Run - My ASP.NET Application

Test 1

1. An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%. What should a solutions architect do to maintain the desired performance across all instances in the group?
Use a simple scaling policy to dynamically scale the Auto Scaling group. Use an AWS Lambda function to update the desired Auto Scaling group capacity. Use scheduled scaling actions to scale up and scale down the Auto Scaling group. Use a target tracking policy to dynamically scale the Auto Scaling group.
2. A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office Amazon S3 Glacier. The solution must avoid saturating the branch office?€™s low-bandwidth internet connection. What is the MOST cost-effective solution?
Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier. Mount the network-attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier. Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint. Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Create a bucket policy to enforce a VPC endpoint.
3. A solutions architect is implementing a document review application using an Amazon S3 bucket for storage. The solution must prevent an accidental deletion of the documents and ensure that all versions of the documents are available. Users must be able to download, modify, and upload documents. Which combination of actions should be taken to meet these requirements? (Choose two.)
Enable MFA Delete on the bucket. Attach an IAM policy to the bucket. Enable a read-only bucket ACL. Encrypt the bucket using AWS KMS. Enable versioning on the bucket.
4. A company is hosting a website behind multiple Application Load Balancers. The company has different distribution rights for its content around the world. A solutions architect needs to ensure that users are served the correct content without violating distribution rights. Which configuration should the solutions architect choose to meet these requirements?
Configure Application Load Balancers with AWS WAF. Configure Amazon Route 53 with a geolocation policy. Configure Amazon CloudFront with AWS WAF. Configure Amazon Route 53 with a geoproximity routing policy.
5. An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time. What is the MOST secure way to do this?
Generate a presigned URL and have the vendor download the log file before it expires. Upload the file to Amazon WorkDocs and share the public link with the vendor. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication. Enable public read on the S3 object and provide the link to the vendor.
6. A solutions architect is designing a two-tier web application. The application consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company. How should security groups be configured in this situation? (Choose two.)
Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
7. A financial services company has a web application that serves users in the United States and Europe. The application consists of a database tier and a web server tier. The database tier consists of a MySQL database hosted in us-east-1. Amazon Route 53 geoproximity routing is used to direct traffic to instances in the closest Region. A performance review of the system reveals that European users are not receiving the same level of query performance as those in the United States. Which changes should be made to the database tier to improve performance?
Deploy MySQL instances in each Region. Deploy an Application Load Balancer in front of MySQL to reduce the load on the primary instance. Migrate the database to Amazon RDS for MySQL. Configure Multi-AZ in one of the European Regions. Migrate the database to Amazon DynamoDB. Use DynamoDB global tables to enable replication to additional Regions. Migrate the database to an Amazon Aurora global database in MySQL compatibility mode. Configure read replicas in one of the European Regions.
8. A company hosts a static website within an Amazon S3 bucket. A solutions architect needs to ensure that data can be recovered in case of accidental deletion. Which action will accomplish this?
Enable Amazon S3 cross-Region replication. Enable an Amazon S3 lifecycle policy. Enable Amazon S3 versioning. Enable Amazon S3 Intelligent-Tiering.
9. A data science team requires storage for nightly log processing. The size and number of logs is unknown and will persist for 24 hours only. What is the MOST cost-effective solution?
Amazon S3 Intelligent-Tiering Amazon S3 Standard Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) Amazon S3 Glacier
10. A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff. What should the solutions architect recommend?
Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controller. Modify the EC2 instance?€™s security group to deny public access to Active Directory. Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance. Use AWS Directory Service to create an Active Directory connector. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance. Create another EC2 instance in the same subnet and reinstall Active Directory on it. Uninstall Active Directory.
11. A company?€™s web application is using multiple Linux Amazon EC2 instances and storing data on Amazon EBS volumes. The company is looking for a solution to increase the resiliency of the application in case of a failure and to provide storage that complies with atomicity, consistency, isolation, and durability (ACID). What should a solutions architect do to meet these requirements?
Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance. Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA). Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance.
