{"id":113907,"date":"2025-11-13T06:22:59","date_gmt":"2025-11-13T06:22:59","guid":{"rendered":"https:\/\/www.dumpsbase.com\/freedumps\/?p=113907"},"modified":"2025-12-13T03:47:56","modified_gmt":"2025-12-13T03:47:56","slug":"choose-dumpsbase-sap-c02-dumps-v12-02-to-make-preparations-continue-to-check-the-sap-c02-free-dumps-part-2-q41-q80","status":"publish","type":"post","link":"https:\/\/www.dumpsbase.com\/freedumps\/choose-dumpsbase-sap-c02-dumps-v12-02-to-make-preparations-continue-to-check-the-sap-c02-free-dumps-part-2-q41-q80.html","title":{"rendered":"Choose DumpsBase SAP-C02 Dumps (V12.02) to Make Preparations: Continue to Check the SAP-C02 Free Dumps (Part 2, Q41-Q80)"},"content":{"rendered":"<p>With DumpsBase SAP-C02 dumps (V12.02), you will have access to comprehensive exam questions and answers that cover all the AWS Certified Solutions Architect &#8211; Professional exam objectives, helping you prepare well for the actual exam. Our practice questions in V12.02 are designed by industry experts and reflect the actual exam format, helping you build confidence and master the exam concepts effectively. You may have read our <a href=\"https:\/\/www.dumpsbase.com\/freedumps\/practice-sap-c02-dumps-v12-02-to-prepare-well-check-our-sap-c02-free-dumps-part-1-q1-q40-online.html\"><em><strong>SAP-C02 free dumps (Part 1, Q1-Q40) of V12.02<\/strong><\/em><\/a> and checked our quality. From these demos, you can trust that we are committed to helping you pass the AWS Certified Solutions Architect &#8211; Professional (SAP-C02) exam with high grades on your first attempt. And today, you can try more free demos before making your purchase to experience the quality.<\/p>\n<h2><span style=\"background-color: #ffff00;\"><em>SAP-C02 free dumps (Part 2, Q41-Q80) of V12.02<\/em> <\/span>are available online for checking more about the quality:<\/h2>\n<script>\n\t  window.fbAsyncInit = function() {\n\t    FB.init({\n\t      appId            : '622169541470367',\n\t      autoLogAppEvents : true,\n\t      xfbml            : true,\n\t      version          : 'v3.1'\n\t    });\n\t  };\n\t\n\t  (function(d, s, id){\n\t     var js, fjs = d.getElementsByTagName(s)[0];\n\t     if (d.getElementById(id)) {return;}\n\t     js = d.createElement(s); js.id = id;\n\t     js.src = \"https:\/\/connect.facebook.net\/en_US\/sdk.js\";\n\t     fjs.parentNode.insertBefore(js, fjs);\n\t   }(document, 'script', 'facebook-jssdk'));\n\t<\/script><script type=\"text\/javascript\" >\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \nif(!window.jQuery) alert(\"The important jQuery library is not properly loaded in your site. Your WordPress theme is probably missing the essential wp_head() call. You can switch to another theme and you will see that the plugin works fine and this notice disappears. If you are still not sure what to do you can contact us for help.\");\n});\n<\/script>  \n  \n<div  id=\"watupro_quiz\" class=\"quiz-area single-page-quiz\">\n<p id=\"submittingExam11061\" style=\"display:none;text-align:center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\"><\/p>\n\n<div class=\"watupro-exam-description\" id=\"description-quiz-11061\"><\/div>\n\n<form action=\"\" method=\"post\" class=\"quiz-form\" id=\"quiz-11061\"  enctype=\"multipart\/form-data\" >\n<div class='watu-question ' id='question-1' style=';'><div id='questionWrap-1'  class='   watupro-question-id-435447'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>1. <\/span>A company is running a data-intensive application on AWS. The application runs on a cluster of hundreds of Amazon EC2 instances. A shared file system also runs on several EC2 instances that store 200 TB of data. The application reads and modifies the data on the shared file system and generates a report. The job runs once monthly, reads a subset of the files from the shared file system, and takes about 72 hours to complete. The compute instances scale in an Auto Scaling group, but the instances that host the shared file system run continuously. The compute and storage instances are all in the same AWS Region. <br \/>\r<br>A solutions architect needs to reduce costs by replacing the shared file system instances. The file system must provide high performance access to the needed data for the duration of the 72-hour run. <br \/>\r<br>Which solution will provide the LARGEST overall cost reduction while meeting these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_1' value='435447' \/><input type='hidden' id='answerType435447' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435447[]' id='answer-id-1684930' class='answer   answerof-435447 ' value='1684930'   \/><label for='answer-id-1684930' id='answer-label-1684930' class=' answer'><span>Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using lazy loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435447[]' id='answer-id-1684931' class='answer   answerof-435447 ' value='1684931'   \/><label for='answer-id-1684931' id='answer-label-1684931' class=' answer'><span>Migrate the data from the existing shared file system to a large Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled. Attach the EBS volume to each of the instances by using a user data script in the Auto Scaling group launch template. Use the EBS volume as the shared storage for the duration of the job. Detach the EBS volume when the job is complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435447[]' id='answer-id-1684932' class='answer   answerof-435447 ' value='1684932'   \/><label for='answer-id-1684932' id='answer-label-1684932' class=' answer'><span>Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Standard storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using batch loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435447[]' id='answer-id-1684933' class='answer   answerof-435447 ' value='1684933'   \/><label for='answer-id-1684933' id='answer-label-1684933' class=' answer'><span>Migrate the data from the existing shared file system to an Amazon S3 bucket. Before the job runs each month, use AWS Storage Gateway to create a file gateway with the data from Amazon S3. Use the file gateway as the shared storage for the job. Delete the file gateway when the job is complete.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-2' style=';'><div id='questionWrap-2'  class='   watupro-question-id-435448'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>2. <\/span>A company has an environment that has a single AWS account. A solutions architect is reviewing the environment to recommend what the company could improve specifically in terms of access to the AWS Management Console. The company's IT support workers currently access the console for administrative tasks, authenticating with named IAM users that have been mapped to their job role. The IT support workers no longer want to maintain both their Active Directory and IAM user accounts. They want to be able to access the console by using their existing Active Directory credentials. The solutions architect is using AWS Single Sign-On (AWS SSO) to implement this functionality. <br \/>\r<br>Which solution will meet these requirements MOST cost-effectively?<\/div><input type='hidden' name='question_id[]' id='qID_2' value='435448' \/><input type='hidden' id='answerType435448' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435448[]' id='answer-id-1684934' class='answer   answerof-435448 ' value='1684934'   \/><label for='answer-id-1684934' id='answer-label-1684934' class=' answer'><span>Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and set the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435448[]' id='answer-id-1684935' class='answer   answerof-435448 ' value='1684935'   \/><label for='answer-id-1684935' id='answer-label-1684935' class=' answer'><span>Create an organization in AWS Organizations. Turn on the AWS SSO feature in Organizations Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435448[]' id='answer-id-1684936' class='answer   answerof-435448 ' value='1684936'   \/><label for='answer-id-1684936' id='answer-label-1684936' class=' answer'><span>Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure a directory in AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) with a two-way trust to the company's on-premises Active Directory. Configure AWS SSO and select the AWS Managed Microsoft AD directory as the identity source. Create permission sets and map them to the existing groups within the AWS Managed Microsoft AD directory.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435448[]' id='answer-id-1684937' class='answer   answerof-435448 ' value='1684937'   \/><label for='answer-id-1684937' id='answer-label-1684937' class=' answer'><span>Create an organization in AWS Organizations. Turn on all features for the organization. Create and configure an AD Connector to connect to the company's on-premises Active Directory. Configure AWS SSO and select the AD Connector as the identity source. Create permission sets and map them to the existing groups within the company's Active Directory.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-3' style=';'><div id='questionWrap-3'  class='   watupro-question-id-435449'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>3. <\/span>A financial services company in North America plans to release a new online web application to its <br \/>\r<br>customers on AWS. The company will launch the application in the us-east-1 Region on Amazon EC2 <br \/>\r<br>instances. The application must be highly available and must dynamically scale to meet user traffic. <br \/>\r<br>The company also wants to implement a disaster recovery environment for the application in the us- <br \/>\r<br>west-1 Region by using active-passive failover. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_3' value='435449' \/><input type='hidden' id='answerType435449' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684938' class='answer   answerof-435449 ' value='1684938'   \/><label for='answer-id-1684938' id='answer-label-1684938' class=' answer'><span>Create a VPC in us-east-1 and a VPC in us-west-1 Configure VPC peering In the us-east-1VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684939' class='answer   answerof-435449 ' value='1684939'   \/><label for='answer-id-1684939' id='answer-label-1684939' class=' answer'><span>create an Application Load Balancer (ALB) that extends across multiple Availability Zones in both VPCs Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in both VPCs Place the Auto Scaling group behind the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684940' class='answer   answerof-435449 ' value='1684940'   \/><label for='answer-id-1684940' id='answer-label-1684940' class=' answer'><span>Create a VPC in us-east-1 and a VPC in us-west-1. In the us-east-1 VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684941' class='answer   answerof-435449 ' value='1684941'   \/><label for='answer-id-1684941' id='answer-label-1684941' class=' answer'><span>create an Application Load Balancer (ALB) that extends across multiple Availability Zones in that VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684942' class='answer   answerof-435449 ' value='1684942'   \/><label for='answer-id-1684942' id='answer-label-1684942' class=' answer'><span>Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in the us-east-1 VPC Place the Auto Scaling group behind the ALB Set up the same configuration in the us-west-1 VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684943' class='answer   answerof-435449 ' value='1684943'   \/><label for='answer-id-1684943' id='answer-label-1684943' class=' answer'><span>Create an Amazon Route 53 hosted zone Create separate records for each ALB Enable health checks to ensure high availability between Regions.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684944' class='answer   answerof-435449 ' value='1684944'   \/><label for='answer-id-1684944' id='answer-label-1684944' class=' answer'><span>Create a VPC in us-east-1 and a VPC in us-west-1 In the us-east-1 VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684945' class='answer   answerof-435449 ' value='1684945'   \/><label for='answer-id-1684945' id='answer-label-1684945' class=' answer'><span>create an Application Load Balancer (ALB) that extends across multiple Availability Zones in that VPC Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in the us-east-1 VPC Place the Auto Scaling group behind the ALB Set up the same configuration in the us-west-1 VPC Create an Amazon Route 53 hosted zone. Create separate records for each ALB Enable health checks and configure a failover routing policy for each record.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684946' class='answer   answerof-435449 ' value='1684946'   \/><label for='answer-id-1684946' id='answer-label-1684946' class=' answer'><span>Create a VPC in us-east-1 and a VPC in us-west-1 Configure VPC peering In the us-east-1 VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435449[]' id='answer-id-1684947' class='answer   answerof-435449 ' value='1684947'   \/><label for='answer-id-1684947' id='answer-label-1684947' class=' answer'><span>create an Application Load Balancer (ALB) that extends across multiple Availability Zones in Create an Auto Scaling group that deploys the EC2 instances across the multiple Availability Zones in both VPCs Place the Auto Scaling group behind the ALB Create an Amazon Route 53 host.. Create a record for the AL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-4' style=';'><div id='questionWrap-4'  class='   watupro-question-id-435450'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>4. <\/span>A company runs an loT platform on AWS loT sensors in various locations send data to the company's Node js API servers on Amazon EC2 instances running behind an Application Load Balancer. The data is stored in an Amazon RDS MySQL DB instance that uses a 4 TB General Purpose SSD volume. <br \/>\r<br>The number of sensors the company has deployed in the field has increased over time and is expected to grow significantly. The API servers are consistently overloaded and RDS metrics show high write latency <br \/>\r<br>Which of the following steps together will resolve the issues permanently and enable growth as new sensors are provisioned, while keeping this platform cost-efficient? {Select TWO.)