Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Design for New Solutions practice sets

SAP-C02 Design for New Solutions • Complete Question Bank

SAP-C02 Design for New Solutions — All Questions With Answers

Complete SAP-C02 Design for New Solutions question bank — all 0 questions with answers and detailed explanations.

514
Questions
Free
No signup
Certifications/SAP-C02/Practice Test/Design for New Solutions/All Questions
Question 1easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to migrate a monolithic application to AWS and redesign it using microservices. The application uses a MySQL database. The company wants to minimize operational overhead and enable each microservice to have its own database. Which AWS service should the company use to implement the database layer?

Question 2mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda functions. The application processes events from an Amazon SQS queue. The company wants to ensure that the Lambda function can scale to handle a sudden increase in messages without losing any messages. The Lambda function must process each message at least once. Which configuration should the company use?

Question 3hardmulti select
Read the full NAT/PAT explanation →

A company is designing a multi-account AWS environment using AWS Organizations. The company has several business units that each require their own VPC in shared accounts managed centrally. The company wants to enable VPC sharing to allow business units to create resources in shared subnets while maintaining network isolation. Which combination of steps should the company take to achieve this? (Choose TWO.)

Question 4mediummulti select
Read the full NAT/PAT explanation →

A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application uses an Amazon RDS for MySQL database. The recovery time objective (RTO) is 1 hour and the recovery point objective (RPO) is 15 minutes. Which combination of steps should the company take to meet these requirements? (Choose THREE.)

Question 5hardmulti select
Read the full NAT/PAT explanation →

A company is designing a serverless data processing pipeline using AWS Step Functions, AWS Lambda, and Amazon DynamoDB. The pipeline must process incoming JSON records from an Amazon Kinesis Data Stream. Each record must be processed exactly once and in order. The company expects a throughput of up to 1,000 records per second. Which combination of services and configurations should the company use to meet these requirements? (Choose TWO.)

Question 6mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will be deployed on Amazon ECS with Fargate launch type. The application needs to store configuration data, including database connection strings, that must be encrypted at rest. The company wants to follow best practices for managing secrets. Which solution should the company use?

Question 7mediummultiple choice
Read the full Design for New Solutions explanation →

A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). They want to implement a blue/green deployment strategy with minimal impact on users. Which approach should they use?

Question 8easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda for business logic and Amazon API Gateway for REST APIs. The application needs to store and retrieve user session data. Which service should they use for session state?

Question 9hardmultiple choice
Read the full NAT/PAT explanation →

A company is migrating a monolithic application to microservices on Amazon ECS with Fargate. The application has variable traffic patterns, with high traffic during business hours and low traffic at night. They want to optimize costs while maintaining performance. Which scaling strategy should they implement?

Question 10mediummultiple choice
Read the full Design for New Solutions explanation →

A company needs to design a disaster recovery (DR) solution for a critical database running on Amazon RDS for MySQL. The RTO is 15 minutes and RPO is 5 minutes. The primary region is us-east-1. Which solution meets these requirements?

Question 11hardmultiple choice
Read the full Design for New Solutions explanation →

A company wants to design a highly available, stateless web application using Amazon ECS with Fargate. They need to distribute traffic across multiple AWS Regions for low latency. Which approach should they use?

Question 12mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will process sensitive financial data. They need to ensure encryption at rest and in transit. Which of the following should they use? (Select TWO.)

Question 13hardmulti select
Read the full NAT/PAT explanation →

A company is deploying a microservices architecture on Amazon ECS with Fargate. They need to enable service-to-service communication with mutual TLS (mTLS) and service discovery. Which combination of services should they use? (Select THREE.)

Question 14mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that requires a relational database with read replicas across multiple AWS Regions. The database must have automated failover and a recovery point objective (RPO) of less than 5 seconds. Which database solution should the company choose?

Question 15hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless event-driven architecture using AWS Lambda, Amazon SQS, and Amazon DynamoDB. The Lambda function processes messages from an SQS queue and writes to DynamoDB. The company expects unpredictable traffic spikes and must ensure that messages are not lost. Which configuration should the company use to meet these requirements?

Question 16easymultiple choice
Review the full routing breakdown →

A company is designing a microservices architecture on Amazon ECS with AWS Fargate. The services need to communicate with each other using HTTP APIs. The company wants to minimize operational overhead and enable canary deployments. Which solution should the company use for service discovery and traffic routing?

Question 17hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to a microservices architecture on AWS. The application uses a relational database with complex queries. The company wants to reduce operational overhead and achieve high availability. Which database strategy should the company adopt for the microservices?

Question 18mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on Amazon S3 for analytics. The data is ingested from multiple sources and must be encrypted at rest. The company requires the ability to audit access to the data lake and enforce fine-grained access control based on tags. Which solution should the company choose?

Question 19mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that requires a highly available and scalable web tier. The web servers must be stateless and scale automatically based on CPU utilization. Which TWO actions should the company take to meet these requirements?

Question 20hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new containerized application on Amazon EKS. The application must be able to access secrets (e.g., database credentials) securely. The company requires that secrets be automatically rotated and audited. Which THREE actions should the company take to meet these requirements?

Question 21hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new real-time analytics platform that ingests data from thousands of IoT devices. The devices send JSON messages every second to an AWS IoT Core topic. The messages must be processed and stored in Amazon S3 for long-term analysis. The processing includes enrichment by calling a third-party API to add location data. The company expects the workload to vary significantly, with peak traffic of 100,000 messages per second. The solution must be cost-effective and minimize operational overhead. The current architecture uses a Lambda function subscribed to the IoT topic, which processes each message and writes to S3. However, during initial testing, the Lambda function frequently times out due to the third-party API latency, causing message loss. What should the company do to resolve this issue while meeting all requirements?

Question 22mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new microservices architecture on AWS. Each microservice must be independently deployable and scalable. The company expects unpredictable traffic patterns with sudden spikes. Which combination of AWS services should be used to build a decoupled, resilient system?

Question 23easymultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic legacy application to a microservices architecture on AWS. The application currently uses a relational database with complex joins. The migration must minimize application changes. Which database strategy should be used for the new architecture?

Question 24hardmultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is designing a new serverless application using AWS Lambda to process orders from an API Gateway endpoint and store them in DynamoDB. The architect creates the IAM role shown in the exhibit. When testing, the Lambda function fails to write to DynamoDB with an AccessDeniedException. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:us-east-1:123456789012:log-group:/aws/lambda/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:GetItem",
        "dynamodb:PutItem"
      ],
      "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders"
    }
  ]
}
Question 25mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new microservices architecture on AWS. They need a solution for service discovery that allows services to register themselves and discover other services dynamically. The solution must be highly available and integrated with AWS-native services. Which AWS service should they use?

Question 26hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will process sensitive data. The application will run on Amazon ECS with Fargate. The security team requires that all data at rest be encrypted, and that encryption keys be managed by the company's own hardware security module (HSM) in an on-premises data center. Which TWO steps should the company take to meet these requirements? (Choose TWO.)

