- (Exam Topic 1)
A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the credentials tor its Amazon ROS tor MySQL databases across multiple AWS Regions
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Store the credentials as secrets in AWS Secrets Manage
2. B. Use multi-Region secret replication for the required Regions Configure Secrets Manager to rotate the secrets on a schedule
3. C. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter Use multi-Region secret replication for the required Regions Configure Systems Manager to rotate the secrets on a schedule
4. D. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled Use Amazon EventBridge (Amazon CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials
5. E. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys Store the secrets in an Amazon DynamoDB global table Use an AWS Lambda function to retrieve the secrets from DynamoDB Use the RDS API to rotate the secrets.

Correct Answer: A
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/

- (Exam Topic 2)
A company wants to build a scalable key management Infrastructure to support developers who need to encrypt data in their applications.
What should a solutions architect do to reduce the operational burden?

1. A. Use multifactor authentication (MFA) to protect the encryption keys.
2. B. Use AWS Key Management Service (AWS KMS) to protect the encryption keys
3. C. Use AWS Certificate Manager (ACM) to create, store, and assign the encryption keys
4. D. Use an IAM policy to limit the scope of users who have access permissions to protect the encryption keys

Correct Answer: B
https://aws.amazon.com/kms/faqs/#:~:text=If%20you%20are%20a%20developer%20who%20needs%20to%20d

- (Exam Topic 2)
A company wants to migrate its on-premises data center to AWS. According to the company's compliance requirements, the company can use only the ap-northeast-3 Region. Company administrators are not permitted to connect VPCs to the internet.
Which solutions will meet these requirements? (Choose two.)

1. A. Use AWS Control Tower to implement data residency guardrails to deny internet access and deny access to all AWS Regions except ap-northeast-3.
2. B. Use rules in AWS WAF to prevent internet acces
3. C. Deny access to all AWS Regions except ap-northeast-3 in the AWS account settings.
4. D. Use AWS Organizations to configure service control policies (SCPS) that prevent VPCs from gaining internet acces
5. E. Deny access to all AWS Regions except ap-northeast-3.
6. F. Create an outbound rule for the network ACL in each VPC to deny all traffic from 0.0.0.0/0. Create an IAM policy for each user to prevent the use of any AWS Region other than ap-northeast-3.
7. G. Use AWS Config to activate managed rules to detect and alert for internet gateways and to detect and alert for new resources deployed outside of ap-northeast-3.

Correct Answer: AC

- (Exam Topic 3)
A company manages its own Amazon EC2 instances that run MySQL databases. The company is manually managing replication and scaling as demand increases or decreases. The company needs a new solution that simplifies the process of adding or removing compute capacity to or from its database tier as needed. The solution also must offer improved performance, scaling, and durability with minimal effort from operations.
Which solution meets these requirements?

1. A. Migrate the databases to Amazon Aurora Serverless for Aurora MySQL.
2. B. Migrate the databases to Amazon Aurora Serverless for Aurora PostgreSQL.
3. C. Combine the databases into one larger MySQL databas
4. D. Run the larger database on larger EC2 instances.
5. E. Create an EC2 Auto Scaling group for the database tie
6. F. Migrate the existing databases to the new environment.

Correct Answer: A
https://aws.amazon.com/rds/aurora/serverless/

- (Exam Topic 1)
A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly. The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and minimum development effort.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scalin
2. B. Use an Application Load Balancer to distribute the incoming requests.
3. C. Use two Amazon EC2 instances to host the containerized web applicatio
4. D. Use an Application Load Balancer to distribute the incoming requests
5. E. Use AWS Lambda with a new code that uses one of the supported language
6. F. Create multiple Lambda functions to support the loa
7. G. Use Amazon API Gateway as an entry point to the Lambda functions.
8. H. Use a high performance computing (HPC) solution such as AWS ParallelClusterto establish an HPC cluster that can process the incoming requests at the appropriate scale.

Correct Answer: A