<\/div><input type='hidden' name='question_id[]' id='qID_4' value='435450' \/><input type='hidden' id='answerType435450' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435450[]' id='answer-id-1684948' class='answer   answerof-435450 ' value='1684948'   \/><label for='answer-id-1684948' id='answer-label-1684948' class=' answer'><span>Resize the MySQL General Purpose SSD storage to 6 TB to improve the volume's IOPS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435450[]' id='answer-id-1684949' class='answer   answerof-435450 ' value='1684949'   \/><label for='answer-id-1684949' id='answer-label-1684949' class=' answer'><span>Re-architect the database tier to use Amazon Aurora instead of an RDS MySQL DB instance and add read replicas<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435450[]' id='answer-id-1684950' class='answer   answerof-435450 ' value='1684950'   \/><label for='answer-id-1684950' id='answer-label-1684950' class=' answer'><span>Leverage Amazon Kinesis Data Streams and AWS Lambda to ingest and process the raw data<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435450[]' id='answer-id-1684951' class='answer   answerof-435450 ' value='1684951'   \/><label for='answer-id-1684951' id='answer-label-1684951' class=' answer'><span>Use AWS X-Ray to analyze and debug application issues and add more API servers to match the load<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435450[]' id='answer-id-1684952' class='answer   answerof-435450 ' value='1684952'   \/><label for='answer-id-1684952' id='answer-label-1684952' class=' answer'><span>Re-architect the database tier to use Amazon DynamoDB instead of an RDS MySQL DB instance<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-5' style=';'><div id='questionWrap-5'  class='   watupro-question-id-435451'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>5. <\/span>A company is building a serverless application that runs on an AWS Lambda function that is attached to a VPC. The company needs to integrate the application with a new service from an external provider. The external provider supports only requests that come from public IPv4 addresses that are in an allow list. <br \/>\r<br>The company must provide a single public IP address to the external provider before the application can start using the new service. <br \/>\r<br>Which solution will give the application the ability to access the new service?<\/div><input type='hidden' name='question_id[]' id='qID_5' value='435451' \/><input type='hidden' id='answerType435451' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435451[]' id='answer-id-1684953' class='answer   answerof-435451 ' value='1684953'   \/><label for='answer-id-1684953' id='answer-label-1684953' class=' answer'><span>Deploy a NAT gateway. Associate an Elastic IP address with the NAT gateway. Configure the VPC to use the NAT gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435451[]' id='answer-id-1684954' class='answer   answerof-435451 ' value='1684954'   \/><label for='answer-id-1684954' id='answer-label-1684954' class=' answer'><span>Deploy an egress-only internet gateway. Associate an Elastic IP address with the egress-only internet gateway. Configure the elastic network interface on the Lambda function to use the egress-only internet gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435451[]' id='answer-id-1684955' class='answer   answerof-435451 ' value='1684955'   \/><label for='answer-id-1684955' id='answer-label-1684955' class=' answer'><span>Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the Lambda function to use the internet gateway.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435451[]' id='answer-id-1684956' class='answer   answerof-435451 ' value='1684956'   \/><label for='answer-id-1684956' id='answer-label-1684956' class=' answer'><span>Deploy an internet gateway. Associate an Elastic IP address with the internet gateway. Configure the default route in the public VPC route table to use the internet gateway.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-6' style=';'><div id='questionWrap-6'  class='   watupro-question-id-435452'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>6. <\/span>A company has applications in an AWS account that is named Source. The account is in an organization in AWS Organizations. One of the applications uses AWS Lambda functions and store\u2019s inventory data in an Amazon Aurora database. The application deploys the Lambda functions by using a deployment package. The company has configured automated backups for Aurora. <br \/>\r<br>The company wants to migrate the Lambda functions and the Aurora database to a new AWS account that is named Target. The application processes critical data, so the company must minimize downtime. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_6' value='435452' \/><input type='hidden' id='answerType435452' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435452[]' id='answer-id-1684957' class='answer   answerof-435452 ' value='1684957'   \/><label for='answer-id-1684957' id='answer-label-1684957' class=' answer'><span>Download the Lambda function deployment package from the Source account. Use the \r\ndeployment package and create new Lambda functions in the Target account. Share the automated Aurora DB cluster snapshot with the Target account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435452[]' id='answer-id-1684958' class='answer   answerof-435452 ' value='1684958'   \/><label for='answer-id-1684958' id='answer-label-1684958' class=' answer'><span>Download the Lambda function deployment package from the Source account. Use the deployment package and create new Lambda functions in the Target account Share the Aurora DB cluster with the Target account by using AWS Resource Access Manager {AWS RAM). Grant the Target account permission to clone the Aurora DB cluster.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435452[]' id='answer-id-1684959' class='answer   answerof-435452 ' value='1684959'   \/><label for='answer-id-1684959' id='answer-label-1684959' class=' answer'><span>Use AWS Resource Access Manager (AWS RAM) to share the Lambda functions and the Aurora DB cluster with the Target account. Grant the Target account permission to clone the Aurora DB cluster.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435452[]' id='answer-id-1684960' class='answer   answerof-435452 ' value='1684960'   \/><label for='answer-id-1684960' id='answer-label-1684960' class=' answer'><span>Use AWS Resource Access Manager (AWS RAM) to share the Lambda functions with the Target account. Share the automated Aurora DB cluster snapshot with the Target account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-7' style=';'><div id='questionWrap-7'  class='   watupro-question-id-435453'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>7. <\/span>A company has registered 10 new domain names. The company uses the domains for online marketing. The company needs a solution that will redirect online visitors to a specific URL for each domain. All domains and target URLs are defined in a JSON document. All DNS records are managed by Amazon Route 53. <br \/>\r<br>A solutions architect must implement a redirect service that accepts HTTP and HTTPS requests. <br \/>\r<br>Which combination of steps should the solutions architect take to meet these requirements with the LEAST amount of operational effort? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_7' value='435453' \/><input type='hidden' id='answerType435453' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684961' class='answer   answerof-435453 ' value='1684961'   \/><label for='answer-id-1684961' id='answer-label-1684961' class=' answer'><span>Create a dynamic webpage that runs on an Amazon EC2 instance. Configure the webpage to use the JSON document in combination with the event message to look up and respond with a redirect UR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684962' class='answer   answerof-435453 ' value='1684962'   \/><label for='answer-id-1684962' id='answer-label-1684962' class=' answer'><span>Create an Application Load Balancer that includes HTTP and HTTPS listeners.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684963' class='answer   answerof-435453 ' value='1684963'   \/><label for='answer-id-1684963' id='answer-label-1684963' class=' answer'><span>Create an AWS Lambda function that uses the JSON document in combination with the event message to look up and respond with a redirect UR<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684964' class='answer   answerof-435453 ' value='1684964'   \/><label for='answer-id-1684964' id='answer-label-1684964' class=' answer'><span>Use an Amazon API Gateway API with a custom domain to publish an AWS Lambda function.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684965' class='answer   answerof-435453 ' value='1684965'   \/><label for='answer-id-1684965' id='answer-label-1684965' class=' answer'><span>Create an Amazon CloudFront distribution. Deploy a Lambda@Edge function.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435453[]' id='answer-id-1684966' class='answer   answerof-435453 ' value='1684966'   \/><label for='answer-id-1684966' id='answer-label-1684966' class=' answer'><span>Create an SSL certificate by using AWS Certificate Manager (ACM). Include the domains as Subject Alternative Names.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-8' style=';'><div id='questionWrap-8'  class='   watupro-question-id-435454'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>8. <\/span>A company has an organization in AWS Organizations that has a large number of AWS accounts. One of the AWS accounts is designated as a transit account and has a transit gateway that is shared with all of the other AWS accounts AWS Site-to-Site VPN connections are configured between ail of the company's global offices and the transit account. The company has AWS Config enabled on all of its accounts. <br \/>\r<br>The company's networking team needs to centrally manage a list of internal IP address ranges that belong to the global offices Developers Will reference this list to gain access to applications securely. <br \/>\r<br>Which solution meets these requirements with the LEAST amount of operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_8' value='435454' \/><input type='hidden' id='answerType435454' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435454[]' id='answer-id-1684967' class='answer   answerof-435454 ' value='1684967'   \/><label for='answer-id-1684967' id='answer-label-1684967' class=' answer'><span>Create a JSON file that is hosted in Amazon S3 and that lists all of the internal IP address ranges Configure an Amazon Simple Notification Service (Amazon SNS) topic in each of the accounts that can be involved when the JSON file is updated. Subscribe an AWS Lambda function to the SNS topic to update all relevant security group rules with Vie updated IP address ranges.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435454[]' id='answer-id-1684968' class='answer   answerof-435454 ' value='1684968'   \/><label for='answer-id-1684968' id='answer-label-1684968' class=' answer'><span>Create a new AWS Config managed rule that contains all of the internal IP address ranges Use the rule to check the security groups in each of the accounts to ensure compliance with the list of IP address ranges. Configure the rule to automatically remediate any noncompliant security group that is detected.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435454[]' id='answer-id-1684969' class='answer   answerof-435454 ' value='1684969'   \/><label for='answer-id-1684969' id='answer-label-1684969' class=' answer'><span>In the transit account, create a VPC prefix list with all of the internal IP address ranges. Use AWS Resource Access Manager to share the prefix list with all of the other accounts. Use the shared prefix list to configure security group rules is the other accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435454[]' id='answer-id-1684970' class='answer   answerof-435454 ' value='1684970'   \/><label for='answer-id-1684970' id='answer-label-1684970' class=' answer'><span>In the transit account create a security group with all of the internal IP address ranges. Configure the security groups in me other accounts to reference the transit account's security group by using a nested security group reference of *&lt;transit-account-id&gt;.\/sg-1a2b3c4d&quot;.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-9' style=';'><div id='questionWrap-9'  class='   watupro-question-id-435455'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>9. <\/span>A company is running an application in the AWS Cloud. The company's security team must approve the creation of all new IAM users. When a new IAM user is created, all access for the user must be removed automatically. The security team must then receive a notification to approve the user. The company has a multi-Region AWS CloudTrail trail In the AWS account. <br \/>\r<br>Which combination of steps will meet these requirements? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_9' value='435455' \/><input type='hidden' id='answerType435455' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684971' class='answer   answerof-435455 ' value='1684971'   \/><label for='answer-id-1684971' id='answer-label-1684971' class=' answer'><span>Create an Amazon EventBridge (Amazon CloudWatch Events) rule. Define a pattern with the detail-type value set to AWS API Call via CloudTrail and an eventName of CreateUser.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684972' class='answer   answerof-435455 ' value='1684972'   \/><label for='answer-id-1684972' id='answer-label-1684972' class=' answer'><span>Configure CloudTrail to send a notification for the CreateUser event to an Amazon Simple \r\nNotification Service (Amazon SNS) topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684973' class='answer   answerof-435455 ' value='1684973'   \/><label for='answer-id-1684973' id='answer-label-1684973' class=' answer'><span>Invoke a container that runs in Amazon Elastic Container Service (Amazon ECS) with AWS Fargate technology to remove access<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684974' class='answer   answerof-435455 ' value='1684974'   \/><label for='answer-id-1684974' id='answer-label-1684974' class=' answer'><span>Invoke an AWS Step Functions state machine to remove access.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684975' class='answer   answerof-435455 ' value='1684975'   \/><label for='answer-id-1684975' id='answer-label-1684975' class=' answer'><span>Use Amazon Simple Notification Service (Amazon SNS) to notify the security team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435455[]' id='answer-id-1684976' class='answer   answerof-435455 ' value='1684976'   \/><label for='answer-id-1684976' id='answer-label-1684976' class=' answer'><span>Use Amazon Pinpoint to notify the security team.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-10' style=';'><div id='questionWrap-10'  class='   watupro-question-id-435456'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>10. <\/span>A company recently acquired several other companies. Each company has a separate AWS account with a different billing and reporting method. The acquiring company has consolidated all the accounts into one organization in AWS Organizations. However, the acquiring company has found it difficult to generate a cost report that contains meaningful groups for all the teams. <br \/>\r<br>The acquiring company\u2019s finance team needs a solution to report on costs for all the companies through a self-managed application. