You are responsible for optimizing performance of a movie streaming website. Currently, you are working on the search functionality and have discovered that anytime the library database of titles is searched, the load on the database is reaching peak levels. Your current architecture consists of a PostgreSQL database on an extra-large instance. How would you update your architecture to better handle the load? (Choose two.)

1. Re-create the database instance on a larger instance using EBS volumes with provisioned IOPS as the volume type.
2. Add an RDS Multi-AZ setup to increase the read performance of the media library database.
3. Add an ElastiCache store to cache data because searches will often return common data over multiple reads.
4. Shard the database into multiple copies installed on multiple instances.

Which of the following are engines used by ElastiCache?

1. reddit, memcached
2. redis, memcached
3. Sharding, redis
4. memcached, Redshift

Which of the following are AWS-supported solutions for encrypting data at rest when that data is objects stored in S3 buckets? (Choose two.)

1. ElastiCache for memcached
2. AWS Key Management Service
3. Customer-provided keys
4. AWS Encryptic

You have been brought into a new organization with over 20 different AWS accounts. You are tasked with improving the cost management of the organization and want to recommend the use of AWS Organizations and the consolidated billing feature. Which of the following are advantages of consolidated billing that you could use to support your case? (Choose two.)

1. Multiple accounts can be combined and, through that combination, receive discounts that may reduce the total cost of all the accounts.
2. Traffic between accounts will not be subject to data transfer charges if those accounts are all in AWS Organizations.
3. All accounts in AWS Organizations will receive a 5% billing reduction in consolidated billing.
4. All accounts can be tracked individually and through a single tool.

You are tasked with improving security at an organization that has recently begun using the cloud. It has five developers, a financial manager, and two support engineers. Currently, all eight staff are using the AWS root user for their account. What changes would you make to improve security? (Choose two.)

1. Get all the users to download the AWS CLI and change the root password.
2. Create a new IAM user for each of the eight staff members and provide credentials to each user.
3. Put the five developers in the Power Users group, the financial manager in the Billing group, and the support engineers in the Support User group.
4. Create a new group with access to the IAM service and ensure that at least one developer is in that group.

You need to support a cluster of instances that will host a high-volume, high-load Oracle database installation. You cannot use RDS because of a custom plug-in that the database instances require. Which EBS volume type should you choose for the instances?

1. Cold HDD
2. Throughput Optimized HDD
3. General Purpose SSD
4. Provisioned IOPS SSD

You are responsible for a large AWS environment, and specifically, several subnets within a custom VPC. The VPC contains both public and private subnets. There are approximately 300 EC2 instances within one of the private subnets that uses a NAT device to reach the Internet. Each evening at 11 p.m., the instances push the day’s date to an external data store outside of AWS, available via an API that is Internet accessible. However, you are seeing that not all of the data is getting out each evening, and several of the instances show failed transmissions to the external API. Assuming the API itself is not an issue, what should you consider when attempting to fix this issue? (Choose two.)

1. The instances are saturating the VPC’s internet gateway. Consider attaching an additional internet gateway to the VPC.
2. The NAT device could be a NAT instance that is on an instance size too small to handle the traffic. Reprovision the NAT instance on a larger instance size with more CPU.
3. Set up an SQS queue with all the desired transmissions as entries in the queue. Have the EC2 instances poll the queue and transmit data until the queue is completely empty. Add a Lambda job to detect failed transmissions and re-add the failed operation to the SQS queue.
4. The instances cannot support the required throughput. Re-provision the instances to use EBS volumes with provisioned IOPS as the volume type.

Which of the following will AWS not allow with regard to EBS? (Choose two.)

1. Encrypt an existing EBS volume.
2. Create an unencrypted copy of an encrypted snapshot.
3. Attach an encrypted volume to an EC2 instance.
4. Create an encrypted copy of an unencrypted snapshot.

What is the URL at which an S3 bucket called photoData in the EU West 2 region is accessible for reading and writing, assuming permissions are correctly configured?

