Untitled Quiz

Questions and Answers

What is the most cost-effective method to host a website that contains HTML, CSS, client-side JavaScript, and images?

Containerize the website and host it in AWS Fargate.

Configure an Application Load Balancer with an AWS Lambda target that uses the Express.js framework.

Deploy a web server on an Amazon EC2 instance to host the website.

Create an Amazon S3 bucket and host the website there. (correct)

Which AWS service can be used to periodically run API calls for checking resource tag allocations?

Amazon S3

Amazon CloudWatch (correct)

Amazon EC2

AWS CodePipeline

What is the best solution for sharing millions of financial transactions while ensuring sensitive data is removed before storage?

Stream the transactions data into Amazon Kinesis Data Firehose and use Lambda.

Store batched transactions data in Amazon S3 and process with AWS Lambda.

Stream the transactions data into Amazon Kinesis Data Streams and use AWS Lambda. (correct)

Store the transactions data into Amazon DynamoDB and use DynamoDB Streams.

Which service is NOT suitable for hosting a static website made up of HTML, CSS, and images?

AWS Lambda

When processing financial transactions for sensitive data, which AWS service combination is most efficient?

Amazon Kinesis Data Streams with Lambda and DynamoDB.

Which method will NOT effectively enable the removal of sensitive data during transaction processing?

Directly writing to Amazon S3.

Which of the following is a key advantage of using Amazon S3 for hosting a website over an EC2 instance?

Simplified deployment with no server management.

What is a requirement for the solution architect regarding the marketplace web application?

Transactions need to be processed for real-time latency.

Which solution allows secure remote access to EC2 instances with the least operational overhead?

Attach an IAM role and use AWS Systems Manager Session Manager for SSH access.

To reduce latency for users accessing a static website hosted on S3, which option is the most cost-effective?

Add an Amazon CloudFront distribution in front of the bucket.

What is the primary purpose of configuring server-side encryption with AWS KMS keys for S3 buckets?

To enhance data security by encrypting content at rest.

When maintaining a searchable repository in Amazon RDS for MySQL, what is important for managing over 10 million rows effectively?

Partitioning the database to simplify data retrieval.

What must be configured to allow cross-region replication for S3 buckets?

Enable versioning on the source and destination buckets.

Which approach for SSH access to EC2 instances involves higher management overhead?

Deploying a bastion host for secure access through a public subnet.

Which solution is NOT a valid way to improve the performance of an S3-hosted static website?

Use Elastic Load Balancing to distribute traffic to the S3 bucket.

Which AWS service provides an efficient way to manage application secrets in a secure manner?

AWS Secrets Manager.

What is the primary benefit of using AWS Secrets Manager for credential rotation in this scenario?

It provides secure storage and automatic rotation of secrets.

Which option correctly utilizes multi-Region capabilities for credential management?

Using multi-Region secret replication in AWS Secrets Manager.

What is the first step needed to share dashboard access with the product manager?

Create an IAM user for the company's employees.

How does using Amazon Aurora with Multi-AZ deployment ensure high availability?

By automatically failing over to a standby instance if the primary fails.

What action should the product manager take to access the CloudWatch dashboard after receiving the login credentials?

Locate the dashboard by name in the Dashboards section.

What kind of scaling is necessary for the e-commerce application's database based on its workload?

Read scaling to accommodate an increase in read requests.

Which Amazon RDS configuration addresses both high availability and read workload demands effectively?

Multi-AZ deployment with read replicas.

Which trust relationship is required for connecting on-premises Microsoft Active Directory with AWS SSO to meet user management needs?

A two-way forest trust.

What AWS service can be used for a single sign-on solution while managing users in an on-premises directory?

AWS Directory Service.

What action is necessary to maintain the database performance amidst unpredictable workload changes?

Automatically scale with Aurora Auto Scaling for read replicas.

To achieve automated failover between Regions for a VoIP service, what is the recommended solution?

Deploy a Network Load Balancer and use Global Accelerator.

Why is utilizing Amazon ElastiCache for Memcached not an ideal solution for the database's performance issues?

It does not improve the underlying database performance.

Which Amazon service helps improve the caching of read-heavy workloads efficiently?

Amazon ElastiCache for caching frequently accessed data.

What is the main benefit of using AWS Organizations for managing multiple accounts?

Centralized management of accounts and policies.

When deploying a bastion server, what is critical to ensure regarding the browser on the server?

It should use cached AWS credentials with appropriate permissions.

Which component is essential for routing VoIP users to the Region with lowest latency?

AWS Global Accelerator for optimizing performance.

What is the primary purpose of using Amazon Macie in the context of file uploads containing PII?

To scan and identify personally identifiable information (PII) in the uploaded files.

Which option can automate the removal of files identified to contain PII with minimal development effort?

Use Amazon Inspector for scanning and Amazon S3 Lifecycle policy for removal.

What happens if an uploaded file is scanned and determined to contain PII when using Amazon Macie?

Amazon SNS sends notifications to administrators to initiate manual removal.

