- (Exam Topic 3)
A company hosts a VPN in an on-premises data center. Employees currently connect to the VPN to access files in their Windows home directories. Recently, there has been a large growth in the number of employees who work remotely. As a result, bandwidth usage for connections into the data center has begun to reach 100% during business hours.
The company must design a solution on AWS that will support the growth of the company's remote workforce, reduce the bandwidth usage for connections into the data center, and reduce operational overhead.
Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

1. A. Create an AWS Storage Gateway Volume Gatewa
2. B. Mount a volume from the Volume Gateway to the on-premises file server.
3. C. Migrate the home directories to Amazon FSx for Windows File Server.
4. D. Migrate the home directories to Amazon FSx for Lustre.
5. E. Migrate remote users to AWS Client VPN
6. F. Create an AWS Direct Connect connection from the on-premises data center to AWS.

Correct Answer: BD

- (Exam Topic 3)
A company is migrating an on-premises application and a MySQL database to AWS. The application processes highly sensitive data, and new data is constantly updated in the database. The data must not be transferred over the internet. The company also must encrypt the data in transit and at rest.
The database is 5 TB in size. The company already has created the database schema in an Amazon RDS for MySQL DB instance. The company has set up a 1 Gbps AWS Direct Connect connection to AWS. The company also has set up a public VIF and a private VIF. A solutions architect needs to design a solution that will migrate the data to AWS with the least possible downtime.
Which solution will meet these requirements?

1. A. Perform a database backu
2. B. Copy the backup files to an AWS Snowball Edge Storage Optimized device.Import the backup to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at res
3. C. Use TLS for encryption in transi
4. D. Import the data from Amazon S3 to the DB instance.
5. E. Use AWS Database Migration Service (AWS DMS) to migrate the data to AW
6. F. Create a DMS replication instance in a private subne
7. G. Create VPC endpoints for AWS DM
8. H. Configure a DMS task to copy data from the on-premises database to the DB instance by using full load plus change data capture(CDC). Use the AWS Key Management Service (AWS KMS) default key for encryption at res
9. I. Use TLS for encryption in transit.
10. J. Perform a database backu
11. K. Use AWS DataSync to transfer the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at res
12. L. Use TLS for encryption in transi
13. M. Import the data from Amazon S3 to the DB instance.
14. N. Use Amazon S3 File Gatewa
15. O. Set up a private connection to Amazon S3 by using AWS PrivateLink.Perform a database backu
16. P. Copy the backup files to Amazon S3. Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3) for encryption at res
17. Q. Use TLS for encryption in transi
18. R. Import the data from Amazon S3 to the DB instance.

Correct Answer: B
The best solution is to use AWS Database Migration Service (AWS DMS) to migrate the data to AWS. AWS DMS is a web service that can migrate data from various sources to various targets, including MySQL databases. AWS DMS can perform full load and change data capture (CDC) migrations, which means that it can copy the existing data and also capture the ongoing changes to keep the source and target databases in sync. This minimizes the downtime during the migration process. AWS DMS also supports encryption at rest and in transit by using AWS Key Management Service (AWS KMS) and TLS, respectively. This ensures that the data is protected during the migration. AWS DMS can also leverage AWS Direct Connect to transfer the data over a private connection, avoiding the internet. This solution meets all the requirements of the company. References: AWS Database Migration Service Documentation, Migrating Data to Amazon RDS MySQL or MariaDB, Using SSL to Encrypt a Connection to a DB Instance

- (Exam Topic 1)
A company is hosting an image-processing service on AWS in a VPC. The VPC extends across two Availability Zones. Each Availability Zone contains one public subnet and one private subnet.
The service runs on Amazon EC2 instances in the private subnets. An Application Load Balancer in the public subnets is in front of the service. The service needs to communicate with the internet and does so through two NAT gateways. The service uses Amazon S3 for image storage. The EC2 instances retrieve approximately 1 ¢’ of data from an S3 bucket each day.
The company has promoted the service as highly secure. A solutions architect must reduce cloud expenditures as much as possible without compromising the service's security posture or increasing the time spent on ongoing operations.
Which solution will meet these requirements?