Question 27hardmultiple choice
Review the full subnetting walkthrough →

A company has attached the above bucket policy to an S3 bucket. The bucket is accessed by an application running on an EC2 instance in the same AWS account. The EC2 instance is in a private subnet and uses an S3 Gateway Endpoint (vpce-12345678) to access the bucket. The application is failing to get objects from the bucket. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringEquals": {
          "aws:SourceVpce": "vpce-12345678"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
```
Question 28easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a new web application that will be deployed on AWS. The application consists of an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances running a web server. The application must be highly available across multiple Availability Zones. The company expects variable traffic patterns, including sudden spikes. The operations team wants to minimize manual intervention. The application stores session state in a shared data store. The security team requires that all traffic between the ALB and the EC2 instances be encrypted. The company is using AWS Certificate Manager (ACM) to manage SSL/TLS certificates. The ALB must terminate SSL/TLS connections. Which combination of actions should the company take to meet these requirements?

Question 29mediumdrag order
Read the full Design for New Solutions explanation →

Drag and drop the steps to migrate an on-premises MySQL database to Amazon RDS using AWS DMS in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 30mediumdrag order
Read the full Design for New Solutions explanation →

Drag and drop the steps to set up a cross-region VPC peering connection in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 31mediumdrag order
Read the full Design for New Solutions explanation →

Drag and drop the steps to recover an Amazon RDS Multi-AZ DB instance after a primary instance failure in the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 32mediummatching
Read the full Design for New Solutions explanation →

Match each storage class to its description.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Frequently accessed data, low latency, high throughput

Auto-cost optimization for unknown access patterns

Lowest cost for long-term archival, retrieval in 12 hours

Infrequent access, stored in a single AZ

Archival data with retrieval minutes to hours

Question 33mediummatching
Read the full Design for New Solutions explanation →

Match each AWS security service to its purpose.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protect web applications from common exploits

Enhanced DDoS protection for critical workloads

Create and manage encryption keys

Rotate and manage secrets securely

Manage user identities and permissions

Question 34mediummatching
Read the full Design for New Solutions explanation →

Match each AWS cost management tool to its use.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Visualize and explore cost and usage data

Set custom cost and usage budgets with alerts

Recommendations for cost optimization, performance, security

Flexible pricing model for compute savings

Recommend optimal compute resources based on usage

Question 35mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. They need to ensure that services can communicate asynchronously without direct coupling. Which AWS service should they use to decouple the services?

Question 36hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company needs to store sensitive customer data in Amazon S3 with encryption at rest. They require that the encryption keys be stored in AWS CloudHSM and that the S3 bucket must not be able to access the keys without explicit permission. Which S3 encryption option should they use?

Question 37easymultiple choice
Read the full Design for New Solutions explanation →

A startup is building a serverless application using AWS Lambda. They need to store session state that can be shared across multiple Lambda invocations. Which AWS service should they use?

Question 38mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-tier web application on AWS. They want to ensure that the web tier can scale automatically based on CPU utilization. Which AWS service should they use?

Question 39hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to AWS. They want to refactor the application into microservices and use container orchestration. Which AWS service should they use to manage the containers?

Question 40easymultiple choice
Read the full Design for New Solutions explanation →

A company needs to provide a global content delivery solution with low latency. Which AWS service should they use?

Question 41mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3. They need to run SQL queries on the data without moving it to a separate database. Which AWS service should they use?

Question 42hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical database using Amazon RDS Multi-AZ. However, they also need to protect against regional failures. Which additional AWS service should they use?

Question 43easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to implement a serverless architecture where an AWS Lambda function is triggered whenever a new object is uploaded to an S3 bucket. Which S3 feature should they use?

Question 44hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that requires a highly available and fault-tolerant architecture. Which TWO design principles should they follow?

Question 45mediummulti select
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda and Amazon API Gateway. They need to authenticate users. Which TWO services can be used for authentication?

Question 46mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new system that will use Amazon S3 to store sensitive data. Which THREE methods can be used to encrypt data at rest in S3?

Question 47hardmultiple choice
Read the full Design for New Solutions explanation →

An administrator runs the above commands on an S3 bucket. What is the effect of these configurations on an object uploaded to the bucket?

Network Topology
$ aws s3api get-bucket-versioningbucket my-bucket$ aws s3api get-object-lock-configurationRefer to the exhibit.```"Status": "Enabled""ObjectLockConfiguration": {"ObjectLockEnabled": "Enabled","Rule": {"DefaultRetention": {"Mode": "GOVERNANCE","Days": 365
Question 48mediummultiple choice
Read the full Design for New Solutions explanation →

An IAM policy attached to an S3 bucket is shown. What is the net effect on requests to read objects from the bucket?

Exhibit

Refer to the exhibit.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "192.0.2.0/24"
                }
            }
        },
        {
            "Effect": "Deny",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Condition": {
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        }
    ]
}
```
Question 49hardmultiple choice
Review the full subnetting walkthrough →

An administrator runs the above commands and observes the outputs. The instance is in a public subnet with an internet gateway. What is the most likely issue preventing users from accessing the web server?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0$ aws ec2 describe-security-groupsgroup-ids sg-0123456789abcdef0Refer to the exhibit.```"Reservations": ["Groups": [],"Instances": ["InstanceId": "i-1234567890abcdef0","ImageId": "ami-0abcdef1234567890","State": {"Name": "running"},"SecurityGroups": ["GroupName": "web-sg","GroupId": "sg-0123456789abcdef0"],"SubnetId": "subnet-0123456789abcdef0","VpcId": "vpc-0123456789abcdef0","Tags": ["Key": "Name","Value": "WebServer""GroupId": "sg-0123456789abcdef0","IpPermissions": ["IpProtocol": "tcp","FromPort": 80,"ToPort": 80,"IpRanges": ["CidrIp": "0.0.0.0/0""FromPort": 22,"ToPort": 22,"CidrIp": "203.0.113.0/24""IpPermissionsEgress": []
Question 50mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices-based application on AWS. They want to ensure that services can discover each other dynamically and that traffic can be load balanced across multiple Availability Zones. Which AWS service should they use for service discovery?

Question 51hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company needs to design a solution for storing sensitive customer data that must be encrypted at rest using a customer-managed key stored in AWS Key Management Service (KMS). The data will be accessed by multiple EC2 instances in an Auto Scaling group. The company needs to rotate the key every 90 days and ensure that old encrypted data can still be decrypted. Which key strategy should they use?

Question 52easymultiple choice
Read the full Design for New Solutions explanation →

A startup is building a serverless application using AWS Lambda. They need to securely store and retrieve database credentials without hardcoding them in the function code. Which AWS service should they use?

Question 53mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. The application needs to output logs to CloudWatch Logs. Which configuration should be used to send logs from the container to CloudWatch?

Question 54hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region disaster recovery solution for a critical application using Amazon RDS for MySQL. They need a Recovery Point Objective (RPO) of less than 5 seconds and a Recovery Time Objective (RTO) of less than 1 minute. Which solution should they choose?

Question 55easymultiple choice
Read the full Design for New Solutions explanation →

A company is building a new web application that will be accessed by users globally. They want to minimize latency and protect against DDoS attacks. Which AWS service should they use as the entry point?

Question 56mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new solution that uses Amazon S3 to store large amounts of archival data. The data must be retained for 7 years and then automatically deleted. Which S3 feature should they use?

Question 57hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy on-premises application to AWS. The application requires a fixed IP address for whitelisting by external partners. The solution must be highly available across multiple Availability Zones. Which design should they use?

Question 58easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to share a large dataset stored in Amazon S3 with a partner who has their own AWS account. The partner needs to access the data using their own account credentials. Which approach should the company use?

Question 59mediummulti select
Read the full NAT/PAT explanation →

Which TWO strategies can be used to reduce the cost of Amazon DynamoDB tables for a new application with unpredictable traffic patterns? (Choose two.)

Question 60hardmulti select
Read the full Design for New Solutions explanation →

Which THREE factors should be considered when designing a VPC for a new application that must be compliant with the Payment Card Industry Data Security Standard (PCI DSS)? (Choose three.)

