Amazon AWS Exam Questions & Answers PDF

Summary

This document contains exam questions and answers related to data transfer and analysis. The questions cover topics such as using Amazon S3 Transfer Acceleration and Amazon Athena for efficient data analysis. It focuses on practical solutions with minimal operational overhead, suitable for professional cloud computing exam preparation.

Full Transcript

- Expert Verified, Online, Free.

 Custom View Settings
Topic 1 - Exam A

Question #1 Topic 1

A company collects data for temperature, humidity, and atmospheric pressure in cities across multiple continents. The average volume of data
that the company collects from each site daily is 500 GB. Each site has a high-speed Internet connection.
The company wants to aggregate the data from all these global sites as quickly as possible in a single Amazon S3 bucket. The solution must
minimize operational complexity.
Which solution meets these requirements?

A. Turn on S3 Transfer Acceleration on the destination S3 bucket. Use multipart uploads to directly upload site data to the destination S3
bucket.

B. Upload the data from each site to an S3 bucket in the closest Region. Use S3 Cross-Region Replication to copy objects to the destination S3
bucket. Then remove the data from the origin S3 bucket.

C. Schedule AWS Snowball Edge Storage Optimized device jobs daily to transfer data from each site to the closest Region. Use S3 Cross-
Region Replication to copy objects to the destination S3 bucket.

D. Upload the data from each site to an Amazon EC2 instance in the closest Region. Store the data in an Amazon Elastic Block Store (Amazon
EBS) volume. At regular intervals, take an EBS snapshot and copy it to the Region that contains the destination S3 bucket. Restore the EBS
volume in that Region.

Correct Answer: A

Community vote distribution
A (93%) 7%

  D2w Highly Voted  10 months, 2 weeks ago
Selected Answer: A
S3 Transfer Acceleration is the best solution cz it's faster , good for high speed, Transfer Acceleration is designed to optimize transfer speeds from
across the world into S3 buckets.
upvoted 41 times

  Blest012 1 month, 1 week ago
Correct the S3 Transfer Acceleration service is the best for this scenario
upvoted 1 times

  BoboChow 10 months, 2 weeks ago
I thought S3 Transfer Acceleration is based on Cross Region Repilication, I made a mistake.
upvoted 1 times

  dilopezat Highly Voted  4 months, 3 weeks ago
Thank you ExamTopics!!! I am so happy, today 06/04/2023 I pass the exam with 793.
upvoted 13 times

  Nezar_Mohsen 4 months, 2 weeks ago
is it enough to study the first 20 pages which are free?
upvoted 3 times

  ashu089 4 months, 2 weeks ago
NOPE NOPE
upvoted 1 times

  Bmarodi Most Recent  6 days ago
Selected Answer: A
Amazon S3 Transfer Acceleration can speed up your content transfers to and from Amazon S3 by as much as 50-500% for long-distance transfer of
larger objects.
upvoted 1 times

  Kavinsundar05 2 weeks, 3 days ago
Can anyone please send me the pdf of this whole questions. Thanks in advance.It would be a great help.
email- [email protected]
upvoted 1 times

  sandhyaejji 2 weeks, 5 days ago
 Amazon S3 Transfer Acceleration can speed up content transfers to and from Amazon S3 by as much as 50-500% for long-distance transfer of
larger objects. Customers who have either web or mobile applications with widespread users or applications hosted far away from their S3 bucket
can experience long and variable upload and download speeds over the Internet. S3 Transfer Acceleration (S3TA) reduces the variability in Internet
routing, congestion and speeds that can affect transfers, and logically shortens the distance to S3 for remote applications.
upvoted 2 times

  TariqKipkemei 4 weeks, 1 day ago
Selected Answer: A
S3 Transfer Acceleration improves transfer performance by routing traffic through Amazon CloudFront’s globally distributed Edge Locations and
over AWS backbone networks, and by using network protocol optimizations.
upvoted 1 times

  jksnu 1 month ago
Correct answer is A that is S3 Transfer Acceleration considering the points like 1) Having high internet speed 2) Need to transfer GBs of data
regularly from different cities in different continents 3) With minimum operational cost. It is basically used when you have very fast internet service
and collecting data from all over the world in GB or TB on regular basis. It first transfer the data to nearest Edge location and then this data is
transferred to the target S3 bucket over an optimized network path. For more information, please visit the AWS url:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/transfer-acceleration.html
upvoted 1 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: B
Explanation:
Option B suggests uploading the data from each site to an S3 bucket in the closest Region. This ensures that the data is transferred quickly over
high-speed Internet connections. By using S3 Cross-Region Replication, the objects can be automatically copied to the destination S3 bucket,
allowing for easy aggregation. Once the data is successfully replicated, it can be removed from the origin S3 bucket to minimize storage costs and
reduce complexity.

Option A is not the best choice because it only focuses on optimizing the upload to the destination S3 bucket by using S3 Transfer Acceleration
and multipart uploads. However, it doesn't address the requirement of aggregating data from multiple sites.
upvoted 2 times

  james2033 1 month, 1 week ago
Selected Answer: A
See video content of Amazon S3 Transfer Acceleration at https://www.youtube.com/watch?v=HnUqH3hdz4I with case study of Video content from
cameras to a concentrate center.
upvoted 1 times

  miki111 1 month, 1 week ago
AAAA is the right Answer.
upvoted 1 times

  HaiChamKhong 1 month, 2 weeks ago
My answer: A
upvoted 1 times

  Foxy2021 1 month, 3 weeks ago
I passed the test last month, several questions were similar to the questions posted here. Advise: study all the questions(Yes, ALL THE QUESTIONS,
500+ questions). The test was very hard.
upvoted 2 times

  KAMERO 2 months ago
Selected Answer: A
With Amazon S3 Transfer Acceleration, you can speed up content transfers to and from Amazon S3 by as much as 50-500% for long-distance
transfer of larger objects.
upvoted 1 times

  Gullashekar 2 months ago
Selected Answer: A
3 Transfer Acceleration is the best solution cz it's faster , good for high speed, Transfer Acceleration is designed to optimize transfer speeds from
across the world into S3 buckets.
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: A
To aggregate data from multiple global sites as quickly as possible in a single Amazon S3 bucket while minimizing operational complexity, the most
suitable solution would be Option A: Turn on S3 Transfer Acceleration on the destination S3 bucket and use multipart uploads to directly upload
site data to the destination S3 bucket.

In summary, Option A provides the most efficient and operationally simple solution to aggregate data from multiple global sites quickly into a
single Amazon S3 bucket. By leveraging S3 Transfer Acceleration and multipart uploads, the company can achieve rapid data ingestion while
minimizing complexity.
upvoted 2 times

  Subh_fidelity 2 months, 1 week ago
 I believe it is very confusing practice. Should we rely on Answers given against questions or Most voted answers ? Exam topics should not give
answers if most of the answers are wrong.
upvoted 3 times

  Rigsby 2 months, 2 weeks ago
Passed this week with a score of 830. Style is identical to these questions - learn all the questions here and you will do well.
upvoted 3 times
Question #2 Topic 1

A company needs the ability to analyze the log files of its proprietary application. The logs are stored in JSON format in an Amazon S3 bucket.
Queries will be simple and will run on-demand. A solutions architect needs to perform the analysis with minimal changes to the existing
architecture.
What should the solutions architect do to meet these requirements with the LEAST amount of operational overhead?

A. Use Amazon Redshift to load all the content into one place and run the SQL queries as needed.

B. Use Amazon CloudWatch Logs to store the logs. Run SQL queries as needed from the Amazon CloudWatch console.

C. Use Amazon Athena directly with Amazon S3 to run the queries as needed.

D. Use AWS Glue to catalog the logs. Use a transient Apache Spark cluster on Amazon EMR to run the SQL queries as needed.

Correct Answer: C

Community vote distribution
C (100%)

  airraid2010 Highly Voted  10 months, 2 weeks ago
Answer: C
https://docs.aws.amazon.com/athena/latest/ug/what-is.html
Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using
standard SQL. With a few actions in the AWS Management Console, you can point Athena at your data stored in Amazon S3 and begin using
standard SQL to run ad-hoc queries and get results in seconds.
upvoted 40 times

  BoboChow 10 months, 2 weeks ago
I agree C is the answer
upvoted 2 times

  tt79 10 months, 2 weeks ago
C is right.
upvoted 1 times

  PhucVuu Highly Voted  4 months, 3 weeks ago
Selected Answer: C
Keyword:
- Queries will be simple and will run on-demand.
- Minimal changes to the existing architecture.
A: Incorrect - We have to do 2 step. load all content to Redshift and run SQL query (This is simple query so we can you Athena, for complex query
we will apply Redshit)
B: Incorrect - Our query will be run on-demand so we don't need to use CloudWatch Logs to store the logs.
C: Correct - This is simple query we can apply Athena directly on S3
D: Incorrect - This take 2 step: use AWS Glue to catalog the logs and use Spark to run SQL query
upvoted 15 times

  Theocode Most Recent  2 weeks, 4 days ago
Selected Answer: C
A no-brainer, Athena can be used to query data directly from s3
upvoted 1 times

  sandhyaejji 2 weeks, 5 days ago
Amazon Athena is an interactive query service that makes it easy to analyze data directly in Amazon Simple Storage Service (Amazon S3) using
standard SQL. With a few actions in the AWS Management Console, you can point Athena at your data stored in Amazon S3 and begin using
standard SQL to run ad-hoc queries and get results in seconds.
upvoted 1 times

  TariqKipkemei 4 weeks, 1 day ago
Selected Answer: C
Amazon Athena is a serverless, interactive analytics service used to query data in relational, nonrelational, object, and custom data sources running
on S3.
upvoted 1 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: C
Explanation:
Option C is the most suitable choice for this scenario. Amazon Athena is a serverless query service that allows you to analyze data directly from
 Amazon S3 using standard SQL queries. Since the log files are already stored in JSON format in an S3 bucket, there is no need for data
transformation or loading into another service. Athena can directly query the JSON logs without the need for any additional infrastructure.
upvoted 2 times
  james2033 1 month, 1 week ago
Selected Answer: C
I remember question and answer in an easy way with case study https://www.youtube.com/watch?v=Dmw7HOOmiJQ
upvoted 1 times

  miki111 1 month, 1 week ago
Best option is CCCC
upvoted 1 times

  animefan1 1 month, 3 weeks ago
Selected Answer: C
athena is great for querying data in s3
upvoted 1 times

  oaidv 2 months ago
Selected Answer: C
C is right
upvoted 1 times

  KAMERO 2 months ago
Selected Answer: C
I agree C
upvoted 1 times

  Gullashekar 2 months ago
Selected Answer: C
https://docs.aws.amazon.com/athena/latest/ug/what-is.html
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: C
To meet the requirements of analyzing log files stored in JSON format in an Amazon S3 bucket with minimal changes to the existing architecture
and minimal operational overhead, the most suitable option would be Option C: Use Amazon Athena directly with Amazon S3 to run the queries as
needed.

