- Email support@dumps4free.com
Topic 1: Exam Pool A
An international delivery company hosts a delivery management system on AWS. Drivers
use the system to upload confirmation of delivery. Confirmation includes the recipient's
signature or a photo of the package with the recipient. The driver's handheld device
uploads signatures and photos through FTP to a single Amazon EC2 instance. Each
handheld device saves a file in a directory based on the signed-in user, and the file name
matches the delivery number. The EC2 instance then adds metadata to the file after
querying a central database to pull delivery information. The file is then placed in Amazon
S3 for archiving.
As the company expands, drivers report that the system is rejecting connections. The FTP
server is having problems because of dropped connections and memory issues. In
response to these problems, a system engineer schedules a cron task to reboot the EC2
instance every 30 minutes. The billing team reports that files are not always in the archive
and that the central system is not always updated.
A solutions architect needs to design a solution that maximizes scalability to ensure that the archive always receives the files and that systems are always updated. The handheld
devices cannot be modified, so the company cannot deploy a new application.
Which solution will meet these requirements?
A. Create an AMI of the existing EC2 instance. Create an Auto Scaling group of EC2 instances behind an Application Load Balancer. Configure the Auto Scaling group to have a minimum of three instances.
B. Use AWS Transfer Family to create an FTP server that places the files in Amazon Elastic File System (Amazon EFS). Mount the EFS volume to the existing EC2 instance. Point the EC2 instance to the new path for file processing.
C. Use AWS Transfer Family to create an FTP server that places the files in Amazon S3. Use an S3 event notification through Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function. Configure the Lambda function to add the metadata and update the delivery system.
D. Update the handheld devices to place the files directly in Amazon S3. Use an S3 event notification through Amazon Simple Queue Service (Amazon SQS) to invoke an AWS Lambda function. Configure the Lambda function to add the metadata and update the delivery system.
Explanation: Using AWS Transfer Family to create an FTP server that places the files in Amazon S3 and using S3 event notifications through Amazon Simple Notification Service (Amazon SNS) to invoke an AWS Lambda function will ensure that the archive always receives the files and that the central system is always updated. This solution maximizes scalability and eliminates the need for manual intervention, such as rebooting the EC2 instance.
A company recently completed the migration from an on-premises data center to the AWS
Cloud by using a replatforming strategy. One of the migrated servers is running a legacy
Simple Mail Transfer Protocol (SMTP) service that a critical application relies upon. The
application sends outbound email messages to the company’s customers. The legacy
SMTP server does not support TLS encryption and uses TCP port 25. The application can
use SMTP only.
The company decides to use Amazon Simple Email Service (Amazon SES) and to
decommission the legacy SMTP server. The company has created and validated the SES
domain. The company has lifted the SES limits.
What should the company do to modify the application to send email messages from
Amazon SES?
A. Configure the application to connect to Amazon SES by using TLS Wrapper. Create an IAM role that has ses:SendEmail and ses:SendRawEmail permissions. Attach the IAM role to an Amazon EC2 instance.
B. Configure the application to connect to Amazon SES by using STARTTLS. Obtain Amazon SES SMTP credentials. Use the credentials to authenticate with Amazon SES.
C. Configure the application to use the SES API to send email messages. Create an IAM role that has ses:SendEmail and ses:SendRawEmail permissions. Use the IAM role as a service role for Amazon SES.
D. Configure the application to use AWS SDKs to send email messages. Create an IAM user for Amazon SES. Generate API access keys. Use the access keys to authenticate with Amazon SES.
Explanation: To set up a STARTTLS connection, the SMTP client connects to the Amazon SES SMTP endpoint on port 25, 587, or 2587, issues an EHLO command, and waits for the server to announce that it supports the STARTTLS SMTP extension. The client then issues the STARTTLS command, initiating TLS negotiation. When negotiation is complete, the client issues an EHLO command over the new encrypted connection, and the SMTP session proceeds normally To set up a TLS Wrapper connection, the SMTP client connects to the Amazon SES SMTP endpoint on port 465 or 2465. The server presents its certificate, the client issues an EHLO command, and the SMTP session proceeds normally.
A company is processing videos in the AWS Cloud by using Amazon EC2 instances in an
Auto Scaling group. It takes 30 minutes to process a video. Several EC2 instances scale in
and out depending on the number of videos in an Amazon Simple Queue Service (Amazon
SQS) queue.
The company has configured the SQS queue with a redrive policy that specifies a target
dead-letter queue and a maxReceiveCount of 1. The company has set the visibility timeout
for the SQS queue to 1 hour. The company has set up an Amazon CloudWatch alarm to
notify the development team when there are messages in the dead-letter queue.
Several times during the day, the development team receives notification that messages are in the dead-letter queue and that videos have not been processed properly. An
investigation finds no errors in the application logs.