Question 61easymulti select
Read the full Design for New Solutions explanation →

Which TWO AWS services can be used to decouple components in a new microservices architecture? (Choose two.)

Question 62mediummultiple choice
Read the full Design for New Solutions explanation →

A Solutions Architect runs the AWS CLI command shown in the exhibit. Which statement accurately describes the output?

Network Topology
aws ec2 describe-instancesquery "Reservations[*].Instances[*].[InstanceIdoutput table+Refer to the exhibit.```| DescribeInstances || i-0123456789abcdef0 | running || i-023456789abcdef01 | stopped || i-03456789abcdef012 | terminated |
Question 63hardmultiple choice
Read the full Design for New Solutions explanation →

A Solutions Architect is reviewing the IAM policy shown in the exhibit. The policy is attached to an IAM user. Which of the following is true about this policy?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "203.0.113.0/24"
        }
      }
    }
  ]
}
```
Question 64easymultiple choice
Read the full Design for New Solutions explanation →

A Solutions Architect is reviewing the CloudFormation template snippet shown in the exhibit. What will happen when this template is deployed?

Exhibit

Refer to the exhibit.

```
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "MyBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "my-unique-bucket-name-12345",
        "VersioningConfiguration": {
          "Status": "Enabled"
        }
      }
    }
  }
}
```
Question 65easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer. The application needs to store session state. Which AWS service provides a fully managed, highly scalable solution for session state management?

Question 66mediummultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a containerized microservices architecture on Amazon ECS with Fargate. They need to securely store and rotate database credentials. Which AWS service should they use?

Question 67hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a disaster recovery solution that must recover an application in a different AWS Region within 15 minutes of a failure. The application uses an Amazon Aurora MySQL DB cluster. Which combination of strategies will meet the recovery time objective (RTO) while minimizing costs?

Question 68easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to serve static content (images and videos) to users worldwide with low latency. The content is stored in an Amazon S3 bucket. What is the most cost-effective solution?

Question 69mediummultiple choice
Read the full Design for New Solutions explanation →

A company runs a web application on EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application experiences sudden traffic spikes. What is the most effective way to ensure the application can handle the spikes without manual intervention?

Question 70hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy on-premises application to AWS. The application requires a shared file system that can be mounted by multiple EC2 instances concurrently, with strong consistency and low-latency access. Which AWS storage solution should be used?

Question 71easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to decouple a front-end web application from a backend processing service to improve scalability. Which AWS service should be used to send tasks from the web tier to the processing tier?

Question 72mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that will process sensitive financial data. The data must be encrypted at rest and in transit. The application runs on EC2 instances. Which combination of services meets these requirements?

Question 73hardmultiple choice
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda. The function needs to access a private Amazon RDS MySQL database. The Lambda function and the RDS instance are in the same VPC. What is the correct way to configure the Lambda function to connect to the database?

Question 74mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will be hosted on AWS. The application must be highly available across multiple Availability Zones. Which of the following services provide built-in high availability across AZs? (Choose TWO.)

Question 75hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will process streaming data from thousands of IoT devices. The data must be ingested in real time and then processed using Apache Flink. Which services should be used? (Choose TWO.)

Question 76mediummulti select
Read the full Design for New Solutions explanation →

A company wants to implement a cost-effective disaster recovery strategy for a production Amazon RDS for PostgreSQL database. The solution must provide a recovery point objective (RPO) of less than 5 minutes and a recovery time objective (RTO) of less than 15 minutes. Which strategies meet these requirements? (Choose THREE.)

Question 77mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to AWS. The application currently uses a shared filesystem for storing user-uploaded documents. The company wants to decouple storage and compute, ensure high durability, and minimize operational overhead. Which AWS service should the company use to replace the shared filesystem?

Question 78hardmultiple choice
Read the full Design for New Solutions explanation →

A company runs a high-traffic web application on Amazon EC2 instances behind an Application Load Balancer. The application experiences intermittent latency spikes during peak hours. Analysis shows that the latency spikes correlate with high CPU utilization on the EC2 instances. The company wants to reduce latency without over-provisioning. Which solution is MOST cost-effective and scalable?

Question 79easymultiple choice
Read the full Design for New Solutions explanation →

A startup is building a serverless application using AWS Lambda for business logic and Amazon DynamoDB for data storage. The application must process a high volume of writes to a single DynamoDB table. The development team is concerned about throttling due to hot partitions. Which design should the team implement to avoid throttling?

Question 80mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3 as the storage layer. The data includes sensitive customer information that must be encrypted at rest. The company also needs to regularly rotate the encryption keys. Which solution meets these requirements with the least operational overhead?

Question 81hardmultiple choice
Read the full Design for New Solutions explanation →

A media company is building a video transcoding pipeline using AWS Elemental MediaConvert. The source videos are uploaded to an S3 bucket, and the transcoded outputs are stored in another S3 bucket. The company wants to trigger the transcoding job as soon as a new video is uploaded. The pipeline must handle high volumes of uploads and ensure that no upload is missed. Which solution is MOST reliable and scalable?

Question 82easymultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a web application on AWS that requires a relational database. The application is read-heavy and expects sudden spikes in traffic. The database must be highly available and perform well under load. Which database configuration meets these requirements?

Question 83mediummultiple choice
Read the full Design for New Solutions explanation →

A company is running a containerized application on Amazon ECS with Fargate launch type. The application needs to store persistent data that must be shared across multiple containers in the same task. Which storage option should the company use?

Question 84hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region disaster recovery solution for a critical application. The application uses Amazon RDS for MySQL with Multi-AZ in the primary region. The recovery point objective (RPO) is 5 seconds, and the recovery time objective (RTO) is 1 minute. Which solution meets these requirements?

Question 85easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to give its developers access to specific Amazon S3 buckets based on their team membership. The company uses AWS IAM Identity Center (successor to AWS SSO) for user management. Which approach should the company use to grant fine-grained access?

Question 86mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. The company wants to implement service discovery and load balancing at the application layer. Which TWO services should the company use?

Question 87hardmulti select
Read the full Design for New Solutions explanation →

A company is building a data analytics pipeline. Raw data is ingested into an Amazon S3 bucket. The data must be transformed and loaded into Amazon Redshift for analysis. The pipeline must handle late-arriving data and ensure data consistency. Which THREE AWS services should the company use?

Question 88easymulti select
Read the full Design for New Solutions explanation →

A company is designing a cost-effective architecture for a batch processing job that runs nightly. The job can tolerate interruptions and requires significant compute power for a few hours. The company wants to minimize costs. Which TWO strategies should the company use?

Question 89mediummultiple choice
Read the full Design for New Solutions explanation →

An IAM policy is attached to an IAM role that is assumed by an EC2 instance. The EC2 instance has an IP address of 10.0.1.15. The instance is unable to download objects from the S3 bucket 'example-bucket'. What is the MOST likely cause?

Exhibit

Refer to the exhibit.