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_10' value='435456' \/><input type='hidden' id='answerType435456' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435456[]' id='answer-id-1684977' class='answer   answerof-435456 ' value='1684977'   \/><label for='answer-id-1684977' id='answer-label-1684977' class=' answer'><span>Create an AWS Cost and Usage Report for the organization. Define tags and cost categories in the report. Create a table in Amazon Athena. Create an Amazon QuickSight dataset based on the Athena table. Share the dataset with the finance team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435456[]' id='answer-id-1684978' class='answer   answerof-435456 ' value='1684978'   \/><label for='answer-id-1684978' id='answer-label-1684978' class=' answer'><span>Create an AWS Cost and Usage Report for the organization. Define tags and cost categories in the report. Create a specialized template in AWS Cost Explorer that the finance department will use to build reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435456[]' id='answer-id-1684979' class='answer   answerof-435456 ' value='1684979'   \/><label for='answer-id-1684979' id='answer-label-1684979' class=' answer'><span>Create an Amazon QuickSight dataset that receives spending information from the AWS Price List Query AP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435456[]' id='answer-id-1684980' class='answer   answerof-435456 ' value='1684980'   \/><label for='answer-id-1684980' id='answer-label-1684980' class=' answer'><span>Share the dataset with the finance team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435456[]' id='answer-id-1684981' class='answer   answerof-435456 ' value='1684981'   \/><label for='answer-id-1684981' id='answer-label-1684981' class=' answer'><span>Use the AWS Price List Query API to collect account spending information. Create a specialized template in AWS Cost Explorer that the finance department will use to build reports.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-11' style=';'><div id='questionWrap-11'  class='   watupro-question-id-435457'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>11. <\/span>A retail company is hosting an ecommerce website on AWS across multiple AWS Regions. The company wants the website to be operational at all times for online purchases. The website stores data in an Amazon RDS for MySQL DB instance. <br \/>\r<br>Which solution will provide the HIGHEST availability for the database?<\/div><input type='hidden' name='question_id[]' id='qID_11' value='435457' \/><input type='hidden' id='answerType435457' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684982' class='answer   answerof-435457 ' value='1684982'   \/><label for='answer-id-1684982' id='answer-label-1684982' class=' answer'><span>Configure automated backups on Amazon RD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684983' class='answer   answerof-435457 ' value='1684983'   \/><label for='answer-id-1684983' id='answer-label-1684983' class=' answer'><span>In the case of disruption, promote an automated backup to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684984' class='answer   answerof-435457 ' value='1684984'   \/><label for='answer-id-1684984' id='answer-label-1684984' class=' answer'><span>Configure global tables and read replicas on Amazon RD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684985' class='answer   answerof-435457 ' value='1684985'   \/><label for='answer-id-1684985' id='answer-label-1684985' class=' answer'><span>Activate the cross-Region scope. In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684986' class='answer   answerof-435457 ' value='1684986'   \/><label for='answer-id-1684986' id='answer-label-1684986' class=' answer'><span>Configure global tables and automated backups on Amazon RD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684987' class='answer   answerof-435457 ' value='1684987'   \/><label for='answer-id-1684987' id='answer-label-1684987' class=' answer'><span>In the case of disruption, use AWS Lambda to copy the read replicas from one Region to another Region.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684988' class='answer   answerof-435457 ' value='1684988'   \/><label for='answer-id-1684988' id='answer-label-1684988' class=' answer'><span>Configure read replicas on Amazon RD<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435457[]' id='answer-id-1684989' class='answer   answerof-435457 ' value='1684989'   \/><label for='answer-id-1684989' id='answer-label-1684989' class=' answer'><span>In the case of disruption, promote a cross-Region and read replica to be a standalone DB instance. Direct database traffic to the promoted DB instance. Create a replacement read replica that has the promoted DB instance as its source.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-12' style=';'><div id='questionWrap-12'  class='   watupro-question-id-435458'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>12. <\/span>A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost lor cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation. <br \/>\r<br>Which actions should a solutions architect take to resolve the problem and prevent it from happening in the future? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_12' value='435458' \/><input type='hidden' id='answerType435458' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684990' class='answer   answerof-435458 ' value='1684990'   \/><label for='answer-id-1684990' id='answer-label-1684990' class=' answer'><span>Create an AWS Config rule in each account to find resources with missing tags.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684991' class='answer   answerof-435458 ' value='1684991'   \/><label for='answer-id-1684991' id='answer-label-1684991' class=' answer'><span>Create an SCP in the organization with a deny action for ec2:Runlnstances if the Project tag is missing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684992' class='answer   answerof-435458 ' value='1684992'   \/><label for='answer-id-1684992' id='answer-label-1684992' class=' answer'><span>Use Amazon Inspector in the organization to find resources with missing tags.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684993' class='answer   answerof-435458 ' value='1684993'   \/><label for='answer-id-1684993' id='answer-label-1684993' class=' answer'><span>Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684994' class='answer   answerof-435458 ' value='1684994'   \/><label for='answer-id-1684994' id='answer-label-1684994' class=' answer'><span>Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435458[]' id='answer-id-1684995' class='answer   answerof-435458 ' value='1684995'   \/><label for='answer-id-1684995' id='answer-label-1684995' class=' answer'><span>Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-13' style=';'><div id='questionWrap-13'  class='   watupro-question-id-435459'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>13. <\/span>The company needs to determine which costs on the monthly AWS bill are attributable to each application or team. The company also must be able to create reports to compare costs from the last 12 months and to help forecast costs for the next 12 months. A solutions architect must recommend an AWS Billing and Cost Management solution that provides these cost reports. <br \/>\r<br>Which combination of actions will meet these requirements? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_13' value='435459' \/><input type='hidden' id='answerType435459' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1684996' class='answer   answerof-435459 ' value='1684996'   \/><label for='answer-id-1684996' id='answer-label-1684996' class=' answer'><span>Activate the user-defined cost allocation tags that represent the application and the team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1684997' class='answer   answerof-435459 ' value='1684997'   \/><label for='answer-id-1684997' id='answer-label-1684997' class=' answer'><span>Activate the AWS generated cost allocation tags that represent the application and the team.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1684998' class='answer   answerof-435459 ' value='1684998'   \/><label for='answer-id-1684998' id='answer-label-1684998' class=' answer'><span>Create a cost category for each application in Billing and Cost Management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1684999' class='answer   answerof-435459 ' value='1684999'   \/><label for='answer-id-1684999' id='answer-label-1684999' class=' answer'><span>Activate IAM access to Billing and Cost Management.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1685000' class='answer   answerof-435459 ' value='1685000'   \/><label for='answer-id-1685000' id='answer-label-1685000' class=' answer'><span>Create a cost budget.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435459[]' id='answer-id-1685001' class='answer   answerof-435459 ' value='1685001'   \/><label for='answer-id-1685001' id='answer-label-1685001' class=' answer'><span>Enable Cost Explorer.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-14' style=';'><div id='questionWrap-14'  class='   watupro-question-id-435460'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>14. <\/span>A finance company hosts a data lake in Amazon S3. The company receives financial data records over SFTP each night from several third parties. The company runs its own SFTP server on an Amazon EC2 instance in a public subnet of a VPC. After the files ate uploaded, they are moved to the data lake by a cron job that runs on the same instance. The SFTP server is reachable on DNS sftp.examWe.com through the use of Amazon Route 53. <br \/>\r<br>What should a solutions architect do to improve the reliability and scalability of the SFTP solution?<\/div><input type='hidden' name='question_id[]' id='qID_14' value='435460' \/><input type='hidden' id='answerType435460' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435460[]' id='answer-id-1685002' class='answer   answerof-435460 ' value='1685002'   \/><label for='answer-id-1685002' id='answer-label-1685002' class=' answer'><span>Move the EC2 instance into an Auto Scaling group. Place the EC2 instance behind an Application Load Balancer (ALB). Update the DNS record sftp.example.com in Route 53 to point to the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435460[]' id='answer-id-1685003' class='answer   answerof-435460 ' value='1685003'   \/><label for='answer-id-1685003' id='answer-label-1685003' class=' answer'><span>Migrate the SFTP server to AWS Transfer for SFT<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435460[]' id='answer-id-1685004' class='answer   answerof-435460 ' value='1685004'   \/><label for='answer-id-1685004' id='answer-label-1685004' class=' answer'><span>Update the DNS record sftp.example.com in Route 53 to point to the server endpoint hostname.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435460[]' id='answer-id-1685005' class='answer   answerof-435460 ' value='1685005'   \/><label for='answer-id-1685005' id='answer-label-1685005' class=' answer'><span>Migrate the SFTP server to a file gateway in AWS Storage Gateway. Update the DNS record sflp.example.com in Route 53 to point to the file gateway endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435460[]' id='answer-id-1685006' class='answer   answerof-435460 ' value='1685006'   \/><label for='answer-id-1685006' id='answer-label-1685006' class=' answer'><span>Place the EC2 instance behind a Network Load Balancer (NLB). Update the DNS record sftp.example.com in Route 53 to point to the NL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-15' style=';'><div id='questionWrap-15'  class='   watupro-question-id-435461'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>15. <\/span>A company has developed a web application. The company is hosting the application on a group of Amazon EC2 instances behind an Application Load Balancer. The company wants to improve the security posture of the application and plans to use AWS WAF web ACLs. The solution must not adversely affect legitimate traffic to the application. <br \/>\r<br>How should a solutions architect configure the web ACLs to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_15' value='435461' \/><input type='hidden' id='answerType435461' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435461[]' id='answer-id-1685007' class='answer   answerof-435461 ' value='1685007'   \/><label for='answer-id-1685007' id='answer-label-1685007' class=' answer'><span>Set the action of the web ACL rules to Count. Enable AWS WAF logging Analyze the requests for false positives Modify the rules to avoid any false positive Over time change the action of the web ACL rules from Count to Block.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435461[]' id='answer-id-1685008' class='answer   answerof-435461 ' value='1685008'   \/><label for='answer-id-1685008' id='answer-label-1685008' class=' answer'><span>Use only rate-based rules in the web ACLs. and set the throttle limit as high as possible Temporarily block all requests that exceed the limit. Define nested rules to narrow the scope of the rate tracking.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435461[]' id='answer-id-1685009' class='answer   answerof-435461 ' value='1685009'   \/><label for='answer-id-1685009' id='answer-label-1685009' class=' answer'><span>Set the action o' the web ACL rules to Block. Use only AWS managed rule groups in the web ACLs Evaluate the rule groups by using Amazon CloudWatch metrics with AWS WAF sampled requests or AWS WAF logs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435461[]' id='answer-id-1685010' class='answer   answerof-435461 ' value='1685010'   \/><label for='answer-id-1685010' id='answer-label-1685010' class=' answer'><span>Use only custom rule groups in the web ACLs. and set the action to Allow Enable AWS WAF logging Analyze the requests tor false positives Modify the rules to avoid any false positive Over time, change the action of the web ACL rules from Allow to Block.