- (Topic 3)
A company needs to transfer 600 TB of data from its on-premises network-attached storage (NAS) system to the AWS Cloud. The data transfer must be complete within 2 weeks. The data is sensitive and must be encrypted in transit. The company's internet connection can support an upload speed of 100 Mbps.
Which solution meets these requirements MOST cost-effectively?

1. A. Use Amazon S3 multi-part upload functionality to transfer the fees over HTTPS
2. B. Create a VPN connection between the on-premises NAS system and the nearest AWS Region Transfer the data over the VPN connection
3. C. Use the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices Use the devices to transfer the data to Amazon S3.
4. D. Set up a 10 Gbps AWS Direct Connect connection between the company location and (he nearest AWS Region Transfer the data over a VPN connection into the Region to store the data in Amazon S3

Correct Answer: C
The best option is to use the AWS Snow Family console to order several AWS Snowball Edge Storage Optimized devices and use the devices to transfer the data to Amazon S3. Snowball Edge is a petabyte-scale data transfer device that can help transfer large amounts of data securely and quickly. Using Snowball Edge can be the most cost-effective solution for transferring large amounts of data over long distances and can help meet the requirement of transferring 600 TB of data within two weeks.

- (Topic 4)
A company is running a legacy system on an Amazon EC2 instance. The application code cannot be modified, and the system cannot run on more than one instance. A solutions architect must design a resilient solution that can improve the recovery time for the system.
What should the solutions architect recommend to meet these requirements?

1. A. Enable termination protection for the EC2 instance.
2. B. Configure the EC2 instance for Multi-AZ deployment.
3. C. Create an Amazon CloudWatch alarm to recover the EC2 instance in case of failure.
4. D. Launch the EC2 instance with two Amazon Elastic Block Store (Amazon EBS) volumes that use RAID configurations for storage redundancy.

Correct Answer: C
To design a resilient solution that can improve the recovery time for the system, a solutions architect should recommend creating an Amazon CloudWatch alarm to recover the EC2 instance in case of failure. This solution has the following benefits:
✑ It allows the EC2 instance to be automatically recovered when a system status
check failure occurs, such as loss of network connectivity, loss of system power, software issues on the physical host, or hardware issues on the physical host that impact network reachability1.
✑ It preserves the instance ID, private IP addresses, Elastic IP addresses, and all
instance metadata of the original instance. A recovered instance is identical to the original instance, except for any data that is in-memory, which is lost during the recovery process1.
✑ It does not require any modification of the application code or the EC2 instance
configuration. The solutions architect can create a CloudWatch alarm using the AWS Management Console, the AWS CLI, or the CloudWatch API2.
References:
✑ 1: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance- recover.html
✑ 2: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance- recover.html#ec2-instance-recover-create-alarm

- (Topic 4)
A company has a financial application that produces reports. The reports average 50 KB in size and are stored in Amazon S3. The reports are frequently accessed during the first week after production and must be stored for several years. The reports must be retrievable within 6 hours.
Which solution meets these requirements MOST cost-effectively?

1. A. Use S3 Standar
2. B. Use an S3 Lifecycle rule to transition the reports to S3 Glacier after 7 days.
3. C. Use S3 Standar
4. D. Use an S3 Lifecycle rule to transition the reports to S3 Standard- Infrequent Access (S3 Standard-IA) after 7 days.
5. E. Use S3 Intelligent-Tierin
6. F. Configure S3 Intelligent-Tiering to transition the reports to S3 Standard-Infrequent Access (S3 Standard-IA) and S3 Glacier.
7. G. Use S3 Standar
8. H. Use an S3 Lifecycle rule to transition the reports to S3 Glacier Deep Archive after 7 days.