Amazon Athena is a serverless interactive query service that allows you to analyze data directly from Amazon S3 using standard SQL queries. It
eliminates the need for infrastructure provisioning or data loading, making it a low-overhead solution.

Overall, Amazon Athena offers a straightforward and efficient solution for analyzing log files stored in JSON format, ensuring minimal operational
overhead and compatibility with simple on-demand queries.
upvoted 1 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: C
C is answer.
upvoted 1 times

  cheese929 3 months, 1 week ago
C is correct
upvoted 1 times

  rag300 4 months ago
Selected Answer: C
serverless to avoid operational overhead c is the answer
upvoted 2 times

  [Removed] 4 months ago
It is difficult to use SQL to query JSON format files, which contradicts the simple query mentioned in the question and excludes all SQL options
upvoted 2 times
Question #3 Topic 1

A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3
bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in
AWS Organizations.
Which solution meets these requirements with the LEAST amount of operational overhead?

A. Add the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.

B. Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.

C. Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization
events. Update the S3 bucket policy accordingly.

D. Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.

Correct Answer: A

Community vote distribution
A (94%) 6%

  ude Highly Voted  10 months, 2 weeks ago
Selected Answer: A
aws:PrincipalOrgID Validates if the principal accessing the resource belongs to an account in your organization.
https://aws.amazon.com/blogs/security/control-access-to-aws-resources-by-using-the-aws-organization-of-iam-principals/
upvoted 39 times

  BoboChow 10 months, 2 weeks ago
the condition key aws:PrincipalOrgID can prevent the members who don't belong to your organization to access the resource
upvoted 9 times

  Naneyerocky Highly Voted  9 months, 3 weeks ago
Selected Answer: A
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions_overview.html
Condition keys: AWS provides condition keys that you can query to provide more granular control over certain actions.
The following condition keys are especially useful with AWS Organizations:

aws:PrincipalOrgID – Simplifies specifying the Principal element in a resource-based policy. This global key provides an alternative to listing all the
account IDs for all AWS accounts in an organization. Instead of listing all of the accounts that are members of an organization, you can specify the
organization ID in the Condition element.

aws:PrincipalOrgPaths – Use this condition key to match members of a specific organization root, an OU, or its children. The aws:PrincipalOrgPaths
condition key returns true when the principal (root user, IAM user, or role) making the request is in the specified organization path. A path is a text
representation of the structure of an AWS Organizations entity.
upvoted 12 times

  Sleepy_Lazy_Coder 2 weeks ago
are we not choosing ou because the least overhead term was use? option B also seems correct
upvoted 2 times

  BlackMamba_4 17 hours, 5 minutes ago
Exactly
upvoted 1 times

  Guru4Cloud Most Recent  1 month, 1 week ago
Selected Answer: A
This is the least operationally overhead solution because it does not require any additional infrastructure or configuration. AWS Organizations
already tracks the organization ID of each account, so you can simply add the aws:PrincipalOrgID condition key to the S3 bucket policy and
reference the organization ID. This will ensure that only users of accounts within the organization can access the S3 bucket
upvoted 1 times

  james2033 1 month, 1 week ago
Selected Answer: A
See video "Ensure identities and networks can only be used to access trusted resources" at https://youtu.be/cWVW0xAiWwc?t=677 at 11:17 use
"aws:PrincipalOrgId": "o-fr75jjs531".
upvoted 1 times

  miki111 1 month, 1 week ago
Option A MET THE REQUIREMENT
 upvoted 1 times
  cookieMr 2 months, 1 week ago
Selected Answer: A
Option A, which suggests adding the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy, is a
valid solution to limit access to the S3 bucket to users within the organization in AWS Organizations. It can effectively achieve the desired access
control.

It restricts access to the S3 bucket based on the organization ID, ensuring that only users within the organization can access the bucket. This
method is suitable if you want to restrict access at the organization level rather than individual departments or organizational units.

The operational overhead for Option A is also relatively low since it involves adding a global condition key to the S3 bucket policy. However, it is
important to note that the organization ID must be accurately configured in the bucket policy to ensure the desired access control is enforced.

In summary, Option A is a valid solution with minimal operational overhead that can limit access to the S3 bucket to users within the organization
using the aws PrincipalOrgID global condition key.
upvoted 1 times

  karloscetina007 2 months, 1 week ago
A is the correct answer.
upvoted 1 times

  Musti35 4 months, 2 weeks ago
You can now use the aws:PrincipalOrgID condition key in your resource-based policies to more easily restrict access to IAM principals from
accounts in your AWS organization. For more information about this global condition key and policy examples using aws:PrincipalOrgID, read the
IAM documentation.
upvoted 1 times

  PhucVuu 4 months, 3 weeks ago
Selected Answer: A
Keywords:
- Company uses AWS Organizations
- Limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations
- LEAST amount of operational overhead
A: Correct - We just add PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy
B: Incorrect - We can limit access by this way but this will take more amount of operational overhead
C: Incorrect - AWS CloudTrail only log API events, we can not prevent user access to S3 bucket. For update S3 bucket policy to make it work you
should manually add each account -> this way will not be cover in case of new user is added to Organization.
D: Incorrect - We can limit access by this way but this will take most amount of operational overhead
upvoted 7 times

  linux_admin 4 months, 3 weeks ago
Selected Answer: A
Option A proposes adding the aws PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy. This would
limit access to the S3 bucket to only users of accounts within the organization in AWS Organizations, as the aws PrincipalOrgID condition key can
check if the request is coming from within the organization.
upvoted 2 times

  martin451 5 months ago
B. Create an organizational unit (OU) for each department. Add the AWS: Principal Org Paths global condition key to the S3 bucket policy. This
solution allows for the S3 bucket to only be accessed by users within the organization in AWS Organizations while minimizing operational overhead
by organizing users into OUs and using a single global condition key in the bucket policy. Option A, adding the Principal ID global condition key,
would require frequent updates to the policy as new users are added or removed from the organization. Option C, using CloudTrail to monitor
events, would require manual updating of the policy based on the events. Option D, tagging each user, would also require manual tagging updates
and may not be scalable for larger organizations with many users.
upvoted 1 times

  iamRohanKaushik 5 months, 1 week ago
Selected Answer: A
Answer is A.
upvoted 1 times

  buiducvu 6 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times

  SilentMilli 7 months, 2 weeks ago
Selected Answer: A
This is the least operationally overhead solution because it requires only a single configuration change to the S3 bucket policy, which will allow
access to the bucket for all users within the organization. The other options require ongoing management and maintenance. Option B requires the
creation and maintenance of organizational units for each department. Option C requires monitoring of specific CloudTrail events and updates to
the S3 bucket policy based on those events. Option D requires the creation and maintenance of tags for each user that needs access to the bucket.
upvoted 1 times

  Buruguduystunstugudunstuy 8 months, 1 week ago
 Selected Answer: A
Answered by ChatGPT with an explanation.

The correct solution that meets these requirements with the least amount of operational overhead is Option A: Add the aws PrincipalOrgID global
condition key with a reference to the organization ID to the S3 bucket policy.

Option A involves adding the aws:PrincipalOrgID global condition key to the S3 bucket policy, which allows you to specify the organization ID of
the accounts that you want to grant access to the bucket. By adding this condition to the policy, you can limit access to the bucket to only users of
accounts within the organization.
upvoted 4 times

  Buruguduystunstugudunstuy 8 months, 1 week ago
Option B involves creating organizational units (OUs) for each department and adding the aws:PrincipalOrgPaths global condition key to the S3
bucket policy. This option would require more operational overhead, as it involves creating and managing OUs for each department.

Option C involves using AWS CloudTrail to monitor certain events and updating the S3 bucket policy accordingly. While this option could
potentially work, it would require ongoing monitoring and updates to the policy, which could increase operational overhead.
upvoted 2 times

  Buruguduystunstugudunstuy 8 months, 1 week ago
Option D involves tagging each user that needs access to the S3 bucket and adding the aws:PrincipalTag global condition key to the S3
bucket policy. This option would require you to tag each user, which could be time-consuming and could increase operational overhead.

Overall, Option A is the most straightforward and least operationally complex solution for limiting access to the S3 bucket to only users of
accounts within the organization.
upvoted 1 times

  psr83 8 months, 1 week ago
Selected Answer: A
use a new condition key, aws:PrincipalOrgID, in these policies to require all principals accessing the resource to be from an account (including the
master account) in the organization. For example, let’s say you have an Amazon S3 bucket policy and you want to restrict access to only principals
from AWS accounts inside of your organization. To accomplish this, you can define the aws:PrincipalOrgID condition and set the value to your
organization ID in the bucket policy. Your organization ID is what sets the access control on the S3 bucket. Additionally, when you use this
condition, policy permissions apply when you add new accounts to this organization without requiring an update to the policy.
upvoted 2 times

  NikaCZ 8 months, 1 week ago
Selected Answer: A
aws:PrincipalOrgID – Simplifies specifying the Principal element in a resource-based policy. This global key provides an alternative to listing all the
account IDs for all AWS accounts in an organization.
upvoted 1 times
Question #4 Topic 1

An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2
instance needs to access the S3 bucket without connectivity to the internet.
Which solution will provide private network connectivity to Amazon S3?

