Resilient Architecture I

Equip yourself with the necessary understanding to confidently tackle exam questions by reviewing assessment questions and explanations against all options.

We'll cover the following

Question 1
Question 2
Question 3
Question 4
Question 5

Question 1

A game design studio runs a web application on multiple EC2 instances behind an Application Load Balancer (ALB); the instances are placed in an Auto Scaling group (ASG) across multiple Availability Zones (AZs). The Auto Scaling group (ASG) scales based on the CPU utilization. The studio uses a MySQL 8.0 database runnning on a large EC2 instance as the database for their application.

The database’s performance degrades quickly as the load increases. The application deals with more read requests than write transactions.

As a solutions architect, propose a combination of actions that will automatically scale and secure the database to meet the demand of unpredictable read requests while also securing the application from being vulnerable to SQL injections. (Select two options.)

A. Deploy Amazon Aurora with a Multi-AZ deployment. Configure Aurora Auto Scaling with Aurora Replicas.

B. Deploy a Mutli-Zone RDS with read replicas.

C. Attach AWS WAF in front of the ALB. Associate the appropriate web ACLs with AWS WAF.

D. Use AWS Shield to block the SQL injections automatically.

Question 2

A company has a three-tier shopping application. The application uses DynamoDB to store customer information. The team has devised a plan to counter data corruption. A solution is required that meets the recovery point objective (RPO) of 20 minutes and the recovery time objective (RTO) of 30 minutes.

As a solutions architect, you need to provide a solution that meets these requirements.

A. Configure DynamoDB global tables and point the application to different regions for RPO recovery.

B. Export the DynamoDB data to the S3 bucket daily. Restore to the desired point-in-time for RPO.

C. Configure DynamoDB point-in-time recovery. Restore to the desired point-in-time for RPO.

D. Schedule EBS snashots every 20 minunte of DynamoDB. Restore to the desired point-in-time for RPO by using an EBS snapshot.

Question 3

A company plans to migrate its Oracle database from on-premises to the AWS Cloud. The company wants a solution that allows them to upgrade the database to the most recent version available, maintain the underlying operating system themselves, and set up a disaster recovery (DR) plan. As a solutions architect, provide a solution to minimize the operational overhead for the day-to-day database operations and DR setup.

Which solution will meet these requirements?

A. Migrate the database to an Amazon EC2 instance and replicate it to different AWS Regions.

B. Migrate the database to an Amazon EC2 instance in an Auto Scaling group. Replicate the database to different AWS Regions.

C. Migrate the database to Amazon RDS for Oracle. Configure automated Cross-Region backups to replicate the Amazon RDS snapshot in different AWS Regions.

D. Migrate the database to Amazon RDS Custom for Oracle. Configure read replicas in other AWS Regions.

Question 4

A company has multiple containerized applications running on EC2 instances. The company plans to improve the overall security of its applications. To achieve this, applications must download the certificate before communicating with other applications. Applications must be able to encrypt/decrypt the certificate in near real-time. The application must store the data in an encrypted, highly available storage.

As a solutions architect, provide a solution to meet these requirements with the least operational overhead.

A. Configure AWS Secrets Manager for certificates. Store data in the Amazon S3 bucket and control access to the data using IAM access.

B. Configure an AWS Lambda function to use Python cryptography to encrypt and decrypt the certificates. Store data in the Amazon S3 bucket and control access to the data using AWS IAM access.

C. Configure an AWS Key Management Service customer-managed key. Allow EC2 to assume the role of using the KMS key. Store the encrypted data on Amazon S3.

D. Configure an AWS Key Management Service customer-managed key. Allow EC2 to assume the role of using the KMS key. Store the encrypted data on Amazon EBS.

Question 5

A company hosts multiple multi-tier web applications on AWS Cloud. The website is hosted on the Amazon S3 bucket and integrates with multiple APIs that handle sales. The APIs are hosted on the EC2 instances behind an Application Load Balancer. The company uses different EC2 instances in a private subnet as a database to store relational data.

As the company grows, the customer traffic on its web applications also grows, so the company plans to replace the existing system with a more scalable solution.

As a solutions architect, provide a solution to meet these requirements and guard against large-scale DDoS attacks.

A. Configure an Auto Scaling group to host APIs behind an Application Load Balancer. Configure the Application Load Balancer to direct requests from the APIs to the database. Use Amazon Guard to protect against DDoS attacks.

B. Configure the API Gateway for multiple APIs. Migrate the database from EC2 instances to Amazon RDS. Use Amazon Guard to protect against DDoS attacks.

C. Configure an Auto Scaling group to host APIs behind an Application Load Balancer. Configure a Network Load Balancer to direct requests from API to database. Place the S3 bucket behind a CloudFront distribution with AWS Shield configured to protect against DDoS attacks.

D. Configure an Auto Scaling group to host APIs behind an Application Load Balancer. Migrate the database from EC2 instances to Amazon RDS. Place the S3 bucket behind a CloudFront distribution with AWS Shield configured to protect against DDoS attacks.

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena