Daily AWS Solution Architect questions #16

Q75: A company wants to migrate an on-premises data center to AWS. The data center hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system. Which combination of steps should a solutions architect take to automate this task? (Choose two.)

• A.?Launch the EC2 instance into the same Availability Zone as the EFS file system.
• B.?Install an AWS DataSync agent in the on-premises data center.
• C.?Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance for the data.
• D.?Manually use an operating system copy command to push the data to the EC2 instance.
• E.?Use AWS DataSync to create a suitable location configuration for the on-premises SFTP server.
• Explain: To automate the process of transferring the data from the on-premises SFTP server to an EC2 instance with an EFS file system, you can use AWS DataSync. AWS DataSync is a fully managed data transfer service that simplifies, automates, and accelerates transferring data between on-premises storage systems and Amazon S3, Amazon EFS, or Amazon FSx for Windows File Server. To use AWS DataSync for this task, you should first install an AWS DataSync agent in the on-premises data center. This agent is a lightweight software application that you install on your on-premises data source. The agent communicates with the AWS DataSync service to transfer data between the data source and target locations.

Q76: A company has an AWS Glue extract, transform, and load (ETL) job that runs every day at the same time. The job processes XML data that is in an Amazon S3 bucket. New data is added to the S3 bucket every day. A solutions architect notices that AWS Glue is processing all the data during each run. What should the solutions architect do to prevent AWS Glue from reprocessing old data?

• A.?Edit the job to use job bookmarks.
• B.?Edit the job to delete data after the data is processed.
• C.?Edit the job by setting the NumberOfWorkers field to 1.
• D.?Use a FindMatches machine learning (ML) transform.

Q77: A solutions architect must design a highly available infrastructure for a website. The website is powered by Windows web servers that run on Amazon EC2 instances. The solutions architect must implement a solution that can mitigate a large-scale DDoS attack that originates from thousands of IP addresses. Downtime is not acceptable for the website. Which actions should the solutions architect take to protect the website from such an attack? (Choose two.)

• A.?Use AWS Shield Advanced to stop the DDoS attack.
• B.?Configure Amazon GuardDuty to automatically block the attackers.
• C.?Configure the website to use Amazon CloudFront for both static and dynamic content.
• D.?Use an AWS Lambda function to automatically add attacker IP addresses to VPC network ACLs.
• E.?Use EC2 Spot Instances in an Auto Scaling group with a target tracking scaling policy that is set to 80% CPU utilization.
• Explain: AWS Shield Advanced can handle the DDoS attacks. CloudFront is globally distribute content to edge locations, it support multiple origin for failover if the CloudFront send request to the first origin fail it will send request to another.

Q78: A company is preparing to deploy a new serverless workload. A solutions architect must use the principle of least privilege to configure permissions that will be used to run an AWS Lambda function. An Amazon EventBridge (Amazon CloudWatch Events) rule will invoke the function. Which solution meets these requirements?

• A.?Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
• B.?Add an execution role to the function with lambda:InvokeFunction as the action and Service: lambda.amazonaws.com as the principal.
• C.?Add a resource-based policy to the function with lambda:* as the action and Service: events.amazonaws.com as the principal.
• D.?Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service: events.amazonaws.com as the principal.
• Explain: lambda:InvokeFunction is the action needed to invoke the Lambda function. Service: events.amazonaws.com is the principal (the AWS service) that is allowed to invoke the Lambda function. In this case, you're explicitly allowing CloudWatch Events to invoke the function.

Q79: A company is preparing to store confidential data in Amazon S3. For compliance reasons, the data must be encrypted at rest. Encryption key usage must be logged for auditing purposes. Keys must be rotated every year. Which solution meets these requirements and is the MOST operationally efficient?

• A.?Server-side encryption with customer-provided keys (SSE-C)
• B.?Server-side encryption with Amazon S3 managed keys (SSE-S3)
• C.?Server-side encryption with AWS KMS keys (SSE-KMS) with manual rotation
• D.?Server-side encryption with AWS KMS keys (SSE-KMS) with automatic rotation
• Explain: Automatic Key Rotation = KMS, hence Option A & B are not correct answer. Hence Possible answer is Option C or D. Now mentioned in the requirement that key rotation solution must be automated. So Option C is not the correct answer. Correct Answer: D - SSE with KMS which support automatic key rotation.

Q80: A bicycle sharing company is developing a multi-tier architecture to track the location of its bicycles during peak operating hours. The company wants to use these data points in its existing analytics platform. A solutions architect must determine the most viable multi-tier option to support this architecture. The data points must be accessible from the REST API. Which action meets these requirements for storing and retrieving location data?

• A.?Use Amazon Athena with Amazon S3.
• B.?Use Amazon API Gateway with AWS Lambda.
• C.?Use Amazon QuickSight with Amazon Redshift.
• D.?Use Amazon API Gateway with Amazon Kinesis Data Analytics.
• Explain: Amazon API Gateway: This service?will?handle?the REST API requests, making?the?data?accessible via?a RESTful interface. Amazon?Kinesis Data?Analytics: This?service can process and analyze streaming data?in real-time, which?is essential for?tracking the?location?of bicycles during?peak?operating hours. While Kinesis Data?Analytics focuses on real-time analytics, it?can be integrated?with other AWS?services for?storage, such as Amazon?S3, DynamoDB, or?Redshift, to store the?processed data?points. This setup?allows for?real-time?data ingestion, processing, and subsequent storage, making?the data?available for?analytics and retrieval via?the REST?API.