A. Create a gateway VPC endpoint to the S3 bucket.

B. Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.

C. Create an instance profile on Amazon EC2 to allow S3 access.

D. Create an Amazon API Gateway API with a private link to access the S3 endpoint.

Correct Answer: A

Community vote distribution
A (100%)

  D2w Highly Voted  10 months, 2 weeks ago
Selected Answer: A
VPC endpoint allows you to connect to AWS services using a private network instead of using the public Internet
upvoted 24 times

  PhucVuu Highly Voted  4 months, 3 weeks ago
Selected Answer: A
Keywords:
- EC2 in VPC
- EC2 instance needs to access the S3 bucket without connectivity to the internet

A: Correct - Gateway VPC endpoint can connect to S3 bucket privately without additional cost
B: Incorrect - You can set up interface VPC endpoint for CloudWatch Logs for private network from EC2 to CloudWatch. But from CloudWatch to S3
bucket: Log data can take up to 12 hours to become available for export and the requirement only need EC2 to S3
C: Incorrect - Create an instance profile just grant access but not help EC2 connect to S3 privately
D: Incorrect - API Gateway like the proxy which receive network from out site and it forward request to AWS Lambda, Amazon EC2, Elastic Load
Balancing products such as Application Load Balancers or Classic Load Balancers, Amazon DynamoDB, Amazon Kinesis, or any publicly available
HTTPS-based endpoint. But not S3
upvoted 17 times

  Bmarodi Most Recent  6 days ago
Selected Answer: A
With a gateway endpoint, you can access Amazon S3 from your VPC, without requiring an internet gateway or NAT device for your VPC, and with
no additional cost. However, gateway endpoints do not allow access from on-premises networks, from peered VPCs in other AWS Regions, or
through a transit gateway.
Ref. https://docs.aws.amazon.com/vpc/latest/privatelink/what-is-privatelink.html
upvoted 1 times

  TariqKipkemei 4 weeks, 1 day ago
Selected Answer: A
A VPC endpoint enables customers to privately connect to supported AWS services and VPC endpoint services powered by AWS PrivateLink.

https://docs.aws.amazon.com/whitepapers/latest/aws-privatelink/what-are-vpc-endpoints.html#:~:text=A-,VPC%20endpoint,-
enables%20customers%20to
upvoted 2 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: A
The answer is A. Create a gateway VPC endpoint to the S3 bucket.

A gateway VPC endpoint is a private way to connect to AWS services without using the internet. This is the best solution for the given scenario
because it will allow the EC2 instance to access the S3 bucket without any internet connectivity
upvoted 1 times

  james2033 1 month, 1 week ago
Selected Answer: A
Keyword (1) EC2 in a VPC. (2)EC2 instance need access S3 bucket WITHOUT internet. Therefore, A is correct answer: Create a gateway VPC endpoint
to S3 bucket.
upvoted 1 times

  miki111 1 month, 1 week ago
 Option A MET THE REQUIREMENT
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: A
Here's why Option A is the correct choice:

Gateway VPC Endpoint: A gateway VPC endpoint allows you to privately connect your VPC to supported AWS services. By creating a gateway VPC
endpoint for S3, you can establish a private connection between your VPC and the S3 service without requiring internet connectivity.

Private network connectivity: The gateway VPC endpoint for S3 enables your EC2 instance within the VPC to access the S3 bucket over the private
network, ensuring secure and direct communication between the EC2 instance and S3.

No internet connectivity required: Since the requirement is to access the S3 bucket without internet connectivity, the gateway VPC endpoint
provides a private and direct connection to S3 without needing to route traffic through the internet.

Minimal operational complexity: Setting up a gateway VPC endpoint is a straightforward process. It involves creating the endpoint and configuring
the appropriate routing in the VPC. This solution minimizes operational complexity while providing the required private network connectivity.
upvoted 1 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: A
A is right answer.
upvoted 1 times

  cheese929 3 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times

  channn 4 months, 3 weeks ago
Selected Answer: A
Option B) not provide private network connectivity to S3.
Option C) not provide private network connectivity to S3.
Option D) API Gateway with a private link provide private network connectivity between a VPC and an HTTP(S) endpoint, not S3.
upvoted 2 times

  linux_admin 4 months, 3 weeks ago
Selected Answer: A
Option A proposes creating a VPC endpoint for Amazon S3. A VPC endpoint enables private connectivity between the VPC and S3 without using an
internet gateway or NAT device. This would provide the EC2 instance with private network connectivity to the S3 bucket.
upvoted 2 times

  dee_pandey 4 months, 3 weeks ago
Could someone send me a pdf of this dump please? Thank you so much in advance!
upvoted 1 times

  Subhajeetpal 5 months ago
Can anyone please send me the pdf of this whole dump... i can be very grateful. thanks in advance.
email- [email protected]
upvoted 1 times

  tienhoboss 5 months ago
Selected Answer: A
A bạn ơi :)
upvoted 1 times

  iamRohanKaushik 5 months, 1 week ago
Selected Answer: A
Answer is A, but was confused with C, instance role will route through internet.
upvoted 1 times

  Folayinka 5 months, 4 weeks ago
A VPC endpoint allows you to connect from the VPC to other AWS services outside of the VPC without the use of the internet.
upvoted 1 times
Question #5 Topic 1

A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS
volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in
another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they
refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time.
What should a solutions architect propose to ensure users see all of their documents at once?

A. Copy the data so both EBS volumes contain all the documents

B. Configure the Application Load Balancer to direct a user to the server with the documents

C. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS

D. Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server

Correct Answer: C

Community vote distribution
C (100%)

  D2w Highly Voted  10 months, 2 weeks ago
Selected Answer: C
Concurrent or at the same time key word for EFS
upvoted 27 times

  mikey2000 Highly Voted  9 months, 1 week ago
Ebs doesnt support cross az only reside in one Az but Efs does, that why it's c
upvoted 19 times

  pbpally 3 months, 2 weeks ago
And just for clarification to others, you can have COPIES of the same EBS volume in one AZ and in another via EBS Snapshots, but don't confuse
that with the idea of having some sort of global capability that has concurrent copying mechanisms.
upvoted 4 times

  TariqKipkemei Most Recent  4 weeks, 1 day ago
Selected Answer: C
Shared file storage = EFS
upvoted 1 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: C
The answer is C. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS.

The current architecture is using two separate EBS volumes, one for each EC2 instance. This means that each instance only has a subset of the
documents. When a user refreshes the website, the Application Load Balancer will randomly direct them to one of the two instances. If the user's
documents are not on the instance that they are directed to, they will not be able to see them.
upvoted 1 times

  james2033 1 month, 1 week ago
Selected Answer: C
Keyword "stores user-uploaded documents". Two EC2 instances behind Application Load Balancer. See
https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#efs-regional-ec2. In the diagram, Per Amazon EC2 in a different Availability zone,
and Amazon Elastic File System support this case.

Solution: Amazon Elastic File System, see https://aws.amazon.com/efs/. "Amazon EFS file system creation, mounting, and settings"
https://www.youtube.com/watch?v=Aux37Nwe5nc. "Amazon EFS overview" https://www.youtube.com/watch?v=vAV4ASDnbN0.
upvoted 1 times

  miki111 1 month, 1 week ago
Option C MET THE REQUIREMENT
upvoted 1 times

  FroZor 1 month, 2 weeks ago
They could use Sicky sessions with EBS, if they don't want to use EFS
upvoted 1 times

  capino 1 month, 3 weeks ago
EFS Reduces latency and all user can see all files at once
 upvoted 1 times
  cookieMr 2 months, 1 week ago
Selected Answer: C
To ensure users can see all their documents at once in the duplicated architecture with multiple EC2 instances and EBS volumes behind an
Application Load Balancer, the most appropriate solution is Option C: Copy the data from both EBS volumes to Amazon EFS (Elastic File System)
and modify the application to save new documents to Amazon EFS.

In summary, Option C, which involves copying the data to Amazon EFS and modifying the application to use Amazon EFS for document storage, is
the most appropriate solution to ensure users can see all their documents at once in the duplicated architecture. Amazon EFS provides scalability,
availability, and shared access, allowing both EC2 instances to access and synchronize the documents seamlessly.
upvoted 2 times

  albertmunene 2 months, 1 week ago
ffkfkffkfkf
upvoted 1 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: C
C is right answer.
upvoted 1 times

  Praveen_Ch 3 months ago
Selected Answer: C
C because the other options don't put all the data in one place.
upvoted 1 times

  smash_aws 3 months ago
Option C is the best answer, option D is pretty vague. All other options are obviously wrong.
upvoted 1 times

  abhishek2021 3 months, 1 week ago
The answer is B as it is aligned to min. b/w usage and also the time taken is 6-7 days which is about the same as transferring over the internet of
1G as per option C.
upvoted 1 times

  cheese929 3 months, 1 week ago
Selected Answer: C
C is correct
upvoted 1 times

  [Removed] 4 months ago
If there is anyone who is willing to share his/her contributor access, then please write to [email protected]
upvoted 2 times

  IMTechguy 4 months ago
Option A is not a good solution because copying data to both volumes would not ensure consistency of the data.

Option B would require the Load Balancer to have knowledge of which documents are stored on which server, which would be difficult to maintain.

