- (Topic 1)
A company hosts a containerized web application on a fleet of on-premises servers that process incoming requests. The number of requests is growing quickly. The on-premises servers cannot handle the increased number of requests. The company wants to move the application to AWS with minimum code changes and minimum development effort.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scalin
2. B. Use an Application Load Balancer to distribute the incoming requests.
3. C. Use two Amazon EC2 instances to host the containerized web applicatio
4. D. Use an Application Load Balancer to distribute the incoming requests
5. E. Use AWS Lambda with a new code that uses one of the supported language
6. F. Create multiple Lambda functions to support the loa
7. G. Use Amazon API Gateway as an entry point to the Lambda functions.
8. H. Use a high performance computing (HPC) solution such as AWS ParallelClusterto establish an HPC cluster that can process the incoming requests at the appropriate scale.

Correct Answer: A
AWS Fargate is a serverless compute engine that lets users run containers without having to manage servers or clusters of Amazon EC2 instances1. Users can use AWS Fargate on Amazon Elastic Container Service (Amazon ECS) to run the containerized web application with Service Auto Scaling. Amazon ECS is a fully managed container orchestration service that supports both Docker and Kubernetes2. Service Auto Scaling is a feature that allows users to adjust the desired number of tasks in an ECS service based on CloudWatch metrics, such as CPU utilization or request count3. Users can use AWS Fargate on
Amazon ECS to migrate the application to AWS with minimum code changes and minimum development effort, as they only need to package their application in containers and specify the CPU and memory requirements.
Users can also use an Application Load Balancer to distribute the incoming requests. An Application Load Balancer is a load balancer that operates at the application layer and routes traffic to targets based on the content of the request. Users can register their ECS tasks as targets for an Application Load Balancer and configure listener rules to route requests to different target groups based on path or host headers. Users can use an Application Load Balancer to improve the availability and performance of their web
application.

- (Topic 4)
A company runs multiple Amazon EC2 Linux instances in a VPC across two Availability Zones. The instances host applications that use a hierarchical directory structure. The applications need to read and write rapidly and concurrently to shared storage.
What should a solutions architect do to meet these requirements?

1. A. Create an Amazon S3 bucke
2. B. Allow access from all the EC2 instances in the VPC.
3. C. Create an Amazon Elastic File System (Amazon EFS) file syste
4. D. Mount the EFS file system from each EC2 instance.
5. E. Create a file system on a Provisioned IOPS SSD (102) Amazon Elastic Block Store (Amazon EBS) volum
6. F. Attach the EBS volume to all the EC2 instances.
7. G. Create file systems on Amazon Elastic Block Store (Amazon EBS) volumes that are attached to each EC2 instanc
8. H. Synchromze the EBS volumes across the different EC2 instances.

Correct Answer: B
it allows the EC2 instances to read and write rapidly and concurrently to shared storage across two Availability Zones. Amazon EFS provides a scalable, elastic, and highly available file system that can be mounted from multiple EC2 instances. Amazon EFS supports high levels of throughput and IOPS, and consistent low latencies. Amazon EFS also supports NFSv4 lock upgrading and downgrading, which enables high levels of concurrency. References:
✑ Amazon EFS Features
✑ Using Amazon EFS with Amazon EC2

- (Topic 4)
A company has deployed its application on Amazon EC2 instances with an Amazon RDS database. The company used the principle of least privilege to configure the database access credentials. The company's security team wants to protect the application and the database from SQL injection and other web-based attacks.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use security groups and network ACLs to secure the database and application servers.
2. B. Use AWS WAF to protect the applicatio
3. C. Use RDS parameter groups to configure thesecurity settings.
4. D. Use AWS Network Firewall to protect the application and the database.
5. E. Use different database accounts in the application code for different function
6. F. Avoid granting excessive privileges to the database users.

Correct Answer: B
AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF allows users to create rules that block, allow, or count web requests based on customizable web security rules. One of the types of rules that can be created is an SQL injection rule, which allows users to specify a list of IP addresses or IP address ranges that they want to allow or block. By using AWS WAF to protect the application, the company can prevent SQL injection and other web-based attacks from reaching the application and the database.
RDS parameter groups are collections of parameters that define how a database instance operates. Users can modify the parameters in a parameter group to change the behavior and performance of the database. By using RDS parameter groups to configure the security settings, the company can enforce best practices such as disabling remote root login, requiring SSL connections, and limiting the maximum number of connections.
The other options are not correct because they do not effectively protect the application and the database from SQL injection and other web-based attacks. Using security groups and network ACLs to secure the database and application servers is not sufficient because they only filter traffic at the network layer, not at the application layer. Using AWS Network Firewall to protect the application and the database is not necessary because it is a stateful firewall service that provides network protection for VPCs, not for individual applications or databases. Using different database accounts in the application code for different functions is a good practice, but it does not prevent SQL injection attacks from exploiting vulnerabilities in the application code.
References:
✑ AWS WAF
✑ How AWS WAF works
✑ Working with IP match conditions
✑ Working with DB parameter groups
✑ Amazon RDS security best practices

- (Topic 1)
An Amazon EC2 administrator created the following policy associated with an IAM group containing several users

What is the effect of this policy?

1. A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
2. B. Users can terminate an EC2 instance with the IP address 10 100 100 1 in the us-east-1 Region
3. C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
4. D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100 100 254

Correct Answer: C
as the policy prevents anyone from doing any EC2 action on any region except us-east-1 and allows only users with source ip 10.100.100.0/24 to terminate instances. So user with source ip 10.100.100.254 can terminate instances in us-east-1 region.

- (Topic 3)
A company has a Microsoft NET application that runs on an on-premises Windows Server Trie application stores data by using an Oracle Database Standard Edition server The company is planning a migration to AWS and wants to minimize development changes while moving the application The AWS application environment should be highly available
Which combination of actions should the company take to meet these requirements? (Select TWO )

1. A. Refactor the application as serverless with AWS Lambda functions running NET Cote
2. B. Rehost the application in AWS Elastic Beanstalk with the NET platform in a Multi-AZ deployment
3. C. Replatform the application to run on Amazon EC2 with the Amazon Linux Amazon Machine Image (AMI)
4. D. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Amazon DynamoDB in a Multi-AZ deployment
5. E. Use AWS Database Migration Service (AWS DMS) to migrate from the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment

Correct Answer: BE
To minimize development changes while moving the application to AWS and to ensure a high level of availability, the company can rehost the application in AWS Elastic Beanstalk with the .NET platform in a Multi-AZ deployment. This will allow the application to run in a highly available environment without requiring any changes to the application code.
The company can also use AWS Database Migration Service (AWS DMS) to migrate the Oracle database to Oracle on Amazon RDS in a Multi-AZ deployment. This will allow the company to maintain the existing database platform while still achieving a high level of availability.