12. A company allows its developers to attach existing IAM policies to existing IAM roles to enable faster experimentation and agility. However, the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies. How should a solutions architect address this issue?
Create an Amazon SNS topic to send an alert every time a developer creates a new policy. Use service control policies to disable IAM activity across all account in the organizational unit. Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy. Prevent the developers from attaching any policies and assign all IAM duties to the security operations team.
13. A company?€™s website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website. What should a solutions architect do to protect the application?
Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address. Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address. Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address. Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
14. A company currently operates a web application backed by an Amazon RDS MySQL database. It has automated backups that are run daily and are not encrypted. A security audit requires future backups to be encrypted and the unencrypted backups to be destroyed. The company will make at least one encrypted backup before destroying the old backups. What should be done to enable encryption for future backups?
Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance. Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot. Modify the backup section of the database configuration to toggle the Enable encryption check box. Enable default encryption for the Amazon S3 bucket where backups are stored.
15. A solutions architect is designing storage for a high performance computing (HPC) environment based on Amazon Linux. The workload stores and processes a large amount of engineering drawings that require shared storage and heavy computing. Which storage option would be the optimal solution?
Amazon EBS Provisioned IOPS SSD (io1) Amazon FSx for Lustre Amazon Elastic File System (Amazon EFS) Amazon EC2 instance store
16. A company runs an application in a branch office within a small data closet with no virtualized compute resources. The application data is stored on an NFS volume. Compliance standards require a daily offsite backup of the NFS volume. Which solution meet these requirements?
Install an AWS Storage Gateway file gateway hardware appliance on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway volume gateway with stored volumes on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway volume gateway with cached volumes on premises to replicate the data to Amazon S3. Install an AWS Storage Gateway file gateway on premises to replicate the data to Amazon S3.
17. A solutions architect is designing an application for a two-step order process. The first step is synchronous and must return to the user with little latency. The second step takes longer, so it will be implemented in a separate component. Orders must be processed exactly once and in the order in which they are received. How should the solutions architect integrate these components?
Use an AWS Lambda function along with Amazon SQS standard queues. Create an SNS topic and subscribe an Amazon SQS Standard queue to that topic. Create an SNS topic and subscribe an Amazon SQS FIFO queue to that topic. Use Amazon SQS FIFO queues.
18. A solutions architect at an ecommerce company wants to back up application log data to Amazon S3. The solutions architect is unsure how frequently the logs will be accessed or which logs will be accessed the most. The company wants to keep costs as low as possible by using the appropriate S3 storage class. Which S3 storage class should be implemented to meet these requirements?
S3 Standard-Infrequent Access (S3 Standard-IA) S3 Intelligent-Tiering S3 Glacier S3 One Zone-Infrequent Access (S3 One Zone-IA)
19. A solutions architect has created a new AWS account and must secure AWS account root user access.Which combination of actions will accomplish this? (Choose two.)
Apply the required permissions to the root user with an inline policy document. Store root user access keys in an encrypted Amazon S3 bucket. Add the root user to a group containing administrative permissions. Ensure the root user uses a strong password. Enable multi-factor authentication to the root user.
20. A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time. What should a solutions architect propose to ensure users see all of their documents at once?
Copy the data so both EBS volumes contain all the documents. Configure the Application Load Balancer to direct a user to the server with the documents. Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS. Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server.
21. A company?€™s production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance. The company is launching a new reporting tool that will access the same data. The reporting tool must be highly available and not impact the performance of the production application. How can this be achieved?
Create multiple RDS Read Replicas of the production RDS DB instance. Place the Read Replicas in an Auto Scaling group. Create a Single-AZ RDS Read Replica of the production RDS DB instance. Create a second Single-AZ RDS Read Replica from the replica. Create hourly snapshots of the production RDS DB instance. Create a Multi-AZ RDS Read Replica of the production RDS DB instance.
22. A company is running an ecommerce application on Amazon EC2. The application consists of a stateless web tier that requires a minimum of 10 instances, and a peak of 250 instances to support the application?€™s usage. The application requires 50 instances 80% of the time. Which solution should be used to minimize costs?