Option C is a viable solution, but may require modifying the application to use Amazon EFS instead of EBS.

Option D is a good solution because it would distribute the requests to both servers and return the correct document from the correct server. This
can be achieved by configuring session stickiness on the Load Balancer so that each user's requests are directed to the same server for consistency.

Therefore, the correct answer is D.
upvoted 2 times
Question #6 Topic 1

A company uses NFS to store large video files in on-premises network attached storage. Each video file ranges in size from 1 MB to 500 GB. The
total storage is 70 TB and is no longer growing. The company decides to migrate the video files to Amazon S3. The company must migrate the
video files as soon as possible while using the least possible network bandwidth.
Which solution will meet these requirements?

A. Create an S3 bucket. Create an IAM role that has permissions to write to the S3 bucket. Use the AWS CLI to copy all files locally to the S3
bucket.

B. Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to the
device. Return the device so that AWS can import the data into Amazon S3.

C. Deploy an S3 File Gateway on premises. Create a public service endpoint to connect to the S3 File Gateway. Create an S3 bucket. Create a
new NFS file share on the S3 File Gateway. Point the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the
S3 File Gateway.

D. Set up an AWS Direct Connect connection between the on-premises network and AWS. Deploy an S3 File Gateway on premises. Create a
public virtual interface (VIF) to connect to the S3 File Gateway. Create an S3 bucket. Create a new NFS file share on the S3 File Gateway. Point
the new file share to the S3 bucket. Transfer the data from the existing NFS file share to the S3 File Gateway.

Correct Answer: C

Community vote distribution
B (84%) Other

  Gatt Highly Voted  10 months, 1 week ago
Selected Answer: B
Let's analyse this:

B. On a Snowball Edge device you can copy files with a speed of up to 100Gbps. 70TB will take around 5600 seconds, so very quickly, less than 2
hours. The downside is that it'll take between 4-6 working days to receive the device and then another 2-3 working days to send it back and for
AWS to move the data onto S3 once it reaches them. Total time: 6-9 working days. Bandwidth used: 0.

C. File Gateway uses the Internet, so maximum speed will be at most 1Gbps, so it'll take a minimum of 6.5 days and you use 70TB of Internet
bandwidth.

D. You can achieve speeds of up to 10Gbps with Direct Connect. Total time 15.5 hours and you will use 70TB of bandwidth. However, what's
interesting is that the question does not specific what type of bandwidth? Direct Connect does not use your Internet bandwidth, as you will have a
dedicate peer to peer connectivity between your on-prem and the AWS Cloud, so technically, you're not using your "public" bandwidth.

The requirements are a bit too vague but I think that B is the most appropriate answer, although D might also be correct if the bandwidth usage
refers strictly to your public connectivity.
upvoted 53 times

  LuckyAro 7 months, 2 weeks ago
But it said "as soon as possible" It takes about 4-6 weeks to provision a direct connect.
upvoted 11 times

  Uncolored8034 4 months, 3 weeks ago
This calculation is out of the scope.
C is right because the company wants to use the LEAST POSSIBLE NETWORK BANDWITH. Therefore they don't want or can't use the snowball
capabilities of having a such fast connection because it draws too much bandwith within their company.
upvoted 7 times

  [Removed] 2 months, 4 weeks ago
NFS is using bandwidth within their company, so that logic does not apply.
upvoted 2 times

  tribagus6 2 months, 3 weeks ago
yeah first company use NFS file to store the data right then the company want to move to S3. with endpoint we dont need public
connectivity
upvoted 1 times

  darn 4 months ago
you are out of scope
upvoted 5 times

  Help2023 6 months, 1 week ago
 D is a viable solution but to setup D it can take weeks or months and the question does say as soon as possible.
upvoted 4 times

  ShlomiM 6 months, 1 week ago
Time Calc Clarification:

Data: 70TB
=70TB*8b/B=560Tb
=560Tb*1000G/1T=560000Gb
Speed: 100Gb/s

Time=Data:Speed=56000Gb:100Gb/s=5600s
Time=5600s:3600s/hour=~1.5 hours (in case always on max speed)
upvoted 2 times

  tuloveu Highly Voted  10 months, 2 weeks ago
Selected Answer: B
As using the least possible network bandwidth.
upvoted 28 times

  kwang312 Most Recent  4 days, 4 hours ago
Selected Answer: B
I think B is better answer
upvoted 1 times

  triz 3 weeks, 3 days ago
Selected Answer: C
Correct answer is C. The key words are NFS, S3 and low bandwidth. S3 File Gateway retains access through NFS protocol so that existing users
don't have to change anything while being able to use S3 to store the files. The question also gives a clue that we only need to upload existing
70TB and no new data is added. This gives a clue that users only need to read data via NFS and don't need to write to S3 bucket. The existing data
can be quickly uploaded (via endpoint) to S3 bucket by admin.
upvoted 2 times

  abthakur 3 weeks, 5 days ago
C is correct answer, reason S3 file gateway will consume least amount of bandwidth and can transfer data as fast as possible.
upvoted 2 times

  Kits 4 weeks, 1 day ago
Selected Answer: C
To me, it appears C is correct as it is mentioned to use the least network bandwidth no network bandwidth, so B doesn't come into the picture.
upvoted 2 times

  Kits 4 weeks, 1 day ago
To me, it appears C is correct as it is mentioned to use the least network bandwidth no network bandwidth, so B doesn't come into the picture.
upvoted 2 times

  TariqKipkemei 4 weeks, 1 day ago
Selected Answer: C
To me this statement means
they want to make the transfer over the internet.

Hence C makes more sense as an option.
upvoted 2 times

  martinfrad 1 month ago
Selected Answer: B
Keys:
1. The total storage is 70 TB and is no longer growing
2. Must migrate the video files as soon as possible
3. Using the least possible network bandwidth

AWS Snowball can transfer up to 80TB per device without use network bandwidth and transfer data at up to 100 Gbps.
upvoted 1 times

  Guru4Cloud 1 month ago
Selected Answer: B
Option B is the correct solution to meet the requirements.

The reasons are:

AWS Snowball Edge provides a physical storage device to transfer large local datasets to Amazon S3. This avoids using network bandwidth for the
data transfer.
Snowball Edge can transfer up to 80TB per device, so a single Snowball Edge job can handle the 70TB dataset.
The client transfers data to the Snowball Edge device on-premises, avoiding the need to copy the data over the network.
When AWS receives the device back, the data is imported to the S3 bucket.
 This achieves fast data migration without using network bandwidth.

Option A would consume large amounts of network bandwidth for the data transfer.

Options C and D use S3 File Gateway, which still requires the data to be sent over the network to S3. This does not meet the goal of minimizing
network bandwidth.

So Option B with Snowball Edge is the right approach to migrate the large dataset quickly while using minimal network bandwidth.
upvoted 2 times
  Nazmul123 1 month ago
Snowball Edge is more suitable because with the storage capacity of 80TB, it is more suited for this kind of large scale transfer whereas AWS S3 file
gateway is more suitable for smaller, ongoing transfer of data where we need a hybrid cloud storage environment
upvoted 2 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: B
The answer is B. Create an AWS Snowball Edge job. Receive a Snowball Edge device on premises. Use the Snowball Edge client to transfer data to
the device. Return the device so that AWS can import the data into Amazon S3.

This solution is the most efficient way to migrate the video files to Amazon S3. The Snowball Edge device can transfer data at up to 100 Gbps,
which is much faster than the company's current network bandwidth. The Snowball Edge device is also a secure way to transfer data, as it is
encrypted at rest and in transit.
upvoted 2 times

  james2033 1 month, 1 week ago
Selected Answer: B
Keyword "70 TB and is no longer growing", choose AWS Snowball ( https://aws.amazon.com/snowball/ )
upvoted 2 times

  Ranfer 1 month, 1 week ago
Selected Answer: B
B. No bandwidth, fast enough and has the least operational overhead
upvoted 1 times

  miki111 1 month, 1 week ago
Option B MET THE REQUIREMENT
upvoted 1 times

  dchch 1 month, 2 weeks ago
keyword: as soon as possible.
C is correct
upvoted 1 times

  jaydesai8 1 month, 2 weeks ago
Selected Answer: B
import video files with the least network bandwidth.
B is correct
upvoted 1 times
Question #7 Topic 1

A company has an application that ingests incoming messages. Dozens of other applications and microservices then quickly consume these
messages. The number of messages varies drastically and sometimes increases suddenly to 100,000 each second. The company wants to
decouple the solution and increase scalability.
Which solution meets these requirements?

A. Persist the messages to Amazon Kinesis Data Analytics. Configure the consumer applications to read and process the messages.

B. Deploy the ingestion application on Amazon EC2 instances in an Auto Scaling group to scale the number of EC2 instances based on CPU
metrics.

C. Write the messages to Amazon Kinesis Data Streams with a single shard. Use an AWS Lambda function to preprocess messages and store
them in Amazon DynamoDB. Configure the consumer applications to read from DynamoDB to process the messages.

D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon
SOS) subscriptions. Configure the consumer applications to process the messages from the queues.

Correct Answer: A

Community vote distribution
D (80%) A (16%) 3%

  rein_chau Highly Voted  10 months, 2 weeks ago
Selected Answer: D
D makes more sense to me.
upvoted 36 times

  SilentMilli 7 months, 2 weeks ago
By default, an SQS queue can handle a maximum of 3,000 messages per second. However, you can request higher throughput by contacting
AWS Support. AWS can increase the message throughput for your queue beyond the default limits in increments of 300 messages per second,
up to a maximum of 10,000 messages per second.

