You would like to host a static website for digitalcloud.training on AWS.

You will be using Route

53 to direct traffic to the website. Which of the below steps would help you achieve your
objectives? (Choose 2)

 Create an “Alias�? record that points to the S3 bucket (Correct)

 Create an S3 bucket named digitalcloud.training (Correct)

 Create an "SRV" record that points to the S3 bucket

 Create a “CNAME�? record that points to the S3 bucket

 Use any existing S3 bucket that has public read access enabled

Your company runs a two-tier application on the AWS cloud that is composed of a web front-
end and an RDS database. The web front-end uses multiple EC2 instances in multiple
Availability Zones (AZ) in an Auto Scaling group behind an Elastic Load Balancer. Your manager
is concerned about a single point of failure in the RDS database layer.

What would be the most effective approach to minimizing the risk of an AZ failure causing an
outage to your database layer?

 Enable Multi-AZ for the RDS DB instance (Correct)

 Create a Read Replica of the RDS DB instance in another AZ

 Take a snapshot of the database

 Increase the DB instance size

You would like to create a highly available web application that serves static content using
multiple On-Demand EC2 instances.

Which of the following AWS services will help you to achieve this? (choose 2)

 Elastic Load Balancer and Auto Scaling (Correct)

 Multiple Availability Zones (Correct)

 DynamoDB and ElastiCache

 Direct Connect

 Amazon S3 and CloudFront

You are a Solutions Architect at Digital Cloud Training. A client of yours is using API Gateway
for accepting and processing a large number of API calls to AWS Lambda. The client’s business
is rapidly growing and he is therefore expecting a large increase in traffic to his API Gateway
and AWS Lambda services.
 The client has asked for advice on ensuring the services can scale without any reduction in
performance. What advice would you give to the client? (choose 2)

 AWS Lambda scales concurrently executing functions up to your default limit (Correct)

 API Gateway scales manually through the assignment of provisioned throughput

 API Gateway scales up to the default throttling limit, with some additional burst capacity
available (Correct)

 API Gateway can only scale up to the fixed throttling limits

 AWS Lambda automatically scales up by using larger instance sizes for your functions

An application you manage uses Auto Scaling and a fleet of EC2 instances. You recently noticed
that Auto Scaling is scaling the number of instances up and down multiple times in the same
hour. You need to implement a remediation to reduce the amount of scaling events. The
remediation must be cost-effective and preserve elasticity

What design changes would you implement? (choose 2)

 Modify the Auto Scaling group termination policy to terminate the oldest instance first

 Modify the Auto Scaling group cool-down timers (Correct)

 Modify the CloudWatch alarm period that triggers your Auto Scaling scale down
policy (Correct)

 Modify the Auto Scaling policy to use scheduled scaling actions

 Modify the Auto Scaling group termination policy to terminate the newest instance first

An EBS-backed EC2 instance has been configured with some proprietary software that uses an
embedded license. You need to move the EC2 instance to another Availability Zone (AZ) within
the region. How can this be accomplished? Choose the best answer.

 Take a snapshot of the instance. Create a new EC2 instance and perform a restore from
the snapshot

 Create an image from the instance. Launch an instance from the AMI in the
destination AZ (Correct)

 Use the AWS Management Console to select a different AZ for the existing instance

 Perform a copy operation to move the EC2 instance to the destination AZ

Your manager has asked you to explain how Amazon ElastiCache may assist with the company’s
plans to improve the performance of database queries.

Which of the below statements is a valid description of the benefits of Amazon ElastiCache?
(Choose 2)
 ElastiCache can form clusters using a mixture of Memcached and Redis caching engines,
allowing you to take advantage of the best features of each caching engine

 ElastiCache is best suited for scenarios where the data base load type is OLTP

 The in-memory caching provided by ElastiCache can be used to significantly

improve latency and throughput for many read-heavy application workloads or
compute-intensive workloads (Correct)

 ElastiCache is a web service that makes it easy to deploy and run Memcached
or Redis protocol-compliant server nodes in the cloud (Correct)

 ElastiCache nodes can be accessed directly from the Internet and EC2 instances in other
regions, which allows you to improve response times for queries over long distances

You have been tasked with building an ECS cluster using the EC2 launch type and need to
ensure container instances can connect to the cluster. A colleague informed you that you must
ensure the ECS container agent is installed on your EC2 instances. You have selected to use the
Amazon ECS-optimized AMI.

