Deck 9: AWS Certified Solutions Architect - Associate SAA-C02

A) Implement a scheduled action that sets the desired capacity to 20 shortly before the office opens.
B) Implement a step scaling action triggered at a lower CPU threshold, and decrease the cooldown period.
C) Implement a target tracking action triggered at a lower CPU threshold, and decrease the cooldown period.
D) Implement a scheduled action that sets the minimum and maximum capacity to 20 shortly before the office opens.

A) Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
B) Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
C) Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
D) Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.

A) Ensure the root user uses a strong password.
B) Enable multi-factor authentication to the root user.
C) Store root user access keys in an encrypted Amazon S3 bucket.
D) Add the root user to a group containing administrative permissions.
E) Apply the required permissions to the root user with an inline policy document.

A) Use a simple scaling policy to dynamically scale the Auto Scaling group.
B) Use a target tracking policy to dynamically scale the Auto Scaling group.
C) Use an AWS Lambda function to update the desired Auto Scaling group capacity.
D) Use scheduled scaling actions to scale up and scale down the Auto Scaling group.

A) Configure an Amazon CloudFront distribution in front of the ALB.
B) Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization.
C) Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule.
D) Configure Amazon ElastiCache to remove some of the workload from the EC2 instances.

A) Use Amazon EC2 instances to manipulate the original image into the requested customization. Store the original and manipulated images in Amazon S3. Configure an Elastic Load Balancer in front of the EC2 instances.
B) Use AWS Lambda to manipulate the original image to the requested customization. Store the original and manipulated images in Amazon S3. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
C) Use AWS Lambda to manipulate the original image to the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Elastic Load Balancer in front of the Amazon EC2 instances.
D) Use Amazon EC2 instances to manipulate the original image into the requested customization. Store the original images in Amazon S3 and the manipulated images in Amazon DynamoDB. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.

A) Create an Amazon CloudFront distribution and configure the ALB as an origin. Then update the Amazon Route 53 record to point to the CloudFront distribution.
B) Create a latency-based Amazon Route 53 record for the ALB. Then launch new EC2 instances with larger instance sizes and register the instances with the ALB.
C) Launch new EC2 instances hosting the same web application in different Regions closer to the users. Then register instances with the same ALB using cross-Region VPC peering.
D) Host the website in an Amazon S3 bucket in the Regions closest to the users and delete the ALB and EC2 instances. Then update an Amazon Route 53 record to point to the S3 buckets.

A) Detach a volume on an EC2 instance and copy it to Amazon S3.
B) Launch a new EC2 instance from an Amazon Machine Image (AMI) in a new Region.
C) Launch a new EC2 instance in a new Region and copy a volume from Amazon S3 to the new instance.
D) Copy an Amazon Machine Image (AMI) of an EC2 instance and specify a different Region for the destination.
E) Copy an Amazon Elastic Block Store (Amazon EBS) volume from Amazon S3 and launch an EC2 instance in the destination Region using that EBS volume.

A) Modify the ALB security group to deny incoming traffic from blocked countries.
B) Modify the security group for EC2 instances to deny incoming traffic from blocked countries.
C) Use Amazon CloudFront to serve the application and deny access to blocked countries.
D) Use ALB listener rules to return access denied responses to incoming traffic from blocked countries.

A) AWS Fargate
B) AWS Lambda
C) Amazon DynamoDB
D) Amazon EC2 Auto Scaling
E) MySQL-compatible Amazon Aurora

A) Generate presigned URLs for the files.
B) Use cross-Region replication to all Regions.
C) Use the geoproximity feature of Amazon Route 53.
D) Use Amazon CloudFront with the S3 bucket as its origin.

A) Configure an S3 interface endpoint.
B) Configure an S3 gateway endpoint.
C) Create an S3 bucket in a private subnet.
D) Create an S3 bucket in the same Region as the EC2 instance.