It's important to note that the maximum number of messages per second that a queue can handle is not the same as the maximum number of
requests per second that the SQS API can handle. The SQS API is designed to handle a high volume of requests per second, so it can be used to
send messages to your queue at a rate that exceeds the maximum message throughput of the queue.
upvoted 6 times

  Abdel42 7 months, 2 weeks ago
The limit that you're mentioning apply to FIFO queues. Standard queues are unlimited in throughput
(https://aws.amazon.com/sqs/features/). Do you think that the use case require FIFO queue ?
upvoted 11 times

  daizy 6 months, 3 weeks ago
D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service (Amazon
SQS) subscriptions. Configure the consumer applications to process the messages from the queues.

This solution uses Amazon SNS and SQS to publish and subscribe to messages respectively, which decouples the system and enables scalability
by allowing multiple consumer applications to process the messages in parallel. Additionally, using Amazon SQS with multiple subscriptions can
provide increased resiliency by allowing multiple copies of the same message to be processed in parallel.
upvoted 5 times

  9014 8 months, 3 weeks ago
of course, the answer is D
upvoted 3 times

  Bevemo Highly Voted  9 months, 3 weeks ago
D. SNS Fan Out Pattern https://docs.aws.amazon.com/sns/latest/dg/sns-common-scenarios.html (A is wrong Kinesis Analysis does not 'persist' by
itself.)
upvoted 15 times

  Syruis Most Recent  1 week ago
Selected Answer: D
"(Amazon SOS)" should be "(Amazon SQS)" it blow my mind :/
upvoted 1 times

  BillyBlunts 1 week ago
How are we to go into the test with such confusing answers....I agree as well that it should be D. However, I want to select the answer they say is
right so I can pass the test. Everywhere I have looked including Quizlet who I think is pretty reliable, the answer is A. Would you guys say it is better
to go with the answer they select, even though we majority agree it is a different answer?
 upvoted 1 times
  Stevey 3 weeks, 2 days ago
D. is the answer.
The question states that there are dozens of other applications and microservices that consume these messages and that the volume of messages
can vary drastically and increase suddenly. Therefore, you need a solution that can handle a high volume of messages, distribute them to multiple
consumers, and scale quickly. SNS with SQS provides these capabilities.

Publishing messages to an SNS topic with multiple SQS subscriptions is a common AWS pattern for achieving both decoupling and scalability in
message-driven systems. SNS allows messages to be fanned out to multiple subscribers, which in this case would be SQS queues. Each consumer
application could then process messages from its SQS queue at its own pace, providing scalability and ensuring that all messages are processed by
all consumer applications.

A. Amazon Kinesis Data Analytics is primarily used for real-time analysis of streaming data. It's not designed to distribute messages to multiple
consumers.
upvoted 1 times

  sabs1981 3 weeks, 3 days ago
Selected Answer: D
Decoupling ingestion from subscription of messages. Should be done via queues and ideally SQS should be used in this case.
upvoted 1 times

  Shanky9916 4 weeks, 1 day ago
The answer is D, because de-coupling is used only in SNS and SQS.
upvoted 2 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: D
The answer is D. Publish the messages to an Amazon Simple Notification Service (Amazon SNS) topic with multiple Amazon Simple Queue Service
(Amazon SQS) subscriptions. Configure the consumer applications to process the messages from the queues.
This solution is the most scalable and decoupled solution for the given scenario. Amazon SNS is a pub/sub messaging service that can be used to
decouple applications. Amazon SQS is a fully managed message queuing service that can be used to store and process messages.
The solution would work as follows:
The ingestion application would publish the messages to an Amazon SNS topic.
The Amazon SNS topic would have multiple Amazon SQS subscriptions.
The consumer applications would subscribe to the Amazon SQS queues.
The consumer applications would process the messages from the Amazon SQS queues.
upvoted 1 times

  Ranfer 1 month, 1 week ago
Selected Answer: D
Producer and consumer architecture works best with SQS (SNS) services
upvoted 1 times

  Kaab_B 1 month, 1 week ago
Selected Answer: D
The solution that meets the requirements of decoupling the solution and increasing scalability, considering the varying number of messages and
sudden increases, is option D: Publish the messages to an Amazon Simple Notification Service (SNS) topic with multiple Amazon Simple Queue
Service (SQS) subscription
upvoted 1 times

  miki111 1 month, 1 week ago
Option D MET THE REQUIREMENT
upvoted 1 times

  RupeC 1 month, 2 weeks ago
Selected Answer: D
SNS + SQS Fan-out architecture. This is where messages from an SNS topic are fanned out to multiple SQS queues that subscribe to a topic. Thus
the consumers can take their feeds from different queues.
upvoted 1 times

  jaydesai8 1 month, 2 weeks ago
Selected Answer: D
SQS have unlimited throughput and help easily decoupling the applications
D makes more sense
upvoted 1 times

  gustvomonteiro 2 months ago
D makes more sense!
Keyword: Decoupling= SQS
upvoted 2 times

  cookieMr 2 months, 1 week ago
Selected Answer: D
 Option A: It is more suitable for real-time analytics and processing of streaming data rather than decoupling and scaling message ingestion and
consumption.

Option B: It may help with scalability to some extent, but it doesn't provide decoupling.

Option C: It is a valid option, but it lacks the decoupling aspect. In this approach, the consumer applications would still need to read directly from
DynamoDB, creating tight coupling between the ingestion and consumption processes.

Option D: It is the recommended solution for decoupling and scalability. The ingestion application can publish messages to an SNS topic, and
multiple consumer apps can subscribe to the relevant SQS queues. SNS ensures that each message is delivered to all subscribed queues, allowing
the consuming apps to independently process the messages at their own pace and scale horizontally as needed. This provides loose coupling,
scalability, and fault tolerance, as the queues can handle message spikes and manage the consumption rate based on the consumer's processing
capabilities.
upvoted 3 times
  Agustinr10 2 months, 1 week ago
Selected Answer: D
If its says decouple, then is SQS
upvoted 1 times

  karloscetina007 2 months, 1 week ago
Selected Answer: A
SNS and SQS still have an standard limit of tails under 3000 messages per sec, because SNS and SQS still have an standard limit of tails under 3000
messages per sec. It does not accomplishes with the requirement.

Perharps it's a possible solution: Amazon Kinesis Data Analytics. Configure the consumer applications to read and process the messages, but it
requires that change the arch of this app, but this point is no matter on ther requirement.
upvoted 1 times

  Fresbie99 1 week, 5 days ago
thats for FIFO queue.
upvoted 1 times

  Fresbie99 1 week, 5 days ago
for standard queue there is nearly no limit to messages
upvoted 1 times
Question #8 Topic 1

A company is migrating a distributed application to AWS. The application serves variable workloads. The legacy platform consists of a primary
server that coordinates jobs across multiple compute nodes. The company wants to modernize the application with a solution that maximizes
resiliency and scalability.
How should a solutions architect design the architecture to meet these requirements?

A. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon
EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling to use scheduled scaling.

B. Configure an Amazon Simple Queue Service (Amazon SQS) queue as a destination for the jobs. Implement the compute nodes with Amazon
EC2 instances that are managed in an Auto Scaling group. Configure EC2 Auto Scaling based on the size of the queue.

C. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure
AWS CloudTrail as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the primary server.

D. Implement the primary server and the compute nodes with Amazon EC2 instances that are managed in an Auto Scaling group. Configure
Amazon EventBridge (Amazon CloudWatch Events) as a destination for the jobs. Configure EC2 Auto Scaling based on the load on the
compute nodes.

Correct Answer: C

Community vote distribution
B (94%) 3%

  rein_chau Highly Voted  10 months, 2 weeks ago
Selected Answer: B
A - incorrect: Schedule scaling policy doesn't make sense.
C, D - incorrect: Primary server should not be in same Auto Scaling group with compute nodes.
B is correct.
upvoted 52 times

  Wilson_S 9 months, 2 weeks ago
https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html
upvoted 4 times

  Sinaneos Highly Voted  10 months, 3 weeks ago
Selected Answer: B
The answer seems to be B for me:
A: doesn't make sense to schedule auto-scaling
C: Not sure how CloudTrail would be helpful in this case, at all.
D: EventBridge is not really used for this purpose, wouldn't be very reliable
upvoted 13 times

  BillyBlunts Most Recent  20 hours, 4 minutes ago
Can anyone tell me what answers we are to pick on the test. This site is driving me crazy with not having matching answers, especially with ones
like this where the answer they have really doesn't seem like the right one. I am hesitant to pick the actual correct answer because the dumps have
wrong answers. Any help is appreciated.
upvoted 1 times

  DavidArmas 1 week, 5 days ago
Using CloudTrail as a "target for jobs" doesn't make sense, as CloudTrail is designed to audit and log API events in an AWS environment, not to
manage jobs in a distributed application.
upvoted 2 times

  Teruteru 1 week, 6 days ago
is saying the option C is the correct answer. But in the , the option B(97%) is most voted. So, do I
still need to consider the C is the correct answer? or should I consider the most voted is the correct one?
Sorry but I just confused.
upvoted 2 times

  niltriv98 1 week, 1 day ago
I always consider the most voted answer to be correct and most of the time they explain as well why that option is correct.
upvoted 1 times

  Jenny9063 1 week, 6 days ago
I am new to this and I am confused. why is the voted answer different from the correct answer? what is the accuracy of the correct answer?
upvoted 1 times
  VSiqueira 1 month ago
aaa
sadasdsadasdsadsadas
upvoted 1 times

  hakim1977 1 month ago
Selected Answer: B
why "C" is the answer ? CloudTrail has nothing to do here, that's the b the right answer
upvoted 1 times

  hakim1977 1 month ago
why "C" is the answer ? CloudTrail has nothing to do here, that's the b the right answer
upvoted 1 times

  troubledev 1 month ago
why "C" is the answer ? what cloud trial has to do here ?
upvoted 1 times

  Guru4Cloud 1 month, 1 week ago
Selected Answer: B
Based on the requirements stated, Option B is the most appropriate solution. It utilizes Amazon SQS for job destination and EC2 Auto Scaling
based on the size of the queue to handle variable workloads while maximizing resiliency and scalability.
upvoted 1 times