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-16' style=';'><div id='questionWrap-16'  class='   watupro-question-id-435462'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>16. <\/span>A company has 50 AWS accounts that are members of an organization in AWS Organizations Each account contains multiple VPCs. The company wants to use AWS Transit Gateway to establish connectivity between the VPCs in each member account Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment. <br \/>\r<br>Which combination of steps will meet these requirements? (Select TWO)<\/div><input type='hidden' name='question_id[]' id='qID_16' value='435462' \/><input type='hidden' id='answerType435462' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435462[]' id='answer-id-1685011' class='answer   answerof-435462 ' value='1685011'   \/><label for='answer-id-1685011' id='answer-label-1685011' class=' answer'><span>From the management account, share the transit gateway with member accounts by using AWS Resource Access Manager<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435462[]' id='answer-id-1685012' class='answer   answerof-435462 ' value='1685012'   \/><label for='answer-id-1685012' id='answer-label-1685012' class=' answer'><span>Prom the management account, share the transit gateway with member accounts by using an AWS Organizations SCP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435462[]' id='answer-id-1685013' class='answer   answerof-435462 ' value='1685013'   \/><label for='answer-id-1685013' id='answer-label-1685013' class=' answer'><span>Launch an AWS CloudFormation stack set from the management account that automatical^\/ creates a new VPC and a VPC transit gateway attachment in a member account. Associate the attachment with the transit gateway in the management account by using the transit gateway I<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435462[]' id='answer-id-1685014' class='answer   answerof-435462 ' value='1685014'   \/><label for='answer-id-1685014' id='answer-label-1685014' class=' answer'><span>Launch an AWS CloudFormation stack set from the management account that automatical^ creates a new VPC and a peering transit gateway attachment in a member account. Share the attachment with the transit gateway in the management account by using a transit gateway service-linked role.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435462[]' id='answer-id-1685015' class='answer   answerof-435462 ' value='1685015'   \/><label for='answer-id-1685015' id='answer-label-1685015' class=' answer'><span>From the management account, share the transit gateway with member accounts by using AWS Service Catalog<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-17' style=';'><div id='questionWrap-17'  class='   watupro-question-id-435463'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>17. <\/span>An enterprise company wants to allow its developers to purchase third-party software through AWS <br \/>\r<br>Marketplace. The company uses an AWS Organizations account structure with full features enabled, and has a shared services account in each organizational unit (OU) that will be used by procurement managers. The procurement team's policy indicates that developers should be able to obtain third-party software from an approved list only and use Private Marketplace in AWS Marketplace to achieve this requirement. The procurement team wants administration of Private Marketplace to be restricted to a role named procurement-manager-role, which could be assumed by procurement managers Other IAM users groups, roles, and account administrators in the company should be denied Private Marketplace administrative access <br \/>\r<br>What is the MOST efficient way to design an architecture to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_17' value='435463' \/><input type='hidden' id='answerType435463' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435463[]' id='answer-id-1685016' class='answer   answerof-435463 ' value='1685016'   \/><label for='answer-id-1685016' id='answer-label-1685016' class=' answer'><span>Create an IAM role named procurement-manager-role in all AWS accounts in the organization Add the PowerUserAccess managed policy to the role Apply an inline policy to all IAM users and roles in every AWS account to deny permissions on the AWSPrivateMarketplaceAdminFullAccess managed policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435463[]' id='answer-id-1685017' class='answer   answerof-435463 ' value='1685017'   \/><label for='answer-id-1685017' id='answer-label-1685017' class=' answer'><span>Create an IAM role named procurement-manager-role in all AWS accounts in the organization Add the AdministratorAccess managed policy to the role Define a permissions boundary with the AWSPrivateMarketplaceAdminFullAccess managed policy and attach it to all the developer roles.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435463[]' id='answer-id-1685018' class='answer   answerof-435463 ' value='1685018'   \/><label for='answer-id-1685018' id='answer-label-1685018' class=' answer'><span>Create an IAM role named procurement-manager-role in all the shared services accounts in the organization Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role Create an organization root-level SCP to deny permissions to administer Private Marketplace to everyone except the role named procurement-manager-role Create another organization root-level SCP to deny permissions to create an IAM role named procurement-manager-role to everyone in the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435463[]' id='answer-id-1685019' class='answer   answerof-435463 ' value='1685019'   \/><label for='answer-id-1685019' id='answer-label-1685019' class=' answer'><span>Create an IAM role named procurement-manager-role in all AWS accounts that will be used by developers. Add the AWSPrivateMarketplaceAdminFullAccess managed policy to the role. Create an SCP inOrganizations to deny permissions to administer Private Marketplace to everyone except the role named procurement-manager-role. Apply the SCP to all the shared services accounts in the organization.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-18' style=';'><div id='questionWrap-18'  class='   watupro-question-id-435464'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>18. <\/span>A company runs a new application as a static website in Amazon S3. The company has deployed the application to a production AWS account and uses Amazon CloudFront to deliver the website. The website calls an Amazon API Gateway REST API. An AWS Lambda function backs each API method. <br \/>\r<br>The company wants to create a CSV report every 2 weeks to show each API Lambda function\u2019s recommended configured memory, recommended cost, and the price difference between current configurations and the recommendations. The company will store the reports in an S3 bucket. <br \/>\r<br>Which solution will meet these requirements with the LEAST development time?<\/div><input type='hidden' name='question_id[]' id='qID_18' value='435464' \/><input type='hidden' id='answerType435464' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435464[]' id='answer-id-1685020' class='answer   answerof-435464 ' value='1685020'   \/><label for='answer-id-1685020' id='answer-label-1685020' class=' answer'><span>Create a Lambda function that extracts metrics data for each API Lambda function from Amazon \r\nCloudWatch Logs for the 2-week penod_ Collate the data into tabular format. Store the data as a \r\n_csvfile in an S3 bucket. Create an Amazon Eventaridge rule to schedulethe Lambda function to run \r\nevery 2 weeks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435464[]' id='answer-id-1685021' class='answer   answerof-435464 ' value='1685021'   \/><label for='answer-id-1685021' id='answer-label-1685021' class=' answer'><span>Opt in to AWS Compute Optimizer. Create a Lambda function that calls the ExportLambdaFunctionRecommendatlons operation. Export the _csv file to an S3 bucket. Create an Amazon Eventaridge rule to schedule the Lambda function to run every 2 weeks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435464[]' id='answer-id-1685022' class='answer   answerof-435464 ' value='1685022'   \/><label for='answer-id-1685022' id='answer-label-1685022' class=' answer'><span>Opt in to AWS Compute Optimizer. Set up enhanced infrastructure metrics. Within the Compute Optimizer console, schedule a job to export the Lambda recommendations to a _csvfile_ Store the file in an S3 bucket every 2 weeks.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435464[]' id='answer-id-1685023' class='answer   answerof-435464 ' value='1685023'   \/><label for='answer-id-1685023' id='answer-label-1685023' class=' answer'><span>Purchase the AWS Business Support plan for the production account. Opt in to AWS Compute Optimizer for AWS Trusted Advisor checks. In the Trusted Advisor console, schedule a job to export the cost optimization checks to a _csvfile_ Store the file in an S3 bucket every 2 weeks.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-19' style=';'><div id='questionWrap-19'  class='   watupro-question-id-435465'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>19. <\/span>A company uses an on-premises data analytics platform. The system is highly available in a fully redundant configuration across 12 servers in the company's data center. <br \/>\r<br>The system runs scheduled jobs, both hourly and daily, in addition to one-time requests from users.Scheduled jobs can take between 20 minutes and 2 hours to finish running and have tight SLAs. The scheduled jobs account for 65% of the system usage. User jobs typically finish running in less than 5 minutes and have no SLA. The user jobs account for 35% of system usage. During system failures, scheduled jobs must continue to meet SLAs. However, user jobs can be delayed. <br \/>\r<br>A solutions architect needs to move the system to Amazon EC2 instances and adopt a consumption-based model to reduce costs with no long-term commitments. The solution must maintain high availability and must not affect the SLAs. <br \/>\r<br>Which solution will meet these requirements MOST cost-effectively?<\/div><input type='hidden' name='question_id[]' id='qID_19' value='435465' \/><input type='hidden' id='answerType435465' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435465[]' id='answer-id-1685024' class='answer   answerof-435465 ' value='1685024'   \/><label for='answer-id-1685024' id='answer-label-1685024' class=' answer'><span>Split the 12 instances across two Availability Zones in the chosen AWS Region. Run two instances in each Availability Zone as On-Demand Instances with Capacity Reservations. Run four instances in each Availability Zone as Spot Instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435465[]' id='answer-id-1685025' class='answer   answerof-435465 ' value='1685025'   \/><label for='answer-id-1685025' id='answer-label-1685025' class=' answer'><span>Split the 12 instances across three Availability Zones in the chosen AWS Region. In one of the Availability Zones, run all four instances as On-Demand Instances with Capacity Reservations. Run the remaining instances as Spot Instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435465[]' id='answer-id-1685026' class='answer   answerof-435465 ' value='1685026'   \/><label for='answer-id-1685026' id='answer-label-1685026' class=' answer'><span>Split the 12 instances across three Availability Zones in the chosen AWS Region. Run two instances in each Availability Zone as On-Demand Instances with a Savings Plan. Run two instances in each \r\nAvailability Zone as Spot Instances.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435465[]' id='answer-id-1685027' class='answer   answerof-435465 ' value='1685027'   \/><label for='answer-id-1685027' id='answer-label-1685027' class=' answer'><span>Split the 12 instances across three Availability Zones in the chosen AWS Region. Run three instances in each Availability Zone as On-Demand Instances with Capacity Reservations. Run one instance in each Availability Zone as a Spot Instance.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-20' style=';'><div id='questionWrap-20'  class='   watupro-question-id-435466'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>20. <\/span>A company is building a software-as-a-service (SaaS) solution on AWS. The company has deployed an Amazon API Gateway REST API with AWS Lambda integration in multiple AWS Regions and in the same production account. <br \/>\r<br>The company offers tiered pricing that gives customers the ability to pay for the capacity to make a certain number of API calls per second. The premium tier offers up to 3,000 calls per second, and customers are identified by a unique API key. Several premium tier customers in various Regions report that they receive error responses of 429 Too Many Requests from multiple API methods during peak usage hours. Logs indicate that the Lambda function is never invoked. <br \/>\r<br>What could be the cause of the error messages for these customers?<\/div><input type='hidden' name='question_id[]' id='qID_20' value='435466' \/><input type='hidden' id='answerType435466' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435466[]' id='answer-id-1685028' class='answer   answerof-435466 ' value='1685028'   \/><label for='answer-id-1685028' id='answer-label-1685028' class=' answer'><span>The Lambda function reached its concurrency limit.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435466[]' id='answer-id-1685029' class='answer   answerof-435466 ' value='1685029'   \/><label for='answer-id-1685029' id='answer-label-1685029' class=' answer'><span>The Lambda function its Region limit for concurrency.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435466[]' id='answer-id-1685030' class='answer   answerof-435466 ' value='1685030'   \/><label for='answer-id-1685030' id='answer-label-1685030' class=' answer'><span>The company reached its API Gateway account limit for calls per second.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435466[]' id='answer-id-1685031' class='answer   answerof-435466 ' value='1685031'   \/><label for='answer-id-1685031' id='answer-label-1685031' class=' answer'><span>The company reached its API Gateway default per-method limit for calls per second.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-21' style=';'><div id='questionWrap-21'  class='   watupro-question-id-435467'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>21. <\/span>A solutions architect needs to advise a company on how to migrate its on-premises data processing application to the AWS Cloud. Currently, users upload input files through a web portal. The web server then stores the uploaded files on NAS and messages the processing server over a message queue. Each media file can take up to 1 hour to process. The company has determined that the number of media files awaiting processing is significantly higher during business hours, with the number of files rapidly declining after business hours. <br \/>\r<br>What is the MOST cost-effective migration recommendation?