| Question.96 A retail company is hosting an ecommerce website on AWS across multiple AWS Regions. The company wants the website to be operational at all times for online purchases. The website stores data in an Amazon RDS for MySQL DB instance. Which solution will provide the HIGHEST availability for the database? (A) Configure automated backups on Amazon RDS. In the case of disruption, promote an automated backup to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source. (B) Configure global tables and read replicas on Amazon RDS. Activate the cross-Region scope. In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region. (C) Configure global tables and automated backups on Amazon RDS. In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region. (D) Configure read replicas on Amazon RDS. In the case of disruption, promote a cross-Region and read replica to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source. |
96. Click here to View Answer
Answer: D
| Question.97 A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation. Which actions should a solutions architect lake to resolve the problem and prevent it from happening in the future? (Choose three.) (A) Create an AWS Config rule in each account to find resources with missing tags. (B) Create an SCP in the organization with a deny action for ec2:RunInstances if the Project tag is missing. (C) Use Amazon Inspector in the organization to find resources with missing tags. (D) Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing. (E) Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag. (F) Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag. |
97. Click here to View Answer
Answer: CDE
| Question.98 A company runs an application on a fleet of Amazon EC2 instances that are in private subnets behind an internet-facing Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. An AWS WAF web ACL that contains various AWS managed rules is associated with the CloudFront distribution. The company needs a solution that will prevent internet traffic from directly accessing the ALB. Which solution will meet these requirements with the LEAST operational overhead? (A) Create a new web ACL that contains the same rules that the existing web ACL contains. Associate the new web ACL with the ALB. (B) Associate the existing web ACL with the ALB. (C) Add a security group rule to the ALB to allow traffic from the AWS managed prefix list for CloudFront only. (D) Add a security group rule to the ALB to allow only the various CloudFront IP address ranges. |
98. Click here to View Answer
Answer: D
| Question.99 A solutions architect has implemented a SAML 2.0 federated identity solution with their company’s on-premises identity provider (IdP) to authenticate users’ access to the AWS environment. When the solutions architect tests authentication through the federated identity web portal, access to the AWS environment is granted. However, when test users attempt to authenticate through the federated identity web portal, they are not able to access the AWS environment. Which items should the solutions architect check to ensure identity federation is properly configured? (Choose three.) (A) The IAM user’s permissions policy has allowed the use of SAML federation for that user. (B) The IAM roles created for the federated users’ or federated groups’ trust policy have set the SAML provider as the principal.B. Test users are not in the AWSFederatedUsers group in the company’s IdP. (C) The web portal calls the AWS STS AssumeRoleWithSAML API with the ARN of the SAML provider, the ARN of the IAM role, and the SAML assertion from IdP. (D) The on-premises IdP’s DNS hostname is reachable from the AWS environment VPCs. (E) The company’s IdP defines SAML assertions that properly map users or groups. In the company to IAM roles with appropriate permissions. |
99. Click here to View Answer
Answer: BDF
| Question.100 A company is running an application in the AWS Cloud. The core business logic is running on a set of Amazon EC2 instances in an Auto Scaling group. An Application Load Balancer (ALB) distributes traffic to the EC2 instances. Amazon Route 53 record api.example.com is pointing to the ALB. The company’s development team makes major updates to the business logic. The company has a rule that when changes are deployed, only 10% of customers can receive the new logic during a testing window. A customer must use the same version of the business logic during the testing window. How should the company deploy the updates to meet these requirements? (A) Create a second ALB, and deploy the new logic to a set of EC2 instances in a new Auto Scaling group. Configure the ALB to distribute traffic to the EC2 instances. Update the Route 53 record to use weighted routing, and point the record to both of the ALBs. (B) Create a second target group that is referenced by the ALDeploy the new logic to EC2 instances in this new target group. Update the ALB listener rule to use weighted target groups. Configure ALB target group stickiness. (C) Create a new launch configuration for the Auto Scaling group. Specify the launch configuration to use the AutoScalingRollingUpdate policy, and set the MaxBatchSize option to 10. Replace the launch configuration on the Auto Scaling group. Deploy the changes. (D) Create a second Auto Scaling group that is referenced by the ALB. Deploy the new logic on a set of EC2 instances in this new Auto Scaling group. Change the ALB routing algorithm to least outstanding requests (LOR). Configure ALB session stickiness. |
100. Click here to View Answer
Answer: B