  BHU_9ijn 1 month, 1 week ago
Selected Answer: B
CloudTrail is used for auditing, should not apply in work flow.
Anyone knows why is C?
upvoted 1 times

  miki111 1 month, 1 week ago
Option B MET THE REQUIREMENT
upvoted 1 times

  Charliesco 1 month, 2 weeks ago
This is AWS auto scaling group concept with SQS hence B is correct
upvoted 1 times

  jaydesai8 1 month, 2 weeks ago
Selected Answer: B
B. SQS with EC2 ASG based on the queue size. This scales with the varying load.
upvoted 1 times

  animefan1 1 month, 3 weeks ago
Selected Answer: B
how is cloudtrail helpful in this case? asg + sqs makes more sense
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: B
Configuring an Amazon SQS queue as a destination for the jobs, implementing compute nodes with EC2 instances managed in an Auto Scaling
group, and configuring EC2 Auto Scaling based on the size of the queue is the most suitable solution. With this approach, the primary server can
enqueue jobs into the SQS queue, and the compute nodes can dynamically scale based on the size of the queue. This ensures that the compute
capacity adjusts according to the workload, maximizing resiliency and scalability. The SQS queue acts as a buffer, decoupling the primary server
from the compute nodes and providing fault tolerance in case of failures or spikes in the workload.
upvoted 3 times
Question #9 Topic 1

A company is running an SMB file server in its data center. The file server stores large files that are accessed frequently for the first few days after
the files are created. After 7 days the files are rarely accessed.
The total data size is increasing and is close to the company's total storage capacity. A solutions architect must increase the company's available
storage space without losing low-latency access to the most recently accessed files. The solutions architect must also provide file lifecycle
management to avoid future storage issues.
Which solution will meet these requirements?

A. Use AWS DataSync to copy data that is older than 7 days from the SMB file server to AWS.

B. Create an Amazon S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to transition the data to S3 Glacier
Deep Archive after 7 days.

C. Create an Amazon FSx for Windows File Server file system to extend the company's storage space.

D. Install a utility on each user's computer to access Amazon S3. Create an S3 Lifecycle policy to transition the data to S3 Glacier Flexible
Retrieval after 7 days.

Correct Answer: D

Community vote distribution
B (86%) 13%

  Sinaneos Highly Voted  10 months, 3 weeks ago
Answer directly points towards file gateway with lifecycles, https://docs.aws.amazon.com/filegateway/latest/files3/CreatingAnSMBFileShare.html

D is wrong because utility function is vague and there is no need for flexible storage.
upvoted 38 times

  Udoyen 8 months, 4 weeks ago
Yes it might be vague but how do we keep the low-latency access that only flexible can offer?
upvoted 2 times

  SuperDuperPooperScooper 1 week, 2 days ago
Low-latency access is only required for the first 7 days, B maintains that fast access for 7 days and only then are the files sent to Glacier
Archive
upvoted 1 times

  javitech83 Highly Voted  8 months, 3 weeks ago
Selected Answer: B
B answwer is correct. low latency is only needed for newer files. Additionally, File GW provides low latency access by caching frequently accessed
files locally so answer is B
upvoted 19 times

  BillyBlunts Most Recent  1 week ago
Can anyone tell me what the test is going to use as the correct answer? I don't want to go into the test and just answer the ones that majority
voted for but really they don't have it as the right answer. BTW the discussions are awesome and helps you learn a lot from other peoples intellect.
upvoted 3 times

  Fresbie99 1 week, 5 days ago
Acc to the question we need lifecycle policy and file gateway - Also the S3 flexible retrieval is not required here, Deep archive is the solution.
hence B is correct
upvoted 1 times

  McLobster 3 weeks, 6 days ago
Selected Answer: A
according to documentation the minimum storage timeframe for an object inside S3 before being able to transition using lifecycle policy is 30 days
, so those 7 days policies kinda seem wrong to me

Transition actions – These actions define when objects transition to another storage class. For example, you might choose to transition objects to
the S3 Standard-IA storage class 30 days after creating them, or archive objects to the S3 Glacier Flexible Retrieval storage class one year after
creating them. For more information, see Using Amazon S3 storage classes.
https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lifecycle-mgmt.html

I was thinking of option A using DataSync as a scheduled task? am i wrong here?
https://aws.amazon.com/datasync/
upvoted 1 times
  TariqKipkemei 4 weeks ago
Selected Answer: B
Increase the company's available storage space without losing low-latency access to the most recently accessed files = Amazon S3 File Gateway
offers SMB or NFS-based access to data in Amazon S3 with local caching.
Provide file lifecycle management = S3 Lifecycle policy.
upvoted 1 times

  Zoro_ 4 weeks, 1 day ago
It says rarely accessed so Flexible retrieval can be a better option please clarify on this
for deep retrieval, it takes about 12 hours (maybe less than too)
upvoted 1 times

  hakim1977 1 month ago
Selected Answer: B
B answwer is correct.
upvoted 1 times

  Guru4Cloud 1 month ago
Selected Answer: B
The most appropriate solution for the given requirements would be:

B. Create an Amazon S3 File Gateway to extend the company's storage space. Create an S3 Lifecycle policy to transition the data to S3 Glacier Deep
Archive after 7 days.
upvoted 1 times

  premnick 1 month, 1 week ago
Selected Answer: D
The question says, after 7 days the file are "rarely accessed", which means there are still possibilities that these filed would be needed in short
period of time. Glacier Flexible Retrieval would fit this requirement.
upvoted 3 times

  Kaab_B 1 month, 1 week ago
Selected Answer: B
The solution that will meet the requirements of increasing available storage space, maintaining low-latency access to recently accessed files, and
providing file lifecycle management is option B: Create an Amazon S3 File Gateway and use an S3 Lifecycle policy to transition data to S3 Glacier
Deep Archive after 7 days.
upvoted 1 times

  miki111 1 month, 1 week ago
Option B MET THE REQUIREMENT
upvoted 1 times

  animefan1 1 month, 3 weeks ago
Selected Answer: B
file gateway is correct.
upvoted 1 times

  USalo 1 month, 4 weeks ago
Selected Answer: B
A. Isn't a good option because it doesn't address the cost-saving requirement
B. Correct option, but there are no requirements specified about the access pattern of the data. So S3 AI might be preferable here.
C. This one is not possible for an on-prem solution.
D. Vierd option, I cannot google this tool. Or we are talking about AWS CLI and customization scripts... I won't go with it.
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: B
Option B: Creating an Amazon S3 File Gateway is the recommended solution. It allows the company to extend their storage space by utilizing
Amazon S3 as a scalable and durable storage service. The File Gateway provides low-latency access to the most recently accessed files by
maintaining a local cache on-premises. The S3 Lifecycle policy can be configured to transition data to S3 Glacier Deep Archive after 7 days, which
provides long-term archival storage at a lower cost. This approach addresses both the storage capacity issue and the need for file lifecycle
management.
upvoted 1 times

  hypnozz 2 months, 2 weeks ago
This question is tricky...Because, the B and D sounds good, however, you can not transition to S3 Glacier after 7 days, you have to wait at least 90
days for the D case, and 180 Days for the B...the A and C option are more suitable, but the thing is, the C option not mention about lifecycle policy
and the A option there is not a thing to extend the storage...Then....I think the answer should be the A, because you are doing like a back up
upvoted 2 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: B
Option B is right answer.
upvoted 1 times
Question #10 Topic 1

A company is building an ecommerce web application on AWS. The application sends information about new orders to an Amazon API Gateway
REST API to process. The company wants to ensure that orders are processed in the order that they are received.
Which solution will meet these requirements?

A. Use an API Gateway integration to publish a message to an Amazon Simple Notification Service (Amazon SNS) topic when the application
receives an order. Subscribe an AWS Lambda function to the topic to perform processing.

B. Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) FIFO queue when the application
receives an order. Configure the SQS FIFO queue to invoke an AWS Lambda function for processing.

C. Use an API Gateway authorizer to block any requests while the application processes an order.

D. Use an API Gateway integration to send a message to an Amazon Simple Queue Service (Amazon SQS) standard queue when the
application receives an order. Configure the SQS standard queue to invoke an AWS Lambda function for processing.

Correct Answer: A

Community vote distribution
B (99%)

  Sinaneos Highly Voted  10 months, 3 weeks ago
Selected Answer: B
B because FIFO is made for that specific purpose
upvoted 48 times

  rein_chau Highly Voted  10 months, 2 weeks ago
Selected Answer: B
Should be B because SQS FIFO queue guarantees message order.
upvoted 23 times

  PLN6302 Most Recent  2 days ago
option B
upvoted 1 times

  zjcorpuz 1 month ago
B is the correct answer SQS configured as FIFO will suffice the requirement
upvoted 1 times

  prabhjot 1 month ago
Ans is B(Amazon SQS FIFO queue.) - check the video here - https://aws.amazon.com/sqs/
upvoted 1 times

  Guru4Cloud 1 month ago
Selected Answer: B
Explanation:
- Amazon API Gateway will be used to receive the orders from the web application.
- Instead of directly processing the orders, the API Gateway will integrate with an Amazon SQS FIFO queue.
- FIFO (First-In-First-Out) queues in Amazon SQS ensure that messages are processed in the order they are received.
- By using a FIFO queue, the order processing is guaranteed to be sequential, ensuring that the first order received is processed before the next
one.
- An AWS Lambda function can be configured to be triggered by the SQS FIFO queue, processing the orders as they arrive
upvoted 3 times

  james2033 1 month, 1 week ago
Selected Answer: B
Keyword "orders are processed in the order that they are received", choose what has word "SQS", there are B and D. B is better than D, with
keyword "FIFO" is exist.
upvoted 1 times