1. https://photoData.s3-eu-west-2.amazonaws.com
2. https://s3.eu-west-2.amazonaws.com/photoData
3. https://s3-eu-west-2.amazonaws.com/photoData
4. https://photoData.s3.eu-west-2.amazonaws.com

You are handling a logging update to a fleet of EC2 instances. You have set up a VPC flow log on the group of instances and now want to monitor these logs for a specific set of events, in particular security breaches. To where should the logs be forwarded?

1. RDS
2. S3
3. CloudWatch
4. RedShift

You want to provide task- and event-level tracking in a complex application. You’ve been asked to then attach custom code to these tasks and events. However, you are working on an MVP that needs to quickly go to market. Which AWS services would provide you with the most out-of-the-box functionality and require the least amount of infrastructure coding?

1. SQS, Lambda
2. SWF, CloudWatch
3. SWF, Lambda
4. Elastic Beanstalk, CloudWatch

You are troubleshooting a custom VPC with two subnets. One subnet contains database instances and is not Internet accessible. The other subnet has EC2 instances running web servers. The instances have elastic network interfaces assigned with public IP addresses. However, you are unable to access these instances from the Internet, and they cannot access Internet resources either. What might be causing these problems? (Choose two.)

1. The instances need to use public IP addresses, but not elastic network interfaces. Remove the elastic network interfaces.
2. The VPC needs an internet gateway. Attach an internet gateway and update the VPC’s routing tables to route Internet traffic from the instances through the internet gateway.
3. The instances are being prevented from accessing the Internet by the default security group they have been assigned. Add permissions to allow outgoing Internet traffic to the group.
4. Update the NACL for the subnet with the EC2 instances to allow inbound HTTP and HTTPS traffic to the EC2 instances in the public subnet.

What common step that is often omitted in setting up a NAT instance can cause a failure in routing traffic from an EC2 instance through the NAT instance and out to the Internet?

1. Adding a rule to the security group for the NAT instance that allows traffic out to the Internet
2. Setting the NAT instance up to use an EBS volume with provisioned IOPS
3. Setting the NACL on the subnet with the EC2 instances to allow in traffic from the Internet
4. Ensuring that the Source/Destination Check option is disabled on the NAT instance

Which of these S3 storage classes is the most durable?

1. S3
2. S3-IA
3. S3 One Zone-IA
4. All of these classes are equally durable.

You have been tasked with setting up storage for an application that loads large photos from an existing RDS. These photos are then processed by a Lambda function and have metadata added, along with additional filters. The Lambda code is inexpensive and can easily be rerun if needed. You need to decide on where to store the photos once they have been processed. Each photo will likely be accessed between 1 and 5 times over the course of a month and should be quickly accessible. The chief driver for the application and your decision should be cost and user experience. What S3 storage class would you select?

1. S3
2. S3 IA
3. S3 One Zone-IA
4. Glacier

You have a growing fleet of EC2 instances that have been using EBS volumes for data storage. Each instance needs access to all other instances’ data, and your custom replication scripts are growing increasingly taxed and complex. What would you recommend to replace the current usage of EBS volumes and replication?

1. EBS
2. DynamoDB
3. EFS
4. Service Catalog

You are responsible for setting up the architecture for a new web-based online dating site. You need to create a public subnet in a custom VPC and already have a subnet in the VPC with EC2 instances within it. What other steps would you need to take to make the subnet public? (Choose two.)

1. Attach a customer gateway to the VPC.
2. Make the subnet public using the AWS CLI and the subnet command.
3. Attach an internet gateway to the VPC.
4. Add a route for the instances in the subnet to the Internet through the attached gateway.

Which of the following are valid S3 request headers? (Choose two.)

1. x-amz-date
2. Content-Length
3. x-aws-date
4. Content-Size

Which of the following are support levels offered by AWS? (Choose two.)

1. Developer
2. Professional
3. Business
4. Corporate

Which of the following database options are available through RDS? (Choose two.)

