Question: 1
A bank is re-architecting its mainframe-based credit card approval processing application to a cloudnative application on the AWS cloud.
The new application will receive up to 1,000 requests per second at peak load. There are multiple steps
to each transaction, and each step must receive the result of the previous step. The entire request must
return an authorization response within less than 2 seconds with zero data loss. Every request must
receive a response. The solution must be Payment Card Industry Data Security Standard (PCI DSS)-
compliant.
Which option will meet all of the bank’s objectives with the LEAST complexity and LOWEST cost while
also meeting compliance requirements?
A. Create an Amazon API Gateway to process inbound requests using a single AWS Lambda task that
performs multiple steps and returns a JSON object with the approval status. Open a support case to
increase the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the
new application.
B. Create an Application Load Balancer with an Amazon ECS cluster on Amazon EC2 Dedicated instances
in a target group to process incoming requests. Use Auto Scaling to scale the cluster out/in based on
average CPU utilization. Deploy a web service that processes all of the approval steps and returns a JSON
object with the approval status.
C. Deploy the application on Amazon EC2 on Dedicated Instances. Use an Elastic Load Balancer in front
of a farm of application servers in an Auto Scaling group to handle incoming requests. Scale out/in based
on a custom Amazon CloudWatch metric for the number of inbound requests per second after
measuring the capacity of a single instance.
D. Create an Amazon API Gateway to process inbound requests using a series of AWS Lambda processes,
each with an Amazon SQS input queue. As each step completes, it writes its result to the next step’s
queue. The final step returns a JSON object with the approval status. Open a support case to increase
the limit for the number of concurrent Lambdas to allow room for bursts of activity due to the new
application.
Answer: B
Question: 2
A company has a standard three-tier architecture using two Availability Zones. During the company’s off
season, users report that the website is not working. The Solutions Architect finds that no changes have
been made to the environment recently, the website is reachable, and it is possible to log in. However,
when the Solutions Architect selects the “find a store near you” function, the maps provided on the siteby a third-party RESTful API call do not work about 50% of the time after refreshing the page. The
outbound API calls are made through Amazon EC2 NAT instances.
What is the MOST likely reason for this failure and how can it be mitigated in the future?
A. The network ACL for one subnet is blocking outbound web traffic. Open the network ACL and prevent
administration from making future changes through IAM.
B. The fault is in the third-party environment. Contact the third party that provides the maps and
request a fix that will provide better uptime.
C. One NAT instance has become overloaded. Replace both EC2 NAT instances with a larger-sized
instance and make sure to account for growth when making the new instance size.
D. One of the NAT instances failed. Recommend replacing the EC2 NAT instances with a NAT gateway.
Answer: D
The issue is 50% failure, means the balancing over 2 AZs is failing on one NAT instance in one AZ. The
Question: 3
A company is planning to migrate an application from on-premises to AWS. The application currently
uses an Oracle database and the company can tolerate a brief downtime of 1 hour when performing the
switch to the new infrastructure. As part of the migration, the database engine will be changed to
MySQL. A Solutions Architect needs to determine which AWS services can be used to perform the
migration while minimizing the amount of work and time required.
Which of the following will meet the requirements?
A. Use AWS SCT to generate the schema scripts and apply them on the target prior to migration. Use
AWS DMS to analyse the current schema and provide a recommendation for the optimal database
engine. Then, use AWS DMS to migrate to the recommended engineer. Use AWS SCT to identify what
embedded SQL code in the application can be converted and what has to be done manually.
B. Use AWS SCT to generate the schema scripts and apply them on the target prior to migration. Use
AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy, continue
to use AWS DMS to keep the databases in sync until cutting over to the new database. Use AWS SCT to
identify what embedded SQL code in the application can be converted and what has to be done
manually.
C. Use AWS DMS to help identify the best target deployment between installing the database engine on
Amazon EC2 directly or moving to Amazon RDS. Then, use AWS DMS to migrate to the platform. Use
AWS Application Discovery Service to identify what embedded SQL code in the application can be
converted and what has to be done manually.
D. Use AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy,
continue to use AWS DMS to keep the databases in sync until cutting over to the new database. Use
AWS Application Discovery Service to identify what embedded SQL code in the application can be
converted and what has to be done manually.
Answer: B
solution is to replace the NAT instance with fully managed and high available NAT gateway
Question: 4
A company has an Amazon VPC that is divided into a public subnet and a private subnet A web
application runs in Amazon VPC, and each subnet has its own NACL The public subnet has a CIDR of
10.0.0.0/24. An Application Load Balancer is deployed to the public subnet. The private subnet has a
CIDR of 10.0.1.0/24. Amazon EC2 instances that run a web server on port 80 are launched into the
private subnet.
Only network traffic that is required for the Application Load Balancer to access the web application can
be allowed to travel between the public and private subnets
What collection of rules should be written to ensure that the private subnet's NACL meets the
requirement? (Select TWO.)
A. An inbound rule for port 80 from source 0.0.0 0/0
B. An inbound rule for port 80 from source 10.0.0.0/24
C. An outbound rule for port 80 to destination 0.0.0.0/0
D. An outbound rule for port 80 to destination 10.0.0.0/24
E. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24
Answer: B, E
Question: 5
A Solutions Architect must establish a patching plan for a large mixed fleet of Windows and Linux
servers. The patching plan must be implemented securely, be audit ready, and comply with the
company’s business requirements.
Which option will meet these requirements with MINIMAL effort?
A. Install and use an OS-native patching service to manage the update frequency and release approval
for all instances. Use AWS Config to verify the OS state on each instance and report on any patch
compliance issues.
B. Use AWS Systems Manager on all instances to manage patching. Test patches outside of production
and then deploy during a maintenance window with the appropriate approval.
C. Use AWS OpsWorks for Chef Automate to run a set of scripts that will iterate through all instances of
a given type. Issue the appropriate OS command to get and install updates on each instance, including
any required restarts during the maintenance window.
D. Migrate all applications to AWS OpsWorks and use OpsWorks automatic patching support to keep the
OS up-to-date following the initial installation. Use AWS Config to provide audit and compliance
reporting.
Answer: B
No comments:
Post a Comment