Which of the statements below are correct? (Choose 2)

 The Amazon ECS container agent is installed on the AWS managed infrastructure used for
tasks using the EC2 launch type so you don’t need to do anything

 The Amazon ECS container agent must be installed for all AMIs

 The Amazon ECS container agent is included in the Amazon ECS-optimized AMI
(Correct)

 You can install the ECS container agent on any Amazon EC2 instance that
supports the Amazon ECS specification (Correct)

 You can only install the ECS container agent on Linux instances

Your organization is deploying a multi-language website on the AWS Cloud. The website uses
CloudFront as the front-end and the language is specified in the HTTP request:

· http://d12345678aabbcc0.cloudfront.net/main.html?language=en

· http://d12345678aabbcc0.cloudfront.net/main.html?language=sp

· http://d12345678aabbcc0.cloudfront.net/main.html?language=fr

You need to configure CloudFront to deliver the cached content. What method can be used?

 Signed Cookies

 Signed URLs

 Query string parameters (Correct)

 Origin Access Identity

A company is launching a new application and expects it to be very popular. The company
requires a database layer that can scale along with the application. The schema will be
frequently changes and the application cannot afford any downtime for database changes.

Which AWS service allows the company to achieve these requirements?

 Amazon RDS MySQL

 Amazon DynamoDB (Correct)

 Amazon Aurora

 Amazon RedShift

A company hosts a popular web application that connects to an Amazon RDS MySQL DB
instance running in a private VPC subnet that was created with default ACL settings. The web
servers must be accessible only to customers on an SSL connection. The database should only
be accessible to web servers in a public subnet.

Which solution meets these requirements without impacting other running applications?
(choose 2)

 Create a network ACL on the DB subnet, allow MySQL port 3306 inbound for web servers,
and deny all outbound traffic

 Create a network ACL on the web server's subnet, allow HTTPS port 443 inbound, and
specify the source as 0.0.0.0/0

 Create a DB server security group that allows MySQL port 3306 inbound and
specify the source as a web server security group (Correct)

 Create a web server security group that allows HTTPS port 443 inbound traffic
from Anywhere (0.0.0.0/0) and apply it to the web servers (Correct)

 Create a DB server security group that allows the HTTPS port 443 inbound and specify the
source as a web server security group

You are considering the security and durability of your data that is stored in Amazon EBS
volumes. Which of the statements below is true?

 You can define the number of AZs to replicate your data to via the API

 EBS volumes are backed by Amazon S3 which replicates data across multiple facilities
within a region

 EBS volumes are replicated across AZs to protect you from loss of access to an individual
AZ
 EBS volumes are replicated within their Availability Zone (AZ) to protect you from
component failure (Correct)

Your company is opening a new office in the Asia Pacific region. Users in the new office will
need to read data from an RDS database that is hosted in the U.S. To improve performance,
you are planning to implement a Read Replica of the database in the Asia Pacific region.
However, your Chief Security Officer (CSO) has explained to you that the company policy
dictates that all data that leaves the U.S must be encrypted at rest. The master RDS DB is not
currently encrypted.

What options are available to you? (choose 2)

 You can enable encryption for the master DB by creating a new DB from a snapshot with
encryption enabled (Correct)

 You can create an encrypted Read Replica that is encrypted with the same key

 You can create an encrypted Read Replica that is encrypted with a different key (Correct)

 You can enable encryption for the master DB through the management console

 You can use an encrypted EBS volume for the Read Replica

A company is planning moving their DNS records to AWS as part of a major migration to the
cloud. Which statements are true about Amazon Route 53? (choose 2)

 You can automatically register EC2 instances with private hosted zones

 You can transfer domains to Route 53 even if the Top-Level Domain (TLD) is unsupported

 Route 53 can be used to route Internet traffic for domains registered with another domain
registrar (Correct)

 You cannot automatically register EC2 instances with private hosted zones (Correct)

You are looking for a method to distribute onboarding videos to your company’s numerous
remote workers around the world. The training videos are located in an S3 bucket that is not
publicly accessible. Which of the options below would allow you to share the videos?

 Use a Route 53 Alias record the points to the S3 bucket

 Use CloudFront and set the S3 bucket as an origin (Correct)

 Use ElastiCache and attach the S3 bucket as a cache origin

 Use CloudFront and use a custom origin pointing to an EC2 instance

Your company runs a two-tier application that uses web front-ends running on EC2 instances
across multiple AZs. The back-end is an RDS multi-AZ database instance. The front-end servers
host a Content Management System (CMS) application that stores files that users upload in
 attached EBS storage. You don’t like having the uploaded files distributed across multiple EBS
volumes and are concerned that this solution is not scalable.