```json
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    }
  ]
}
```
Question 90hardmultiple choice
Read the full Design for New Solutions explanation →

An organization has deployed the above CloudFormation template. They want to ensure that all uploads to the bucket are encrypted in transit. However, users are still able to upload objects over unencrypted HTTP. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

```
# CloudFormation template snippet
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: my-unique-bucket-123
      VersioningConfiguration:
        Status: Enabled
  MyBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyBucket
      PolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Deny
            Principal: "*"
            Action: s3:PutObject
            Resource: !Sub "${MyBucket.Arn}/*"
            Condition:
              Bool:
                aws:SecureTransport: "false"
```
Question 91mediummultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is troubleshooting an EC2 instance that is not sending metrics to CloudWatch. The instance is running and has internet connectivity. Based on the exhibit, what is the MOST likely reason?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0Refer to the exhibit.```# AWS CLI command output"Reservations": ["Groups": [],"Instances": ["InstanceId": "i-1234567890abcdef0","InstanceType": "t2.micro","State": {"Name": "running"},"Monitoring": {"State": "disabled""NetworkInterfaces": ["Association": {"IpOwnerId": "amazon","PublicIp": "54.123.45.67""Attachment": {"DeviceIndex": 0,"Status": "attached"],"Tags": ["Key": "Name","Value": "WebServer"
Question 92mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that will process real-time streaming data from thousands of IoT devices. The data must be ingested, processed with low latency, and stored in Amazon S3 for analytics. Which combination of AWS services should the company use to meet these requirements?

Question 93hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-account AWS environment using AWS Organizations. The security team requires that all Amazon S3 buckets across accounts must have server access logging enabled and must block public access. What is the MOST scalable and secure way to enforce these requirements?

Question 94easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda that processes images uploaded to an S3 bucket. The processing time varies but typically completes within 5 minutes. The Lambda function needs to access a VPC-hosted database. What is the BEST way to configure the Lambda function to access the database while minimizing cold start latency?

Question 95mediummultiple choice
Read the full NAT/PAT explanation →

A company is migrating a monolithic application to microservices on Amazon ECS. The application needs to communicate with external partners via HTTPS. The company wants to use mTLS for mutual authentication. Which AWS service should be used to handle the mTLS termination?

Question 96hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application running on Amazon EC2. The application uses an Amazon RDS for MySQL database. The recovery time objective (RTO) is 15 minutes, and the recovery point objective (RPO) is 1 hour. The primary region is us-east-1, and the secondary region is us-west-2. Which solution meets the requirements with the LOWEST cost?

Question 97easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to design a cost-effective solution to store infrequently accessed log files for 7 years. The logs are generated daily and must be available for retrieval within 24 hours. Which Amazon S3 storage class should be used?

Question 98mediummultiple choice
Review the full routing breakdown →

A company is designing an event-driven architecture using Amazon EventBridge. They have multiple AWS accounts that need to receive events from a central account. What is the MOST scalable and secure way to route events to these accounts?

Question 99hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EKS. The application requires persistent storage that can be accessed by multiple pods simultaneously. The storage must be highly available and durable. Which storage solution should be used?

Question 100easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application on AWS. The application must be highly available and scale automatically based on traffic. The architecture includes an Application Load Balancer (ALB) and an Auto Scaling group of EC2 instances. The application stores session state. What is the BEST way to handle session state to ensure high availability?

Question 101hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new data lake on AWS using Amazon S3. The data must be encrypted at rest. Which TWO options comply with the requirement? (Choose TWO.)

Question 102mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a serverless application that uses Amazon API Gateway and AWS Lambda. The API must be secured using AWS WAF. Which TWO actions should the company take to integrate WAF with API Gateway? (Choose TWO.)

Question 103mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which THREE mechanisms can be used for service-to-service communication? (Choose THREE.)

Question 104hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A company has an S3 bucket policy that requires server-side encryption with AES256 for all objects uploaded. However, users can still upload objects without encryption. What is the MOST likely reason?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Deny",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringNotEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
Question 105mediummultiple choice
Review the full subnetting walkthrough →

Refer to the exhibit. A CloudFormation stack has been deployed with the VPCId and SubnetIds outputs. A developer wants to use these outputs as parameters in another CloudFormation stack. Which AWS service can be used to pass these values to the new stack?

Network Topology
aws cloudformation describe-stacksstack-name my-stackquery "Stacks[0].Outputs"Refer to the exhibit."OutputKey": "VPCId","OutputValue": "vpc-12345678"},"OutputKey": "SubnetIds","OutputValue": "subnet-11111111,subnet-22222222"
Question 106easymultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. An IAM policy allows ec2:Describe* actions on all resources. A developer wants to also allow describing RDS instances. Which action must be added to the policy?

Exhibit

Refer to the exhibit.
# IAM policy snippet
{
    "Effect": "Allow",
    "Action": "ec2:Describe*",
    "Resource": "*"
}
Question 107mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices application on AWS. Each microservice needs to store and retrieve stateful data with low latency (single-digit milliseconds). The data must be durable and highly available across multiple Availability Zones. Which AWS service should be used for the primary data store for each microservice?

Question 108easymultiple choice
Review the full routing breakdown →

A company wants to design a serverless event-driven architecture where multiple downstream services need to process events from a single source. Events must be reliably delivered and each downstream service must process every event independently. Which AWS service should be used as the event router?

Question 109hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new hybrid cloud solution that requires low-latency access to on-premises data from AWS. The connection must be highly available and encrypted. The company has multiple VPCs and on-premises locations. Which combination of services meets these requirements?

Question 110mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. The application must be able to read and write files to a shared file system that is accessible from multiple tasks simultaneously. The file system must be durable and support NFS protocol. Which storage solution should be used?

Question 111hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new global application that will serve users worldwide. The application uses an Application Load Balancer (ALB) in a single region. To reduce latency for users in other regions, the company wants to cache static content at edge locations. The dynamic content must still be served from the ALB. Which configuration should be used?

Question 112easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process sensitive financial transactions. The application must be deployed in a VPC with no public internet access. The application needs to send logs to Amazon CloudWatch Logs and store files in Amazon S3. Which set of actions should be taken to meet these requirements without allowing internet access?

Question 113mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new CI/CD pipeline for a containerized application using AWS CodePipeline. The application source code is stored in an Amazon S3 bucket. The pipeline must automatically build a Docker image from the source code and push it to Amazon ECR. Which action should be used as the build provider?

Question 114hardmultiple choice
Read the full DNS explanation →

A company is designing a new application that must be highly available across multiple AWS Regions. The application will run on EC2 instances behind an Application Load Balancer. The company needs a DNS-based routing policy that routes users to the nearest healthy endpoint based on latency. Which Amazon Route 53 routing policy should be used?

Question 115mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new data lake on AWS using Amazon S3. The data will be ingested from various sources, including IoT devices, application logs, and streaming data. The data must be processed in near real-time as it arrives. Which combination of services should be used for ingestion and processing?

Question 116hardmulti select
Review the full subnetting walkthrough →

A company is designing a new multi-tier web application on AWS. The application consists of a public-facing Application Load Balancer, a fleet of EC2 instances in private subnets, and an RDS database in a private subnet. The security team requires that all traffic between the ALB and EC2 instances be encrypted, and that the EC2 instances have no direct internet access. Which TWO actions should the company take to meet these requirements? (Choose TWO.)

Question 117mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The application must process files uploaded to an S3 bucket. Each file can be up to 1 GB in size. The processing time for each file is expected to be up to 15 minutes. The company wants to minimize cost and operational overhead. Which TWO configuration choices should the company make? (Choose TWO.)

Question 118easymulti select
Review the full subnetting walkthrough →

A company is designing a new VPC with public and private subnets. The company wants to ensure that instances in the private subnets can download updates from the internet, but cannot be directly accessed from the internet. Which THREE components are required to meet these requirements? (Choose THREE.)

Question 119easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a fully managed NoSQL database with single-digit millisecond latency. The application needs to handle sudden spikes in read traffic without manual intervention. Which AWS service should the company choose?

Question 120mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a serverless data processing pipeline. Data is uploaded to an S3 bucket, which triggers a Lambda function to transform the data and store the result in another S3 bucket. The Lambda function needs to access a VPC-hosted database for enrichment. What is the MOST secure way to allow the Lambda function to access the VPC resources?

