- (Exam Topic 1)
A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access.
After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must provide the design team with access to the production account without exposing other parts of the web application to the risk of unwanted changes.
Which combination of steps will meet these requirements? (Select THREE.)

1. A. In the production account, create a new IAM policy that allows read and write access to the S3 bucket.
2. B. In the development account, create a new IAM policy that allows read and write access to the S3 bucket.
3. C. In the production account, create a rol
4. D. Attach the new policy to the rol
5. E. Define the development account as a trusted entity.
6. F. In the development account, create a rol
7. G. Attach the new policy to the rol
8. H. Define the production account as a trusted entity.
9. I. In the development account, create a group that contains all the IAM users of the design tea
10. J. Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the production account.
11. K. In the development account, create a group that contains all tfje IAM users of the design tea
12. L. Attach a different IAM policy to the group to allow the sts;AssumeRole action on the role in the development account.

Correct Answer: ACE
A. In the production account, create a new IAM policy that allows read and write access to the S3 bucket. The policy grants the necessary permissions to access the assets in the production S3 bucket.
C. In the production account, create a role. Attach the new policy to the role. Define the development account as a trusted entity. By creating a role and attaching the policy, and then defining the development account as a trusted entity, the development account can assume the role and access the production S3 bucket with the read and write permissions.
E. In the development account, create a group that contains all the IAM users of the design team. Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the production account. The IAM policy attached to the group allows the design team members to assume the role created in the production account, thereby giving them access to the production S3 bucket.
Step 1: Create a role in the Production Account; create the role in the Production account and specify the Development account as a trusted entity. You also limit the role permissions to only read and write access to the productionapp bucket. Anyone granted permission to use the role can read and write to the productionapp bucket. Step 2: Grant access to the role Sign in as an administrator in the Development account and allow the AssumeRole action on the UpdateApp role in the Production account. So, recap, production account you create the policy for S3, and you set development account as a trusted entity. Then on the development account you allow the sts:assumeRole action on the role in production account. https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

- (Exam Topic 1)
A company uses an on-premises data analytics platform. The system is highly available in a fully redundant configuration across 12 servers in the company's data center.
The system runs scheduled jobs, both hourly and daily, in addition to one-time requests from users. Scheduled jobs can take between 20 minutes and 2 hours to finish running and have tight SLAs. The scheduled jobs account for 65% of the system usage. User jobs typically finish running in less than 5 minutes and have no SLA. The user jobs account for 35% of system usage. During system failures, scheduled jobs must continue to meet SLAs. However, user jobs can be delayed.
A solutions architect needs to move the system to Amazon EC2 instances and adopt a consumption-based model to reduce costs with no long-term commitments. The solution must maintain high availability and must not affect the SLAs.
Which solution will meet these requirements MOST cost-effectively?

1. A. Split the 12 instances across two Availability Zones in the chosen AWS Regio
2. B. Run two instances in each Availability Zone as On-Demand Instances with Capacity Reservation
3. C. Run four instances in each Availability Zone as Spot Instances.
4. D. Split the 12 instances across three Availability Zones in the chosen AWS Regio
5. E. In one of the Availability Zones, run all four instances as On-Demand Instances with Capacity Reservation
6. F. Run the remaining instances as Spot Instances.
7. G. Split the 12 instances across three Availability Zones in the chosen AWS Regio
8. H. Run two instances in each Availability Zone as On-Demand Instances with a Savings Pla
9. I. Run two instances in each Availability Zone as Spot Instances.
10. J. Split the 12 instances across three Availability Zones in the chosen AWS Regio
11. K. Run three instances in each Availability Zone as On-Demand Instances with Capacity Reservation
12. L. Run one instance in each Availability Zone as a Spot Instance.

Correct Answer: D
By splitting the 12 instances across three Availability Zones, the system can maintain high availability and availability of resources in case of a failure. Option D also uses a combination of On-Demand Instances with Capacity Reservations and Spot Instances, which allows for scheduled jobs to be run on the On-Demand instances with guaranteed capacity, while also taking advantage of the cost savings from Spot Instances for the user jobs which have lower SLA requirements.

- (Exam Topic 2)
A manufacturing company is building an inspection solution for its factory. The company has IP cameras at the end of each assembly line. The company has used Amazon SageMaker to train a machine learning (ML) model to identify common defects from still images.
The company wants to provide local feedback to factory workers when a defect is detected. The company must be able to provide this feedback even if the factory’s internet connectivity is down. The company has a local Linux server that hosts an API that provides local feedback to the workers.
How should the company deploy the ML model to meet these requirements?