Correct Answer: A
To store and retrieve reports that are frequently accessed during the first week and must be stored for several years, S3 Standard and S3 Glacier are suitable
solutions. S3 Standard offers high durability, availability, and performance for frequently accessed data. S3 Glacier offers secure and durable storage for long-term data archiving at a low cost. S3 Lifecycle rules can be used to transition the reports from S3 Standard to S3 Glacier after 7 days, which can reduce storage costs. S3 Glacier also supports retrieval within 6 hours.
References:
✑ Storage Classes
✑ Object Lifecycle Management
✑ Retrieving Archived Objects from Amazon S3 Glacier

- (Topic 4)
A company has an on-premises data center that is running out of storage capacity. The company wants to migrate its storage infrastructure to AWS while minimizing bandwidth costs. The solution must allow for immediate retrieval of data at no additional cost.
How can these requirements be met?

1. A. Deploy Amazon S3 Glacier Vault and enable expedited retrieva
2. B. Enable provisioned retrieval capacity for the workload.
3. C. Deploy AWS Storage Gateway using cached volume
4. D. Use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally.
5. E. Deploy AWS Storage Gateway using stored volumes to store data locall
6. F. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.
7. G. Deploy AWS Direct Connect to connect with the on-premises data cente
8. H. Configure AWS Storage Gateway to store data locall
9. I. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.

Correct Answer: B
The solution that will meet the requirements is to deploy AWS Storage Gateway using cached volumes and use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally. This solution will allow the company to migrate its storage infrastructure to AWS while minimizing bandwidth costs, as it will only transfer data that is not cached locally. The solution will also allow for immediate retrieval of data at no additional cost, as the cached volumes will provide low-latency access to the most recently used data. The data stored in Amazon S3 will be durable, scalable, and secure.
The other solutions are not as effective as the first one because they either do not meet the requirements or introduce additional costs or complexity. Deploying Amazon S3 Glacier Vault and enabling expedited retrieval will not meet the requirements, as it will incur additional costs for both storage and retrieval. Amazon S3 Glacier is a low-cost storage service for data archiving and backup, but it has longer retrieval times than Amazon S3. Expedited retrieval is a feature that allows faster access to data, but it charges a higher fee per GB retrieved. Provisioned retrieval capacity is a feature that reserves dedicated capacity for expedited retrievals, but it also charges a monthly fee per provisioned capacity unit. Deploying AWS Storage Gateway using stored volumes to store data locally and use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3 will not meet the requirements, as it will not migrate the storage infrastructure to AWS, but only create backups. Stored volumes are volumes that store the primary data locally and back up snapshots to Amazon S3. This solution will not reduce the storage capacity needed on-premises, nor will it leverage the benefits of cloud storage. Deploying AWS Direct Connect to connect with the on-premises data center and configuring AWS Storage Gateway to store data locally and use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3 will not meet the requirements, as it will also not migrate the storage infrastructure to AWS, but only create backups. AWS Direct Connect is a service that establishes a dedicated network connection between the on-premises data center and AWS, which can reduce network costs and increase bandwidth. However, this solution will also not reduce the storage capacity needed on- premises, nor will it leverage the benefits of cloud storage.
References:
✑ AWS Storage Gateway
✑ Cached volumes - AWS Storage Gateway
✑ Amazon S3 Glacier
✑ Retrieving archives from Amazon S3 Glacier vaults - Amazon Simple Storage Service
✑ Stored volumes - AWS Storage Gateway
✑ AWS Direct Connect

- (Topic 2)
A solutions architect must design a solution that uses Amazon CloudFront with an Amazon S3 origin to store a static website. The company's security policy requires that all website traffic be inspected by AWS WAR
How should the solutions architect comply with these requirements?

1. A. Configure an S3 bucket policy lo accept requests coming from the AWS WAF Amazon Resource Name (ARN) only.
2. B. Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin.
3. C. Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 onl
4. D. Associate AWS WAF to CloudFront.
5. E. Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucke
6. F. Enable AWS WAF on the distribution.

Correct Answer: D
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content- restricting-access-to-s3.html https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web- awswaf.html