- (Exam Topic 1)
A company is preparing to launch a public-facing web application in the AWS Cloud. The architecture consists of Amazon EC2 instances within a VPC behind an Elastic Load Balancer (ELB). A third-party service is used for the DNS. The company's solutions architect must recommend a solution to detect and protect against large-scale DDoS attacks.
Which solution meets these requirements?

1. A. Enable Amazon GuardDuty on the account.
2. B. Enable Amazon Inspector on the EC2 instances.
3. C. Enable AWS Shield and assign Amazon Route 53 to it.
4. D. Enable AWS Shield Advanced and assign the ELB to it.

Correct Answer: D
https://aws.amazon.com/shield/faqs/

- (Exam Topic 3)
A company runs a web application that is backed by Amazon RDS. A new database administrator caused data loss by accidentally editing information in a database table To help recover from this type of incident, the company wants the ability to restore the database to its state from 5 minutes before any change within the last 30 days.
Which feature should the solutions architect include in the design to meet this requirement?

1. A. Read replicas
2. B. Manual snapshots
3. C. Automated backups
4. D. Multi-AZ deployments

Correct Answer: C

- (Exam Topic 3)
A company needs to provide its employee with secure access to confidential and sensitive files. The company wants to ensure that the files can be accessed only by authorized users. The files must be downloaded security to the employees devices.
The files are stored in an on-premises Windows files server. However, due to an increase in remote usage, the file server out of capacity.
Which solution will meet these requirement?

1. A. Migrate the file server to an Amazon EC2 instance in a public subne
2. B. Configure the security group to limit inbound traffic to the employees ‚IP addresses.
3. C. Migrate the files to an Amazon FSx for Windows File Server file syste
4. D. Integrate the Amazon FSx file system with the on-premises Active Directory Configure AWS Client VPN.
5. E. Migrate the files to Amazon S3, and create a private VPC endpoin
6. F. Create a signed URL to allow download.
7. G. Migrate the files to Amazon S3, and create a public VPC endpoint Allow employees to sign on with AWS IAM identity Center (AWS Sing-On).

Correct Answer: C

- (Exam Topic 3)
An ecommerce company is building a distributed application that involves several serverless functions and AWS services to complete order-processing tasks. These tasks require manual approvals as part of the workflow A solutions architect needs to design an architecture for the order-processing application The solution must be able to combine multiple AWS Lambda functions into responsive serverless applications The solution also must orchestrate data and services that run on Amazon EC2 instances, containers, or on-premises servers
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use AWS Step Functions to build the application.
2. B. Integrate all the application components in an AWS Glue job
3. C. Use Amazon Simple Queue Service (Amazon SQS) to build the application
4. D. Use AWS Lambda functions and Amazon EventBridge (Amazon CloudWatch Events) events to build the application

Correct Answer: D

- (Exam Topic 3)
A company has a web application with sporadic usage patterns There is heavy usage at the beginning of each month moderate usage at the start of each week and unpredictable usage during the week The application consists of a web server and a MySQL database server running inside the data center The company would like to move the application to the AWS Cloud and needs to select a cost-effective database platform that will not require database modifications
Which solution will meet these requirements?

1. A. Amazon DynamoDB
2. B. Amazon RDS for MySQL
3. C. MySQL-compatible Amazon Aurora Serverless
4. D. MySQL deployed on Amazon EC2 in an Auto Scaling group

Correct Answer: B