<\/div><input type='hidden' name='question_id[]' id='qID_21' value='435467' \/><input type='hidden' id='answerType435467' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685032' class='answer   answerof-435467 ' value='1685032'   \/><label for='answer-id-1685032' id='answer-label-1685032' class=' answer'><span>Create a queue using Amazon SQ<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685033' class='answer   answerof-435467 ' value='1685033'   \/><label for='answer-id-1685033' id='answer-label-1685033' class=' answer'><span>Configure the existing web server to publish to the new queue. When there are messages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in an Amazon S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685034' class='answer   answerof-435467 ' value='1685034'   \/><label for='answer-id-1685034' id='answer-label-1685034' class=' answer'><span>Create a queue using Amazon<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685035' class='answer   answerof-435467 ' value='1685035'   \/><label for='answer-id-1685035' id='answer-label-1685035' class=' answer'><span>Configure the existing web server to publish to the new queue. When there are messages in the queue, create a new Amazon EC2 instance to pull requests from the queue and process the files. Store the processed files in Amazon EF<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685036' class='answer   answerof-435467 ' value='1685036'   \/><label for='answer-id-1685036' id='answer-label-1685036' class=' answer'><span>Shut down the EC2 instance after the task is complete.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685037' class='answer   answerof-435467 ' value='1685037'   \/><label for='answer-id-1685037' id='answer-label-1685037' class=' answer'><span>Create a queue using Amazon M<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685038' class='answer   answerof-435467 ' value='1685038'   \/><label for='answer-id-1685038' id='answer-label-1685038' class=' answer'><span>Configure the existing web server to publish to the new queue. When there are messages in the queue, invoke an AWS Lambda function to pull requests from the queue and process the files. Store the processed files in Amazon EF<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685039' class='answer   answerof-435467 ' value='1685039'   \/><label for='answer-id-1685039' id='answer-label-1685039' class=' answer'><span>Create a queue using Amazon SO<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435467[]' id='answer-id-1685040' class='answer   answerof-435467 ' value='1685040'   \/><label for='answer-id-1685040' id='answer-label-1685040' class=' answer'><span>Configure the existing web server to publish to the new queue. Use Amazon EC2 instances in an EC2 Auto Scaling group to pull requests from the queue and process the files. Scale the EC2 instances based on the SOS queue length. Store the processed files in an Amazon S3 bucket.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-22' style=';'><div id='questionWrap-22'  class='   watupro-question-id-435468'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>22. <\/span>A company is hosting a monolithic REST-based API for a mobile app on five Amazon EC2 instances in public subnets of a VPC. Mobile clients connect to the API by using a domain name that is hosted on Amazon Route 53. The company has created a Route 53 multivalue answer routing policy with the IP addresses of all the EC2 instances. Recently, the app has been overwhelmed by large and sudden increases to traffic. The app has not been able to keep up with the traffic. <br \/>\r<br>A solutions architect needs to implement a solution so that the app can handle the new and varying load. <br \/>\r<br>Which solution will meet these requirements with the LEAST operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_22' value='435468' \/><input type='hidden' id='answerType435468' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685041' class='answer   answerof-435468 ' value='1685041'   \/><label for='answer-id-1685041' id='answer-label-1685041' class=' answer'><span>Separate the API into individual AWS Lambda functions. Configure an Amazon API Gateway REST API with Lambda integration for the backend. Update the Route 53 record to point to the API Gateway AP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685042' class='answer   answerof-435468 ' value='1685042'   \/><label for='answer-id-1685042' id='answer-label-1685042' class=' answer'><span>Containerize the API logic. Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster. Run the containers in the cluster by using Amazon EC2. Create a Kubernetes ingress. Update the Route 53 record to point to the Kubernetes ingress.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685043' class='answer   answerof-435468 ' value='1685043'   \/><label for='answer-id-1685043' id='answer-label-1685043' class=' answer'><span>Create an Auto Scaling group. Place all the EC2 instances in the Auto Scaling group. Configure the Auto Scaling group to perform scaling actions that are based on CPU utilization. Create an AWS Lambda function that reacts to Auto Scaling group changes and updates the Route 53 record.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685044' class='answer   answerof-435468 ' value='1685044'   \/><label for='answer-id-1685044' id='answer-label-1685044' class=' answer'><span>Create an Application Load Balancer (ALB) in front of the AP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685045' class='answer   answerof-435468 ' value='1685045'   \/><label for='answer-id-1685045' id='answer-label-1685045' class=' answer'><span>Move the EC2 instances to private subnets in the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685046' class='answer   answerof-435468 ' value='1685046'   \/><label for='answer-id-1685046' id='answer-label-1685046' class=' answer'><span>Add the EC2 instances as targets for the AL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435468[]' id='answer-id-1685047' class='answer   answerof-435468 ' value='1685047'   \/><label for='answer-id-1685047' id='answer-label-1685047' class=' answer'><span>Update the Route 53 record to point to the AL<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-23' style=';'><div id='questionWrap-23'  class='   watupro-question-id-435469'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>23. <\/span>A delivery company needs to migrate its third-party route planning application to AWS. The third party supplies a supported Docker image from a public registry. The image can run in as many containers as required to generate the route map. <br \/>\r<br>The company has divided the delivery area into sections with supply hubs so that delivery drivers travel the shortest distance possible from the hubs to the customers. To reduce the time necessary to generate route maps, each section uses its own set of Docker containers with a custom configuration that processes orders only in the section's area. <br \/>\r<br>The company needs the ability to allocate resources cost-effectively based on the number of running containers. <br \/>\r<br>Which solution will meet these requirements with the LEAST operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_23' value='435469' \/><input type='hidden' id='answerType435469' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435469[]' id='answer-id-1685048' class='answer   answerof-435469 ' value='1685048'   \/><label for='answer-id-1685048' id='answer-label-1685048' class=' answer'><span>Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on Amazon EC2. Use the Amazon EKS CLI to launch the planning application in pods by using the -tags option to assign a custom tag to the pod.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435469[]' id='answer-id-1685049' class='answer   answerof-435469 ' value='1685049'   \/><label for='answer-id-1685049' id='answer-label-1685049' class=' answer'><span>Create an Amazon Elastic Kubernetes Service (Amazon EKS) cluster on AWS Fargate. Use the Amazon EKS CLI to launch the planning application. Use the AWS CLI tag-resource API call to assign a custom tag to the pod.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435469[]' id='answer-id-1685050' class='answer   answerof-435469 ' value='1685050'   \/><label for='answer-id-1685050' id='answer-label-1685050' class=' answer'><span>Create an Amazon Elastic Container Service (Amazon ECS) cluster on Amazon EC2. Use the AWS CLI with run-tasks set to true to launch the planning application by using the -tags option to assign a custom tag to the task.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435469[]' id='answer-id-1685051' class='answer   answerof-435469 ' value='1685051'   \/><label for='answer-id-1685051' id='answer-label-1685051' class=' answer'><span>Create an Amazon Elastic Container Service (Amazon ECS) cluster on AWS Fargate. Use the AWS CLI run-task command and set enableECSManagedTags to true to launch the planning application. Use the --tags option to assign a custom tag to the task.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-24' style=';'><div id='questionWrap-24'  class='   watupro-question-id-435470'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>24. <\/span>A company wants to migrate to AWS. The company wants to use a multi-account structure with centrally managed access to all accounts and applications. The company also wants to keep the traffic on a private network. Multi-factor authentication (MFA) is required at login, and specific roles are assigned to user groups.<br \/>\r\n<br \/>\r\nThe company must create separate accounts for development. staging, production, and shared network. The production account and the shared network account must have connectivity to all accounts. The development account and the staging account must have access only to each other.<br \/>\r\n<br \/>\r\nWhich combination of steps should a solutions architect take 10 meet these requirements? (Choose three.)<\/div><input type='hidden' name='question_id[]' id='qID_24' value='435470' \/><input type='hidden' id='answerType435470' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1685052' class='answer   answerof-435470 ' value='1685052'   \/><label for='answer-id-1685052' id='answer-label-1685052' class=' answer'><span>Deploy a landing zone environment by using AWS Control Tower. Enroll accounts and invite existing accounts into the resulting organization in AWS Organizations.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1695165' class='answer   answerof-435470 ' value='1695165'   \/><label for='answer-id-1695165' id='answer-label-1695165' class=' answer'><span>Enable AWS Security Hub in all accounts to manage cross-account access. Collect findings through AWS CloudTrail to force MFA login.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1695166' class='answer   answerof-435470 ' value='1695166'   \/><label for='answer-id-1695166' id='answer-label-1695166' class=' answer'><span>Create transit gateways and transit gateway VPC attachments in each account. Configure appropriate route tables.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1695167' class='answer   answerof-435470 ' value='1695167'   \/><label for='answer-id-1695167' id='answer-label-1695167' class=' answer'><span>Set up and enable AWS IAM Identity Center (AWS Single Sign-On). Create appropriate permission sets with required MFA for existing accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1695168' class='answer   answerof-435470 ' value='1695168'   \/><label for='answer-id-1695168' id='answer-label-1695168' class=' answer'><span>Enable AWS Control Tower in all Recounts to manage routing between accounts. Collect findings through AWS CloudTrail to force MFA login.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435470[]' id='answer-id-1695169' class='answer   answerof-435470 ' value='1695169'   \/><label for='answer-id-1695169' id='answer-label-1695169' class=' answer'><span>Create IAM users and groups. Configure MFA for all users. Set up Amazon Cognito user pools and identity pools to manage access to accounts and between accounts.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-25' style=';'><div id='questionWrap-25'  class='   watupro-question-id-435471'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>25. <\/span>An application is using an Amazon RDS for MySQL Multi-AZ DB instance in the us-east-1 Region. After a failover test, the application lost the connections to the database and could not re-establish the connections. After a restart of the application, the application re-established the connections. <br \/>\r<br>A solutions architect must implement a solution so that the application can re-establish connections to the database without requiring a restart. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_25' value='435471' \/><input type='hidden' id='answerType435471' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435471[]' id='answer-id-1685053' class='answer   answerof-435471 ' value='1685053'   \/><label for='answer-id-1685053' id='answer-label-1685053' class=' answer'><span>Create an Amazon Aurora MySQL Serverless v1 DB instance. Migrate the RDS DB instance to the Aurora Serverless v1 DB instance. Update the connection settings in the application to point to the Aurora reader endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435471[]' id='answer-id-1685054' class='answer   answerof-435471 ' value='1685054'   \/><label for='answer-id-1685054' id='answer-label-1685054' class=' answer'><span>Create an RDS proxy. Configure the existing RDS endpoint as a target. Update the connection settings in the application to point to the RDS proxy endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435471[]' id='answer-id-1685055' class='answer   answerof-435471 ' value='1685055'   \/><label for='answer-id-1685055' id='answer-label-1685055' class=' answer'><span>Create a two-node Amazon Aurora MySQL DB cluster. Migrate the RDS DB instance to the Aurora DB cluster. Create an RDS proxy. Configure the existing RDS endpoint as a target. Update the connection settings in the application to point to the RDS proxy endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435471[]' id='answer-id-1685056' class='answer   answerof-435471 ' value='1685056'   \/><label for='answer-id-1685056' id='answer-label-1685056' class=' answer'><span>Create an Amazon S3 bucket. Export the database to Amazon S3 by using AWS Database Migration Service (AWS DMS). Configure Amazon Athena to use the S3 bucket as a data store. Install the latest Open Database Connectivity (ODBC) driver for the application. Update the connection settings in the application to point to the Athena endpoint<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-26' style=';'><div id='questionWrap-26'  class='   watupro-question-id-435472'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>26. <\/span>A company is using Amazon OpenSearch Service to analyze data. The company loads data into an OpenSearch Service cluster with 10 data nodes from an Amazon S3 bucket that uses S3 Standard storage. The data resides in the cluster for 1 month for read-only analysis. After 1 month, the company deletes the index that contains the data from the cluster. For compliance purposes, the company must retain a copy of all input data. <br \/>\r<br>The company is concerned about ongoing costs and asks a solutions architect to recommend a new solution. <br \/>\r<br>Which solution will meet these requirements MOST cost-effectively?