1. DynamoDB
2. Aurora
3. DB2
4. MariaDB

You have an Auto Scaling group that has a number of instances spread over several availability zones. Currently, there are 10 instances running, and the Auto Scaling group has rules that allow it to grow to as many as 20 instances and shrink to as few as 3. You have been told by another architect that the group needs to scale in. When this scaling in completes, how many instances might still be running?

1. 10
2. 5
3. 15
4. 20

Which of the following are options for writing a CloudFormation template? (Choose two.)

1. XML
2. YAML
3. MML
4. JSON

You are responsible for building out an application that serves user bases in California, USA; in Tokyo, Japan; and in Sydney, Australia. The application is hosted in regions close to all three major user bases. You want to ensure that users receive localized content in their own area. Which of the following routing policies should you consider for this application in Route 53?

1. Failover routing
2. Latency-based routing
3. Geolocation routing
4. Weighted routing

You have four EC2 instances serving web content with an ELB in front of the instances. You are configuring Route 53 and want to ensure that the ELB is directing traffic. What sort of record should you create in Route 53?

1. A record
2. MX record
3. CNAME record
4. AAAA record

You are the architect for a large migration from on-premises data stores to DynamoDB. As part of this migration, you need to manage the access and authorization for users, but the organization wants all existing users to maintain their Active Directory usernames. What steps will you need to do in order to facilitate this move? (Choose two.)

1. Select an identity provider.
2. Create a new IAM user for each user of the data.
3. Use the AWS security token service to create temporary tokens.
4. Create a service control policy in AWS Organizations for the imported data.

You are working on increasing performance for an application that routinely sees traffic spikes between 6 and 8 p.m. Eastern time every evening. At that time, even with Auto Scaling policies, load increases so quickly that response times slow to a crawl. Without knowing anything more than this about what the traffic surge represents, how could you most easily and efficiently ensure that your application can respond to these surges?

1. Set up a lower threshold for scaling in your Auto Scaling group; consider 50% as a starting point.
2. Log on each evening at 7:30 p.m. and manually scale the application up.
3. Set up CloudWatch monitors on the application. Write a Lambda function that will trigger scaling up. Attach the Lambda function to the CloudWatch monitors and set a trigger threshold.
4. Set up scheduled scaling so that the application scales up at 7:45 p.m. each evening and scales back down at 8:30 p.m.

You want to improve the performance of an existing DynamoDB database. Currently, you believe that CPU utilization is the biggest concern, although you are attempting to proactively provision additional resources rather than reacting to an existing load problem. Which of the following might be your approach?

1. Stop the database and re-provision it using provisioned IOPS SSD EBS volumes.
2. Set up read replicas to improve read performance.
3. Configure DynamoDB to use a Multi-AZ setup.
4. None of these. DynamoDB scales automatically, and you cannot manage its resources at this level.

You have been brought in to reduce costs on a production application. You find that currently, CloudWatch has been configured using the detailed option, and is collecting metrics every minute. You suggest updating CloudWatch to use default settings. Your customer likes the idea of reducing monitoring costs but wants to know how often metrics would be collected in your recommendation. What do you tell the customer?

1. CloudWatch collects metrics every 2 minutes using default settings.
2. CloudWatch collects metrics every 5 minutes using default settings.
3. CloudWatch collects metrics every 10 minutes using default settings.
4. The default settings for CloudWatch do not specify an interval at which metrics are collected.

You are newly responsible for a data-driven system that performs search and discovery of a very large database. The database is an RDS MySQL installation currently showing 82% CPU utilization. You are concerned about performance; what steps would you recommend? (Choose two.)

1. Set up RDS to use Multi-AZ and ensure that the regions chosen are geographically close to your user base.
2. Set up read replicas of your RDS database.
3. Add an ElastiCache instance in front of your database.
4. Create three copies of your database and move them into regions that are geographically distributed.

You have been brought in to add bits of custom code attached to a number of events on an existing application. The application needs to be updated quickly, and you want to minimize the code you need to write. What AWS solution will offer you the ability to accomplish these goals most quickly?