1. A. Replace the NAT gateways with NAT instance
2. B. In the VPC route table, create a route from the private subnets to the NAT instances.
3. C. Move the EC2 instances to the public subnet
4. D. Remove the NAT gateways.
5. E. Set up an S3 gateway VPC endpoint in the VP
6. F. Attach an endpoint policy to the endpoint to allow the required actions on the S3 bucket.
7. G. Attach an Amazon Elastic File System (Amazon EFS) volume to the EC2 instance
8. H. Host the image on the EFS volume.

Correct Answer: C
Create Amazon S3 gateway endpoint in the VPC and add a VPC endpoint policy. This VPC endpoint policy will have a statement that allows S3 access only via access points owned by the organization.

- (Exam Topic 2)
A company uses AWS Organizations to manage more than 1.000 AWS accounts. The company has created a new developer organization. There are 540 developer member accounts that must be moved to the new developer organization. All accounts are set up with all the required Information so that each account can be operated as a standalone account.
Which combination of steps should a solutions architect take to move all of the developer accounts to the new developer organization? (Select THREE.)

1. A. Call the MoveAccount operation in the Organizations API from the old organization's management account to migrate the developer accounts to the new developer organization.
2. B. From the management account, remove each developer account from the old organization using the RemoveAccountFromOrganization operation in the Organizations API.
3. C. From each developer account, remove the account from the old organization using theRemoveAccountFromOrganization operation in the Organizations API.
4. D. Sign in to the new developer organization's management account and create a placeholder member account that acts as a target for the developer account migration.
5. E. Call the InviteAccountToOrganization operation in the Organizations API from the new developer organization's management account to send invitations to the developer accounts.
6. F. Have each developer sign in to their account and confirm to join the new developer organization.

Correct Answer: BEF
"This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead." https://docs.aws.amazon.com/organizations/latest/APIReference/API_RemoveAccountFromOrganization.html

- (Exam Topic 2)
A company wants to refactor its retail ordering web application that currently has a load-balanced Amazon EC2 instance fleet for web hosting, database API services, and business logic. The company needs to create a decoupled, scalable architecture with a mechanism for retaining failed orders while also minimizing operational costs.
Which solution will meet these requirements?

1. A. Use Amazon S3 for web hosting with Amazon API Gateway for database API service
2. B. Use Amazon Simple Queue Service (Amazon SQS) for order queuin
3. C. Use Amazon Elastic Container Service (Amazon ECS) for business logic with Amazon SQS long polling for retaining failed orders.
4. D. Use AWS Elastic Beanstalk for web hosting with Amazon API Gateway for database API service
5. E. Use Amazon MQ for order queuin
6. F. Use AWS Step Functionsfor business logic with Amazon S3 Glacier Deep Archive for retaining failed orders.
7. G. Use Amazon S3 for web hosting with AWS AppSync for database API service
8. H. Use Amazon Simple Queue Service (Amazon SQS) for order queuin
9. I. Use AWS Lambda for business logic with an Amazon SQS dead-letter queue for retaining failed orders.
10. J. Use Amazon Lightsail for web hosting with AWS AppSync for database API service
11. K. Use Amazon Simple Email Service (Amazon SES) for order queuin
12. L. UseAmazon Elastic Kubernetes Service (Amazon EKS) for business logic with Amazon OpenSearch Service for retaining failed orders.

Correct Answer: C
•Use Amazon S3 for web hosting with AWS AppSync for database API services. Use Amazon Simple Queue Service (Amazon SQS) for order queuing. Use AWS Lambda for business logic with an Amazon SQS dead-letter queue for retaining failed orders.
This solution will allow you to:
•Host a static website on Amazon S3 without provisioning or managing servers1.
•Use AWS AppSync to create a scalable GraphQL API that connects to your database and other data sources1.
•Use Amazon SQS to decouple and scale your order processing microservices1.
•Use AWS Lambda to run code for your business logic without provisioning or managing servers1.
•Use an Amazon SQS dead-letter queue to retain messages that can’t be processed by your Lambda function1.