You would like to design a solution for storing the files that are uploaded to your EC2 instances
that can achieve high levels of aggregate throughput and IOPS. The solution must scale
automatically, and provide consistent low latencies. You also need to be able to mount the
storage to the EC2 instances across multiple AZs within the region.

Which AWS service would meet your needs?

 Use ElastiCache

 Store the files in the RDS database

 Use the Amazon Elastic File System (Correct)

 Create an S3 bucket and use this as the storage location for the application

You work as a Solutions Architect at Digital Cloud Training. You are working on a disaster
recovery solution that allows you to bring up your applications in another AWS region. Some of
your applications run on EC2 instances and have proprietary software configurations with
embedded licenses. You need to create duplicate copies of your EC2 instances in the other
region.

What would be the best way to do this? (choose 2)

 Copy the snapshots to the other region

 Create new EC2 instances from the AMIs (Correct)

 Create an AMI of each EC2 instance and copy the AMIs to the other region (Correct)

 Create snapshots of the EBS volumes attached to the instances

 Create new EC2 instances from the snapshot

A Solutions Architect requires a highly available database that can deliver an extremely low
RPO. Which of the following configurations uses synchronous replication?

 RDS Read Replica across AWS regions

 EBS volume synchronization

 RDS DB instance using a Multi-AZ configuration (Correct)

 DynamoDB Read Replica

You have taken a snapshot of an encrypted EBS volume and would like to share the snapshot
with another AWS account. Which statements are true about sharing snapshots of encrypted
EBS volumes? (choose 2)
 You must store the CMK key in CloudHSM and delegate access to the other AWS account

 You must share the CMK key as well as the snapshot with the other AWS account
(Correct)

 Snapshots of encrypted volumes are unencrypted

 You must obtain an encryption key from the target AWS account for encrypting the
snapshot

 A custom CMK key must be used for encryption if you want to share the snapshot
(Correct)

A developer is creating a solution for a real-time bidding application for a large retail company
that allows users to bid on items of end-of-season clothing. The application is expected to be
extremely popular and the back-end DynamoDB database may not perform as required

How can the Solutions Architect enable in-memory read performance with microsecond
response times for the DynamoDB database?

 Enable read replicas

 Increase the provisioned throughput

 Configure DynamoDB Auto Scaling

 Configure Amazon DAX (Correct)

You have launched a Spot instance on EC2 for working on an application development project.
In the event of an interruption what are the possible behaviors that can be configured? (choose
2)

 Stop (Correct)

 Restart

 Hibernate (Correct)

 Pause

 Save

Your company SysOps practices involve running scripts within the Linux operating systems of
your applications. Which of the following AWS services allow you to access the underlying
operating system? (choose 2)

 Amazon EMR (Correct)

 AWS Lambda

 Amazon RDS
 Amazon DynamoDB

 Amazon EC2 (Correct)

Another systems administrator in your company created an Auto Scaling group that is
configured to ensure that four EC2 instances are available at a minimum at all times. The
settings he selected on the Auto Scaling group are a minimum group size of four instances and
a maximum group size of six instances.

Your colleague has asked your assistance in trying to understand if Auto Scaling will allow him
to terminate instances in the Auto Scaling group and what the effect would be if it does.

What advice would you give to your colleague?

 Auto Scaling will not allow him to terminate an EC2 instance, because there are currently
four provisioned instances and the minimum is set to four

 This can only be done via the command line

 He would need to reduce the minimum group size setting to be able to terminate any
instances

 This should be allowed, and Auto Scaling will launch additional instances to compensate
for the ones that were terminated (Correct)

A company is moving a large amount of sensitive data to the cloud. Data will be moved to
Amazon S3 and the Solutions Architects are concerned about encryption and management of
keys.

