- (Exam Topic 2)
A company has built a high performance computing (HPC) cluster in AWS for a tightly coupled workload that generates a large number of shared files stored in Amazon EFS. The cluster was performing well when the number of Amazon EC2 instances in the cluster was 100. However, when the company increased the cluster size to 1,000 EC2 instances, overall performance was well below expectations
Which collection of design choices should a solutions architect make to achieve the maximum performance from the HPC cluster? (Select THREE.)

1. A. Ensure the HPC cluster is launched within a single Availability Zone.
2. B. Launch the EC2 instances and attach elastic network interfaces in multiples of four.
3. C. Select EC2 instance types with an Elastic Fabric Adapter (EFA) enabled
4. D. Ensure the cluster is launched across multiple Availability Zones.
5. E. Replace Amazon EFS with multiple Amazon EBS volumes in a RAID array.
6. F. Replace Amazon EFS with Amazon FSx for Lustre.

Correct Answer: ACE

- (Exam Topic 2)
A company is running a serverless application that consists of several AWS Lambda functions and Amazon DynamoDB tables. The company has created new functionality that requires the Lambda functions to access an Amazon Neptune DB cluster The Neptune DB cluster is located in three subnets in a VPC.
Which of the possible solutions will allow the Lambda functions to access the Neptune DB cluster and DynamoDB tables? (Select TWO )

1. A. Create three public subnets in the Neptune VPC and route traffic through an interne: gateway Host theLambda functions m the three new public subnets
2. B. Create three private subnets in the Neptune VPC and route internet traffic through a NAT gateway Host the Lambda functions In the three new private subnets.
3. C. Host the Lambda functions outside the VP
4. D. Update the Neptune security group to allow access from the IP ranges of the Lambda functions.
5. E. Host the Lambda functions outside the VP
6. F. Create a VPC endpoint for the Neptune database, and have the Lambda functions access Neptune over the VPC endpoint
7. G. Create three private subnets in the Neptune VP
8. H. Host the Lambda functions m the three new isolated subnet
9. I. Create a VPC endpoint for DynamoD
10. J. and route DynamoDB traffic to the VPC endpoint

Correct Answer: AC

- (Exam Topic 2)
A financial services company loaded millions of historical stock trades into an Amazon DynamoDB table The table uses on-demand capacity mode Once each day at midnight, a few million new records are loaded into the table Application read activity against the table happens in bursts throughout the day, and a limited set of keys are repeatedly looked up. The company needs to reduce costs associated with DynamoDB.
Which strategy should a solutions architect recommend to meet this requirement?

1. A. Deploy an Amazon ElastiCache cluster in front of the DynamoDB table.
2. B. Deploy DynamoDB Accelerator (DAX) Configure DynamoDB auto scaling Purchase Savings Plans in Cost Explorer
3. C. Use provisioned capacity mode Purchase Savings Plans in Cost Explorer
4. D. Deploy DynamoDB Accelerator (DAX) Use provisioned capacity mode Configure DynamoDB auto scaling

Correct Answer: D

- (Exam Topic 2)
A company is using an Amazon CloudFront distribution to distribute both static and dynamic content from a web application running behind an Application Load Balancer The web application requires user authorization and session tracking tor dynamic content The CloudFront distribution has a single cache behavior configured to forward the Authorization, Host, and Agent HTTP allow list headers and a session cookie to the origin All other cache behavior settings are set to their default value
A valid ACM certificate is applied to the CloudFront distribution with a matching CNAME in the distribution settings The ACM certificate is also applied to the HTTPS listener for the Application Load Balancer The CloudFront origin protocol policy is set to HTTPS only Analysis of the cache statistics report shows that the miss rate for this distribution is very high
What can the solutions architect do to improve the cache hit rate for this distribution without causing the SSL/TLS handshake between CloudFront and the Application Load Balancer to fail?

1. A. Create two cache behaviors for static and dynamic content Remove the user-Agent and Host HTTP headers from the allow list headers section on both of the cache behaviors Remove the session cookie from the allow list cookies section and the Authorization HTTP header from the allow list headers section for cache behavior configured for static content
2. B. Remove the user-Agent and Authorization HTTP headers from the allow list headers section of the cache behaviou
3. C. Then update the cache behaviour to use resigned cookies for authorization
4. D. Remove the Host HTTP header from the allow list headers section and remove the session cookie from the allow list cookies section for the default cache behaviour Enable automatic object compression and use Lambda@Edge viewer request events for user authorization
5. E. Create two cache behaviours for static and dynamic content Remove the User-Agent HTTP header from the allow list headers section on both of the cache behavioursRemove the session cookie from the allow list cookies section and the Authorization HTTP header from the allow list headers section for cache behaviour configured for static content

Correct Answer: D
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/understanding-the-cache-key.html Removing the host header will result in failed flow between CloudFront and ALB, because they have same certificate.

- (Exam Topic 1)
A large payroll company recently merged with a small staffing company. The unified company now has multiple business units, each with its own existing AWS account.
A solutions architect must ensure that the company can centrally manage the billing and access policies for all the AWS accounts. The solutions architect configures AWS Organizations by sending an invitation to all member accounts of the company from a centralized management account.
What should the solutions architect do next to meet these requirements?

1. A. Create the OrganizationAccountAccess IAM group in each member accoun
2. B. Include the necessary IAM roles for each administrator.
3. C. Create the OrganizationAccountAccessPolicy IAM policy in each member accoun
4. D. Connect the member accounts to the management account by using cross-account access.
5. E. Create the OrganizationAccountAccessRole IAM role in each member accoun
6. F. Grant permission to the management account to assume the IAM role.
7. G. Create the OrganizationAccountAccessRole IAM role in the management account Attach the Administrator Access AWS managed policy to the IAM rol
8. H. Assign the IAM role to the administrators in each member account.

Correct Answer: C