- (Exam Topic 2)
A company hosts a website analytics application on a single Amazon EC2 On-Demand Instance. The analytics software is written in PHP and uses a MySQL database. The analytics software, the web server that provides PHP, and the database server are all hosted on the EC2 instance. The application is showing signs of performance degradation during busy times and is presenting 5xx errors. The company needs to make the application scale seamlessly.
Which solution will meet these requirements MOST cost-effectively?

1. A. Migrate the database to an Amazon RDS for MySQL DB instanc
2. B. Create an AMI of the web applicatio
3. C. Use the AMI to launch a second EC2 On-Demand Instanc
4. D. Use an Application Load Balancer to distribute the load to each EC2 instance.
5. E. Migrate the database to an Amazon RDS for MySQL DB instanc
6. F. Create an AMI of the web applicatio
7. G. Use the AMI to launch a second EC2 On-Demand Instanc
8. H. Use Amazon Route 53 weighted routing to distribute the load across the two EC2 instances.
9. I. Migrate the database to an Amazon Aurora MySQL DB instanc
10. J. Create an AWS Lambda function to stop the EC2 instance and change the instance typ
11. K. Create an Amazon CloudWatch alarm to invoke the Lambda function when CPU utilization surpasses 75%.
12. L. Migrate the database to an Amazon Aurora MySQL DB instanc
13. M. Create an AMI of the web application.Apply the AMI to a launch templat
14. N. Create an Auto Scaling group with the launch template Configure the launch template to use a Spot Flee
15. O. Attach an Application Load Balancer to the Auto Scaling group.

Correct Answer: D

- (Exam Topic 3)
A company's facility has badge readers at every entrance throughout the building. When badges are scanned, the readers send a message over HTTPS to indicate who attempted to access that particular entrance.
A solutions architect must design a system to process these messages from the sensors. The solution must be highly available, and the results must be made available for the company's security team to analyze.
Which system architecture should the solutions architect recommend?

1. A. Launch an Amazon EC2 instance to serve as the HTTPS endpoint and to process the messages Configure the EC2 instance to save the results to an Amazon S3 bucket.
2. B. Create an HTTPS endpoint in Amazon API Gatewa
3. C. Configure the API Gateway endpoint to invoke an AWS Lambda function to process the messages and save the results to an Amazon DynamoDB table.
4. D. Use Amazon Route 53 to direct incoming sensor messages to an AWS Lambda functio
5. E. Configure the Lambda function to process the messages and save the results to an Amazon DynamoDB table.
6. F. Create a gateway VPC endpoint for Amazon S3. Configure a Site-to-Site VPN connection from the facility network to the VPC so that sensor data can be written directly to an S3 bucket by way of the VPC endpoint.

Correct Answer: B

- (Exam Topic 3)
A company wants to use high performance computing (HPC) infrastructure on AWS for financial risk modeling. The company's HPC workloads run on Linux. Each HPC workflow runs on hundreds of Amazon EC2 Spot Instances, is shorl-lived, and generates thousands of output files that are ultimately stored in persistent storage for analytics and long-term future use.
The company seeks a cloud storage solution that permits the copying of on-premises data to long-term persistent storage to make data available for processing by all EC2 instances. The solution should also be a high performance file system that is integrated with persistent storage to read and write datasets and output files.
Which combination of AWS services meets these requirements?

1. A. Amazon FSx for Lustre integrated with Amazon S3
2. B. Amazon FSx for Windows File Server integrated with Amazon S3
3. C. Amazon S3 Glacier integrated with Amazon Elastic Block Store (Amazon EBS)
4. D. Amazon S3 bucket with a VPC endpoint integrated with an Amazon Elastic Block Store (Amazon EBS) General Purpose SSD (gp2) volume

Correct Answer: A
https://aws.amazon.com/fsx/lustre/
Amazon FSx for Lustre is a fully managed service that provides cost-effective, high-performance, scalable storage for compute workloads. Many workloads such as machine learning, high performance computing (HPC), video rendering, and financial simulations depend on compute instances accessing the same set of data through high-performance shared storage.

- (Exam Topic 3)
A company is deploying a two-tier web application in a VPC. The web tier is using an Amazon EC2 Auto Scaling group with public subnets that span multiple Availability Zones. The database tier consists of an Amazon RDS for MySQL DB instance in separate private subnets. The web tier requires access to the database to retrieve product information.
The web application is not working as intended. The web application reports that it cannot connect to the database. The database is confirmed to be up and running. All configurations for the network ACLs. Security groups, and route tables are still in their default states.
What should a solutions architect recommend to fix the application?

1. A. Add an explicit rule to the private subnet's network ACL to allow traffic from the web tier's EC2 instances.
2. B. Add a route in the VPC route table to allow traffic between the web tier's EC2 instances and Ihe database tier.
3. C. Deploy the web tier's EC2 instances and the database tier's RDS instance into two separate VPC
4. D. and configure VPC peering.
5. E. Add an inbound rule to the security group of the database tier's RDS instance to allow traffic from the web tier's security group.

Correct Answer: D

- (Exam Topic 1)
A solutions architect is designing a VPC with public and private subnets. The VPC and subnets use IPv4 CIDR blocks. There is one public subnet and one private subnet in each of three Availability Zones (AZs) for high availability. An internet gateway is used to provide internet access for the public subnets. The private subnets require access to the internet to allow Amazon EC2 instances to download software updates.
What should the solutions architect do to enable Internet access for the private subnets?

1. A. Create three NAT gateways, one for each public subnet in each A
2. B. Create a private route table for each AZ that forwards non-VPC traffic to the NAT gateway in its AZ.
3. C. Create three NAT instances, one for each private subnet in each A
4. D. Create a private route table for each AZ that forwards non-VPC traffic to the NAT instance in its AZ.
5. E. Create a second internet gateway on one of the private subnet
6. F. Update the route table for the private subnets that forward non-VPC traffic to the private internet gateway.
7. G. Create an egress-only internet gateway on one of the public subnet
8. H. Update the route table for the private subnets that forward non-VPC traffic to the egress- only internet gateway.

Correct Answer: A
https://aws.amazon.com/about-aws/whats-new/2018/03/introducing-amazon-vpc-nat-gateway-in-the-aws-govclo https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html