A) Store the data in an Amazon EBS volume. Mount the EBS volume on the application instances.
B) Store the data in an Amazon EFS file system. Mount the file system on the application instances.
C) Store the data in Amazon S3 Glacier. Update the vault policy to allow access to the application instances.
D) Store the data in Amazon S3 Standard-Infrequent Access (S3 Standard-IA). Update the bucket policy to allow access to the application instances.

A) Set up an Amazon API Gateway and use Amazon ECS.
B) Set up an Amazon API Gateway and use AWS Elastic Beanstalk.
C) Set up an Amazon API Gateway and use AWS Lambda functions.
D) Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling.

A) Import the data into an Amazon DynamoDB table with provisioned capacity. Refactor the application to use DynamoDB for reports.
B) Create the database on a compute optimized Amazon EC2 instance. Ensure compute resources exceed the on-premises database.
C) Create an Amazon Aurora MySQL Multi-AZ DB cluster with multiple read replicas. Configure the application to use the reader endpoint for reports.
D) Create an Amazon Aurora MySQL Multi-AZ DB cluster. Configure the application to use the backup instance of the cluster as an endpoint for the reports.

A) Amazon EFS
B) Amazon FSx
C) Amazon S3
D) AWS Storage Gateway

A) Amazon EC2
B) AWS Lambda
C) Amazon Kinesis Data Streams
D) Amazon Kinesis Data Firehose
E) Amazon Kinesis Data Analytics

A) AWS Direct Connect for both the initial transfer and ongoing connectivity.
B) AWS Site-to-Site VPN for both the initial transfer and ongoing connectivity.
C) AWS Snowball for the initial transfer and AWS Direct Connect for ongoing connectivity.
D) AWS Snowball for the initial transfer and AWS Site-to-Site VPN for ongoing connectivity.

A) Enable default encryption for the Amazon S3 bucket where backups are stored.
B) Modify the backup section of the database configuration to toggle the Enable encryption check box.
C) Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot.
D) Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance.

A) Copy the data so both EBS volumes contain all the documents.
B) Configure the Application Load Balancer to direct a user to the server with the documents.
C) Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS.
D) Configure the Application Load Balancer to send the request to both servers. Return each document from the correct server.

A) Attach a resource-based policy to the S3 bucket.
B) Create an IAM user for the application with specific permissions to the S3 bucket.
C) Associate an IAM role with least privilege permissions to the EC2 instance profile.
D) Store AWS credentials directly on the EC2 instance for applications on the instance to use for API calls.

A) Create an Amazon SNS topic to send an alert every time a developer creates a new policy.
B) Use service control policies to disable IAM activity across all account in the organizational unit.
C) Prevent the developers from attaching any policies and assign all IAM duties to the security operations team.
D) Set an IAM permissions boundary on the developer IAM role that explicitly denies attaching the administrator policy.

A) Use Amazon S3 to serve the front-end application, which sends requests to Amazon EC2 to execute the backend application. The backend application will process and store the data in Amazon RDS.
B) Use Amazon S3 to serve the front-end application and write requests to an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe Amazon EC2 instances to the HTTP/HTTPS endpoint of the topic, and process and store the data in Amazon RDS.
C) Use an EC2 instance to serve the front end and write requests to an Amazon SQS queue. Place the backend instance in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.
D) Use Amazon S3 to serve the static front-end application and send requests to Amazon API Gateway, which writes the requests to an Amazon SQS queue. Place the backend instances in an Auto Scaling group, and scale based on the queue depth to process and store the data in Amazon RDS.

A) Enable a read-only bucket ACL.
B) Enable versioning on the bucket.
C) Attach an IAM policy to the bucket.
D) Enable MFA Delete on the bucket.
E) Encrypt the bucket using AWS KMS.

A) Create new public and private subnets in the same AZ for high availability.
B) Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs.
C) Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer.
D) Create new public and private subnets in a new AZ. Create a database using Amazon EC2 in one AZ.
E) Create new public and private subnets in the same VPC, each in a new AZ. Migrate the database to an Amazon RDS multi-AZ deployment.