Which of the statements below is correct regarding the SSE-KMS option? (choose 2)

 KMS uses customer provided keys (CPKs)

 KMS uses customer master keys (CMKs) (Correct)

 Auditable master keys can be created, rotated, and disabled from the IAM console
(Correct)

 Keys are managed through Amazon S3

 Data is encrypted by default on the client side and then transferred in an encrypted state

A colleague recently deployed a two-tier web application into a subnet using a test account.
The subnet has an IP address block of 10.0.5.0/27 and he launched an Auto Scaling Group (ASG)
with a desired capacity of 8 web servers. Another ASG has 6 application servers and two
database servers and both ASGs are behind a single ALB with multiple target groups. All
instances are On-Demand instances. Your colleague attempted to test a simulated increase in
capacity requirements of 50% and not all instances were able to launch successfully.

What would be the best explanations for the failure to launch the extra instances? (choose 2)
 There are insufficient IP addresses in the subnet range to allow for the EC2 instances, the
AWS reserved addresses, and the ELB IP address requirements (Correct)

 AWS impose a soft limit of 20 instances per region for an account, you have exceeded
this number (Correct)

 There are insufficient resources available in the Availability Zone

 The IP address block overlaps with another subnet in the VPC

 The ASG is waiting for the health check grace period to expire, it might have been set at
a high value

A Solutions Architect is reviewing the IP addressing strategy for the company's resources in the
AWS Cloud. Which of the statements below are correct regarding private IP addresses? (choose
2)

 For instances launched in EC2-Classic, the private IPv4 address is released when the
instance is stopped or terminated (Correct)

 Secondary private IP addresses cannot be reassigned from one instance to another

 For instances launched in a VPC, a private IPv4 address remains associated with the
network interface when the instance is stopped and restarted (Correct)

 A private IPv4 address is an IP address that's reachable over the Internet

 By default, an instance has a primary and secondary private IP address

The operations team in your company are looking for a method to automatically respond to
failed system status check alarms that are being received from an EC2 instance. The system in
question is experiencing intermittent problems with its operating system software.

Which two steps will help you to automate the resolution of the operating system software
issues? (choose 2)

 Configure an EC2 action that recovers the instance

 Configure an EC2 action that reboots the instance (Correct)

 Configure an EC2 action that terminates the instance

 Create a CloudWatch alarm that monitors the “StatusCheckFailed_System�? metric

 Create a CloudWatch alarm that monitors the “StatusCheckFailed_Instance�? metric

(Correct)

You are using an Application Load Balancer (ALB) for distributing traffic for a number of
application servers running on EC2 instances. The configuration consists of a single ALB with a
single target group. The front-end listeners are receiving traffic for digitalcloud.guru on port
443 (SSL/TLS) and the back-end listeners are receiving traffic on port 80 (HTTP).
 You will be installing a new application component on one of the application servers in the
existing target group that will process data sent to digitalcloud.guru/orders. The application
component will listen on HTTP port 8080 for this traffic.

What configuration changes do you need to make to implement this solution update? (choose
2)

 Add an additional port to the existing target group and set it to 8080

 Add a new rule to the existing front-end listener with a Path condition. Set the path
condition to /orders and add an action that forwards traffic to the new target group
(Correct)

 Add a new rule to the existing front-end listener with a Host condition. Set the host
condition to /orders and add an action that forwards traffic to the new target group

 Add an additional front-end listener that listens on port 443 and set a path condition to
process traffic destined to the path /orders

 Create a new target group and add the EC2 instance to it. Define the protocol as HTTP
and the port as 8080 (Correct)

A client is in the design phase of developing an application that will process orders for their
online ticketing system. The application will use a number of front-end EC2 instances that pick-
up orders and place them in a queue for processing by another set of back-end EC2 instances.
The client will have multiple options for customers to choose the level of service they want to
pay for. The client has asked how he can design the application to process the orders in a
prioritized way based on the level of service the customer has chosen

 Create a single SQS queue, configure the front-end application to place orders on the
queue in order of priority and configure the back-end instances to poll the queue and pick
up messages in the order they are presented

 Create multiple SQS queues, configure the front-end application to place orders onto a
specific queue based on the level of service requested and configure the back-end
instances to sequentially poll the queues in order of priority (Correct)

 Create a combination of FIFO queues and Standard queues and configure the applications
to place messages into the relevant queue based on priority

 Create multiple SQS queues, configure exactly-once processing and set the maximum
visibility timeout to 12 hours

There are two business units in your company that each have their own VPC. A company
restructure has resulted in the need to work together more closely and you would like to
configure VPC peering between the two VPCs. VPC A has a CIDR block of 172.16.0.0/16 and VPC
B has a CIDR block of 10.0.0.0/16. You have created a VPC peering connection with the ID: pcx-
11112222.

