- (Exam Topic 3)
A company has a regional subscription-based streaming service that runs in a single AWS Region. The architecture consists of web servers and application servers on Amazon EC2 instances. The EC2 instances are in Auto Scaling groups behind Elastic Load Balancers. The architecture includes an Amazon Aurora database cluster that extends across multiple Availability Zones.
The company wants to expand globally and to ensure that its application has minimal downtime.

1. A. Extend the Auto Scaling groups for the web tier and the application tier to deploy instances in Availability Zones in a second Regio
2. B. Use an Aurora global database to deploy the database in the primary Region and the second Regio
3. C. Use Amazon Route 53 health checks with a failover routing policy to the second Region.
4. D. Deploy the web tier and the application tier to a second Regio
5. E. Add an Aurora PostgreSQL cross-Region Aurara Replica in the second Regio
6. F. Use Amazon Route 53 health checks with afailovers routing policy to the second Region, Promote the secondary to primary as needed.
7. G. Deploy the web tier and the applicatin tier to a second Regio
8. H. Create an Aurora PostSQL database in the second Regio
9. I. Use AWS Database Migration Service (AWS DMS) to replicate the primary database to the second Regio
10. J. Use Amazon Route 53 health checks with a failover routing policy to the second Region.
11. K. Deploy the web tier and the application tier to a second Regio
12. L. Use an Amazon Aurora global database to deploy the database in the primary Region and the second Regio
13. M. Use Amazon Route 53 health checks with a failover routing policy to the second Regio
14. N. Promote the secondary to primary as needed.

Correct Answer: A

- (Exam Topic 3)
A company has implemented a self-managed DNS service on AWS. The solution consists of the following:
• Amazon EC2 instances in different AWS Regions
• Endpomts of a standard accelerator m AWS Global Accelerator
The company wants to protect the solution against DDoS attacks What should a solutions architect do to meet this requirement?

1. A. Subscribe to AWS Shield Advanced Add the accelerator as a resource to protect
2. B. Subscribe to AWS Shield Advanced Add the EC2 instances as resources to protect
3. C. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the accelerator
4. D. Create an AWS WAF web ACL that includes a rate-based rule Associate the web ACL with the EC2 instances

Correct Answer: B

- (Exam Topic 3)
A solutions architect is designing a two-tiered architecture that includes a public subnet and a database subnet. The web servers in the public subnet must be open to the internet on port 443. The Amazon RDS for MySQL D6 instance in the database subnet must be accessible only to the web servers on port 3306.
Which combination of steps should the solutions architect take to meet these requirements? (Select TWO.)

1. A. Create a network ACL for the public subnet Add a rule to deny outbound traffic to 0 0 0 0/0 on port3306
2. B. Create a security group for the DB instance Add a rule to allow traffic from the public subnet CIDR block on port 3306
3. C. Create a security group for the web servers in the public subnet Add a rule to allow traffic from 0 0 0 O'O on port 443
4. D. Create a security group for the DB instance Add a rule to allow traffic from the web servers' security group on port 3306
5. E. Create a security group for the DB instance Add a rule to deny all traffic except traffic from the web servers' security group on port 3306

Correct Answer: CD

- (Exam Topic 3)
A company's application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. On the first day of every month at midnight. The application becomes much slower when the month-end financial calcualtion bath runs. This causes the CPU utilization of the EC2 instaces to immediately peak to 100%, which disrupts the application.
What should a solution architect recommend to ensure the application is able to handle the workload and avoid downtime?

1. A. Configure an Amazon CloudFront distribution in from of the ALB.
2. B. Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
3. C. Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
4. D. Configure Amazon ElasticCache to remove some of the workload from tha EC2 instances.

Correct Answer: A

- (Exam Topic 2)
A company is concerned about the security of its public web application due to recent web attacks. The application uses an Application Load Balancer (ALB). A solutions architect must reduce the risk of DDoS attacks against the application.
What should the solutions architect do to meet this requirement?

1. A. Add an Amazon Inspector agent to the ALB.
2. B. Configure Amazon Macie to prevent attacks.
3. C. Enable AWS Shield Advanced to prevent attacks.
4. D. Configure Amazon GuardDuty to monitor the ALB.

Correct Answer: C