1. SWF
2. SQS
3. Kinesis
4. Redshift

You are investigating an application that uses an SQS queue. Messages are making it to the queue, but those messages are not being processed in the order in which they were received by the queue. You want to ensure that ordering is preserved; what should you do?

1. Update the queue to use standard delivery so delivery always happens at least once.
2. Change the queue to be a FIFO queue, which will ensure that ordering is preserved.
3. Update the queue to use the “deliver in order” option via the AWS CLI.
4. Change the queue to be a LIFO queue, which will ensure that ordering is preserved.

Which of the following is not a valid routing policy for Route 53?

1. Simple routing policy
2. Failover routing policy
3. Load-balancing routing policy
4. Latency-based routing policy

You are responsible for a cluster of EC2 instances that service a user-facing media-rich application, all behind an elastic load balancer. The application has begun to receive spikes of activity at unpredictable times, and your instances are flooded with requests and become nonresponsive in many cases. How would you rearchitect this application to address these issues?

1. Move your application instances to use the spot market to account for the spikes in usage.
2. Increase the size of the EC2 instances and choose instances with higher CPU ratings.
3. Ask AWS to pre-warm the elastic load balancer so that it will respond more quickly to spikes in traffic.
4. Add another application component, such as an SQS queue, and have requests go to the queue. Then have the instances process requests from the queue rather than directly from user requests.

You have a long-running batch process that you want to move to use spot instances in order to reduce costs. Which of the following should you consider when evaluating if these batch processes will function effectively on the spot market? (Choose two.)

1. The process must be able to stop and restart without failing or losing data.
2. The process must be able to run at any time.
3. The process must not trigger more than 100 API requests within any single minute of running.
4. The process must not use an AWS services outside of S3 or RDS.

You are the architect for a new application that needs durable storage in the cloud. You have been asked to select an S3 storage class with the maximum available durability. Which option provides S3 storage classes with maximum durability?

1. S3 standard
2. S3 standard, S3-IA
3. S3 standard, S3-IA, S3 One Zone-IA
4. S3 standard, S3-IA, S3 One Zone-IA, Glacier

What differences exist between storing data from an instance on an attached root EBS volume versus storing that data in S3? (Choose two.)

1. EBS uses block-level storage, while S3 uses object-level storage.
2. EBS uses object-level storage, while S3 uses block-level storage.
3. EBS volumes are ephemeral by default, while S3 storage is not.
4. S3 storage is ephemeral by default, while EBS storage is not.

You have been put in charge of a set of RDS databases that are not performing at speeds required by the application cluster using those databases. You have been tasked with increasing the performance of the databases while keeping costs as low as possible. The current RDS installation uses MySQL. What recommendation would you make?

1. Move from RDS to EC2 instances with databases installed on the instances. Right-size the instances and custom database installation for the application’s needs.
2. Move from MySQL to Aurora within RDS, as Aurora consistently shows better performance than MySQL.
3. Move from MySQL to Oracle within RDS and add the required Oracle licenses to increase the overall RDS cluster size.
4. Stop the RDS cluster and then resize all instances. Restart the cluster, keeping the MySQL databases intact.

Which of the following AWS services are components of a high-availability, fault-tolerant solution? (Choose two.)

1. Lightsail
2. AWS Organizations
3. ELB
4. DynamoDB

Which of the following AWS managed services are not automatically redundant and require configuration on your part to be highly available? (Choose two.)

1. EC2
2. S3
3. SQS
4. RDS

As a new architect on a large project, you have begun to run vulnerability scans on all public-facing API endpoints of your application. However, these scans are failing, and you have received a number of misuse warnings from AWS. What is the problem?

1. AWS does not allow vulnerability scans on its instances.
2. AWS allows vulnerability scans, but they must be run using AWS’s own services and tools.
3. AWS allows vulnerability scans, but they must be run from AWS instances.
4. AWS allows vulnerability scans, but they must be run with advance notice to and permission from AWS.