Which of the entries below should be added to the route table to allow full access to the entire
CIDR block of the VPC peer? (choose 2)

 Destination 172.16.0.0/16 and target pcx.11112222 in VPC B (Correct)

 Destination 10.0.0.0/16 and target pcx-11112222 in VPC A (Correct)

 Destination 10.0.0.0/16 and target pcx-11112222 in VPC B

 Destination 0.0.0.0/0 and target Local in VPC A and VPC B

 Destination 172.16.0.0/16 and target pcx.11112222 in VPC A

As the Chief Security Officer (CSO) of a large banking organization you are reviewing your
security policy for the usage of public cloud services. A key assessment criteria when
comparing public cloud services against maintaining applications on-premise, is the split of
responsibilities between AWS, as the service provider, and your company, as the customer.

According to the AWS Shared Responsibility Model, which of the following would be
responsibilities of the service provider? (choose 2)

 Identity and Access Management

 Operating system, network and firewall configuration

 Availability Zones (Correct)

 Physical networking infrastructure (Correct)

 Customer data

You are running a Hadoop cluster on EC2 instances in your VPC. The EC2 instances are
launched by an Auto Scaling Group (ASG) and you have configured the ASG to scale out and in
as demand changes. One of the instances in the group is the Hadoop Master Node and you
need to ensure that it is not terminated when your ASG processes a scale in action.

What is the best way this can be achieved without interrupting services?

 Change the DeleteOnTermination value for the EC2 instance

 Enable Deletion Protection for the EC2 instance

 Use the Instance Protection feature to set scale in protection for the Hadoop Master Node
(Correct)

 Move the Hadoop Master Node to another ASG that has the minimum and maximum
instance settings set to 1

The development team in your company has created a new application that you plan to deploy
on AWS which runs multiple components in Docker containers. You would prefer to use AWS
managed infrastructure for running the containers as you do not want to manage EC2
instances.

Which of the below solution options would deliver these requirements? (choose 2)

 Use the Elastic Container Service (ECS) with the Fargate Launch Type (Correct)
 Use the Elastic Container Service (ECS) with the EC2 Launch Type

 Put your container images in a private repository

 Use CloudFront to deploy Docker on EC2

 Put your container images in the Elastic Container Registry (ECR) (Correct)

You are designing a solution for an application that will read and write large amounts of data to
S3. You are expecting high throughput that may exceed 1000 requests per second and need
the performance of S3 to scale. What is AWS’s current advice for designing your S3 storage
strategy to ensure fast performance?

 Enable an object cache on S3 to ensure performance at this scale

 You must use CloudFront for caching objects at this scale as S3 cannot provide this level
of performance

 There is no longer a need to use random prefixes as S3 scales per prefix and the
performance required is well within the S3 performance limitations (Correct)

 Use a random prefix on objects to improve performance

You are deploying a two-tier web application within your VPC. The application consists of
multiple EC2 instances and an Internet-facing Elastic Load Balancer (ELB). The application will
be used by a small number of users with fixed public IP addresses and you need to control
access so only these users can access the application.

What would be the BEST methods of applying these controls? (choose 2)

 Configure the local firewall on each EC2 instance to only allow traffic from the specific IP
sources

 Configure the ELB Security Group to allow traffic from only the specific IP sources
(Correct)

 Configure the EC2 instance’s Security Group to allow traffic from only the specific IP
sources

 Configure the ELB to send the X-Forwarded-For header and configure the EC2 instances
to filter traffic based on the source IP information in the header (Correct)

 Configure certificates on the clients and use client certificate authentication on the ELB

A customer has a production application running on Amazon EC2. The application frequently
overwrites and deletes data, and it is essential that the application receives the most up-to-
date version of the data whenever it is requested.

Which service is most appropriate for these requirements?

 Amazon RedShift
 AWS Storage Gateway

 Amazon S3

 Amazon RDS (Correct)

A Solutions Architect is developing a new web application on AWS that needs to be able to
scale to support unpredictable workloads. The Architect prefers to focus on value-add activities
such as software development and product roadmap development rather than provisioning and
managing instances.

Which solution is most appropriate for this use case?

 Elastic Load Balancing with Auto Scaling groups and Amazon EC2

 Amazon CloudFront and AWS Lambda

 Amazon API Gateway and Amazon EC2

 Amazon API Gateway and AWS Lambda (Correct)