  ShreyasAlavala 1 month, 2 weeks ago
Can someone share the PDF to [email protected]
upvoted 1 times

  Multiverse 1 month, 2 weeks ago
Selected Answer: B
B. Process in the order received. SNS does not provide FIFO capabilities
 upvoted 1 times
  jaydesai8 1 month, 2 weeks ago
Selected Answer: B
B because FIFO is made for that specific purpose
upvoted 1 times

  animefan1 1 month, 3 weeks ago
B is correct. SQS fifo as order is important here
upvoted 1 times

  gustvomonteiro 2 months ago
FIFO for sure, the correct is B
upvoted 1 times

  KAMERO 2 months ago
Selected Answer: B
First-in First-out strictly order
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: B
Option B: Using an API Gateway integration to send a message to an Amazon SQS FIFO queue is the recommended solution. FIFO queues in
Amazon SQS guarantee the order of message delivery, ensuring that orders are processed in the order they are received. By configuring the SQS
FIFO queue to invoke an AWS Lambda function for processing, the application can process the orders sequentially while maintaining the order in
which they were received.
upvoted 4 times

  karloscetina007 2 months, 1 week ago
Selected Answer: B
B: because FIFO is made for that specific purpose. It's important takes in consideration that the orders must be processed in the order received.
upvoted 1 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: B
Option B meets the requiremets.
upvoted 1 times

  HarryDinh209 2 months, 3 weeks ago
B is the correct answer, just remember FIFO for ordered messages
upvoted 1 times
Question #11 Topic 1

A company has an application that runs on Amazon EC2 instances and uses an Amazon Aurora database. The EC2 instances connect to the
database by using user names and passwords that are stored locally in a file. The company wants to minimize the operational overhead of
credential management.
What should a solutions architect do to accomplish this goal?

A. Use AWS Secrets Manager. Turn on automatic rotation.

B. Use AWS Systems Manager Parameter Store. Turn on automatic rotation.

C. Create an Amazon S3 bucket to store objects that are encrypted with an AWS Key Management Service (AWS KMS) encryption key. Migrate
the credential file to the S3 bucket. Point the application to the S3 bucket.

D. Create an encrypted Amazon Elastic Block Store (Amazon EBS) volume for each EC2 instance. Attach the new EBS volume to each EC2
instance. Migrate the credential file to the new EBS volume. Point the application to the new EBS volume.

Correct Answer: B

Community vote distribution
A (96%) 3%

  Sinaneos Highly Voted  10 months, 3 weeks ago
Selected Answer: A
B is wrong because parameter store does not support auto rotation, unless the customer writes it themselves, A is the answer.
upvoted 64 times

  17Master 10 months ago
READ!!! AWS Secrets Manager is a secrets management service that helps you protect access to your applications, services, and IT resources.
This service enables you to rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
https://aws.amazon.com/cn/blogs/security/how-to-connect-to-aws-secrets-manager-service-within-a-virtual-private-cloud/ y
https://aws.amazon.com/secrets-manager/?nc1=h_ls
upvoted 16 times

  HarishArul 3 months ago
Read this - https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_parameterstore.html
It says SSM Parameter store cant rotate automatically.
upvoted 2 times

  kewl 8 months, 3 weeks ago
correct. see link https://tutorialsdojo.com/aws-secrets-manager-vs-systems-manager-parameter-store/ for differences between SSM Parameter
Store and AWS Secrets Manager
upvoted 13 times

  mrbottomwood 8 months, 2 weeks ago
That was a fantastic link. This part of their site "comparison of AWS services" is superb. Thanks.
upvoted 5 times

  iCcma 10 months, 1 week ago
ty bro, I was confused about that and you just mentioned the "key" phrase, B doesn't support autorotation
upvoted 2 times

  leeyoung Highly Voted  7 months, 4 weeks ago
Admin is trying to fail everybody in the exam.
upvoted 42 times

  perception 3 months, 4 weeks ago
He wants you to read discussion part as well for better understanding
upvoted 2 times

  acuaws 4 months, 3 weeks ago
RIGHT? I found a bunch of "correct" answers on here are not really correct, but they're not corrected? hhmmmmm
upvoted 1 times

  PLN6302 Most Recent  2 days ago
Option A
upvoted 1 times

  kapalulz 2 weeks, 5 days ago
 Selected Answer: A
parameter store does not support auto rotation and AWS Secrets Manager does.
upvoted 1 times

  TariqKipkemei 4 weeks ago
Selected Answer: A
Minimize the operational overhead of credential management = AWS Secrets Manager
upvoted 1 times

  hakim1977 1 month ago
Selected Answer: A
The answer is A without hesitation, in the AWS console: Secret manager => store a ne secret => choose the "Credentials for Amazon RDS
database" option

https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_turn-on-for-db.html
upvoted 1 times

  oguzbeliren 1 month ago
Parameter store doesn't support password rotation, but secret manger does.
upvoted 1 times

  Guru4Cloud 1 month ago
Selected Answer: A
Here is the explanation:

AWS Secrets Manager is a service that provides a secure and convenient way to store, manage, and rotate secrets. Secrets Manager can be used to
store database credentials, SSH keys, and other sensitive information.
AWS Secrets Manager also supports automatic rotation, which can help to minimize the operational overhead of credential management. When
automatic rotation is enabled, Secrets Manager will automatically generate new secrets and rotate them on a regular schedule
upvoted 1 times

  james2033 1 month, 1 week ago
Selected Answer: A
See https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html#:~:text=rotate%20database%20credentials
upvoted 1 times

  miki111 1 month, 1 week ago
Option A MET THE REQUIREMENT
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: A
Option A: Using AWS Secrets Manager and enabling automatic rotation is the recommended solution for minimizing the operational overhead of
credential management. AWS Secrets Manager provides a secure and centralized service for storing and managing secrets, such as database
credentials. By leveraging Secrets Manager, the application can retrieve the database credentials programmatically at runtime, eliminating the need
to store them locally in a file. Enabling automatic rotation ensures that the database credentials are regularly rotated without manual intervention,
enhancing security and compliance.
upvoted 5 times

  TienHuynh 2 months, 1 week ago
Selected Answer: A
A is a right choice
upvoted 1 times

  hypnozz 2 months, 2 weeks ago
A is the right choice...Because, in Both you can force to rotate or delete de secrets, but, in secrets manager you can use a lambda to generate
automatic secrets, also, it´s integrated with RDS, like Aurora...and it´s mostly used for that propouse. You can use parameter store, but you have to
update the parameters by yourself
upvoted 2 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: A
Option A meets this goal.
upvoted 1 times

  beginnercloud 3 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times

  cheese929 3 months, 1 week ago
Selected Answer: A
A is the most logial answer.
 upvoted 1 times
  cheese929 3 months, 2 weeks ago
A is correct
upvoted 1 times
Question #12 Topic 1

A global company hosts its web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The web application has static
data and dynamic data. The company stores its static data in an Amazon S3 bucket. The company wants to improve performance and reduce
latency for the static data and dynamic data. The company is using its own domain name registered with Amazon Route 53.
What should a solutions architect do to meet these requirements?

A. Create an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins. Configure Route 53 to route traffic to the
CloudFront distribution.

B. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has
the S3 bucket as an endpoint Configure Route 53 to route traffic to the CloudFront distribution.

C. Create an Amazon CloudFront distribution that has the S3 bucket as an origin. Create an AWS Global Accelerator standard accelerator that
has the ALB and the CloudFront distribution as endpoints. Create a custom domain name that points to the accelerator DNS name. Use the
custom domain name as an endpoint for the web application.

D. Create an Amazon CloudFront distribution that has the ALB as an origin. Create an AWS Global Accelerator standard accelerator that has
the S3 bucket as an endpoint. Create two domain names. Point one domain name to the CloudFront DNS name for dynamic content. Point the
other domain name to the accelerator DNS name for static content. Use the domain names as endpoints for the web application.

Correct Answer: C

Community vote distribution
A (77%) C (23%)

  Kartikey140 Highly Voted  9 months, 1 week ago
Answer is A
Explanation - AWS Global Accelerator vs CloudFront
They both use the AWS global network and its edge locations around the world
Both services integrate with AWS Shield for DDoS protection.
CloudFront
Improves performance for both cacheable content (such as images and videos)
Dynamic content (such as API acceleration and dynamic site delivery)
Content is served at the edge
Global Accelerator
Improves performance for a wide range of applications over TCP or UDP
Proxying packets at the edge to applications running in one or more AWS Regions.
Good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT), or Voice over IP
Good for HTTP use cases that require static IP addresses
Good for HTTP use cases that required deterministic, fast regional failover
upvoted 63 times

  daizy 6 months, 3 weeks ago
By creating a CloudFront distribution that has both the S3 bucket and the ALB as origins, the company can reduce latency for both the static
and dynamic data. The CloudFront distribution acts as a content delivery network (CDN), caching the data closer to the users and reducing the
latency. The company can then configure Route 53 to route traffic to the CloudFront distribution, providing improved performance for the web
application.
upvoted 4 times

  kanweng Highly Voted  9 months, 2 weeks ago
Selected Answer: A
Q: How is AWS Global Accelerator different from Amazon CloudFront?