A) Server-Side Encryption with keys stored in an S3 bucket
B) Server-Side Encryption with Customer-Provided Keys (SSE-C)
C) Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
D) Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

A) Launch the application on EC2 instances in each Availability Zone. Attach EBS volumes to each EC2 instance.
B) Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Mount an instance store on each EC2 instance.
C) Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data on Amazon EFS and mount a target on each instance.
D) Create an Application Load Balancer with Auto Scaling groups across multiple Availability Zones. Store data using Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).

A) Configure a VPC peering connection between the two VPCs. Access the API using the private address.
B) Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address.
C) Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address.
D) Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address.
E) Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address.

A) Create an ACL to provide access to the services or actions.
B) Create a security group to allow accounts and attach it to user groups.
C) Create cross-account roles in each account to deny access to the services or actions.
D) Create a service control policy in the root organizational unit to deny access to the services or actions.

A) Enable public read on the S3 object and provide the link to the vendor.
B) Upload the file to Amazon WorkDocs and share the public link with the vendor.
C) Generate a presigned URL and have the vendor download the log file before it expires.
D) Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.

A) Spot Instances
B) On-Demand Instances
C) Standard Reserved Instances
D) Scheduled Reserved Instances

A) Use Amazon S3 to host the front-end layer and AWS Lambda functions for the backend layer. Move the database to an Amazon DynamoDB table and use Amazon S3 to store and serve users' images.
B) Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with multiple read replicas to store and serve users' images.
C) Use Amazon S3 to host the front-end layer and a fleet of Amazon EC2 instances in an Auto Scaling group for the backend layer. Move the database to a memory optimized instance type to store and serve users' images.
D) Use load-balanced Multi-AZ AWS Elastic Beanstalk environments for the front-end and backend layers. Move the database to an Amazon RDS instance with a Multi-AZ deployment. Use Amazon S3 to store and serve users' images.

A) Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage.
B) Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage.
C) Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
D) Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic.

A) Use a database in Amazon RDS with Multi-AZ and at least one read replica.
B) Use a database in Amazon RDS with Multi-AZ and at least one standby replica.
C) Use databases hosted on multiple Amazon EC2 instances in different AWS Regions.
D) Use databases hosted on Amazon EC2 instances behind an Application Load Balancer in different Availability Zones.

A) Redesign the application to use Amazon CloudFront.
B) Redesign the application to use AWS Elastic Beanstalk.
C) Redesign the application to use a Network Load Balancer.
D) Redesign the application to use Amazon S3 static website hosting.

A) Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Create a bucket policy to enforce a VPC endpoint.
B) Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce a VPC endpoint.
C) Mount the network-attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
D) Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.

A) Amazon RDS for MySQL
B) Amazon RDS for PostgreSQL.
C) Amazon ElastiCache for Redis
D) Amazon ElastiCache for Memcached

A) Create an Auto Scaling group that uses three instances across each of two Regions.
B) Modify the Auto Scaling group to use three instances across each of two Availability Zones.
C) Create an Auto Scaling template that can be used to quickly create more instances in another Region.
D) Change the ALB in front of the Amazon EC2 instances in a round-robin configuration to balance traffic to the web tier.

A) Purchase Reserved Instances to cover 250 instances.
B) Purchase Reserved Instances to cover 80 instances. Use Spot Instances to cover the remaining instances.
C) Purchase On-Demand Instances to cover 40 instances. Use Spot Instances to cover the remaining instances.
D) Purchase Reserved Instances to cover 50 instances. Use On-Demand and Spot Instances to cover the remaining instances.

A) Create RDS read replicas and redirect read-only traffic to the read replica endpoints. Enable a Multi-AZ deployment.
B) Create an Amazon EMR cluster and migrate the data to a Hadoop Distributed File System (HDFS) with a replication factor of 3.
C) Create an Amazon ElastiCache cluster and redirect all read-only traffic to the cluster. Set up the cluster to be deployed in three Availability Zones.
D) Create an Amazon DynamoDB table to replace the RDS instance and redirect all read-only traffic to the DynamoDB table. Enable DynamoDB Accelerator to offload traffic from the main table.