<\/div><input type='hidden' name='question_id[]' id='qID_26' value='435472' \/><input type='hidden' id='answerType435472' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435472[]' id='answer-id-1685057' class='answer   answerof-435472 ' value='1685057'   \/><label for='answer-id-1685057' id='answer-label-1685057' class=' answer'><span>Replace all the data nodes with UltraWarm nodes to handle the expected capacity. Transition the input data from S3 Standard to S3 Glacier Deep Archive when the company loads the data into the cluster.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435472[]' id='answer-id-1685058' class='answer   answerof-435472 ' value='1685058'   \/><label for='answer-id-1685058' id='answer-label-1685058' class=' answer'><span>Reduce the number of data nodes in the cluster to 2 Add UltraWarm nodes to handle the expected capacity. Configure the indexes to transition to UltraWarm when OpenSearch Service ingests the data. Transition the input data to S3 Glacier Deep Archive after 1 month by using an S3 Lifecycle policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435472[]' id='answer-id-1685059' class='answer   answerof-435472 ' value='1685059'   \/><label for='answer-id-1685059' id='answer-label-1685059' class=' answer'><span>Reduce the number of data nodes in the cluster to 2. Add UltraWarm nodes to handle the expected capacity. Configure the indexes to transition to UltraWarm when OpenSearch Service ingests the data. Add cold storage nodes to the cluster Transition the indexes from UltraWarm to cold storage. Delete the input data from the S3 bucket after 1 month by using an S3 Lifecycle policy.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435472[]' id='answer-id-1685060' class='answer   answerof-435472 ' value='1685060'   \/><label for='answer-id-1685060' id='answer-label-1685060' class=' answer'><span>Reduce the number of data nodes in the cluster to 2. Add instance-backed data nodes to handle the expected capacity. Transition the input data from S3 Standard to S3 Glacier Deep Archive when the company loads the data into the cluster.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-27' style=';'><div id='questionWrap-27'  class='   watupro-question-id-435473'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>27. <\/span>A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework. <br \/>\r<br>While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types. <br \/>\r<br>The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_27' value='435473' \/><input type='hidden' id='answerType435473' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435473[]' id='answer-id-1685061' class='answer   answerof-435473 ' value='1685061'   \/><label for='answer-id-1685061' id='answer-label-1685061' class=' answer'><span>Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435473[]' id='answer-id-1685062' class='answer   answerof-435473 ' value='1685062'   \/><label for='answer-id-1685062' id='answer-label-1685062' class=' answer'><span>In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers' IAM accounts.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435473[]' id='answer-id-1685063' class='answer   answerof-435473 ' value='1685063'   \/><label for='answer-id-1685063' id='answer-label-1685063' class=' answer'><span>Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435473[]' id='answer-id-1685064' class='answer   answerof-435473 ' value='1685064'   \/><label for='answer-id-1685064' id='answer-label-1685064' class=' answer'><span>Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-28' style=';'><div id='questionWrap-28'  class='   watupro-question-id-435474'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>28. <\/span>A company wants to migrate its data analytics environment from on premises to AWS. The environment consists of two simple Node js applications One of the applications collects sensor data and loads it into a MySQL database. The other application aggregates the data into reports When the aggregation jobs run. some of the load jobs fail to run correctly <br \/>\r<br>The company must resolve the data loading issue. The company also needs the migration to occur without interruptions or changes for the company's customers. <br \/>\r<br>What should a solutions architect do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_28' value='435474' \/><input type='hidden' id='answerType435474' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435474[]' id='answer-id-1685065' class='answer   answerof-435474 ' value='1685065'   \/><label for='answer-id-1685065' id='answer-label-1685065' class=' answer'><span>Set up an Amazon Aurora MySQL database as a replication target for the on-premises database Create an Aurora Replica for the Aurora MySQL database, and move the aggregation jobs to run against the Aurora Replica Set up collection endpomts as AWS Lambda functions behind a Network Load Balancer (NLB). and use Amazon RDS Proxy to wnte to the Aurora MySQL database When the databases are synced disable the replication job and restart the Aurora Replica as the primary instance. Point the collector DNS record to the NL<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435474[]' id='answer-id-1685066' class='answer   answerof-435474 ' value='1685066'   \/><label for='answer-id-1685066' id='answer-label-1685066' class=' answer'><span>Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora Move the aggregation jobs to run against the Aurora MySQL database Set up collection endpomts behind an Application Load Balancer (ALB) as Amazon EC2 instances in an Auto Scaling group When the databases are synced, point the collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on premises to AWS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435474[]' id='answer-id-1685067' class='answer   answerof-435474 ' value='1685067'   \/><label for='answer-id-1685067' id='answer-label-1685067' class=' answer'><span>Set up an Amazon Aurora MySQL database Use AWS Database Migration Service (AWS DMS) to perform continuous data replication from the on-premises database to Aurora Create an AuroraReplica for the Aurora MySQL database and move the aggregation jobs to run against the Aurora Replica Set up collection endpoints as AWS Lambda functions behind an Application Load Balancer (ALB) and use Amazon RDS Proxy to write to the Aurora MySQL database When the databases are synced, point the collector DNS record to the ALB Disable the AWS DMS sync task after the cutover from on premises to AWS<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435474[]' id='answer-id-1685068' class='answer   answerof-435474 ' value='1685068'   \/><label for='answer-id-1685068' id='answer-label-1685068' class=' answer'><span>Set up an Amazon Aurora MySQL database Create an Aurora Replica for the Aurora MySQL database and move the aggregation jobs to run against the Aurora Replica Set up collection endpoints as an Amazon Kinesis data stream Use Amazon Kinesis Data Firehose to replicate the data to the Aurora MySQL database When the databases are synced disable the replication job and restart the Aurora Replica as the primary instance Point the collector DNS record to the Kinesis data stream.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-29' style=';'><div id='questionWrap-29'  class='   watupro-question-id-435475'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>29. <\/span>A company is using AWS Organizations lo manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts. <br \/>\r<br>A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks Trusted access has been enabled in Organizations <br \/>\r<br>What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?<\/div><input type='hidden' name='question_id[]' id='qID_29' value='435475' \/><input type='hidden' id='answerType435475' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435475[]' id='answer-id-1685069' class='answer   answerof-435475 ' value='1685069'   \/><label for='answer-id-1685069' id='answer-label-1685069' class=' answer'><span>Create a stack set in the Organizations member accounts. Use service-managed permissions. Set deployment options to deploy to an organization. Use CloudFormation StackSets drift detection.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435475[]' id='answer-id-1685070' class='answer   answerof-435475 ' value='1685070'   \/><label for='answer-id-1685070' id='answer-label-1685070' class=' answer'><span>Create stacks in the Organizations member accounts. Use self-service permissions. Set deployment options to deploy to an organization. Enable the CloudFormation StackSets automatic deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435475[]' id='answer-id-1685071' class='answer   answerof-435475 ' value='1685071'   \/><label for='answer-id-1685071' id='answer-label-1685071' class=' answer'><span>Create a stack set in the Organizations management account Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets automatic deployment.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435475[]' id='answer-id-1685072' class='answer   answerof-435475 ' value='1685072'   \/><label for='answer-id-1685072' id='answer-label-1685072' class=' answer'><span>Create stacks in the Organizations management account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets drift detection.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-30' style=';'><div id='questionWrap-30'  class='   watupro-question-id-435476'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>30. <\/span>A company's solutions architect is reviewing a new internally developed application in a sandbox AWS account. The application uses an AWS Auto Scaling group of Amazon EC2 instances that have an IAM instance profile attached Part of the application logic creates and accesses secrets from AWS Secrets Manager. The company has an AWS Lambda function that calls the application API to test the functionality. The company also has created an AWS CloudTrail trail in the account. <br \/>\r<br>The application's developer has attached the SecretsManagerReadWnte AWS managed IAM policy to an IAM role. The IAM role is associated with the instance profile that is attached to the EC2 instances The solutions architect has invoked the Lambda function for testing <br \/>\r<br>The solutions architect must replace the SecretsManagerReadWnte policy with a new policy that provides least privilege access to the Secrets Manager actions that the application requires. <br \/>\r<br>What is the MOST operationally efficient solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_30' value='435476' \/><input type='hidden' id='answerType435476' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435476[]' id='answer-id-1685073' class='answer   answerof-435476 ' value='1685073'   \/><label for='answer-id-1685073' id='answer-label-1685073' class=' answer'><span>Generate a policy based on CloudTrail events for the IAM role Use the generated policy output to create a new IAM policy Use the newly generated IAM policy to replace the SecretsManagerReadWnte policy that is attached to the IAM role<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435476[]' id='answer-id-1685074' class='answer   answerof-435476 ' value='1685074'   \/><label for='answer-id-1685074' id='answer-label-1685074' class=' answer'><span>Create an analyzer in AWS Identity and Access Management Access Analyzer Use the IAM role's Access Advisor findings to create a new IAM policy Use the newly created IAM policy to replace the SecretsManagerReadWnte policy that is attached to the IAM role<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435476[]' id='answer-id-1685075' class='answer   answerof-435476 ' value='1685075'   \/><label for='answer-id-1685075' id='answer-label-1685075' class=' answer'><span>Use the aws cloudtrail lookup-events AWS CLI command to filter and export CloudTrail events that are related to Secrets Manager Use a new IAM policy that contains the actions from CloudTrail to replace the SecretsManagerReadWnte policy that is attached to the IAM role<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435476[]' id='answer-id-1685076' class='answer   answerof-435476 ' value='1685076'   \/><label for='answer-id-1685076' id='answer-label-1685076' class=' answer'><span>Use the IAM policy simulator to generate an IAM policy for the IAM role Use the newly generated IAM policy to replace the SecretsManagerReadWnte policy that is attached to the IAM role<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-31' style=';'><div id='questionWrap-31'  class='   watupro-question-id-435477'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>31. <\/span>A retail company has structured its AWS accounts to be part of an organization in AWS Organizations. The company has set up consolidated billing and has mapped its departments to the following OUs: Finance. Sales. Human Resources &lt;HR). Marketing, and Operations. Each OU has multiple AWS accounts, one for each environment within a department. These environments are development, test, pre-production, and production. <br \/>\r<br>The HR department is releasing a new system thai will launch in 3 months. In preparation, the HR department has purchased several Reserved Instances (RIs) in its production AWS account. The HR department will install the new application on this account. The HR department wants to make sure that other departments cannot share the Rl discounts. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_31' value='435477' \/><input type='hidden' id='answerType435477' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435477[]' id='answer-id-1685077' class='answer   answerof-435477 ' value='1685077'   \/><label for='answer-id-1685077' id='answer-label-1685077' class=' answer'><span>In the AWS Billing and Cost Management console for the HR department's production account, turn off R1 sharing.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435477[]' id='answer-id-1685078' class='answer   answerof-435477 ' value='1685078'   \/><label for='answer-id-1685078' id='answer-label-1685078' class=' answer'><span>Remove the HR department's production AWS account from the organization. Add the account to the consolidating billing configuration only.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435477[]' id='answer-id-1685079' class='answer   answerof-435477 ' value='1685079'   \/><label for='answer-id-1685079' id='answer-label-1685079' class=' answer'><span>In the AWS Billing and Cost Management console, use the organization's management account to turn off R1 sharing for the HR department's production AWS account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435477[]' id='answer-id-1685080' class='answer   answerof-435477 ' value='1685080'   \/><label for='answer-id-1685080' id='answer-label-1685080' class=' answer'><span>Create an SCP in the organization to restrict access to the RIs. Apply the SCP to the OUs of the other departments.