A: AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world.
CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and
dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge
to applications running in one or more AWS Regions. Global Accelerator is a good fit for non-HTTP use cases, such as gaming (UDP), IoT (MQTT),
or Voice over IP, as well as for HTTP use cases that specifically require static IP addresses or deterministic, fast regional failover. Both services
integrate with AWS Shield for DDoS protection.
upvoted 18 times

  georgitoan Most Recent  3 weeks, 1 day ago
What is the correct answer for the exam?
upvoted 1 times

  BillyBlunts 1 week ago
I have been asking this on many questions because it is confusing that majority of people are disagreeing with what this dump and the 3 other
dumps have as the answer. Yet the arguments for why they are wrong are very good and some prove right...but f'in aye...what is the answer we
need to pick for the test.
 upvoted 1 times
  BillyBlunts 1 week ago
I think I am just going with the answers provided by exam topics....that is probably the safer bet.
upvoted 1 times

  Lorenzo1 3 weeks, 3 days ago
Selected Answer: A
The answer A fulfills the requirements, so I would choose A.
The answer C may also seem to make sense though.
upvoted 1 times

  gurmit 3 weeks, 4 days ago
A.
https://stackoverflow.com/questions/71064028/aws-cloudfront-in-front-of-s3-and-alb
upvoted 1 times

  TariqKipkemei 4 weeks ago
Selected Answer: A
Improve performance and reduce latency for the static data and dynamic data = Amazon CloudFront
upvoted 1 times

  Lx016 1 week, 5 days ago
And? All four answers are about CloudFront, to find the correct answer need to find correct origin(s) to distribute which are S3 and ALB
upvoted 1 times

  hakim1977 1 month ago
Selected Answer: A
Answer is A.

Global Accelerator is a good fit for non-HTTP use cases.
upvoted 1 times

  frkael 1 month, 1 week ago
Keywords: Static and Dynamic data/ S3 and ALB.
So Cloudfront is for S3 and Global Acelarator is for ALB
upvoted 2 times

  miki111 1 month, 1 week ago
Option A MET THE REQUIREMENT
upvoted 1 times

  Jayendra0609 1 month, 1 week ago
Selected Answer: C
Since the data in S3 is static while other data is dynamic. And caching dynamic data doesn't make sense since it will be changing every time. So
rather than caching we can use edge locations of Global Accelerator to reduce latency.
upvoted 3 times

  Clouddon 2 weeks, 4 days ago
I will support option C because the combination of CloudFront and Global Accelerator as described in answer C is better. Note: CloudFront
uses Edge Locations to cache content (improve performance) while Global Accelerator uses Edge Locations to find an optimal pathway to the
nearest regional endpoint (reduce latency for the static data and dynamic data).
upvoted 1 times

  Clouddon 2 weeks, 4 days ago
The above explanation is correct however, the answer cannot be option C (my bad) The correct answer is A. AWS says that Global Accelerator
is an acceleration at network level
AWS Global Accelerator is a networking service that improves the performance, reliability and security of your online applications using AWS
Global Infrastructure. AWS Global Accelerator can be deployed in front of your Network Load Balancers, Application Load Balancers, AWS
EC2 instances, and Elastic IPs, any of which could serve as Regional endpoints for your application. (This implies that Cloudfront is not part of
the endpoints that can be used by Global accelerator which only provide security of your online applications ) except someone can proof
otherwise.
upvoted 1 times

  premnick 1 month, 2 weeks ago
How do we pass the exam if there are lots of questions where 2 options seems to be correct? I dont think Amazon should provide such options
where candidates are only left to make a guess.
upvoted 3 times

  ibu007 1 month, 2 weeks ago
Cloudfront: Speeds up distribution of static and dynamic content through its worldwide network of edge locations providing low latency to deliver
the best performance through cached data.
upvoted 1 times

  jaydesai8 1 month, 2 weeks ago
 Selected Answer: A
makes sense
upvoted 1 times

  Mia2009687 2 months ago
Answer is C
As the company wants to improve both static and dynamic delivery.
Check the screen shot in the following article. It shows the structure of this scenario.
https://tutorialsdojo.com/aws-global-accelerator-vs-amazon-cloudfront/
upvoted 4 times

  Mary_Matic 2 weeks, 1 day ago
Exactly, the key is "both static and dyanamic data" the right answer is C - otherwise it could have been A for statis content s3 with cloudfront
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: A
Option A: Creating an Amazon CloudFront distribution that has the S3 bucket and the ALB as origins is a valid approach. CloudFront is a content
delivery network (CDN) that caches and delivers content from edge locations, improving performance and reducing latency. By configuring
CloudFront to have the S3 bucket as an origin for static data and the ALB as an origin for dynamic data, the company can benefit from CloudFront's
caching and distribution capabilities. Routing traffic to the CloudFront distribution through Route 53 ensures that requests are directed to the
nearest edge location, further enhancing performance and reducing latency.
upvoted 4 times

  Mehkay 2 months, 1 week ago
Selected Answer: A
Makes sense
upvoted 1 times

  thaotnt 2 months, 1 week ago
Selected Answer: A
Using CloudFront
upvoted 1 times
Question #13 Topic 1

A company performs monthly maintenance on its AWS infrastructure. During these maintenance activities, the company needs to rotate the
credentials for its Amazon RDS for MySQL databases across multiple AWS Regions.
Which solution will meet these requirements with the LEAST operational overhead?

A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets
Manager to rotate the secrets on a schedule.

B. Store the credentials as secrets in AWS Systems Manager by creating a secure string parameter. Use multi-Region secret replication for the
required Regions. Configure Systems Manager to rotate the secrets on a schedule.

C. Store the credentials in an Amazon S3 bucket that has server-side encryption (SSE) enabled. Use Amazon EventBridge (Amazon
CloudWatch Events) to invoke an AWS Lambda function to rotate the credentials.

D. Encrypt the credentials as secrets by using AWS Key Management Service (AWS KMS) multi-Region customer managed keys. Store the
secrets in an Amazon DynamoDB global table. Use an AWS Lambda function to retrieve the secrets from DynamoDB. Use the RDS API to rotate
the secrets.

Correct Answer: A

Community vote distribution
A (100%)

  rein_chau Highly Voted  10 months, 2 weeks ago
Selected Answer: A
A is correct.
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/
upvoted 18 times

  PhucVuu Highly Voted  4 months, 3 weeks ago
Selected Answer: A
Keywords:
- rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions
- LEAST operational overhead

A: Correct - AWS Secrets Manager supports
- Encrypt credential for RDS, DocumentDb, Redshift, other DBs and key/value secret.
- multi-region replication.
- Remote base on schedule
B: Incorrect - Secure string parameter only apply for Parameter Store. All the data in AWS Secrets Manager is encrypted
C: Incorrect - don't mention about replicate S3 across region.
D: Incorrect - So many steps compare to answer A =))
upvoted 6 times

  TariqKipkemei Most Recent  4 weeks ago
Selected Answer: A
'The company needs to rotate the credentials for its Amazon RDS for MySQL databases across multiple AWS Regions' = AWS Secrets Manager
upvoted 1 times

  miki111 1 month, 1 week ago
Option A MET THE REQUIREMENT
upvoted 1 times

  cookieMr 2 months, 1 week ago
Selected Answer: A
Option A: Storing the credentials as secrets in AWS Secrets Manager provides a dedicated service for secure and centralized management of
secrets. By using multi-Region secret replication, the company ensures that the secrets are available in the required Regions for rotation. Secrets
Manager also provides built-in functionality to rotate secrets automatically on a defined schedule, reducing operational overhead. This automation
simplifies the process of rotating credentials for the Amazon RDS for MySQL databases during monthly maintenance activities.
upvoted 4 times

  Bmarodi 2 months, 3 weeks ago
Selected Answer: A
A is correct answer.
upvoted 1 times

  Musti35 4 months, 2 weeks ago
 Selected Answer: A
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/
With Secrets Manager, you can store, retrieve, manage, and rotate your secrets, including database credentials, API keys, and other secrets. When
you create a secret using Secrets Manager, it’s created and managed in a Region of your choosing. Although scoping secrets to a Region is a
security best practice, there are scenarios such as disaster recovery and cross-Regional redundancy that require replication of secrets across
Regions. Secrets Manager now makes it possible for you to easily replicate your secrets to one or more Regions to support these scenarios.
upvoted 3 times

  linux_admin 4 months, 3 weeks ago
Selected Answer: A
A. Store the credentials as secrets in AWS Secrets Manager. Use multi-Region secret replication for the required Regions. Configure Secrets
Manager to rotate the secrets on a schedule.

This solution is the best option for meeting the requirements with the least operational overhead. AWS Secrets Manager is designed specifically for
managing and rotating secrets like database credentials. Using multi-Region secret replication, you can easily replicate the secrets across the
required AWS Regions. Additionally, Secrets Manager allows you to configure automatic secret rotation on a schedule, further reducing the
operational overhead.
upvoted 1 times

  cheese929 6 months, 1 week ago
Selected Answer: A
A is correct.
upvoted 1 times

  BlueVolcano1 7 months, 1 week ago
Selected Answer: A
It's A, as Secrets Manager does support replicating secrets into multiple AWS Regions:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
upvoted 3 times

  Abdel42 7 months, 2 weeks ago
Selected Answer: A
it's A, here the question specify that we want the LEAST overhead
upvoted 2 times

  MichaelCarrasco 6 months, 1 week ago
https://aws.amazon.com/blogs/security/how-to-replicate-secrets-aws-secrets-manager-multiple-regions/
upvoted 1 times

  SilentMilli 7 months, 2 weeks ago
Selected Answer: A
AWS Secrets Manager is a secrets management service that enables you to store, manage, and rotate secrets such as database credentials, API
keys, and SSH keys. Secrets Manager can help you minimize the operational overhead of rotating credentials for your Amazon RDS for MySQL
databases across multiple Regions. With Secrets Manager, you can store the credentials as secrets and use multi-Region secret replication to
replicate the secrets to the required Regions. You can then configure Secrets Manager to rotate the secrets on a schedule so that the credentials
are rotated automatically without the need for manual intervention. This can help reduce the risk of secrets being compromised and minimize the
operational overhead of credential management.
upvoted 3 times

  Buruguduystunstugudunstuy 8 months ago
Selected Answer: A
Option A, storing the credentials as secrets in AWS Secrets Manager and using multi-Region secret replication for the required Regions, and
configuring Secrets Manager to rotate the secrets on a schedule, would