A) Store the video archives in Amazon S3 Glacier and use Expedited retrievals.
B) Store the video archives in Amazon S3 Glacier and use Standard retrievals.
C) Store the video archives in Amazon S3 Standard-Infrequent Access (S3 Standard-IA).
D) Store the video archives in Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA).

A) Deploy an AWS DataSync agent for the on-premises environment. Configure a sync job to replicate the data and connect it with an AWS service endpoint.
B) Deploy an AWS DataSync agent for the on-premises environment. Schedule a batch job to replicate point-in-time snapshots to AWS.
C) Deploy an AWS Storage Gateway volume gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-time snapshots to AWS.
D) Deploy an AWS Storage Gateway file gateway for the on-premises environment. Configure it to store data locally, and asynchronously back up point-in-time snapshots to AWS.

A) Increase the minimum capacity for the Auto Scaling group.
B) Increase the maximum capacity for the Auto Scaling group.
C) Configure scheduled scaling to scale up to the desired compute level.
D) Change the scaling policy to add more EC2 instances during each scaling operation.

A) Use a scheduled AWS Lambda function and execute a script remotely on all EC2 instances to send data to the audit system.
B) Use EC2 Auto Scaling lifecycle hooks to execute a custom script to send data to the audit system when instances are launched and terminated.
C) Use an EC2 Auto Scaling launch configuration to execute a custom script through user data to send data to the audit system when instances are launched and terminated.
D) Execute a custom script on the instance operating system to send data to the audit system. Configure the script to be executed by the EC2 Auto Scaling group when the instance starts and is terminated.

A) Use a VPC endpoint for DynamoDB.
B) Use a NAT gateway in a public subnet.
C) Use a NAT instance in a private subnet.
D) Use the internet gateway attached to the VPC.

A) Configure the security group for the EC2 instances.
B) Configure the security group on the Application Load Balancer.
C) Configure AWS WAF on the Application Load Balancer in a VPC.
D) Configure the network ACL for the subnet that contains the EC2 instances.

A) Use AWS Snowmobile to ship the data to AWS.
B) Order multiple AWS Snowball devices to ship the data to AWS.
C) Enable Amazon S3 Transfer Acceleration and securely upload the data.
D) Create an Amazon S3 VPC endpoint and establish a VPN to upload the data.

A) Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days.
B) Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.
C) Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
D) Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.

A) Create another SQS queue. Update the S3 events in the bucket to also update the new queue when a new object is created.
B) Create a new SQS queue that only allows Amazon S3 to access the queue. Update Amazon S3 to update this queue when a new object is created.
C) Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Updates both queues to poll Amazon SNS.
D) Create an Amazon SNS topic and SQS queue for the bucket updates. Update the bucket to send events to the new topic. Add subscriptions for both queues in the topic.

A) Store the password in AWS CloudHSM. Associate the Lambda function with a role that can retrieve the password from CloudHSM given its key ID.
B) Store the password in AWS Secrets Manager. Associate the Lambda function with a role that can retrieve the password from Secrets Manager given its secret ID.
C) Move the database password to an environment variable associated with the Lambda function. Retrieve the password from the environment variable upon execution.
D) Store the password in AWS Key Management Service (AWS KMS). Associate the Lambda function with a role that can retrieve the password from AWS KMS given its key ID.

A) Create an Amazon EFS file system and mount it from each EC2 instance.
B) Create an Amazon S3 bucket and permit access from all the EC2 instances in the VPC.
C) Create a file system on an Amazon EBS Provisioned IOPS SSD (io1) volume. Attach the volume to all the EC2 instances.
D) Create file systems on Amazon EBS volumes attached to each EC2 instance. Synchronize the Amazon EBS volumes across the different EC2 instances.

A) Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier using lifecycle policy.
B) Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days, transition the data to Amazon S3 Glacier using a lifecycle policy.
C) Use Amazon S3 with cross-Region replication enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Achieve using a lifecycle policy.
D) Use Amazon S3 with cross-origin resource sharing (CORS) enabled. After 30 days, transition the data to Amazon S3 Glacier Deep Archive using a lifecycle policy.

