A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the
corporate data center via an iPsec VPN. The application must authenticate against the on-premises LDAP
server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3)
keyspace specific to that user.
Which two approaches can satisfy these objectives? (Choose two.)

A newspaper organization has a on-premises application which allows the public to search its back catalogue
and retrieve individual newspaper pages via a website written in Java They have scanned the old newspapers
into JPEGs (approx 17TB) and used Optical Character Recognition (OCR) to populate a commercial search
product. The hosting platform and software are now end of life and the organization wants to migrate Its archive
to AWS and produce a cost efficient architecture and still be designed for availability and durability. Which is the
most appropriate?

You are migrating a legacy client-server application to AWS. The application responds to a specific DNS
domain (e.g. www.example.com) and has a 2-tier architecture, with multiple application servers and a database
server. Remote clients use TCP to connect to the application servers. The application servers need to know the
IP address of the clients in order to function properly and are currently taking that information from the TCP
socket. A Multi-AZ RDS MySQL instance will be used for the database.
During the migration you can change the application code, but you have to file a change request.
How would you implement the architecture on AWS in order to maximize scalability and high availability?

You are tasked with moving a legacy application from a virtual machine running Inside your datacenter to an
Amazon VPC Unfortunately this app requires access to a number of on-premises services and no one who
configured the app still works for your company. Even worse there’s no documentation for it. What will allow the
application running inside the VPC to reach back and access its internal dependencies without being
reconfigured? (Choose three.)

You are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The
application must have a highly available architecture.
Which alternatives should you consider? (Choose two.)

You’ve been brought in as solutions architect to assist an enterprise customer with their migration of an ecommerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier
VPC,
The configuration is as follows:
VPC: vpc-2f8bc447
IGW: igw-2d8bc445
NACL: ad-208bc448
Subnets and Route Tables:
Web servers: subnet-258bc44d
Application servers: subnet-248bc44cDatabase servers: subnet-9189c6f9
Route Tables:
rrb-218bc449
rtb-238bc44b
Associations:
subnet-258bc44d : rtb-218bc449
subnet-248bc44c : rtb-238bc44b
subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the
internet. Application and database servers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database
servers, as well as allow these servers to retrieve updates from the Internet?

You have deployed a three-tier web application in a VPC with a CIOR block of 10 0 0 0/28 You initially deploy
two web servers, two application servers, two database servers and one NAT instance tor a total of seven EC2
instances The web. Application and database servers are deployed across two availability zones (AZs). You
also deploy an ELB in front of the two web servers, and use Route53 for DNS Web (raffle gradually increases in
the first few days following the deployment, so you attempt to double the number of instances in each tier of the
application to handle the new load unfortunately some of these new instances fail to launch.
Which of the following could De the root caused? (Choose two.)

You are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon
S3, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet
Service Provider.
What is the correct way to configure AWS Direct connect for access to services such as Amazon S3?

You are designing the network infrastructure for an application server in Amazon VPC Users will access all the
application instances from the Internet as well as from an on-premises network The on-premises network is
connected to your VPC over an AWS Direct Connect link.
How would you design routing to meet the above requirements?

A web company is looking to implement an external payment service into their highly available application
deployed in a VPC Their application EC2 instances are behind a public lacing ELB Auto scaling is used to add
additional instances as traffic increases under normal load the application runs 2 instances in the Auto Scaling
group but at peak it can scale 3x in size. The application instances need to communicate with the payment
service over the Internet which requires whitelisting of all public IP addresses used to communicate with it. A
maximum of 4 whitelisting IP addresses are allowed at a time and can be added through an API.
How should they architect their solution?