- (Exam Topic 1)
A solutions architect has an operational workload deployed on Amazon EC2 instances in an Auto Scaling group. The VPC architecture spans two Availability Zones (AZ) with a subnet in each that the Auto Scaling group is targeting. The VPC is connected to an on-premises environment and connectivity cannot be interrupted. The maximum size ol the Auto Scaling group is 20 instances in service. The VPC IPv4 addressing is as follows:
VPC CIDR: 10.0.0.0/23
AZ1 subnet CIDR: 10.0.0.0/24 AZ2 subnet CIDR: 10.0.1.0/24
Since deployment, a third AZ has become available in the Region. The solutions architect wants to adopt the new AZ without adding additional IPv4 address space and without service downtime.
Which solution will meet these requirements?

1. A. Update the Auto Scaling group to use the AZ2 subnet onl
2. B. Delete and re-create the AZ1 subnet using hall the previous address spac
3. C. Adjust the Auto Seating group to also use the new AZ1 subne
4. D. When the instances are healthy, adjust the Auto Scaling group to use the AZ1 subnet onl
5. E. Remove the current AZ2 subne
6. F. Create a new AZ2 subnet using the second half of the address space from the original AZ1 subne
7. G. Create a new AZ3 subnet using half the original AZ2 subnet address space, then update the Auto Scaling group to target all three new subnets.
8. H. Terminate the EC2 instances in the AZ1 subne
9. I. Delete and re-create the AZ1 subnet using half the address spac
10. J. Update the Auto Scaling group to use this new subne
11. K. Repeat this for the second A
12. L. Define a new subnet in AZ3, then update the Auto Scaling group to target all three new subnets.
13. M. Create a new VPC with the same IPv4 address space and define three subnets, with one for each A
14. N. Update the existing Auto Scaling group to target the new subnets in the new VPC.
15. O. Update the Auto Scaling group to use the AZ2 subnet onl
16. P. Update the AZ1 subnet to have half the previous address spac
17. Q. Adjust the Auto Scaling group to also use the AZ1 subnet agai
18. R. When the instances are healthy, adjust the Auto Scaling group to use the AZ1 subnet onl
19. S. Update the current AZ2 subnet and assign the second half of the address space from the original AZ1 subne
20. T. Create a new AZ3 subnet using halt the original AZ2 subnet address space, then update the Auto Scaling group to target all three new subnets.

Correct Answer: A
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-ip-address-range/?nc1=h_ls
It's not possible to modify the IP address range of an existing virtual private cloud (VPC) or subnet. You must delete the VPC or subnet, and then create a new VPC or subnet with your preferred CIDR block.

- (Exam Topic 2)
A company runs an loT platform on AWS loT sensors in various locations send data to the company's Node js API servers on Amazon EC2 instances running behind an Application Load Balancer The data is stored in an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume
The number of sensors the company has deployed in the field has increased over time and is expected to grow significantly The API servers are consistently overloaded and RDS metrics show high write latency
Which of the following steps together will resolve the issues permanently and enable growth as new sensors are provisioned, while keeping this platform cost-efficient? {Select TWO.)

1. A. Resize the MySQL General Purpose SSD storage to 6 TB to improve the volume's IOPS
2. B. Re-architect the database tier to use Amazon Aurora instead of an RDS MySQL DB instance and add read replicas
3. C. Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data
4. D. Use AWS X-Ray to analyze and debug application issues and add more API servers to match the load
5. E. Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance

Correct Answer: CE

- (Exam Topic 2)
A company is using an existing orchestration tool to manage thousands of Amazon EC2 instances. A recent penetration test found a vulnerability in the company's software stack. This vulnerability has prompted the company to perform a full evaluated of its current production environment The analysts determined that the following vulnerabilities exist within the environment:
• Operating systems with outdated libraries and known vulnerabilities are being used in production
• Relational databases hosted and managed by the company are running unsupported versions with known vulnerabilities
• Data stored in databases Is not encrypted.
The solutions architect intends to use AWS Config to continuously audit and assess the compliance of the company's AWS resource configurations with the company's polices and guidelines What additional steps will enable the company to secure its environments and track resources while adhering to best practices?

1. A. Use AWS Application Discovery Service to evaluate at running EC2 instances Use the AWS CLI lo modify each instance, and use EC2 user data to install the AWS SystemsManager Agent during boot Schedule patching to run as a Systems Manager Maintenance Windowstas
2. B. Migrate all relational databases lo Amazon RDS and enable AWS KMS encryption
3. C. Create an AWS CloudFormation template for the EC2 instances Use EC2 user data in the CloudFormation template to install the AWS Systems Manager Agent, and enable AWS KMS encryption on all Amazon EBS volume
4. D. Have CloudFormation replace al running instance
5. E. Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to run AWS-RunPatchBaseline using the patch baseline
6. F. Install the AWS Systems Manager Agent on all existing instances using the company's current orchestration tool Use the Systems Manager Run Command to run a list of commands to upgrade software on each instance using operating system-specific tool
7. G. Enable AWS KMS encryption on all Amazon EBS volumes.
8. H. install the AWS Systems Manager Agent on all existing instances using the company's current orchestration too
9. I. Migrate al relational databases to Amazon RDS and enable AWS KMS encryption Use Systems Manager Patch Manager to establish a patch baseline and deploy a Systems Manager Maintenance Windows task to run AWS-RunPatchBaseline using the patch baseline.

Correct Answer: D

- (Exam Topic 2)
A software development company has multiple engineers who are working remotely. The company is running Active Directory Domain Services (AD DS) on an Amazon EC2 instance. The company's security policy states that all internal, nonpublic services that are deployed in a VPC must be accessible through a VPN
Multi-factor authentication (MFA) must be used for access to a VPN.
Whet should a solution architect do to meet these requirements?

1. A. Create an AWS Site-to-Site VPN connection Configure integration between a VPN and AD D
2. B. Use an Amazon Workspaces client with MFA support enabled to establish a VPN connection.
3. C. Create an AWS Client VPN endpoint Create an AD Connector directory for integration with AD DS Enable MFA for AD Connector Use AWS Client VPN to establish a VPN connection.
4. D. Create multiple AWS Site-to-Site VPN connections by using AWS VPN CloudHub Configure integration between AWS VPN CloudHub and AD DS Use AWS Cop4ot to establish a VPN connection.
5. E. Create an Amazon WorkLink endpoint Configure integration between Amazon WorkLink and AD D
6. F. Enable MFA in Amazon WorkLink Use AWS Client VPN to establish a VPN connection.

Correct Answer: B

- (Exam Topic 2)
A company is collecting a large amount of data from a fleet of loT devices. Data is stored as Optimized Row Columnar (ORC) files in the Hadoop Distributed File System (HDFS) on a persistent Amazon EMR cluster. The company's data analytics team queries the data by using SQL in Apache Presto deployed on the same EMR cluster Queries scan large amounts of data always run for less than 15 minutes, and run only between 5 PM and 10 PM.
The company is concerned about the high cost associated with the current solution A solutions architect must propose the most cost-effective solution that will allow SQL data queries.
Which solution will meet these requirements?

1. A. Store data m Amazon S3 Use Amazon Redshift Spectrum to query data.
2. B. Store data m Amazon S3 Use the AWS Glue Data Catalog and Amazon Athena to query data.
3. C. Store data in EMR File System (EMRFS). Use Presto n Amazon EMR to query data.
4. D. Store data in Amazon Redshift Use Amazon Redshift to query data

Correct Answer: D