AWS Certified Solutions Architect – Associate Complete Solution 2022

AWS Certified Solutions Architect – Associate Complete Solution 2022 You are consulting for a finance company that has specific backup and archiving policies. Financial documents for the past six months may need t ...

AWS Certified Solutions Architect – Associate Complete Solution 2022 You are consulting for a finance company that has specific backup and archiving policies. Financial documents for the past six months may need to be accessed frequently. You need to configure a setup that automatically sends any documents that are older than six months to a lower-cost, but highly durable, environment for archiving. Given that the company is using a Storage Gateway in File Gateway configuration, which of the following would be the best setup to reach the objectives? - Answer- Enable S3 versioning with a lifecycle policy that sends objects older than six months to Amazon Glacier You business operates in a very security sensitive industry. You are looking at how to secure a small VPC. Your environment consists of a single S3 bucket, and an EC2 instance running in a internet connected VPC. What is the best way to lock down the environment, allowing access to S3 but keeping the environment as secure as possible? - Answer- Create an S3 VPC endpoint. Apply a policy restricting access to the S3 bucket from the VPC endpoint, and remove the internet gateway. Setup a VPN Endpoint and client to securely SSH into the EC2 instance when needed. You need to migrate a legacy application into AWS. It currently runs on a Linux operating system and has a requirement for iSCSI based block storage. Which AWS Service would you utilise to meet this requirement? - Answer- Storage Gateway Which of the following AWS storage services are able to be natively mounted as mount points on a Linux system. - Answer- - Instance Store - EBS - EFS Which of the following are AWS managed services that can allow host access to instances running on the respective services? (Choose all that apply) - Answer- - Amazon EC2 - Amazon EMR You have inherited a VPC which has a CIDR of 10.0.0.0/16. You need to design a subnet layout which allows for four availability zones to be used. Which option below is valid for this criteria? Pick the one which uses the least number of subnets to decrease management overhead. - Answer- Create four subnets: 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24, and put each one in its own availability zone. You are designing a VPC to host a small application. The VPC will be connected back to your on-premises network using a VPN. An EC2 instance runs the application, and will only need to connect to the internet for software updates. You have a list of the software update DNS names. How can you restrict this within the AWS VPC? - Answer- Add an internet gateway to the VPC, and a proxy service running on a EC2 instance in a public subnet with an elastic IP. You will have an application running on an EC2 instance. The instance will be in a private subnet. Outside of NACL's and Security groups being in place, what else is needed to provide Internet access for the EC2 instance? - Answer- VPC, Subnets, Route Table(s), Nat Gateway, and Internet Gateway. You've been asked to host a docker container within your AWS environment. What is the most appropriate product to use for this task? - Answer- ECS Which of the following EC2 metrics will NOT be automatically collected by CloudWatch? - Answer- - The number of running processes on the instance - Average Memory Utilization Your business has two EC2 instances, one is located in us-east, the other in uswest. You want to allow both machines to communicate with each other. Instances in either VPC need to be able to communicate with each other as if they are within the same network. What solution would you recommend? - Answer- Configure an interregion VPC peer between the VPCs and allow communications using the private IP addresses of the instances. Currently, you're helping to design and architect a highly-available application. After building the initial environment, you've found that part of your application does not work correctly until port 443 is added to the security group. After adding port 443 to the appropriate security group, how much time will it take before the changes are applied and the application begins working correctly? - Answer- Changes apply instantly to the security group, and the application should be able to immediately respond to 443 requests. Your businesses risk team has asked you to add additional resiliency to a critical business application. The application uses RDS and the MySQL engine and is based in us-east-1. The risk team would like to protect the application against an AZ failure and region issues, and wants to do it in a way which is as cost effective as possible. What two options could you suggest? - Answer- - Enable Multi-AZ mode in two AZs to protect against an AZ failure within the us-east-1 region. - Add one or more read replicas in other regions. You have been asked to design an upgrade to a legacy environment running in an AWS VPC. There will be an EC2 instance in each AZ's private subnet. The region the environment is in has four AZs. The VPC has eight subnets, four private (one in each AZ) and four public (one in each AZ). You have been asked to ensure the solution uses NAT gateways and that if any AZ fails, an instance in the other AZs can ALWAYS access the internet. What is the minimum number of NAT Gateways required? - Answer- 4 - Each is located in a single , but different public subnet. Each private subnet is set to use the NAT gateway in the same AZ. CONTINUES.....