Question 121hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region active-active application using Amazon Aurora Global Database. The application must have Recovery Point Objective (RPO) of less than 1 second and Recovery Time Objective (RTO) of less than 1 minute in case of a regional failure. Which configuration meets these requirements?

Question 122easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on Amazon ECS with Fargate. Each microservice must be isolated and able to communicate with others only through defined APIs. Which solution provides the BEST isolation and security?

Question 123mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will store sensitive user data in Amazon S3. Compliance requirements mandate that all data must be encrypted at rest using a key that is managed by the company and rotated automatically every year. Which solution meets these requirements?

Question 124hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on Amazon S3 using AWS Glue for ETL. The data is partitioned by date and sensitive columns must be masked for non-privileged users. The solution must minimize storage costs and allow different masking policies per user. Which approach should the architect recommend?

Question 125easymultiple choice
Read the full Design for New Solutions explanation →

A company needs to provide temporary, limited-privilege credentials to mobile app users to access AWS resources. Which AWS service should the architect recommend?

Question 126mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that requires a scalable, low-latency key-value store for session state. The application runs on EC2 instances in an Auto Scaling group. Which solution is the MOST cost-effective and scalable?

Question 127hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new real-time analytics platform that processes streaming data from IoT devices. The data must be ingested, processed with windowed aggregations, and stored in Amazon S3 for long-term analytics. The solution must handle late-arriving data and provide exactly-once processing semantics. Which combination of AWS services should the architect use?

Question 128easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer. The application must be highly available across multiple Availability Zones. Which TWO actions should the architect take? (Choose TWO.)

Question 129mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new batch processing system that processes large files from Amazon S3. The processing is CPU-intensive and can take up to 2 hours per file. The company wants to minimize cost and avoid idle compute capacity. Which THREE components should the architect include? (Choose THREE.)

Question 130hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new disaster recovery solution for a critical application that runs on Amazon EC2 with an Amazon RDS for MySQL database. The Recovery Time Objective (RTO) is 15 minutes and Recovery Point Objective (RPO) is 1 hour. Which TWO strategies meet these requirements? (Choose TWO.)

Question 131easymultiple choice
Read the full Design for New Solutions explanation →

A solutions architect runs the above CLI command. What is the output format?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].[InstanceIdRefer to the exhibit.```"i-1234567890abcdef0","t3.micro","running"
Question 132mediummultiple choice
Read the full Design for New Solutions explanation →

An IAM policy is attached to an IAM user. The user tries to download an object from S3 bucket 'example-bucket' from an IP address 10.0.1.5. What will happen?

Exhibit

Refer to the exhibit.

IAM Policy:
```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::example-bucket/*",
            "Condition": {
                "IpAddress": {
                    "aws:SourceIp": "10.0.0.0/16"
                }
            }
        }
    ]
}
```
Question 133hardmultiple choice
Read the full Design for New Solutions explanation →

A solutions architect attempts to create this stack but receives an error: "Value of property SecurityGroups must be a list of strings". What is the likely cause?

Exhibit

Refer to the exhibit.

CloudFormation template snippet:
```yaml
Resources:
  MyEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: ami-12345678
      InstanceType: t2.micro
      SecurityGroups:
        - !Ref MySecurityGroup
  MySecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow SSH
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
```
Question 134mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless application on AWS. The application consists of multiple AWS Lambda functions that process incoming events from an Amazon SQS queue. The company wants to ensure that each message is processed exactly once. Which configuration should the company use?

Question 135hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will be deployed on Amazon ECS with Fargate. The application must scale based on the number of requests per container. The company wants to use a service that can automatically adjust the number of tasks based on a custom metric. Which solution should the company use?

Question 136easymultiple choice
Read the full Design for New Solutions explanation →

A company is building a new data lake on AWS. The data is stored in Amazon S3 and will be queried using Amazon Athena. The company wants to minimize query costs. Which S3 storage class should the company use for the data?

Question 137mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. The company wants to use a service mesh to manage service-to-service communication, observability, and security. Which AWS service should the company use?

Question 138hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application uses an Amazon RDS for MySQL database. The company wants to achieve a recovery point objective (RPO) of 5 seconds and a recovery time objective (RTO) of 15 minutes. Which solution should the company use?

Question 139easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EKS. The development team wants to deploy containers in a way that minimizes operational overhead. Which compute option should the company choose?

Question 140mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless data processing pipeline. The pipeline uses AWS Lambda to process records from an Amazon Kinesis Data Stream. The company wants to ensure that failed records are automatically retried and sent to a dead-letter queue after three failed attempts. Which configuration should the company use?

Question 141hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires low-latency access to a shared dataset across multiple EC2 instances in the same AWS Region. The dataset is updated frequently. Which storage solution should the company use?

Question 142easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new CI/CD pipeline for a web application that will be deployed on Amazon ECS. Which AWS service should the company use to build and test the application code?

Question 143mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer. The company wants to ensure that traffic to the application is encrypted in transit. Which TWO actions should the company take?

Question 144hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The application must be invoked by an Amazon S3 bucket event. The company wants to ensure that the Lambda function has the necessary permissions to be invoked. Which THREE steps are required?

Question 145easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new database solution for a global e-commerce application. The database must support high read and write throughput with single-digit millisecond latency. The company expects traffic spikes during peak hours. Which TWO AWS services should the company consider?

Question 146mediummultiple choice
Read the full Design for New Solutions explanation →

A company has an IAM policy attached to a user. The user is trying to download an object from the S3 bucket 'my-bucket' that was uploaded with SSE-S3 encryption. What will happen?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
Question 147hardmultiple choice
Read the full Design for New Solutions explanation →

A CloudFormation stack output is as above. The company wants to use the SQS queue URL in another stack. Which intrinsic function should be used to reference the queue URL in the second stack?

Network Topology
$ aws cloudformation describe-stacksstack-name MyStackquery "Stacks[0].Outputs"Refer to the exhibit."OutputKey": "BucketName","OutputValue": "my-bucket-12345","Description": "S3 bucket name"},"OutputKey": "QueueURL","OutputValue": "https://sqs.us-east-1.amazonaws.com/123456789012/MyQueue","Description": "SQS queue URL"
Question 148mediummultiple choice
Read the full Design for New Solutions explanation →

An ALB is configured with a target group for HTTP:80. The health check returns a 302 redirect. What is the most likely cause of the unhealthy instances?

Network Topology
$ aws elbv2 describe-target-healthtarget-group-arn arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/my-tg/1234567890123456Refer to the exhibit."TargetHealthDescriptions": ["Target": {"Id": "i-0abcd1234efgh5678","Port": 80},"HealthCheckPort": "80","TargetHealth": {"State": "unhealthy",
Question 149mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture using Amazon ECS with Fargate. Each service must be isolated within its own VPC and communicate via AWS PrivateLink. The company expects variable traffic and wants to minimize costs. Which solution meets these requirements?

Question 150hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a solution to process real-time stock trade data. The data is ingested via Amazon Kinesis Data Streams with a shard count of 10. Each shard receives 500 records per second, each record is 1 KB. The company needs to archive all raw data to Amazon S3 within 5 minutes of receipt and also run a Lambda function to enrich each record. What is the most cost-effective and scalable approach?

Question 151easymultiple choice
Read the full NAT/PAT explanation →

A startup wants to deploy a web application on AWS with a serverless architecture. The application includes static content (HTML, CSS, JS) and a REST API backend using Lambda and DynamoDB. The company wants low latency and high availability globally. Which combination of services should they use?

Question 152mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery architecture for a critical application. The primary region runs on Amazon EC2 with an RDS database. The recovery time objective (RTO) is 15 minutes, and recovery point objective (RPO) is 1 minute. Which TWO steps should be taken to meet these objectives?

Question 153hardmulti select
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to microservices on AWS. The current application uses a single Amazon RDS for PostgreSQL database. To avoid tight coupling, each microservice should have its own database. The company needs to minimize downtime during migration. Which THREE strategies should be used?

Question 154easymulti select
Read the full Design for New Solutions explanation →

A company wants to store configuration data for multiple applications securely. Each application runs on Amazon EC2 instances in an Auto Scaling group. The configuration includes database credentials and API keys. Which TWO services should be used together to achieve this?

Question 155easymultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. An IAM policy is attached to a user who needs to upload objects to an S3 bucket owned by another AWS account. The uploads are failing with access denied. What is the most likely cause?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    }
  ]
}
```
Question 156mediummultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A solutions architect runs this CLI command but receives an error: 'Unknown options: --query'. What is the most likely cause?