You have recently taken on architecture at a large genomics nonprofit. Currently, the organization imports hundreds of terabytes (TB) daily and then needs to run complex queries against that data. The queries can take several hours, and at times even days, to complete. They write their state to S3 frequently so the queries can recover from failure without restarting. The organization wants to minimize costs associated with this processing. What technologies and recommendations might you suggest? (Choose two.)

1. Create an SQS instance and queue up references to all the data that needs to be queried as it comes in. Ensure that the queue is readable via EC2 instances.
2. Create a new IAM role that allows EC2 instances to write data to S3 stores.
3. Set up a placement group with EC2 instances that can read from the SQS queue and run the queries against referenced data.
4. Set up EC2 spot instances that can read from the SQS queue and S3 and run the queries on those instances.

You have an application that consists of worker nodes that are on-demand instances and processing nodes that are a mixture of on-demand instances and spot instances. Your application collects information and does initial processing as it comes in from users using the worker nodes. Then, the processing nodes perform analytics each evening. Your goal is to use spot instances for most of this processing and only overflow to the on-demand instances in times of high load. However, the spot instances have been terminating more often lately, causing more usage of the on-demand instances. What might you do to increase the usage of the spot instances?

1. Convert the on-demand processing instances to spot instances so more spot instances will be available.
2. Convert the worker node instances to spot instances so more spot instances will be available.
3. Lower the bid price on the spot instances to ensure only lower-priced instances are used.
4. Raise the bid price on the spot instances so that they will run longer before termination occurs.

You are assisting a company with moving its large data estate to the cloud and reducing its on-site storage costs. The company has serious concerns about performance of the cloud as it relates to accessing its data. What storage gateway setup would you suggest to ensure that the company’s frequently accessed files do not suffer latency?

1. File gateway
2. Cached volume gateway
3. Tape gateway
4. Stored volume gateway

Which of the following take the place of a traditional firewall appliance in AWS?

1. NACLs, IAM, WAF
2. Security groups, IAM, WAF
3. NACLs, security groups
4. Security groups, VPCs, VPGs

Which of the following are created automatically as part of the default VPC that AWS sets up for all AWS accounts? (Choose two.)

1. Internet gateway
2. Virtual private gateway
3. Public subnet
4. NAT gateway

Rank the factors considered in terminating an instance that is part of an Auto Scaling group, from highest priority to lowest priority.

1. Age of launch configuration, availability zone with the most instances, nearness to next billing hour
2. Availability zone with the most instances, age of launch configuration, nearness to next billing hour
3. Age of launch configuration, nearness to next billing hour, availability zone with the most instances
4. Availability zone with the most instances, nearness to next billing hour, age of launch configuration

AWS supports two types of virtualization: paravirtual and hardware virtual machines. Why might you choose one type of virtualization over the other?

1. Paravirtualization allows the use of hardware extensions like enhanced networking and GPU processing, but hardware virtualization does not.
2. Hardware virtualization allows the use of hardware extensions like enhanced networking and GPU processing, but paravirtualization does not.
3. Hardware virtualization only works with certain instance types, while paravirtualization works with all instance types.
4. Both paravirtualization and hardware virtualization function exactly the same way; neither is a better performance choice than the other.

Which EBS volume type is most suited for workloads that perform OLTP and need to perform extremely well and consistently?

1. Provisioned IOPS volumes
2. General SSH volumes
3. Magnetic storage
4. Throughput Optimized HDD

After discovering that HTTPS was not allowed to reach instances via a security group, you have added a rule to allow in HTTPS. How long will it take for your changes to take effect on the affected instances?

1. Immediately
2. Approximately 30 seconds
3. Approximately 1 minute
4. Immediately for the instances, but longer if you have an ELB in front of the instances

You have discovered that your production database instance is peaking and reaching 90% CPU usage when a set of nightly scripts are run against the database. The scripts perform complex queries and gather reporting data to be distributed via email reports the next day. As a result of the load, the database is performing poorly, and the queries are beginning to take into the following work day to complete. Which option would you recommend to reduce this peak usage in the evenings?