A) Cache query data in Amazon SQS
B) Create a read replica to offload queries
C) Migrate the database to Amazon Athena
D) Implement Amazon DynamoDB Accelerator to cache data.
E) Migrate the database to Amazon RDS

A) Create an Amazon S3 bucket for the application and establish an IAM role for Fargate to communicate with Amazon S3.
B) Create an Amazon FSx for Lustre file share and establish an IAM role that allows Fargate to communicate with FSx for Lustre.
C) Create an Amazon Elastic File System (Amazon EFS) file share and establish an IAM role that allows Fargate to communicate with Amazon EFS.
D) Create an Amazon Elastic Block Store (Amazon EBS) volume for the application and establish an IAM role that allows Fargate to communicate with Amazon EBS.

A) DEV with Spot Instances and PROD with On-Demand Instances
B) DEV with On-Demand Instances and PROD with Spot Instances
C) DEV with Scheduled Reserved Instances and PROD with Reserved Instances
D) DEV with On-Demand Instances and PROD with Scheduled Reserved Instances

A) S3 Standard
B) S3 Intelligent-Tiering
C) S3 Standard-Infrequent Access (S3 Standard-IA)
D) S3 One Zone-Infrequent Access (S3 One Zone-IA)

A) Add a rule in the inbound table of the security to deny the traffic from that CIDR range.
B) Add a rule in the outbound table of the security group to deny the traffic from that CIDR range.
C) Add a deny rule in the inbound table of the network ACL with a lower number than other rules.
D) Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules.

A) Use AWS Snowball.
B) Use AWS DataSync.
C) Use a secure VPN connection.
D) Use Amazon S3 Transfer Acceleration.

A) Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with data events.
B) Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
C) Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
D) Use AWS Storage Gateway to move existing data to AWS. Use Amazon Elastic Block Store (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging.

A) Enable public access on an Amazon S3 bucket.
B) Generate a presigned URL to share with the users.
C) Encrypt files using AWS KMS and provide keys to the users.
D) Create and assign IAM roles that will grant GetObject permissions to the users.

A) Replace the SQS queue with Amazon Kinesis Data Firehose.
B) Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier.
C) Add an Amazon CloudFront distribution to cache the responses for the web tier.
D) Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.

A) Set up a VPC peering connection between VPC-A and VPC-B.
B) Set up VPC gateway endpoints for the EC2 instance running in VPC-B.
C) Attach a virtual private gateway to VPC-B and enable routing from VPC-A.
D) Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B.

A) Create a Network Load Balancer backed by an Auto Scaling group with a UDP listener.
B) Create a Network Load Balancer backed by a Spot Fleet with instances in a partition placement group.
C) Create a Network Load Balancer backed by the existing servers in different Availability Zones as the target.
D) Create a Network Load Balancer backed by an Auto Scaling group with instances in multiple Availability Zones as the target.

A) Enable an ALB health check
B) Enable an Amazon Route 53 health check.
C) Crate an CNAME record on Amazon Route 53 pointing to the ALB endpoint.
D) Create conditional forwarding rules on Amazon Route 53 pointing to an internal BIND DNS server.

A) Configure Amazon DynamoDB Accelerator (DAX) for the new messages table. Update the code to use the DAX endpoint.
B) Add DynamoDB read replicas to handle the increased read load. Update the application to point to the read endpoint for the read replicas.
C) Double the number of read capacity units for the new messages table in DynamoDB. Continue to use the existing DynamoDB endpoint.
D) Add an Amazon ElastiCache for Redis cache to the application stack. Update the application to point to the Redis cache endpoint instead of DynamoDB.

A) Use Amazon S3 website hosting for the backup website and Route 53 failover routing policy.
B) Use Amazon S3 website hosting for the backup website and Route 53 latency routing policy.
C) Deploy the application in another AWS Region and use ELB health checks for failover routing.
D) Deploy the application in another AWS Region and use server-side redirection on the primary website.

A) Create a VPC endpoint for Amazon S3.
B) Enable server access logging on the bucket.
C) Apply a bucket policy to restrict access to the S3 endpoint.
D) Add an S3 ACL to the bucket that has sensitive information.
E) Restrict users using the IAM policy to use the specific bucket.

