.
2. B. Configure a CloudFront signed cookie.
3. C. Configure a CloudFront field-level encryption profile.
4. D. Configure CloudFront and set the Origin Protocol Policy setting to HTTPS Only for the Viewer Protocol Policy.

Correct Answer: C
it allows the company to protect sensitive information submitted by users
throughout the entire application stack and restrict access to certain applications. By configuring a CloudFront field-level encryption profile, the company can encrypt specific fields of user data at the edge locations before sending it to the origin servers. By using public-private key pairs, the company can ensure that only authorized applications can decrypt and access the sensitive information. References:
✑ Field-Level Encryption
✑ Encrypting and Decrypting Data

- (Topic 4)
A company wants to rearchitect a large-scale web application to a serverless microservices architecture. The application uses Amazon EC2 instances and is written in Python.
The company selected one component of the web application to test as a microservice. The component supports hundreds of requests each second. The company wants to create and test the microservice on an AWS solution that supports Python. The solution must also scale automatically and require minimal infrastructure and minimal operational support.
Which solution will meet these requirements?

1. A. Use a Spot Fleet with auto scaling of EC2 instances that run the most recent Amazon Linux operating system.
2. B. Use an AWS Elastic Beanstalk web server environment that has high availability configured.
3. C. Use Amazon Elastic Kubernetes Service (Amazon EKS). Launch Auto Scaling groups of self-managed EC2 instances.
4. D. Use an AWS Lambda function that runs custom developed code.

Correct Answer: D
AWS Lambda is a serverless compute service that lets you run code without provisioning or managing servers. You can use Lambda to create and test microservices that are written in Python or other supported languages. Lambda scales automatically to handle the number of requests per second. You only pay for the compute time you consume. Lambda also integrates with other AWS services, such as Amazon API Gateway, Amazon S3, Amazon DynamoDB, and Amazon SQS, to enable event-driven architectures. Lambda has minimal infrastructure and operational overhead, as you do not need to manage servers, operating systems, patches, or scaling policies.
The other options are not serverless solutions and require more infrastructure and operational support. They also do not scale automatically to handle the number of requests per second. A Spot Fleet is a collection of EC2 instances that run on spare capacity at low prices. However, Spot Instances can be interrupted by AWS at any time, which can affect the availability and performance of your microservice. AWS Elastic Beanstalk is a service that automates the deployment and management of web applications on EC2 instances. However, you still need to provision, configure, and monitor the underlying EC2 instances and load balancers. Amazon EKS is a service that runs Kubernetes on AWS. However, you still need to create, configure, and manage the EC2 instances that form the Kubernetes cluster and nodes. You also need to install and update the Kubernetes software and tools. References:
✑ What is AWS Lambda?
✑ Building Lambda functions with Python
✑ Create a layer for a Lambda Python function
✑ AWS Lambda – Function in Python
✑ How do I call my AWS Lambda function from a local python script?

- (Topic 3)
An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

1. A. Use a VPC endpoint for DynamoDB.
2. B. Use a NAT gateway in a public subnet.
3. C. Use a NAT instance in a private subnet.
4. D. Use the internet gateway attached to the VPC.

Correct Answer: A
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints- dynamodb.html
A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you don't need an internet gateway, a NAT device, or a virtual private gateway in your VPC. You use endpoint policies to control access to DynamoDB. Traffic between your VPC and the AWS service does not leave the Amazon network.