- (Exam Topic 3)
A company has mounted sensors to collect information about environmental parameters such as humidity and light throughout all the company's factories. The company needs to stream and analyze the data in the AWS Cloud in real time. If any of the parameters fall out of acceptable ranges, the factory operations team must receive a notification immediately.
Which solution will meet these requirements?

1. A. Stream the data to an Amazon Kinesis Data Firehose delivery strea
2. B. Use AWS Step Functions toconsume and analyze the data in the Kinesis Data Firehose delivery strea
3. C. use Amazon Simple Notification Service (Amazon SNS) to notify the operations team.
4. D. Stream the data to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluste
5. E. Set up a trigger in Amazon MSK to invoke an AWS Fargate task to analyze the dat
6. F. Use Amazon Simple Email Service (Amazon SES) to notify the operations team.
7. G. Stream the data to an Amazon Kinesis data strea
8. H. Create an AWS Lambda function to consume the Kinesis data stream and to analyze the dat
9. I. Use Amazon Simple Notification Service (Amazon SNS) to notify the operations team.
10. J. Stream the data to an Amazon Kinesis Data Analytics applicatio
11. K. I-Jse an automatically scaled and containerized service in Amazon Elastic Container Service (Amazon ECS) to consume and analyze the dat
12. L. use Amazon Simple Email Service (Amazon SES) to notify the operations team.

Correct Answer: C
The best solution is to stream the data to an Amazon Kinesis data stream and create an AWS Lambda function to consume the Kinesis data stream and to analyze the data. Amazon Kinesis is a web service that can collect, process, and analyze real-time streaming data from various sources, such as sensors. AWS Lambda is a serverless computing service that can run code in response to events, such as incoming data from a Kinesis data stream. By using AWS Lambda, the company can avoid provisioning or managing servers and scale automatically based on the demand. Amazon Simple Notification Service (Amazon SNS) is a web service that enables applications to send and receive notifications from the cloud. By using Amazon SNS, the company can notify the operations team immediately if any of the parameters fall out of acceptable ranges. This solution meets all the requirements of the company.
References: Amazon Kinesis Documentation, AWS Lambda Documentation, Amazon Simple Notification Service Documentation

- (Exam Topic 2)
A company needs to establish a connection from its on-premises data center to AWS. The company needs to connect all of its VPCs that are located in different AWS Regions with transitive routing capabilities between VPC networks. The company also must reduce network outbound traffic costs, increase bandwidth throughput, and provide a consistent network experience for end users.
Which solution will meet these requirements?

1. A. Create an AWS Site-to-Site VPN connection between the on-premises data center and a new central VP
2. B. Create VPC peering connections that initiate from the central VPC to all other VPCs.
3. C. Create an AWS Direct Connect connection between the on-premises data center and AW
4. D. Provision a transit VIF, and connect it to a Direct Connect gatewa
5. E. Connect the Direct Connect gateway to all the other VPCs by using a transit gateway in each Region.
6. F. Create an AWS Site-to-Site VPN connection between the on-premises data center and a new central VP
7. G. Use a transit gateway with dynamic routin
8. H. Connect the transit gateway to all other VPCs.
9. I. Create an AWS Direct Connect connection between the on-premises data center and AWS Establish an AWS Site-to-Site VPN connection between all VPCs in each Regio
10. J. Create VPC peering connections that initiate from the central VPC to all other VPCs.

Correct Answer: B
Transit GW + Direct Connect GW + Transit VIF + enabled SiteLink if two different DX locations https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-aws-direct-connect-sitelink/

- (Exam Topic 2)
A solutions architect is planning to migrate critical Microsoft SOL Server databases to AWS. Because the databases are legacy systems, the solutions architect will move the databases to a modern data architecture. The solutions architect must migrate the databases with near-zero downtime.
Which solution will meet these requirements?

1. A. Use AWS Application Migration Service and the AWS Schema Conversion Tool (AWS SCT). Perform an In-place upgrade before the migratio
2. B. Export the migrated data to Amazon Aurora Serverless after cutove
3. C. Repoint the applications to Amazon Aurora.
4. D. Use AWS Database Migration Service (AWS DMS) to Rehost the databas
5. E. Set Amazon S3 as a target.Set up change data capture (CDC) replicatio
6. F. When the source and destination are fully synchronized, load the data from Amazon S3 into an Amazon RDS for Microsoft SQL Server DB Instance.
7. G. Use native database high availability tools Connect the source system to an Amazon RDS for Microsoft SQL Server DB instance Configure replication accordingl
8. H. When data replication is finished, transition the workload to an Amazon RDS for Microsoft SQL Server DB instance.
9. I. Use AWS Application Migration Servic
10. J. Rehost the database server on Amazon EC2. When data replication is finished, detach the database and move the database to an Amazon RDS for Microsoft SQL Server DB instanc
11. K. Reattach the database and then cut over all networking.