How can the company solve this problem?
A. Turn on termination protection for the EC2 instances.
B. Update the visibility timeout for the SOS queue to 3 hours.
C. Configure scale-in protection for the instances during processing.
D. Update the redrive policy and set maxReceiveCount to 0.
Explanation: The best solution for this problem is to update the visibility timeout for the SQS queue to 3 hours. This is because when the visibility timeout is set to 1 hour, it means that if the EC2 instance doesn't process the message within an hour, it will be moved to the dead-letter queue. By increasing the visibility timeout to 3 hours, this should give the EC2 instance enough time to process the message before it gets moved to the dead-letter queue. Additionally, configuring scale-in protection for the EC2 instances during processing will help to ensure that the instances are not terminated while the messages are being processed.
A company has an asynchronous HTTP application that is hosted as an AWS Lambda
function. A public Amazon API Gateway endpoint invokes the Lambda function. The
Lambda function and the API Gateway endpoint reside in the us-east-1 Region. A solutions
architect needs to redesign the application to support failover to another AWS Region.
Which solution will meet these requirements?
A. Create an API Gateway endpoint in the us-west-2 Region to direct traffic to the Lambda function in us-east-1. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
B. Create an Amazon Simple Queue Service (Amazon SQS) queue. Configure API Gateway to direct traffic to the SQS queue instead of to the Lambda function. Configure the Lambda function to pull messages from the queue for processing.
C. Deploy the Lambda function to the us-west-2 Region. Create an API Gateway endpoint in us-west-2 to direct traffic to the Lambda function in us-west-2. Configure AWS Global Accelerator and an Application Load Balancer to manage traffic across the two API Gateway endpoints.
D. Deploy the Lambda function and an API Gateway endpoint to the us-west-2 Region. Configure Amazon Route 53 to use a failover routing policy to route traffic for the two API Gateway endpoints.
Explanation:
This solution allows for deploying the Lambda function and API Gateway endpoint to
another region, providing a failover option in case of any issues in the primary region.
Using Route 53's failover routing policy allows for automatic routing of traffic to the healthy
endpoint, ensuring that the application is available even in case of issues in one region.
This solution provides a cost-effective and simple way to implement failover while
minimizing operational overhead.
A company has an organization that has many AWS accounts in AWS Organizations. A
solutions architect must improve how the company manages common security group rules
for the AWS accounts in the organization.
The company has a common set of IP CIDR ranges in an allow list in each AWS account to
allow access to and from the company's on-premises network.
Developers within each account are responsible for adding new IP CIDR ranges to their
security groups. The security team has its own AWS account. Currently, the security team
notifies the owners of the other AWS accounts when changes are made to the allow list.
The solutions architect must design a solution that distributes the common set of CIDR
ranges across all accounts.
Which solution meets these requirements with the LEAST amount of operational
overhead?
A. Set up an Amazon Simple Notification Service (Amazon SNS) topic in the security team's AWS account. Deploy an AWS Lambda function in each AWS account. Configure the Lambda function to run every time an SNS topic receives a message. Configure the Lambda function to take an IP address as input and add it to a list of security groups in the account. Instruct the security team to distribute changes by publishing messages to its SNS topic.
B. Create new customer-managed prefix lists in each AWS account within the organization. Populate the prefix lists in each account with all internal CIDR ranges. Notify the owner of each AWS account to allow the new customer-managed prefix list IDs in their accounts in their security groups. Instruct the security team to share updates with each AWS account owner.
C. Create a new customer-managed prefix list in the security team's AWS account. Populate the customer-managed prefix list with all internal CIDR ranges. Share the customer-managed prefix list with the organization by using AWS Resource Access Manager. Notify the owner of each AWS account to allow the new customer-managed prefix list ID in their security groups.
D. Create an IAM role in each account in the organization. Grant permissions to update security groups. Deploy an AWS Lambda function in the security team's AWS account. Configure the Lambda function to take a list of internal IP addresses as input, assume a role in each organization account, and add the list of IP addresses to the security groups in each account.
Explanation: Create a new customer-managed prefix list in the security team’s AWS account. Populate the customer-managed prefix list with all internal CIDR ranges. Share the customer-managed prefix list with the organization by using AWS Resource Access Manager. Notify the owner of each AWS account to allow the new customer-managed prefix list ID in their security groups. This solution meets the requirements with the least amount of operational overhead as it requires the security team to create and maintain a single customer-managed prefix list, and share it with the organization using AWS Resource Access Manager. The owners of each AWS account are then responsible for allowing the prefix list in their security groups, which eliminates the need for the security team to manually notify each account owner when changes are made. This solution also eliminates the need for a separate AWS Lambda function in each account, reducing the overall complexity of the solution.
| Page 9 out of 97 Pages |
| Previous |