1. A. Set up an Amazon Kinesis video stream from each IP camera to AW
2. B. Use Amazon EC2 instances to take still images of the stream
3. C. Upload the images to an Amazon S3 bucke
4. D. Deploy a SageMaker endpoint with the ML mode
5. E. Invoke an AWS Lambda function to call the inference endpoint when new images are uploade
6. F. Configure the Lambda function to call the local API when a defect is detected.
7. G. Deploy AWS IoT Greengrass on the local serve
8. H. Deploy the ML model to the Greengrass serve
9. I. Create a Greengrass component to take still images from the cameras and run inferenc
10. J. Configure the component to call the local API when a defect is detected.
11. K. Order an AWS Snowball devic
12. L. Deploy a SageMaker endpoint the ML model and an Amazon EC2 instance on the Snowball devic
13. M. Take still images from the camera
14. N. Run inference from the EC2 instanc
15. O. Configure the instance to call the local API when a defect is detected.
16. P. Deploy Amazon Monitron devices on each IP camer
17. Q. Deploy an Amazon Monitron Gateway on premise
18. R. Deploy the ML model to the Amazon Monitron device
19. S. Use Amazon Monitron health state alarms to call the local API from an AWS Lambda function when a defect is detected.

Correct Answer: B
The company should use AWS IoT Greengrass to deploy the ML model to the local server and provide local feedback to the factory workers. AWS IoT Greengrass is a service that extends AWS cloud capabilities to local devices, allowing them to collect and analyze data closer to the source of information, react autonomously to local events, and communicate securely with each other on local networks1. AWS IoT
Greengrass also supports ML inference at the edge, enabling devices to run ML models locally without requiring internet connectivity2.
The other options are not correct because:
Setting up an Amazon Kinesis video stream from each IP camera to AWS would not work if the factory’s internet connectivity is down. It would also incur unnecessary costs and latency to stream video data to the cloud and back.
Ordering an AWS Snowball device would not be a scalable or cost-effective solution for deploying the ML model. AWS Snowball is a service that provides physical devices for data transfer and edge computing, but it is not designed for continuous operation or frequent updates3.
Deploying Amazon Monitron devices on each IP camera would not work because Amazon Monitron is a service that monitors the condition and performance of industrial equipment using sensors and machine learning, not cameras4.
References:
https://aws.amazon.com/greengrass/
https://docs.aws.amazon.com/greengrass/v2/developerguide/use-machine-learning-inference.html
https://aws.amazon.com/snowball/
https://aws.amazon.com/monitron/

- (Exam Topic 2)
A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.
Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

1. A. Create an AWS Cloud Formation template that provisions a VPC and the required subnet
2. B. Deploy the template to each AWS account.
3. C. Create an AWS Cloud Formation template that provisions a VPC and the required subnet
4. D. Deploy the template to a shared services account Share the subnets by using AWS Resource Access Manager.
5. E. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises networ
6. F. Share the transit gateway by using AWS Resource Access Manager.
7. G. Use AWS Site-to-Site VPN for connectivity to the on-premises network.
8. H. Use AWS Direct Connect for connectivity to the on-premises network.

Correct Answer: BD

- (Exam Topic 1)
A video streaming company recently launched a mobile app for video sharing. The app uploads various files to an Amazon S3 bucket in the us-east-1 Region. The files range in size from 1 GB to 10 GB.
Users who access the app from Australia have experienced uploads that take long periods of time Sometimes the files fail to completely upload for these users . A solutions architect must improve the app' performance for these uploads
Which solutions will meet these requirements? (Select TWO.)

1. A. Enable S3 Transfer Acceleration on the S3 bucket Configure the app to use the Transfer Acceleration endpoint for uploads
2. B. Configure an S3 bucket in each Region to receive the upload
3. C. Use S3 Cross-Region Replication to copy the files to the distribution S3 bucket.
4. D. Set up Amazon Route 53 with latency-based routing to route the uploads to the nearest S3 bucket Region.
5. E. Configure the app to break the video files into chunks Use a multipart upload to transfer files to Amazon S3.
6. F. Modify the app to add random prefixes to the files before uploading

Correct Answer: AD
https://aws.amazon.com/premiumsupport/knowledge-center/s3-upload-large-files/
Enabling S3 Transfer Acceleration on the S3 bucket and configuring the app to use the Transfer Acceleration endpoint for uploads will improve the app's performance for these uploads by leveraging Amazon CloudFront's globally distributed edge locations to accelerate the uploads. Breaking the video files into chunks and using a multipart upload to transfer files to Amazon S3 will also improve the app's performance by allowing parts of the file to be uploaded in parallel, reducing the overall upload time.