1. Increase the memory attached to the database instance.
2. Set up a second database instance as a Multi-AZ database and run your queries against the Multi-AZ database.
3. Set up read replicas of the database instance and run your queries against the read replicas.
4. Set up an ElastiCache instance in front of the database instance.

Who can delete objects in an S3 bucket with versioning enabled?

1. Anyone with IAM permissions to modify the bucket
2. Anyone with IAM permissions to delete objects in the bucket
3. Only the bucket owner
4. Once versioning is enabled, no object can ever be completely removed.

Your customer has instructed you to encrypt all objects at rest in your application. The customer is frequently audited and must prove compliance with a selective set of government policies. Which encryption approach would you recommend?

1. SSE-C
2. SSE-KMS
3. SSE-S3
4. Client-provided encryption keys

You have set up three read replicas of your primary database instance. You have noticed that reads of the replicas do not always return consistent results, especially after large writes to the primary database instance. What might the problem be?

1. This is normal; replication from a primary instance to read replicas always takes between 30 and 60 seconds.
2. This is normal; replication from a primary instance to read replicas is asynchronous and, although sometimes nearly instant, may also at times take longer to complete.
3. You need to switch the replication model on your read replicas from asynchronous to synchronous to ensure read consistency.
4. You need to investigate network latency between your primary and read replicas and consider moving the replicas into the same availability zone as the primary instance.

By default, how many S3 buckets can you create for a single AWS account?

1. 20
2. 50
3. 100
4. There is no default limit.

You want to create a public subnet in a custom VPC. Which of the following do you not need to accomplish this?

1. An internet gateway
2. An elastic IP address
3. A routing table with a route to an internet gateway
4. You need all of these for a public subnet.

What is the largest allowed volume size for provisioned IOPS EBS volumes?

1. 4TiB
2. 12TiB
3. 16TiB
4. 32TiB

Which of the following statements regarding EBS volumes and EC2 instances is not true?

1. You can attach multiple EC2 instances to a single EBS volume at one time.
2. You can attach multiple EBS volumes to a single EC2 instance at one time.
3. You can attach multiple EC2 instances to a single EBS volume, but not all at the same time.
4. Non-root EBS volumes are not deleted when an attached instance is terminated by default.

Which of the following AWS services does not store data in key-value pairs?

1. S3
2. DynamoDB
3. IAM programmatic credentials
4. RDS

You are auditing the EBS volumes of a number of EC2 instances running three web-facing data-intensive applications. You notice that a number of the volumes are configured as throughput optimized HDDs rather than General Purpose SSD or Provisioned IOPS SSD. Why might this decision be appropriate? (Choose two.)

1. Lowered costs is a primary consideration.
2. Data throughput is a primary consideration.
3. The applications primarily use large performance-critical workloads.
4. The throughput optimized HDDs serve only a test environment rather than a production one.

Which of the following databases is not supported by RDS?

1. MariaDB
2. SQL Server
3. Aurora
4. InnoDB

Which of the following statements are true about the default subnet created with a standard AWS account? (Choose two.)

1. The instances created within it will be public by default.
2. The instances created within it will have public elastic IPs by default.
3. The instances created within it will have routes to the Internet through an internet gateway by default.
4. The VPC within which the subnet is created will have an attached virtual private gateway as well as an internet gateway.

Which of the following types of traffic are supported by classic load balancers? (Choose two.)

1. HTTPS
2. SSH
3. FTP
4. HTTP

Which S3 storage class has the same durability as it does availability?

1. S3 standard
2. S3-IA
3. S3-RRS
4. S3 One Zone-IA

You want to ensure that no object in S3 is ever accidentally deleted, as well as preserve audit trails for deleted files. What options would you consider? (Choose two.)

1. SSE-KMS
2. MFA Delete
3. Versioning
4. Detailed monitoring with CloudWatch

You have a fleet of EC2 instances serving web content. The instances typically run between 75% and 90% of capacity, and your projections show consistent usage over the next 36 months. What would you recommend to potentially reduce the costs of running these instances?

1. Spot instances
2. Reserved instances
3. On-demand instances
4. Placement groups