Which of the following tasks does not directly relate to the use of an Amazon S3 bucket as a secure transfer point?

Triggering emails based on file content analysis.

What is a key benefit of using Amazon S3 Lifecycle policies in managing files containing PII?

They automate the deletion or transition of files based on predefined rules.

What is the role of Amazon Inspector in the context described?

To analyze the contents of each uploaded file for potential threats.

Why might a company prefer using Amazon SNS for notifications rather than an email solution like Amazon SES?

Amazon SNS can send notifications to multiple subscribers at once.

What is the main function of an AWS Lambda function in the given scenario?

Scanning uploaded files and triggering notifications as needed.

What is the first step required when setting up an Auto Scaling group to manage nodes based on the number of items in an Amazon SQS queue?

Create an Amazon SQS queue to hold the jobs.

Which scaling policy is appropriate for an Auto Scaling group that is configured to use an Amazon SQS queue?

Add and remove nodes based on the number of items in the SQS queue.

How can the security team be notified about certificate expirations 30 days in advance?

Use AWS Config along with EventBridge to monitor and alert on certificate expirations.

What is a key step for an Auto Scaling group creation using a launch template?

Create an Amazon Machine Image (AMI) first.

Which AWS service is recommended to send alerts for expiring certificates 30 days before they expire?

Amazon Simple Notification Service (SNS).

What is NOT required when creating an Auto Scaling group using a launch template?

An Amazon SNS topic for processing jobs.

To improve the performance of a dynamic website for European users launched from the U.S., what technique could be effective?

Use a global load balancer to distribute traffic.

Which service should be configured to monitor certificates and alert on expiring ones?

AWS Config.

Study Notes

AWS Solutions for Various Use Cases

• Credential Rotation (Question #13): Store credentials as secrets in AWS Secrets Manager, utilize multi-region secret replication, and configure Secrets Manager for scheduled rotation. This method minimizes operational overhead.

• Database Scaling (Question #14): Use Amazon Aurora with Multi-AZ deployment and Aurora Auto Scaling with Aurora Replicas for automatic scaling of read workloads and high availability.

• Product Manager Access (Question #27): Create an IAM user with the ViewOnlyAccess managed policy, share login credentials, and direct the product manager to locate the CloudWatch dashboard by name.

• SSO Across Accounts (Question #28): Use AWS Single Sign-On (AWS SSO) and create a one-way forest trust or a one-way domain trust to connect the on-premises Microsoft Active Directory with AWS SSO using AWS Directory Service for Microsoft Active Directory.

• VoIP Service with Failover (Question #29): Deploy a Network Load Balancer (NLB) with an associated target group, associating the target group with the Auto Scaling group, and employing the NLB as an AWS Global Accelerator endpoint in each region. This provides low latency routing and automated failover to the region with the lowest latency.

• Least Cost Effective Website Hosting (Question #32): Hosting a static website in an Amazon S3 bucket is the most cost-effective method.

• Scalable Transaction Processing (Question #33): Stream transactions to Amazon Kinesis Data Firehose, storing data in Amazon DynamoDB and S3, and use Lambda integration with Kinesis Data Firehose to remove sensitive data. This lets other applications consume the data stored in Amazon S3.

• Remote Instance Administration (Question #37): Utilize AWS Systems Manager Session Manager to create an SSH session; this method adheres to the AWS Well-Architected Framework and minimizes operational overhead

• Static Website Latency Optimization (Question #38): Deploy an Amazon CloudFront distribution in front of the S3 bucket. This solution addresses latency issues and optimizes cost-effectively.

• Searchable Repository (Question #39): To improve the performance of a repository with 10 million rows and 2 TB of data in an Amazon RDS for MySQL database, consider additional actions like indexing, query optimization, or using a more appropriate database for analytical purposes. This question lacks a clearly optimal solution.

• PII Detection and Remediation (Question #46): Use Amazon Macie to scan objects in an Amazon S3 bucket for personally identifiable information (PII). If PII is detected, Amazon SNS triggers a notification and directs administrators to remove the data or implement further remediation steps.

• Scalable Job Processing (Question #81): Utilize an Amazon SQS queue to hold jobs that need processing. Using an Auto Scaling group scales based on the queue length.

• Certificate Expiration Notifications (Question #82): Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that detects certificates expiring in 30 days. This rule invokes an AWS Lambda function, sending a notification via Amazon Simple Notification Service (Amazon SNS).

Key Concepts for AWS Solutions

• IAM Roles: Attaching appropriate IAM roles to instances for secure administration.
• Secrets Manager: Securely storing and managing sensitive credentials.
• Multi-AZ Deployments: Enhanced availability via multiple Availability Zones.
• Scalability: Architecting for increasing workloads, such as with Auto Scaling.
• Monitoring: Utilizing services for collecting and analyzing data (e.g., CloudWatch).
• Security: Procedures for protecting sensitive data (e.g., encryption of data).
• Cost optimization: Strategies to make the system cost-effective and efficient.
• High Availability: Setting up systems to continue functioning even with failures.
• Fault tolerance: Restoring a failing system, ensuring business continuity.