A) Amazon S3
B) AWS Secrets Manager
C) AWS Systems Manager Parameter store
D) AWS Key Management Service (AWS KMS)

A) Deploy Amazon S3 Glacier Vault and enable expedited retrieval. Enable provisioned retrieval capacity for the workload.
B) Deploy AWS Storage Gateway using cached volumes. Use Storage Gateway to store data in Amazon S3 while retaining copies of frequently accessed data subsets locally.
C) Deploy AWS Storage Gateway using stored volumes to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.
D) Deploy AWS Direct Connect to connect with the on-premises data center. Configure AWS Storage Gateway to store data locally. Use Storage Gateway to asynchronously back up point-in-time snapshots of the data to Amazon S3.

A) AWS CloudHSM with the CloudHSM client
B) AWS Key Management Service (AWS KMS) with AWS CloudHSM
C) AWS Key Management Service (AWS KMS) with an external key material origin
D) AWS Key Management Service (AWS KMS) with AWS managed customer master keys (CMKs)

A) Use Lambda@Edge for CloudFront.
B) Use Amazon S3 Transfer Acceleration for CloudFront.
C) Configure another EC2 instance in a different Availability Zone as part of the origin group.
D) Configure another EC2 instance as part of the origin server cluster in the same Availability Zone.

A) Use Amazon Aurora with Multi-AZ Aurora Replicas and restore from mysqldump for the test database.
B) Use Amazon Aurora with Multi-AZ Aurora Replicas and restore snapshots from Amazon RDS for the test database.
C) Use Amazon RDS for MySQL with a Multi-AZ deployment and read replicas, and use the standby instance for the test database.
D) Use Amazon RDS for SQL Server with a Multi-AZ deployment and read replicas, and restore snapshots from RDS for the test database.

A) Configure Amazon CloudFront with the existing website as the origin.
B) Move the website to Amazon EC2 with Amazon EBS volumes for storage.
C) Use AWS Global Accelerator and specify the existing website as the endpoint.
D) Rearchitect the website to run on a combination of Amazon API Gateway and AWS Lambda.

A) Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
B) Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.
C) Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.
D) Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.
E) Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.

A) Amazon EBS for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage
B) Amazon EBS for maximum performance, Amazon EFS for durable data storage, and Amazon S3 Glacier for archival storage
C) Amazon EC2 instance store for maximum performance, Amazon EFS for durable data storage, and Amazon S3 for archival storage
D) Amazon EC2 instance store for maximum performance, Amazon S3 for durable data storage, and Amazon S3 Glacier for archival storage

A) Implement Amazon SNS to store the database calls.
B) Implement Amazon ElastiCache to cache the large datasets.
C) Implement an RDS for MySQL read replica to cache database calls.
D) Implement Amazon Kinesis Data Firehose to stream the calls to the database.

A) Create a private hosted zone using Amazon Route 53.
B) Configure a VPC gateway endpoint for Amazon S3 in the VPC.
C) Configure AWS PrivateLink between the EC2 instance and the S3 bucket.
D) Set up a site-to-site VPN connection between the VPC and the S3 bucket.

A) Server-side encryption with customer-provided encryption keys
B) Client-side encryption with Amazon S3 managed encryption keys
C) Server-side encryption with keys stored in AWS key Management Service (AWS KMS)
D) Client-side encryption with a master key stored in AWS Key Management Service (AWS KMS)

A) Deploy AWS Certificate Manager to generate certificates. Use the certificates to encrypt the database volume.
B) Deploy AWS CloudHSM, generate encryption keys, and use the customer master key (CMK) to encrypt database volumes.
C) Configure SSL encryption using AWS Key Management Service customer master keys (AWS KMS CMKs) to encrypt database volumes.
D) Configure Amazon Elastic Block Store (Amazon EBS) encryption and Amazon RDS encryption with AWS Key Management Service (AWS KMS) keys to encrypt instance and database volumes.