Network Topology
aws ec2 describe-instancesfilters "Name=tag:Environmentquery 'Reservations[*].Instances[*].[InstanceIdoutput tableRefer to the exhibit.```
Question 157hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A CloudFormation template creates an S3 bucket with versioning and a public bucket policy. After deployment, users can access objects in the bucket via the internet. However, the security team requires that all access be logged. What is missing from this configuration?

Exhibit

Refer to the exhibit.

```
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub "${AWS::StackName}-mybucket"
      VersioningConfiguration:
        Status: Enabled
  MyBucketPolicy:
    Type: AWS::S3::BucketPolicy
    Properties:
      Bucket: !Ref MyBucket
      PolicyDocument:
        Statement:
          - Effect: Allow
            Principal: "*"
            Action: "s3:GetObject"
            Resource: !Sub "${MyBucket.Arn}/*"
```
Question 158mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that processes sensitive healthcare data. The application runs on Amazon ECS with Fargate and uses an Application Load Balancer. The company must ensure that all data in transit is encrypted. Which step should be taken?

Question 159hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3. The data lake will store petabytes of data from various sources. The company needs to query the data using Amazon Athena and Amazon Redshift Spectrum. The data is highly compressed and stored in Parquet format. Which storage class should be used to minimize costs while maintaining immediate query performance?

Question 160easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to deploy a containerized application on AWS. The application requires persistent storage that can be shared across multiple containers running on different EC2 instances. Which AWS service should be used?

Question 161hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new solution to ingest real-time clickstream data from a website. The data volume varies from 100 to 100,000 events per second. The solution must buffer the data for up to 5 minutes and then deliver it to Amazon S3 for analysis. The company wants to minimize operational overhead and cost. Which service should be used to buffer the data?

Question 162mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture using AWS Lambda. Each microservice has its own database. The company wants to securely store database credentials and rotate them automatically. Which AWS service should be used?

Question 163hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region active-active application using Amazon DynamoDB global tables. The application requires strong consistency reads. However, global tables only support eventual consistency. What should the solutions architect do to meet the requirement?

Question 164mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda to process high-resolution images uploaded to Amazon S3. Each image can be up to 500 MB. The processing must complete within 5 minutes. What is the MOST cost-effective and scalable design to meet these requirements?

Question 165hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a multi-account AWS environment using AWS Organizations. They need to enforce that all newly created S3 buckets in any account have server-side encryption enabled using AWS KMS (SSE-KMS) with a customer managed key. Additionally, they want to prevent any S3 bucket from being publicly accessible. What is the MOST efficient and comprehensive way to enforce these policies?

Question 166easymultiple choice
Read the full NAT/PAT explanation →

A startup is building a web application on AWS that requires a relational database. They expect unpredictable traffic patterns and want to minimize costs while ensuring high availability. Which database solution should they choose?

Question 167mediummultiple choice
Read the full Design for New Solutions explanation →

A media company is designing a video transcoding pipeline. They receive raw video files in Amazon S3, which need to be transcoded into multiple formats. The pipeline must handle sporadic bursts of uploads and complete processing within 30 minutes for each video. The cost should be minimized. Which design should they use?

Question 168hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery (DR) solution for a critical application running on Amazon EC2 instances in a single AWS Region. The DR site will be in a different Region. The application data is stored in an Amazon RDS for MySQL DB instance with Multi-AZ enabled. The Recovery Point Objective (RPO) is 15 minutes, and the Recovery Time Objective (RTO) is 2 hours. Which strategy meets these requirements MOST cost-effectively?

Question 169easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture on Amazon ECS with Fargate. They want to ensure that services can communicate with each other but are isolated from the internet. What is the MOST secure way to achieve this?

Question 170mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a data lake on Amazon S3. Data is ingested from various sources, including IoT devices, and must be stored in a cost-effective manner. The data access patterns are unpredictable; some data is accessed frequently for a few days, then rarely accessed. The company wants to minimize storage costs while ensuring data is available within minutes when accessed. Which storage class should they use for the data?

Question 171hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that uses Amazon API Gateway and AWS Lambda to expose a RESTful API. The API must authenticate requests using OAuth 2.0 with an external identity provider (IdP). The company wants to offload the authentication logic to the API Gateway. Which API Gateway feature should they use?

Question 172easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must support sticky sessions. What should they do?

Question 173mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless data processing pipeline that uses Amazon Kinesis Data Streams to ingest real-time clickstream data. The data must be processed using AWS Lambda and then stored in Amazon S3. The company needs to ensure that records are processed in order within each shard and that each record is processed exactly once. Which configuration should they use? (Choose TWO.)

Question 174hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new multi-tier web application on AWS. The application uses an Auto Scaling group of EC2 instances for the web tier and an Amazon RDS for PostgreSQL DB instance for the database. To improve security, the company wants to ensure that the web tier instances can connect to the database only through a specific port and that the database is not accessible from the internet. Which steps should the company take? (Choose THREE.)

Question 175easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new static website hosted on Amazon S3. They want to use Amazon CloudFront as a content delivery network (CDN) to serve the website globally with low latency. The website content must be encrypted in transit. Which configurations should they use? (Choose TWO.)

Question 176hardmultiple choice
Read the full Design for New Solutions explanation →

A company has an IAM policy attached to a user as shown in the exhibit. The user is trying to stop an EC2 instance in the us-west-2 region. What will happen?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2:StartInstances",
        "ec2:StopInstances"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Deny",
      "Action": "*",
      "Resource": "*",
      "Condition": {
        "StringNotEquals": {
          "aws:RequestedRegion": "us-east-1"
        }
      }
    }
  ]
}
Question 177mediummultiple choice
Review the full subnetting walkthrough →

A solutions architect is troubleshooting an issue where an EC2 instance cannot connect to the internet. The output of the describe-instances CLI command is shown in the exhibit. The instance is in a VPC with a public subnet that has a route table with a default route pointing to an internet gateway. The security group allows outbound traffic to 0.0.0.0/0. What is the MOST likely cause of the problem?