Correct Answer: B
AWS DMS can migrate data from a source database to a target database in AWS, using change data capture (CDC) to replicate ongoing changes and keep the databases in sync. Setting Amazon S3 as a target allows storing the migrated data in a durable and cost-effective storage service. When the source and destination are fully synchronized, the data can be loaded from Amazon S3 into an Amazon RDS for Microsoft SQL Server DB instance, which is a managed database service that simplifies database administration tasks. References:
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.SQLServer.html
https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Target.S3.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_SQLServer.html

- (Exam Topic 2)
A company is implementing a serverless architecture by using AWS Lambda functions that need to access a Microsoft SQL Server DB instance on Amazon RDS. The company has separate environments for development and production, including a clone of the database system.
The company's developers are allowed to access the credentials for the development database. However, the credentials for the production database must be encrypted with a key that only members of the IT security team's IAM user group can access. This key must be rotated on a regular basis.
What should a solutions architect do in the production environment to meet these requirements?

1. A. Store the database credentials in AWS Systems Manager Parameter Store by using a SecureString parameter that is encrypted by an AWS Key Management Service (AWS KMS) customer managed ke
2. B. Attach a role to each Lambda function to provide access to the SecureString paramete
3. C. Restrict access to the Securestring parameter and the customer managed key so that only the IT security team can access the parameter and the key.
4. D. Encrypt the database credentials by using the AWS Key Management Service (AWS KMS) default Lambda ke
5. E. Store the credentials in the environment variables of each Lambda functio
6. F. Load the credentials from the environment variables in the Lambda cod
7. G. Restrict access to the KMS key o that only the IT security team can access the key.
8. H. Store the database credentials in the environment variables of each Lambda functio
9. I. Encrypt the environment variables by using an AWS Key Management Service (AWS KMS) customer managed ke
10. J. Restrict access to the customer managed key so that only the IT security team can access the key.
11. K. Store the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customermanaged ke
12. L. Attach a role to each Lambda function to provide access to the secre
13. M. Restrict access to the secret and the customer managed key so that only the IT security team can access the secret and the key.

Correct Answer: D
Storing the database credentials in AWS Secrets Manager as a secret that is associated with an AWS Key Management Service (AWS KMS) customer managed key will enable encrypting and managing the credentials securely1. AWS Secrets Manager helps you to securely encrypt, store, and retrieve credentials for your databases and other services2. Attaching a role to each Lambda function to provide access to the secret will enable retrieving the credentials programmatically1. Restricting access to the secret and the customer managed key so that only members of the IT security team’s IAM user group can access them will enable meeting the security requirements1.

- (Exam Topic 1)
A video processing company has an application that downloads images from an Amazon S3 bucket, processes the images, stores a transformed image in a second S3 bucket, and updates metadata about the image in an Amazon DynamoDB table. The application is written in Node.js and runs by using an AWS Lambda function. The Lambda function is invoked when a new image is uploaded to Amazon S3.
The application ran without incident for a while. However, the size of the images has grown significantly. The Lambda function is now failing frequently with timeout errors. The function timeout is set to its maximum value. A solutions architect needs to refactor the application’s architecture to prevent invocation failures. The company does not want to manage the underlying infrastructure.
Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)

1. A. Modify the application deployment by building a Docker image that contains the application code.Publish the image to Amazon Elastic Container Registry (Amazon ECR).
2. B. Create a new Amazon Elastic Container Service (Amazon ECS) task definition with a compatibility type of AWS Fargat
3. C. Configure the task definition to use the new image in Amazon Elastic Container Registry (Amazon ECR). Adjust the Lambda function to invoke an ECS task by using the ECS task definition when a new file arrives in Amazon S3.
4. D. Create an AWS Step Functions state machine with a Parallel state to invoke the Lambda function.Increase the provisioned concurrency of the Lambda function.
5. E. Create a new Amazon Elastic Container Service (Amazon ECS) task definition with a compatibility type of Amazon EC2. Configure the task definition to use the new image in Amazon Elastic Container Registry (Amazon ECR). Adjust the Lambda function to invoke an ECS task by using the ECS task definition when a new file arrives in Amazon S3.
6. F. Modify the application to store images on Amazon Elastic File System (Amazon EFS) and to store metadata on an Amazon RDS DB instanc
7. G. Adjust the Lambda function to mount the EFS file share.

Correct Answer: AB
A. Modify the application deployment by building a Docker image that contains the application code. Publish the image to Amazon Elastic Container Registry (Amazon ECR). - This step is necessary to package the application code in a container and make it available for running on ECS. B. Create a new Amazon Elastic Container Service (Amazon ECS) task definition with a compatibility type of AWS Fargate. Configure the task definition to use the new image in Amazon Elastic Container Registry (Amazon ECR). Adjust the Lambda function to invoke an ECS task by using the ECS task definition when a new file arrives in Amazon S3.