- (Exam Topic 3)
A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group.


A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?

1. A. Deleting IAM users
2. B. Deleting directories
3. C. Deleting Amazon EC2 instances
4. D. Deleting logs from Amazon CloudWatch Logs

Correct Answer: C
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/index.html

- (Exam Topic 1)
A solutions architect is designing a new hybrid architecture to extend a company s on-premises infrastructure to AWS The company requires a highly available connection with consistent low latency to an AWS Region. The company needs to minimize costs and is willing to accept slower traffic if the primary connection fails.
What should the solutions architect do to meet these requirements?

1. A. Provision an AWS Direct Connect connection to a Region Provision a VPN connection as a backup if the primary Direct Connect connection fails.
2. B. Provision a VPN tunnel connection to a Region for private connectivit
3. C. Provision a second VPN tunnel for private connectivity and as a backup if the primary VPN connection fails.
4. D. Provision an AWS Direct Connect connection to a Region Provision a second Direct Connect connection to the same Region as a backup if the primary Direct Connect connection fails.
5. E. Provision an AWS Direct Connect connection to a Region Use the Direct Connect failover attribute from the AWS CLI to automatically create a backup connection if the primary Direct Connect connection fails.

Correct Answer: A
"In some cases, this connection alone is not enough. It is always better to guarantee a fallback connection as the backup of DX. There are several options, but implementing it with an AWS Site-To-Site VPN is a real cost-effective solution that can be exploited to reduce costs or, in the meantime, wait for the setup of a second DX."
https://www.proud2becloud.com/hybrid-cloud-networking-backup-aws-direct-connect-network-connection-with

- (Exam Topic 3)
A company has a web application that is based on Java and PHP The company plans to move the application from on premises to AWS The company needs the ability to test new site features frequently. The company also needs a highly available and managed solution that requires minimum operational overhead
Which solution will meet these requirements?

1. A. Create an Amazon S3 bucket Enable static web hosting on the S3 bucket Upload the static content to the S3 bucket Use AWS Lambda to process all dynamic content
2. B. Deploy the web application to an AWS Elastic Beanstalk environment Use URL swapping to switch between multiple Elastic Beanstalk environments for feature testing
3. C. Deploy the web application lo Amazon EC2 instances that are configured with Java and PHP Use Auto Scaling groups and an Application Load Balancer to manage the website's availability
4. D. Containerize the web application Deploy the web application to Amazon EC2 instances Use the AWS Load Balancer Controller to dynamically route traffic between containers thai contain the new site features for testing

Correct Answer: B

- (Exam Topic 3)
A company has implemented a self-managed DNS service on AWS. The solution consists of the following:
• Amazon EC2 instances in different AWS Regions
• Endpomts of a standard accelerator m AWS Global Accelerator
The company wants to protect the solution against DDoS attacks What should a solutions architect do to meet this requirement?

1. A. Subscribe to AWS Shield Advanced Add the accelerator as a resource to protect
2. B. Subscribe to AWS Shield Advanced Add the EC2 instances as resources to protect
3. C. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the accelerator
4. D. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the EC2 instances

Correct Answer: B

- (Exam Topic 3)
A payment processing company records all voice communication with its customers and stores the audio files in an Amazon S3 bucket. The company needs to capture the text from the audio files. The company must remove from the text any personally identifiable information (Pll) that belongs to customers.
What should a solutions architect do to meet these requirements?

1. A. Process the audio files by using Amazon Kinesis Video Stream
2. B. Use an AWS Lambda function to scanfor known Pll patterns.
3. C. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start an Amazon Textract task to analyze the call recordings.
4. D. Configure an Amazon Transcribe transcription job with Pll redaction turned o
5. E. When an audio file is uploaded to the S3 bucket, invoke an AWS Lambda function to start the transcription jo
6. F. Store theoutput in a separate S3 bucket.
7. G. Create an Amazon Connect contact flow that ingests the audio files with transcription turned o
8. H. Embed an AWS Lambda function to scan for known Pll pattern
9. I. Use Amazon EventBridge (Amazon CloudWatch Events) to start the contact flow when an audio file is uploaded to the S3 bucket.

Correct Answer: C