Network Topology
$ aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].[InstanceIdoutput table+Refer to the exhibit.| DescribeInstances || 10.0.1.15 | 54.123.45.67 |
Question 178easymultiple choice
Read the full Design for New Solutions explanation →

A company has an S3 bucket policy as shown in the exhibit. The bucket 'my-bucket' is owned by account 111111111111. What access does this policy grant to account 123456789012?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:root"
      },
      "Action": "s3:*",
      "Resource": [
        "arn:aws:s3:::my-bucket",
        "arn:aws:s3:::my-bucket/*"
      ]
    }
  ]
}
Question 179mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a relational database with automated backups and multi-AZ redundancy. The database workload is predictable with occasional read replicas for reporting. Which AWS service should be used?

Question 180easymultiple choice
Read the full Design for New Solutions explanation →

A startup needs a serverless compute service to run code in response to S3 events. The code should execute within milliseconds and require no server management. Which AWS service should be used?

Question 181hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture on ECS with Fargate. Services need to communicate securely within a VPC and be accessible from the internet via an Application Load Balancer. The solution must minimize operational overhead. Which networking configuration should be used?

Question 182mediummultiple choice
Read the full Design for New Solutions explanation →

A company needs to store configuration files for multiple environments (dev, test, prod) and retrieve them programmatically with versioning and access control. Which AWS service should be used?

Question 183hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to a microservices architecture on AWS. The application has a relational database with complex queries. The team wants to minimize changes to the existing codebase. Which database migration strategy should be recommended?

Question 184easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to decouple a web application frontend from a backend processing service. The frontend sends jobs that are processed asynchronously. Which AWS service is best suited for this decoupling?

Question 185mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that requires a global content delivery network with low latency and DDoS protection. Which combination of AWS services should be used?

Question 186hardmultiple choice
Read the full Design for New Solutions explanation →

A company needs to provide temporary credentials for users to access an S3 bucket for exactly 1 hour. The solution must not require any custom code or user management. Which AWS service should be used?

Question 187mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on EC2 instances behind an Application Load Balancer. The application must handle sudden spikes in traffic without manual intervention. Which scaling strategy should be used?

Question 188easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a highly available and durable NoSQL database. Which TWO services should be considered? (Choose TWO.)

Question 189mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture that requires service discovery and API management. Which THREE services can be used together to achieve this? (Choose THREE.)

Question 190hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a data lake on S3 with sensitive data that must be encrypted at rest and audited. Which TWO services should be used? (Choose TWO.)

Question 191hardmultiple choice
Read the full Design for New Solutions explanation →

An IAM policy is attached to an IAM user. The user is testing from an IP address 10.0.1.5. What is the effect of the policy?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/24"
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::example-bucket/uploads/*"
    }
  ]
}
Question 192easymultiple choice
Read the full Design for New Solutions explanation →

A developer runs the above AWS CLI command. What is the expected output?

Network Topology
aws ec2 describe-instancesfilters "Name=tag:Namequery "Reservations[].Instances[?State.Name=='running'].[InstanceId]"output textRefer to the exhibit.
Question 193mediummultiple choice
Read the full Design for New Solutions explanation →

An S3 bucket is created using the above CloudFormation template. What happens to objects in the bucket after 30 days?

Exhibit

Refer to the exhibit.

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "MyBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "my-unique-bucket-123",
        "VersioningConfiguration": {
          "Status": "Enabled"
        },
        "LifecycleConfiguration": {
          "Rules": [
            {
              "Id": "ExpireOld",
              "Status": "Enabled",
              "ExpirationInDays": 30
            }
          ]
        }
      }
    }
  }
}
Question 194easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-tier web application on AWS. The application requires high availability across multiple Availability Zones. Which AWS service should be used to distribute incoming traffic across multiple EC2 instances in different Availability Zones?

Question 195mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to AWS. The application currently runs on a single server and uses a MySQL database. The company wants to decouple the application into microservices while minimizing changes to the existing code. Which design approach is MOST cost-effective and requires the least code changes?

Question 196hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3. The data lake will store sensitive customer data that must be encrypted at rest. The company requires that the encryption keys be managed by the company's own hardware security module (HSM) and rotated every 90 days. Which solution meets these requirements?

Question 197easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application that processes images uploaded to an S3 bucket. The processing must be asynchronous and can take up to 15 minutes per image. Which AWS service should be used to trigger the processing?

Question 198mediummultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a web application on AWS. The application requires a relational database with read replicas for scaling read queries. The database must support automatic failover and be Multi-AZ. Which database solution meets these requirements?

Question 199easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to provide temporary, limited-privilege credentials to its application running on an EC2 instance so that the application can access an S3 bucket. What is the BEST practice for achieving this?

Question 200mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. Which approach provides the BEST security and performance?

Question 201mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery (DR) strategy for a critical application. The application runs on EC2 instances in a single AWS Region. The company needs a Recovery Time Objective (RTO) of 2 hours and a Recovery Point Objective (RPO) of 15 minutes. Which TWO strategies meet these requirements? (Choose TWO.)

Question 202hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a serverless data processing pipeline using AWS Lambda. The pipeline processes data from an Amazon Kinesis Data Stream. The Lambda function has a memory limit of 512 MB and a timeout of 5 minutes. The data volume is expected to increase significantly. Which TWO strategies should the company implement to improve throughput and reduce processing latency? (Choose TWO.)

Question 203easymulti select
Read the full NAT/PAT explanation →

A company is designing a new cloud-native application on AWS. The application will use a microservices architecture and requires a way to manage configuration data and secrets. Which THREE AWS services can be used to meet these requirements? (Choose THREE.)

Question 204mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a real-time analytics platform that ingests data from thousands of IoT devices. The platform must process and store high-velocity data with low latency. Which TWO AWS services should be used together to meet these requirements? (Choose TWO.)

Question 205hardmulti select
Read the full Design for New Solutions explanation →

A company is deploying a containerized application on Amazon EKS. The application requires persistent storage that can be shared across multiple pods in different Availability Zones. Which TWO storage solutions meet this requirement? (Choose TWO.)

Question 206mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. Each service needs to store and retrieve small amounts of configuration data (under 10 KB per item) with low latency. The data is accessed frequently and must be highly available across multiple Availability Zones. Which AWS service should be used?

Question 207hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on AWS. The data lake must support SQL queries using Amazon Athena and also allow Amazon SageMaker to access training data. The solution must minimize storage costs for infrequently accessed data while providing immediate access when needed. Which storage tier should be used for the data lake?

Question 208easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a web application that must handle sudden spikes in traffic. The application runs in a VPC and uses an Application Load Balancer (ALB) to distribute traffic to EC2 instances. The solution must be cost-effective for variable traffic patterns. Which scaling strategy should be used?

Question 209mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda. The function needs to process files uploaded to an S3 bucket and store metadata in DynamoDB. The solution must handle up to 1,000 concurrent invocations. Which configuration should be used to avoid throttling?

Question 210hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new multi-region disaster recovery solution for a critical database. The database runs on Amazon RDS for MySQL in us-east-1. The recovery point objective (RPO) is 1 second, and the recovery time objective (RTO) is 1 minute. Which strategy meets these requirements?

Question 211easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a solution to capture changes from an Amazon RDS database and stream them to a data lake. Which AWS service should be used to capture database changes in real time?

Question 212mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices application using Amazon ECS with Fargate. The services need to communicate securely within the VPC. Which approach should be used for service discovery?

Question 213mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a real-time analytics pipeline to process streaming data from IoT devices. The solution must be serverless and handle data transformation before storage. Which combination of services is most cost-effective?