Purchase Reserved Instances to cover 250 instances. Purchase On-Demand Instances to cover 40 instances. Use Spot Instances to cover the remaining instances. Purchase Reserved Instances to cover 80 instances. Use Spot Instances to cover the remaining instances. Purchase Reserved Instances to cover 50 instances. Use On-Demand and Spot Instances to cover the remaining instances.
23. A company runs an internal browser-based application. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group across multiple Availability Zones. The Auto Scaling group scales up to 20 instances during work hours, but scales down to 2 instances overnight. Staff are complaining that the application is very slow when the day begins, although it runs well by mid-morning. How should the scaling be changed to address the staff complaints and keep costs to a minimum?
Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period. Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens. Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens. Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
24. A company?€™s website is using an Amazon RDS MySQL Multi-AZ DB instance for its transactional data storage. There are other internal systems that query this DB instance to fetch data for internal batch processing. The RDS DB instance slows down significantly when the internal systems fetch data. This impacts the website?€™s read and write performance, and the users experience slow response times. Which solution will improve the website's performance?
Use an RDS PostgreSQL DB instance instead of a MySQL database. Add a read replica to the RDS DB instance and configure the internal systems to query the read replica. Use Amazon ElastiCache to cache the query responses for the website. Add an additional Availability Zone to the current RDS MySQL Multi-AZ DB instance.
25. A web application is deployed in the AWS Cloud. It consists of a two-tier architecture that includes a web layer and a database layer. The web server is vulnerable to cross-site scripting (XSS) attacks. What should a solutions architect do to remediate the vulnerability?
Create a Classic Load Balancer. Put the web layer behind the load balancer and enable AWS WAF. Create an Application Load Balancer. Put the web layer behind the load balancer and enable AWS WAF. Create an Application Load Balancer. Put the web layer behind the load balancer and use AWS Shield Standard. Create a Network Load Balancer. Put the web layer behind the load balancer and enable AWS WAF.
26. A company is planning to use Amazon S3 to store images uploaded by its users. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys. What should a solutions architect use to accomplish this?
Server-Side Encryption with Customer-Provided Keys (SSE-C) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3) Server-Side Encryption with keys stored in an S3 bucket Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)
27. A security team to limit access to specific services or actions in all of the team?€™s AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained. What should a solutions architect do to accomplish this?
Create a service control policy in the root organizational unit to deny access to the services or actions. Create a security group to allow accounts and attach it to user groups. Create cross-account roles in each account to deny access to the services or actions. Create an ACL to provide access to the services or actions.
28. A company hosts a static website on-premises and wants to migrate the website to AWS. The website should load as quickly as possible for users around the world. The company also wants the most cost-effective solution. What should a solutions architect do to accomplish this?
Copy the website content to multiple Amazon EBS-backed Amazon EC2 instances running Apache HTTP Server in multiple AWS Regions. Configure Amazon CloudFront geolocation routing policies to select the closest origin. Copy the website content to an Amazon EBS-backed Amazon EC2 instance running Apache HTTP Server. Configure Amazon Route 53 geolocation routing policies to select the closest origin. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Replicate the S3 bucket to multiple AWS Regions. Copy the website content to an Amazon S3 bucket. Configure the bucket to serve static webpage content. Configure Amazon CloudFront with the S3 bucket as the origin.
29. A company has deployed an API in a VPC behind an internet-facing Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets behind a NAT gateway. When requests to the client application increase, the NAT gateway costs are higher than expected. A solutions architect has configured the ALB to be internal. Which combination of architectural changes will reduce the NAT gateway costs? (Choose two.)
Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address. Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address. Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address. Configure a VPC peering connection between the two VPCs. Access the API using the private address. Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address.
30. A company has a two-tier application architecture that runs in public and private subnets. Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet. The web application instances and the database are running in a single Availability Zone (AZ). Which combination of steps should a solutions architect take to provide high availability for this architecture? (Choose two.)
Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer. Create new public and private subnets in a new AZ. Create a database using Amazon EC2 in one AZ. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs. Create new public and private subnets in the same AZ for high availability.