A company has users all around the world accessing its HTTP-based application deployed on Amazon EC2 instances in

multiple AWS Regions. The company wants to improve the availability and performance of the application. The company
also wants to protect the application against common web exploits that may affect availability, compromise security, or
consume excessive resources. Static IP addresses are required.
What should a solutions architect recommend to accomplish this?
A. Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an
accelerator using AWS Global Accelerator and register the NLBs as endpoints.
B. Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Deploy AWS WAF on the ALBs. Create
an accelerator using AWS Global Accelerator and register the ALBs as endpoints.
C. Put the EC2 instances behind Network Load Balancers (NLBs) in each Region. Deploy AWS WAF on the NLBs. Create an
Amazon CloudFront distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to
the NLBs.
D. Put the EC2 instances behind Application Load Balancers (ALBs) in each Region. Create an Amazon CloudFront
distribution with an origin that uses Amazon Route 53 latency-based routing to route requests to the ALBs. Deploy AWS
WAF on the CloudFront distribution.
Question #: 662
A company uses AWS Cost Explorer to monitor its AWS costs. The company notices that Amazon Elastic Block Store
(Amazon EBS) storage and snapshot costs increase every month. However, the company does not purchase additional
EBS storage every month. The company wants to optimize monthly costs for its current storage usage.
Which solution will meet these requirements with the LEAST operational overhead?
A. Use logs in Amazon CloudWatch Logs to monitor the storage utilization of Amazon EBS. Use Amazon EBS Elastic
Volumes to reduce the size of the EBS volumes.
B. Use a custom script to monitor space usage. Use Amazon EBS Elastic Volumes to reduce the size of the EBS volumes.
C. Delete all expired and unused snapshots to reduce snapshot costs.
D. Delete all nonessential snapshots. Use Amazon Data Lifecycle Manager to create and manage the snapshots according
to the company's snapshot policy requirements.
Question #: 749
A company’s website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling
group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is
being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review
of security logs revealed an external malicious IP that needs to be blocked from accessing the website.
What should a solutions architect do to protect the application?
A. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
B. Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
C. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
D. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
Question #: 853
A company's web application consists of multiple Amazon EC2 instances that run behind an Application Load Balancer in
a VPC. An Amazon RDS for MySQL DB instance contains the data. The company needs the ability to automatically detect
and respond to suspicious or unexpected behavior in its AWS environment. The company already has added AWS WAF
to its architecture.
What should a solutions architect do next to protect against threats?
A. Use Amazon GuardDuty to perform threat detection. Configure Amazon EventBridge to filter for GuardDuty findings
and to invoke an AWS Lambda function to adjust the AWS WAF rules.
B. Use AWS Firewall Manager to perform threat detection. Configure Amazon EventBridge to filter for Firewall Manager
findings and to invoke an AWS Lambda function to adjust the AWS WAF web ACL.
C. Use Amazon Inspector to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to
limit access to the web application.
D. Use Amazon Macie to perform threat detection and to update the AWS WAF rules. Create a VPC network ACL to limit
access to the web application.
Question #: 865
A company's near-real-time streaming application is running on AWS. As the data is ingested, a job runs on the data and
takes 30 minutes to complete. The workload frequently experiences high latency due to large amounts of incoming data.
A solutions architect needs to design a scalable and serverless solution to enhance performance.
Which combination of steps should the solutions architect take? (Choose two.)
A. Use Amazon Kinesis Data Firehose to ingest the data.
B. Use AWS Lambda with AWS Step Functions to process the data.
C. Use AWS Database Migration Service (AWS DMS) to ingest the data.
D. Use Amazon EC2 instances in an Auto Scaling group to process the data.
E. Use AWS Fargate with Amazon Elastic Container Service (Amazon ECS) to process the data.
Question #: 867
A company runs its production workload on Amazon EC2 instances with Amazon Elastic Block Store (Amazon EBS)
volumes. A solutions architect needs to analyze the current EBS volume cost and to recommend optimizations. The
recommendations need to include estimated monthly saving opportunities.
Which solution will meet these requirements?
A. Use Amazon Inspector reporting to generate EBS volume recommendations for optimization.
B. Use AWS Systems Manager reporting to determine EBS volume recommendations for optimization.
C. Use Amazon CloudWatch metrics reporting to determine EBS volume recommendations for optimization.
D. Use AWS Compute Optimizer to generate EBS volume recommendations for optimization.
Question #: 807
A company uses high concurrency AWS Lambda functions to process a constantly increasing number of messages in a
message queue during marketing events. The Lambda functions use CPU intensive code to process the messages. The
company wants to reduce the compute costs and to maintain service latency for its customers.
Which solution will meet these requirements?
A. Configure reserved concurrency for the Lambda functions. Decrease the memory allocated to the Lambda functions.
B. Configure reserved concurrency for the Lambda functions. Increase the memory according to AWS Compute
Optimizer recommendations.
C. Configure provisioned concurrency for the Lambda functions. Decrease the memory allocated to the Lambda
functions.
D. Configure provisioned concurrency for the Lambda functions. Increase the memory according to AWS Compute
Optimizer recommendations.
Question #: 735