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-32' style=';'><div id='questionWrap-32'  class='   watupro-question-id-435478'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>32. <\/span>A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team canaccess.<br \/>\r\n<br \/>\r\nAfter the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must provide the design team with access to the production account without exposing other parts of the web application to the risk of unwanted changes.<br \/>\r\n<br \/>\r\nWhich combination of steps will meet these requirements? (Select THREE.)<\/div><input type='hidden' name='question_id[]' id='qID_32' value='435478' \/><input type='hidden' id='answerType435478' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1685081' class='answer   answerof-435478 ' value='1685081'   \/><label for='answer-id-1685081' id='answer-label-1685081' class=' answer'><span>In the production account, create a new IAM policy that allows read and write access to the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1695170' class='answer   answerof-435478 ' value='1695170'   \/><label for='answer-id-1695170' id='answer-label-1695170' class=' answer'><span>In the development account, create a new IAM policy that allows read and write access to the S3 bucket.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1695171' class='answer   answerof-435478 ' value='1695171'   \/><label for='answer-id-1695171' id='answer-label-1695171' class=' answer'><span>In the production account, create a role. Attach the new policy to the role. Define the development account as a trusted entity.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1695172' class='answer   answerof-435478 ' value='1695172'   \/><label for='answer-id-1695172' id='answer-label-1695172' class=' answer'><span>In the development account, create a role. Attach the new policy to the role. Define the production account as a trusted entity.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1695173' class='answer   answerof-435478 ' value='1695173'   \/><label for='answer-id-1695173' id='answer-label-1695173' class=' answer'><span>In the development account, create a group that contains all the IAM users of the design team. Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the production account.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435478[]' id='answer-id-1695174' class='answer   answerof-435478 ' value='1695174'   \/><label for='answer-id-1695174' id='answer-label-1695174' class=' answer'><span>In the development account, create a group that contains all tfje IAM users of the design team. Attach a different IAM policy to the group to allow the sts;AssumeRole action on the role in the development account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-33' style=';'><div id='questionWrap-33'  class='   watupro-question-id-435479'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>33. <\/span>A company needs to implement a patching process for its servers. The on-premises servers and Amazon EC2 instances use a variety of tools to perform patching. Management requires a single report showing the patch status of all the servers and instances. <br \/>\r<br>Which set of actions should a solutions architect take to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_33' value='435479' \/><input type='hidden' id='answerType435479' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435479[]' id='answer-id-1685082' class='answer   answerof-435479 ' value='1685082'   \/><label for='answer-id-1685082' id='answer-label-1685082' class=' answer'><span>Use AWS Systems Manager to manage patches on the on-premises servers and EC2 instances. Use Systems Manager to generate patch compliance reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435479[]' id='answer-id-1685083' class='answer   answerof-435479 ' value='1685083'   \/><label for='answer-id-1685083' id='answer-label-1685083' class=' answer'><span>Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use Amazon OuickSight integration with OpsWorks to generate patch compliance reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435479[]' id='answer-id-1685084' class='answer   answerof-435479 ' value='1685084'   \/><label for='answer-id-1685084' id='answer-label-1685084' class=' answer'><span>Use an Amazon EventBridge (Amazon CloudWatch Events) rule to apply patches by scheduling an AWS Systems Manager patch remediation job. Use Amazon Inspector to generate patch compliance reports.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435479[]' id='answer-id-1685085' class='answer   answerof-435479 ' value='1685085'   \/><label for='answer-id-1685085' id='answer-label-1685085' class=' answer'><span>Use AWS OpsWorks to manage patches on the on-premises servers and EC2 instances. Use AWS X-Ray to post the patch status to AWS Systems Manager OpsCenter to generate patch compliance reports.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-34' style=';'><div id='questionWrap-34'  class='   watupro-question-id-435480'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>34. <\/span>A team collects and routes behavioral data for an entire company. The company runs a Multi-AZ VPC environment with public subnets, private subnets, and in internet gateway Each public subnet also contains a NAT gateway Most of the company's applications read from and write to Amazon Kinesis Data Streams. Most of the workloads am in private subnets. <br \/>\r<br>A solutions architect must review the infrastructure. The solutions architect needs to reduce costs and maintain the function of the applications. The solutions architect uses Cost Explorer and notices that the cost in the EC2-Other category is consistently high A further review shows that NatGateway-Bytes charges are increasing the cost in the EC2-Other category. <br \/>\r<br>What should the solutions architect do to meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_34' value='435480' \/><input type='hidden' id='answerType435480' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685086' class='answer   answerof-435480 ' value='1685086'   \/><label for='answer-id-1685086' id='answer-label-1685086' class=' answer'><span>Enable VPC Flow Logs. Use Amazon Athena to analyze the logs for traffic that can be removed. \r\nEnsure that security groups are Mocking traffic that is responsible for high costs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685087' class='answer   answerof-435480 ' value='1685087'   \/><label for='answer-id-1685087' id='answer-label-1685087' class=' answer'><span>Add an interface VPC endpoint for Kinesis Data Streams to the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685088' class='answer   answerof-435480 ' value='1685088'   \/><label for='answer-id-1685088' id='answer-label-1685088' class=' answer'><span>Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685089' class='answer   answerof-435480 ' value='1685089'   \/><label for='answer-id-1685089' id='answer-label-1685089' class=' answer'><span>Enable VPC Flow Logs and Amazon Detective Review Detective findings for traffic that is not related to Kinesis Data Streams Configure security groups to block that traffic<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685090' class='answer   answerof-435480 ' value='1685090'   \/><label for='answer-id-1685090' id='answer-label-1685090' class=' answer'><span>Add an interface VPC endpoint for Kinesis Data Streams to the VP<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435480[]' id='answer-id-1685091' class='answer   answerof-435480 ' value='1685091'   \/><label for='answer-id-1685091' id='answer-label-1685091' class=' answer'><span>Ensure that the VPC endpoint policy allows traffic from the applications.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-35' style=';'><div id='questionWrap-35'  class='   watupro-question-id-435481'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>35. <\/span>A company is building an electronic document management system in which users upload their documents. The application stack is entirely serverless and runs on AWS in the eu-central-1 Region. The system includes a web application that uses an Amazon CloudFront distribution for delivery with Amazon S3 as the origin. The web application communicates with Amazon API Gateway Regional endpoints. The API Gateway APIs call AWS Lambda functions that store metadata in an Amazon Aurora Serverless database and put the documents into an S3 bucket. <br \/>\r<br>The company is growing steadily and has completed a proof of concept with its largest customer. The company must improve latency outside of Europe. <br \/>\r<br>Which combination of actions will meet these requirements? (Select TWO.)<\/div><input type='hidden' name='question_id[]' id='qID_35' value='435481' \/><input type='hidden' id='answerType435481' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435481[]' id='answer-id-1685092' class='answer   answerof-435481 ' value='1685092'   \/><label for='answer-id-1685092' id='answer-label-1685092' class=' answer'><span>Enable S3 Transfer Acceleration on the S3 bucket. Ensure that the web application uses the Transfer Acceleration signed URLs.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435481[]' id='answer-id-1685093' class='answer   answerof-435481 ' value='1685093'   \/><label for='answer-id-1685093' id='answer-label-1685093' class=' answer'><span>Create an accelerator in AWS Global Accelerator. Attach the accelerator to the CloudFront distribution.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435481[]' id='answer-id-1685094' class='answer   answerof-435481 ' value='1685094'   \/><label for='answer-id-1685094' id='answer-label-1685094' class=' answer'><span>Change the API Gateway Regional endpoints to edge-optimized endpoints.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435481[]' id='answer-id-1685095' class='answer   answerof-435481 ' value='1685095'   \/><label for='answer-id-1685095' id='answer-label-1685095' class=' answer'><span>Provision the entire stack in two other locations that are spread across the world. Use global databases on the Aurora Serverless cluster.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435481[]' id='answer-id-1685096' class='answer   answerof-435481 ' value='1685096'   \/><label for='answer-id-1685096' id='answer-label-1685096' class=' answer'><span>Add an Amazon RDS proxy between the Lambda functions and the Aurora Serverless database.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-36' style=';'><div id='questionWrap-36'  class='   watupro-question-id-435482'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>36. <\/span>A company has introduced a new policy that allows employees to work remotely from their homes if they connect by using a VPN. The company Is hosting Internal applications with VPCs in multiple AWS accounts Currently the applications are accessible from the company's on-premises office network through an AWS Site-to-Site VPN connection. The VPC in the company's main AWS account has peering connections established with VPCs in other AWS accounts. <br \/>\r<br>A solutions architect must design a scalable AWS Client VPN solution for employees to use while they work from home <br \/>\r<br>What is the MOST cost-effective solution that meets these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_36' value='435482' \/><input type='hidden' id='answerType435482' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435482[]' id='answer-id-1685097' class='answer   answerof-435482 ' value='1685097'   \/><label for='answer-id-1685097' id='answer-label-1685097' class=' answer'><span>Create a Client VPN endpoint in each AWS account Configure required routing that allows access to internal applications<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435482[]' id='answer-id-1685098' class='answer   answerof-435482 ' value='1685098'   \/><label for='answer-id-1685098' id='answer-label-1685098' class=' answer'><span>Create a Client VPN endpoint in the mam AWS account Configure required routing that allows access to internal applications<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435482[]' id='answer-id-1685099' class='answer   answerof-435482 ' value='1685099'   \/><label for='answer-id-1685099' id='answer-label-1685099' class=' answer'><span>Create a Client VPN endpoint in the main AWS account Provision a transit gateway that is connected to each AWS account Configure required routing that allows access to internal applications<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435482[]' id='answer-id-1685100' class='answer   answerof-435482 ' value='1685100'   \/><label for='answer-id-1685100' id='answer-label-1685100' class=' answer'><span>Create a Client VPN endpoint in the mam AWS account Establish connectivity between the Client VPN endpoint and the AWS Site-to-Site VPN<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-37' style=';'><div id='questionWrap-37'  class='   watupro-question-id-435483'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>37. <\/span>A company has an organization that has many AWS accounts in AWS Organizations. A solutions architect must improve how the company manages common security group rules for the AWS accounts in the organization. <br \/>\r<br>The company has a common set of IP CIDR ranges in an allow list in each AWS account to allow access to and from the company's on-premises network. <br \/>\r<br>Developers within each account are responsible for adding new IP CIDR ranges to their security groups. The security team has its own AWS account. Currently, the security team notifies the owners of the other AWS accounts when changes are made to the allow list. <br \/>\r<br>The solutions architect must design a solution that distributes the common set of CIDR ranges across all accounts. <br \/>\r<br>Which solution meets these requirements with the LEAST amount of operational overhead?<\/div><input type='hidden' name='question_id[]' id='qID_37' value='435483' \/><input type='hidden' id='answerType435483' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435483[]' id='answer-id-1685101' class='answer   answerof-435483 ' value='1685101'   \/><label for='answer-id-1685101' id='answer-label-1685101' class=' answer'><span>Set up an Amazon Simple Notification Service (Amazon SNS) topic in the security team's AWS account. Deploy an AWS Lambda function in each AWS account. Configure the Lambda function to run every time an SNS topic receives a message. Configure the Lambda function to take an IP address as input and add it to a list of security groups in the account. Instruct the security team to distribute changes by publishing messages to its SNS topic.