A company decided to purchase Amazon EC2 Reserved Instances. A solutions architect is tasked with implementing a
solution where only the master account in AWS Organizations is able to purchase the Reserved Instances. Current and
future member accounts should be blocked from purchasing Reserved Instances.
Which solution will meet these requirements?
C
A company has a standard three-tier architecture using two Availability Zones. During the companys off season, users
report that the website is not working. The Solutions Architect finds that no changes have been made to the environment
recently, the website is reachable, and it is possible to log in. However, when the Solutions Architect selects the find a store
near you function, the maps provided on the site by a third-party RESTful API call do not work about 50% of the time after
refreshing the page. The outbound API calls are made through Amazon EC2 NAT instances.
What is the MOST likely reason for this failure and how can it be mitigated in the future?
D
Explanation:
The issue is 50% failure, means the balancing over 2 AZs is failing on one NAT instance in one AZ. The solution is to
replace the NAT instance with fully managed and high available NAT gateway.
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon
Cognito has two different flows for authentication with public providers.
Which of the following are the two flows?
C
Explanation:
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon
Cognito has two different flows for authentication with public providers: enhanced and basic.
Reference:
http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-flow/
A mobile app has become very popular, and usage has gone from a few hundred to millions of users. Users capture and
upload images of activities within a city, and provide ratings and recommendations. Data access patterns are unpredictable.
The current application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is
experiencing slowdowns and costs are growing rapidly.
Which changes should a solutions architect make to the application architecture to control costs and improve performance?
B
A group of research institutions and hospitals are in a partnership to study 2 PBs of genomic data. The institute that owns the
data stores it in an Amazon S3 bucket and updates it regularly. The institute would like to give all of the organizations in the
partnership read access to the data. All members of the partnership are extremely cost-conscious, and the institute that
owns the account with the S3 bucket is concerned about covering the costs for requests and data transfers from Amazon S3.
Which solution allows for secure datasharing without causing the institute that owns the bucket to assume all the costs for S3
requests and data transfers?
A
A Solutions Architect is designing a highly available and reliable solution for a cluster of Amazon EC2 instances.
The Solutions Architect must ensure that any EC2 instance within the cluster recovers automatically after a system failure.
The solution must ensure that the recovered instance maintains the same IP address.
How can these requirements be met?
D
Explanation:
Reference: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html
Which of the following cannot be used to manage Amazon ElastiCache and perform administrative tasks?
D
Explanation:
CloudWatch is a monitoring tool and doesn't give users access to manage Amazon ElastiCache.
Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.Managing.html
You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to
access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via
third party CDNs by their URLs.
You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?
A
Explanation:
Organizations usually implement proxy solutions to provide URL and web content filtering, IDS/IPS, data loss prevention,
monitoring, and advanced threat protection. Reference: https://d0.awsstatic.com/aws-
answers/Controlling_VPC_Egress_Traffic.pdf
A finance company is running its business-critical application on current-generation Linux EC2 instances. The application
includes a self-managed MySQL database performing heavy I/O operations. The application is working fine to handle a
moderate amount of traffic during the month. However, it slows down during the final three days of each month due to
month-end reporting, even though the company is using Elastic Load Balancers and Auto Scaling within its infrastructure to
meet the increased demand.
Which of the following actions would allow the database to handle the month-end load with the LEAST impact on
performance?
D
A company is adding a new approved external vendor that only supports IPv6 connectivity. The companys backend systems
sit in the private subnet of an Amazon VPC. The company uses a NAT gateway to allow these systems to communicate with
external vendors over IPv4. Company policy requires systems that communicate with external vendors to use a security
group that limits access to only approved external vendors. The virtual private cloud (VPC) uses the default network ACL.
The Systems Operator successfully assigns IPv6 addresses to each of the backend systems. The Systems Operator also
updates the outbound security group to include the IPv6 CIDR of the external vendor (destination). The systems within the
VPC are able to ping one another successfully over IPv6. However, these systems are unable to communicate with the
external vendor.
What changes are required to enable communication with the external vendor?
D
Explanation:
Reference:
https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html