A benefits enrollment company is hosting a 3-tier web application running in a VPC on AWS which includes a
NAT (Network Address Translation) instance in the public Web tier. There is enough provisioned capacity for
the expected workload tor the new fiscal year benefit enrollment period plus some extra overhead Enrollment
proceeds nicely for two days and then the web tier becomes unresponsive, upon investigation using
CloudWatch and other monitoring tools it is discovered that there is an extremely large and unanticipated
amount of inbound traffic coming from a set of 15 specific IP addresses over port 80 from a country where the
benefits company has no customers. The web tier instances are so overloaded that benefit enrollment
administrators cannot even SSH into them.
Which activity would be useful in defending against this attack?
You have an application running on an EC2 Instance which will allow users to download flies from a private S3
bucket using a pre-signed URL. Before generating the URL the application should verify the existence of the file
How should the application use AWS credentials to access the S3 bucket securely?
Your company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as
needed Members of your Network Operations Center need to be able to go to the AWS Management Console
and administer Amazon EC2 instances as necessary. You don’t want to create new IAM users for each NOC
member and make those users sign in again to the AWS Management Console.Which option below will meet the needs for your NOC members?
An administrator is using Amazon CloudFormation to deploy a three tier web application that consists of a web
tier and application tier that will utilize Amazon DynamoDB for storage when creating the CloudFormation
Which of the following would allow the application instance access to the DynamoDB tables without exposing
You are designing a multi-platform web application for AWS The application will run on EC2 instances and will
be accessed from PCs. Tablets and smart phones Supported accessing platforms are Windows, MacOS, IOS
and Android Separate sticky session and SSL certificate setups are required for different platform types.
Which of the following describes the most cost effective and performance efficient architecture setup?
You’ve been brought in as solutions architect to assist an enterprise customer with their migration of an ecommerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier
The configuration is as follows:
Subnets and Route Tables:
Web servers: subnet-258bc44d
Application servers: subnet-248bc44c
Database servers: subnet-9189c6f9
subnet-258bc44d : rtb-218bc449
subnet-248bc44c : rtb-238bc44b
subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the
internet Application and database servers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database
servers, as well as allow these servers to retrieve updates from the Internet?
Your company hosts a social media site supporting users in multiple countries. You have been asked to provide
a highly available design tor the application that leverages multiple regions tor the most recently accessed
content and latency sensitive portions of the wet) site The most latency sensitive component of the application
involves reading user preferences to support web site personalization and ad selection.
In addition to running your application in multiple regions, which option will support this application’s
You need a persistent and durable storage to trace call activity of an IVR (Interactive Voice Response) system.
Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or terminated. An
external application needs to know each minute the list of currently active calls. Usually there are a few calls/
second, but once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is
open 24/7 and any downtime should be avoided. Historical data is periodically archived to files. Cost saving is a
priority for this project.
What database implementation would better fit this scenario, keeping costs as low as possible?
Your company plans to host a large donation website on Amazon Web Services (AWS). You anticipate a large
and undetermined amount of traffic that will create many database writes. To be certain that you do not drop
any writes to a database hosted on AWS.
Which service should you use?
A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for greater
scalability and elasticity The web server currently shares read-only data using a network distributed file system
The app server tier uses a clustering mechanism for discovery and shared session state that depends on IPmulticast The database tier uses shared-storage clustering to provide database fall over capability, and uses
several read slaves for scaling Data on all servers and the distributed file system directory is backed up weekly
to off-site tapes.
Which AWS storage and database architecture meets the requirements of the application?