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435483[]' id='answer-id-1685102' class='answer   answerof-435483 ' value='1685102'   \/><label for='answer-id-1685102' id='answer-label-1685102' class=' answer'><span>Create new customer-managed prefix lists in each AWS account within the organization. Populate \r\nthe prefix lists in each account with all internal CIDR ranges. Notify the owner of each AWS account to allow the new customer-managed prefix list IDs in their accounts in their security groups. Instruct the security team to share updates with each AWS account owner.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435483[]' id='answer-id-1685103' class='answer   answerof-435483 ' value='1685103'   \/><label for='answer-id-1685103' id='answer-label-1685103' class=' answer'><span>Create a new customer-managed prefix list in the security team's AWS account. Populate the customer-managed prefix list with all internal CIDR ranges. Share the customer-managed prefix list with the organization by using AWS Resource Access Manager. Notify the owner of each AWS account to allow the new customer-managed prefix list ID in their security groups.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435483[]' id='answer-id-1685104' class='answer   answerof-435483 ' value='1685104'   \/><label for='answer-id-1685104' id='answer-label-1685104' class=' answer'><span>Create an IAM role in each account in the organization. Grant permissions to update security groups. Deploy an AWS Lambda function in the security team's AWS account. Configure the Lambda function to take a list of internal IP addresses as input, assume a role in each organization account, and add the list of IP addresses to the security groups in each account.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-38' style=';'><div id='questionWrap-38'  class='   watupro-question-id-435484'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>38. <\/span>A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company's AWS accounts, which are using AWS Organizations. AWS Site-to-Site VPN connectivity already exists between the on-premises environment and all the company's AWS accounts. <br \/>\r<br>The company's security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location. <br \/>\r<br>Which solution will meet these requirements?<\/div><input type='hidden' name='question_id[]' id='qID_38' value='435484' \/><input type='hidden' id='answerType435484' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435484[]' id='answer-id-1685105' class='answer   answerof-435484 ' value='1685105'   \/><label for='answer-id-1685105' id='answer-label-1685105' class=' answer'><span>Configure AWS Single Sign-On (AWS SSO) to connect to Active Directory by using SAML 2.0. Enable automatic provisioning by using the System for Cross- domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using attribute-based access controls (ABACs).<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435484[]' id='answer-id-1685106' class='answer   answerof-435484 ' value='1685106'   \/><label for='answer-id-1685106' id='answer-label-1685106' class=' answer'><span>Configure AWS Single Sign-On (AWS SSO) by using AWS SSO as an identity source. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protocol. Grant access to the AWS accounts by using AWS SSO permission sets.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435484[]' id='answer-id-1685107' class='answer   answerof-435484 ' value='1685107'   \/><label for='answer-id-1685107' id='answer-label-1685107' class=' answer'><span>In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2.0 identity provider. Provision IAM users that are mapped to the federated users. Grant access that corresponds to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM users.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435484[]' id='answer-id-1685108' class='answer   answerof-435484 ' value='1685108'   \/><label for='answer-id-1685108' id='answer-label-1685108' class=' answer'><span>In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provider. Provision IAM roles that grant access to the AWS account for the federated users that correspond to appropriate groups in Active Directory. Grant access to the required AWS accounts by using cross-account IAM roles.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-39' style=';'><div id='questionWrap-39'  class='   watupro-question-id-435485'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>39. <\/span>A company has hundreds of AWS accounts. The company recently implemented a centralized internal process for purchasing new Reserved Instances and modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement. Previously, business units directly purchased or modified Reserved Instances in their own respective AWS accounts autonomously. <br \/>\r<br>A solutions architect needs to enforce the new process in the most secure way possible. <br \/>\r<br>Which combination of steps should the solutions architect take to meet these requirements? (Choose two.)<\/div><input type='hidden' name='question_id[]' id='qID_39' value='435485' \/><input type='hidden' id='answerType435485' value='checkbox'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435485[]' id='answer-id-1685109' class='answer   answerof-435485 ' value='1685109'   \/><label for='answer-id-1685109' id='answer-label-1685109' class=' answer'><span>Ensure that all AWS accounts are part of an organization in AWS Organizations with all features enabled.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435485[]' id='answer-id-1685110' class='answer   answerof-435485 ' value='1685110'   \/><label for='answer-id-1685110' id='answer-label-1685110' class=' answer'><span>Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435485[]' id='answer-id-1685111' class='answer   answerof-435485 ' value='1685111'   \/><label for='answer-id-1685111' id='answer-label-1685111' class=' answer'><span>In each AWS account, create an IAM policy that denies the ec2:PurchaseReservedInstancesOffering action and the ec2:ModifyReservedInstances action.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435485[]' id='answer-id-1685112' class='answer   answerof-435485 ' value='1685112'   \/><label for='answer-id-1685112' id='answer-label-1685112' class=' answer'><span>Create an SCP that denies the ec2:PurchaseReservedInstancesOffering action and theec2:ModifyReservedInstances action. Attach the SCP to each OU of the organization.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='checkbox' name='answer-435485[]' id='answer-id-1685113' class='answer   answerof-435485 ' value='1685113'   \/><label for='answer-id-1685113' id='answer-label-1685113' class=' answer'><span>Ensure that all AWS accounts are part of an organization in AWS Organizations that uses the consolidated billing feature.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div class='watu-question ' id='question-40' style=';'><div id='questionWrap-40'  class='   watupro-question-id-435486'>\n\t\t\t<div class='question-content'><div><span class='watupro_num'>40. <\/span>A company with several AWS accounts is using AWS Organizations and service control policies (SCPs). <br \/>\r<br>An Administrator created the following SCP and has attached it to an organizational unit (OU) that contains AWS account 1111-1111-1111: <br \/>\r<br><br><img decoding=\"async\" border=0 width=365 height=328 id=\"\u56fe\u7247 4\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/uploads\/2025\/11\/image002-2.png\"><br><br \/>\r<br>Developers working in account 1111-1111-1111 complain that they cannot create Amazon S3 buckets. <br \/>\r<br>How should the Administrator address this problem?<\/div><input type='hidden' name='question_id[]' id='qID_40' value='435486' \/><input type='hidden' id='answerType435486' value='radio'><!-- end question-content--><\/div><div class='question-choices watupro-choices-columns '><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435486[]' id='answer-id-1685114' class='answer   answerof-435486 ' value='1685114'   \/><label for='answer-id-1685114' id='answer-label-1685114' class=' answer'><span>Add s3:CreateBucket with&#1490;Allow&#1490; effect to the SC<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435486[]' id='answer-id-1685115' class='answer   answerof-435486 ' value='1685115'   \/><label for='answer-id-1685115' id='answer-label-1685115' class=' answer'><span>Remove the account from the OU, and attach the SCP directly to account 1111-1111-1111.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435486[]' id='answer-id-1685116' class='answer   answerof-435486 ' value='1685116'   \/><label for='answer-id-1685116' id='answer-label-1685116' class=' answer'><span>Instruct the Developers to add Amazon S3 permissions to their IAM entities.<\/span><\/label><\/div><div class='watupro-question-choice  ' dir='auto' ><input type='radio' name='answer-435486[]' id='answer-id-1685117' class='answer   answerof-435486 ' value='1685117'   \/><label for='answer-id-1685117' id='answer-label-1685117' class=' answer'><span>Remove the SCP from account 1111-1111-1111.<\/span><\/label><\/div><!-- end question-choices--><\/div><!-- end questionWrap--><\/div><\/div><div style='display:none' id='question-41'>\n\t<div class='question-content'>\n\t\t<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/img\/loading.gif\" width=\"16\" height=\"16\" alt=\"Loading...\" title=\"Loading...\" \/>&nbsp;Loading...\t<\/div>\n<\/div>\n\n<br \/>\n\t\n\t\t\t<div class=\"watupro_buttons flex \" id=\"watuPROButtons11061\" >\n\t\t  <div id=\"prev-question\" style=\"display:none;\"><input type=\"button\" value=\"&lt; Previous\" onclick=\"WatuPRO.nextQuestion(event, 'previous');\"\/><\/div>\t\t  \t\t  \t\t   \n\t\t   \t  \t\t<div><input type=\"button\" name=\"action\" class=\"watupro-submit-button\" onclick=\"WatuPRO.submitResult(event)\" id=\"action-button\" value=\"View Results\"  \/>\n\t\t<\/div>\n\t\t<\/div>\n\t\t\n\t<input type=\"hidden\" name=\"quiz_id\" value=\"11061\" id=\"watuPROExamID\"\/>\n\t<input type=\"hidden\" name=\"start_time\" id=\"startTime\" value=\"2026-05-20 06:59:01\" \/>\n\t<input type=\"hidden\" name=\"start_timestamp\" id=\"startTimeStamp\" value=\"1779260341\" \/>\n\t<input type=\"hidden\" name=\"question_ids\" value=\"\" \/>\n\t<input type=\"hidden\" name=\"watupro_questions\" value=\"435447:1684930,1684931,1684932,1684933 | 435448:1684934,1684935,1684936,1684937 | 435449:1684938,1684939,1684940,1684941,1684942,1684943,1684944,1684945,1684946,1684947 | 435450:1684948,1684949,1684950,1684951,1684952 | 435451:1684953,1684954,1684955,1684956 | 435452:1684957,1684958,1684959,1684960 | 435453:1684961,1684962,1684963,1684964,1684965,1684966 | 435454:1684967,1684968,1684969,1684970 | 435455:1684971,1684972,1684973,1684974,1684975,1684976 | 435456:1684977,1684978,1684979,1684980,1684981 | 435457:1684982,1684983,1684984,1684985,1684986,1684987,1684988,1684989 | 435458:1684990,1684991,1684992,1684993,1684994,1684995 | 435459:1684996,1684997,1684998,1684999,1685000,1685001 | 435460:1685002,1685003,1685004,1685005,1685006 | 435461:1685007,1685008,1685009,1685010 | 435462:1685011,1685012,1685013,1685014,1685015 | 435463:1685016,1685017,1685018,1685019 | 435464:1685020,1685021,1685022,1685023 | 435465:1685024,1685025,1685026,1685027 | 435466:1685028,1685029,1685030,1685031 | 435467:1685032,1685033,1685034,1685035,1685036,1685037,1685038,1685039,1685040 | 435468:1685041,1685042,1685043,1685044,1685045,1685046,1685047 | 435469:1685048,1685049,1685050,1685051 | 435470:1685052,1695165,1695166,1695167,1695168,1695169 | 435471:1685053,1685054,1685055,1685056 | 435472:1685057,1685058,1685059,1685060 | 435473:1685061,1685062,1685063,1685064 | 435474:1685065,1685066,1685067,1685068 | 435475:1685069,1685070,1685071,1685072 | 435476:1685073,1685074,1685075,1685076 | 435477:1685077,1685078,1685079,1685080 | 435478:1685081,1695170,1695171,1695172,1695173,1695174 | 435479:1685082,1685083,1685084,1685085 | 435480:1685086,1685087,1685088,1685089,1685090,1685091 | 435481:1685092,1685093,1685094,1685095,1685096 | 435482:1685097,1685098,1685099,1685100 | 435483:1685101,1685102,1685103,1685104 | 435484:1685105,1685106,1685107,1685108 | 435485:1685109,1685110,1685111,1685112,1685113 | 435486:1685114,1685115,1685116,1685117\" \/>\n\t<input type=\"hidden\" name=\"no_ajax\" value=\"0\">\t\t\t<\/form>\n\t<p>&nbsp;<\/p>\n<\/div>\n\n<script type=\"text\/javascript\">\n\/\/jQuery(document).ready(function(){\ndocument.addEventListener(\"DOMContentLoaded\", function(event) { \t\nvar question_ids = \"435447,435448,435449,435450,435451,435452,435453,435454,435455,435456,435457,435458,435459,435460,435461,435462,435463,435464,435465,435466,435467,435468,435469,435470,435471,435472,435473,435474,435475,435476,435477,435478,435479,435480,435481,435482,435483,435484,435485,435486\";\nWatuPROSettings[11061] = {};\nWatuPRO.qArr = question_ids.split(',');\nWatuPRO.exam_id = 11061;\t    \nWatuPRO.post_id = 113907;\nWatuPRO.store_progress = 0;\nWatuPRO.curCatPage = 1;\nWatuPRO.requiredIDs=\"0\".split(\",\");\nWatuPRO.hAppID = \"0.33137200 1779260341\";\nvar url = \"https:\/\/www.dumpsbase.com\/freedumps\/wp-content\/plugins\/watupro\/show_exam.php\";\nWatuPRO.examMode = 1;\nWatuPRO.siteURL=\"https:\/\/www.dumpsbase.com\/freedumps\/wp-admin\/admin-ajax.php\";\nWatuPRO.emailIsNotRequired = 0;\nWatuPROIntel.init(11061);\nWatuPRO.inCategoryPages=1;});    \t \n<\/script>\n<p>&nbsp;<\/p>\n<h3>We also have the <a href=\"https:\/\/www.dumpsbase.com\/freedumps\/prepare-with-dumpsbase-sap-c02-dumps-v12-02-to-advance-your-career-sap-c02-free-dumps-part-3-q81-q120-are-online-for-reading.html\"><span style=\"background-color: #ffff00;\"><em>SAP-C02 free dumps (Part 3, Q81-Q120) of V12.02<\/em><\/span><\/a> here to help you check more.<\/h3>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With DumpsBase SAP-C02 dumps (V12.02), you will have access to comprehensive exam questions and answers that cover all the AWS Certified Solutions Architect &#8211; Professional exam objectives, helping you prepare well for the actual exam. Our practice questions in V12.02 are designed by industry experts and reflect the actual exam format, helping you build confidence [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[175,15637],"tags":[20286,20313],"class_list":["post-113907","post","type-post","status-publish","format-standard","hentry","category-amazon","category-aws-certification","tag-aws-certified-solutions-architect-professional-sap-c02","tag-sap-c02-practice-questions"],"_links":{"self":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/113907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/comments?post=113907"}],"version-history":[{"count":3,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/113907\/revisions"}],"predecessor-version":[{"id":116207,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/posts\/113907\/revisions\/116207"}],"wp:attachment":[{"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/media?parent=113907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/categories?post=113907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsbase.com\/freedumps\/wp-json\/wp\/v2\/tags?post=113907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}