an IAM role in the Development account. Grant the IAM role access to the Production account.

Allow developers to
assume the role.
C. Create an IAM role in the Production account. Define a trust policy that specifies the Development account. Allow
developers to assume the role.
D. Create an IAM group in the Production accou

nt. Add the group as a principal in a trust policy that specifies the Production account. Add developers to the group.
Question #: 840
A news company that has reporters all over the world is hosting its broadcast system on AWS. The reporters send live A
company is required to use cryptographic keys in its on-premises key manager. The key manager is outside of
the AWS Cloud because of regulatory and compliance requirements. The company wants to manage
encryption and decryption by using cryptographic keys that are retained outside of the AWS Cloud and that
support a variety of external key managers from different vendors.

Which solution will meet these requirements with the LEAST operational overhead?
A. Use AWS CloudHSM key store backed by a CloudHSM cluster.
B. Use an AWS Key Management Service (AWS KMS) external key store backed by an external key manager.
C. Use the default AWS Key Management Service (AWS KMS) managed key store.
D. Use a custom key store backed by an AWS CloudHSM cluster.
Question #: 681 the S3 bucket.
B. Take a snapshot of the existing EBS volume. Mount the snapshot as an EBS volume across the EC2 instances. Instruct
the employees to access the files from the EC2 instances.
C. Mount an Amazon Elastic File System (Amazon EFS) file system across all the EC2 instances. Instruct the employees to
access the files from the EC2 instances.
D. Create an Amazon Machine Image (AMI) from the EC2 instances. Configure new EC2 instances from the AMI that use
an instance store volume. Instruct the employees to access the files from the EC2 instances.
Question #: 834
A company is migrating a three-tier application to AWS. The application requires a MySQL database. In the past, the
application users reported poor application performance when creating new entries. These performance issues were
caused by users generating different real-time reports from the application during working hours.
Which solution will improve the performance of the application when it is moved to AWS?
A. Import the data into an Amazon DynamoDB table with provisioned capacity. Refactor the application to use
DynamoDB for reports.
B. Create the database on a compute optimized Amazon EC2 instance. Ensure compute resources exceed the on-
premises database.
C. Create an Amazon Aurora MySQL Multi-AZ DB cluster with multiple read replicas. Configure the application to use the
reader endpoint for reports.
D. Create an Amazon Aurora MySQL Multi-AZ DB cluster. Configure the application to use the backup instance of the
cluster as an endpoint for the reports.
Question #: 822
A company recently migrated its application to AWS. The application runs on Amazon EC2 Linux instances in an Auto
Scaling group across multiple Availability Zones. The application stores data in an Amazon Elastic File System (Amazon
EFS) file system that uses EFS Standard-Infrequent Access storage. The application indexes the company's files. The
index is stored in an Amazon RDS database.
The company needs to optimize storage costs with some application and services changes.
Which solution will meet these requirements MOST cost-effectively?
A. Create an Amazon S3 bucket that uses an Intelligent-Tiering lifecycle policy. Copy all files to the S3 bucket. Update the
application to use Amazon S3 API to store and retrieve files.
B. Deploy Amazon FSx for Windows File Server file shares. Update the application to use CIFS protocol to store and
retrieve files.
C. Deploy Amazon FSx for OpenZFS file system shares. Update the application to use the new mount point to store and
retrieve files.
D. Create an Amazon S3 bucket that uses S3 Glacier Flexible Retrieval. Copy all files to the S3 bucket. Update the
application to use Amazon S3 API to store and retrieve files as standard retrievals.
Question #: 818
A company's application runs on Amazon EC2 instances that are in multiple Availability Zones. The application needs to
ingest real-time data from third-party applications.
The company needs a data ingestion solution that places the ingested raw data in an Amazon S3 bucket.
Which solution will meet these requirements?
A. Create Amazon Kinesis data streams for data ingestion. Create Amazon Kinesis Data Firehose delivery streams to
consume the Kinesis data streams. Specify the S3 bucket as the destination of the delivery streams.
B. Create database migration tasks in AWS Database Migration Service (AWS DMS). Specify replication instances of the
EC2 instances as the source endpoints. Specify the S3 bucket as the target endpoint. Set the migration type to migrate
existing data and replicate ongoing changes.
C. Create and configure AWS DataSync agents on the EC2 instances. Configure DataSync tasks to transfer data from the
EC2 instances to the S3 bucket.
D. Create an AWS Direct Connect connection to the application for data ingestion. Create Amazon Kinesis Data Firehose
delivery streams to consume direct PUT operations from the application. Specify the S3 bucket as the destination of the
delivery streams.
Question #: 757
A company is running a legacy system on an Amazon EC2 instance. The application code cannot be modified, and the
system cannot run on more than one instance. A solutions architect must design a resilient solution that can improve
the recovery time for the system.
What should the solutions architect recommend to meet these requirements?
A. Enable termination protection for the EC2 instance.
B. Configure the EC2 instance for Multi-AZ deployment.
C. Create an Amazon CloudWatch alarm to recover the EC2 instance in case of failure.
D. Launch the EC2 instance with two Amazon Elastic Block Store (Amazon EBS) volumes that use RAID configurations for
storage redundancy.
Question #: 827