Question 214hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that must meet PCI DSS compliance requirements. The application will process credit card transactions and store encrypted data. Which AWS service should be used to manage the encryption keys?

Question 215mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new hybrid cloud architecture that extends on-premises storage to AWS. The solution must provide low-latency access to frequently accessed data and use AWS storage for backup. Which TWO services should be used together?

Question 216hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The function needs to access an Amazon RDS database. Which THREE practices should be followed to avoid connection exhaustion?

Question 217easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new data processing pipeline that must transform data from JSON to Parquet format. The pipeline should run daily and handle data up to 10 GB. Which TWO AWS services can be used to perform this transformation?

Question 218hardmultiple choice
Review the full routing breakdown →

A company is designing a new microservices platform on AWS. The platform consists of 50 microservices, each running in its own Amazon ECS service on AWS Fargate. The services communicate via REST APIs. The company wants to implement a service mesh to handle traffic routing, observability, and security (mTLS). They also need to meet compliance requirements that all traffic between services must be encrypted and logged. The solution must be fully managed and reduce operational overhead. After implementing the service mesh, the operations team notices that latency between services has increased by 20%, and some services are experiencing connection timeouts. The team has enabled mTLS and distributed tracing. Which course of action should the team take to diagnose and resolve the latency issues?

Question 219hardmultiple choice
Review the full routing breakdown →

A company is designing a multi-region active-active application using Amazon Aurora Global Database. The application writes to a custom domain endpoint that routes to the primary cluster. To minimize write latency, the application should write to the nearest region. Which configuration should the solutions architect use?

Question 220mediummultiple choice
Read the full Design for New Solutions explanation →

A data analytics company is building a real-time streaming pipeline using Amazon Kinesis Data Streams. The data is consumed by multiple consumer applications, each with different processing requirements. The company wants to ensure that each consumer can process records independently without affecting others and can reprocess data from a specific point in time. Which feature should the company use?

Question 221hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A solutions architect has attached this IAM policy to an IAM role used by an application. The application is trying to upload an object to the S3 bucket example-bucket with server-side encryption using AWS KMS (SSE-KMS). What will happen?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
Question 222mediummultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a containerized application on Amazon ECS with Fargate. The application needs to store session state data that must be highly available and low latency. The data is accessed frequently and can be recreated if lost. Which storage solution should the solutions architect recommend?

Question 223hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda functions that process messages from an Amazon SQS queue. The Lambda function sometimes experiences throttling, causing messages to be sent to the dead-letter queue (DLQ). The company wants to minimize throttling and ensure that messages are processed in order. What should the solutions architect do?

Question 224easymulti select
Read the full NAT/PAT explanation →

A company is hosting a static website on Amazon S3. The website uses JavaScript to make API calls to a backend API hosted on Amazon API Gateway. The company wants to reduce latency for users worldwide. Which combination of AWS services should the solutions architect use? (Choose two.)

Question 225mediummultiple choice
Read the full Design for New Solutions explanation →

A company is running a stateful web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application stores session data locally on the instance. The company wants to make the application highly available and fault-tolerant without rewriting the application code. What should the solutions architect do?

Question 226hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A solutions architect has attached this key policy to an AWS KMS key. The IAM role MyAppRole is used by an application running on an EC2 instance in us-east-1. The application tries to decrypt an object stored in the S3 bucket my-bucket using server-side encryption with AWS KMS (SSE-KMS). What will happen?

Exhibit

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/MyAppRole"
      },
      "Action": "kms:Decrypt",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "kms:ViaService": "s3.us-east-1.amazonaws.com",
          "kms:EncryptionContext:aws:s3:arn": "arn:aws:s3:::my-bucket/*"
        }
      }
    }
  ]
}
Question 227easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to migrate an on-premises relational database to Amazon RDS for MySQL with minimal downtime. The database is 500 GB in size. Which AWS service should be used for the initial data load and ongoing replication?

Question 228mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will be deployed on Amazon EKS. The application must meet PCI DSS compliance requirements. Which TWO steps should the solutions architect take to secure the cluster?

Question 229hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a multi-region disaster recovery solution for a critical application running on Amazon EC2. The application uses an Amazon Aurora MySQL database. The RTO is 15 minutes and RPO is 1 minute. Which THREE steps should the solutions architect take to meet these requirements?

Question 230mediummulti select
Read the full Design for New Solutions explanation →

A company is building a serverless data processing pipeline using AWS Lambda, Amazon DynamoDB, and Amazon S3. The pipeline processes JSON files uploaded to an S3 bucket, transforms the data, and writes results to DynamoDB. The company wants to ensure the pipeline can handle bursts of traffic without data loss. Which TWO design decisions should the solutions architect make?

Question 231hardmultiple choice
Read the full Design for New Solutions explanation →

A company runs a high-traffic e-commerce platform on AWS. The application consists of a web tier, an application tier, and a database tier using Amazon RDS for PostgreSQL with Multi-AZ. During a recent sales event, the database experienced high CPU utilization and read replicas were added to offload read traffic. However, the application team noticed that some product detail pages were showing stale data (prices and inventory levels) even though the primary database had the correct data. The application uses read replicas for read queries. The solutions architect investigated and found that the read replica lag was minimal (under 1 second). The application uses Django ORM with default transaction isolation. What is the most likely cause of the stale data?

Question 232mediummultiple choice
Read the full Design for New Solutions explanation →

A media company runs a video processing pipeline on AWS. Videos are uploaded to an S3 bucket, which triggers an AWS Lambda function that transcodes the video into multiple formats using FFmpeg. The transcoding job runs on the Lambda function with a 15-minute timeout. Recently, the company started receiving 4K videos that take more than 15 minutes to transcode. The Lambda function times out, and the video is not processed. The company wants to process these large videos without increasing the Lambda timeout and without rewriting the entire pipeline. What should the solutions architect do?

Question 233mediummultiple choice
Read the full Design for New Solutions explanation →

A financial services company runs a critical application on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is deployed across multiple Availability Zones. The company recently experienced a DDoS attack that overwhelmed the ALB and caused downtime. The security team wants to implement a solution that can absorb DDoS attacks at the edge and only forward legitimate traffic to the ALB. Additionally, the company needs to protect sensitive data in transit using TLS 1.3. What should the solutions architect do?

Question 234mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda and Amazon API Gateway. The application must handle sudden spikes in traffic and ensure that no requests are lost. Which of the following design choices will BEST meet these requirements?

Question 235hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare company is storing sensitive patient data in Amazon S3. The compliance team requires that all data be encrypted at rest and that the encryption keys be rotated every 90 days. Additionally, the company must maintain an audit trail of all key usage. Which solution meets these requirements with the LEAST operational overhead?

Question 236easymultiple choice
Read the full Design for New Solutions explanation →

A startup is deploying a web application on Amazon EC2 instances behind an Application Load Balancer. The application stores session state in an Amazon DynamoDB table. To improve performance, the team wants to reduce latency for read-heavy workloads. Which design change would be MOST effective?

Question 237mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to microservices on Amazon ECS with Fargate. The application currently uses a central MySQL database. The architects plan to refactor the database into separate RDS instances per microservice. Which strategy will ensure data consistency across services with minimal application changes?

Question 238hardmultiple choice
Read the full Design for New Solutions explanation →

A media company is designing a video transcoding pipeline using AWS Lambda and Amazon S3. The pipeline must process videos uploaded to an S3 bucket, transcode them into multiple formats, and store the results in another S3 bucket. The processing time for each video can vary from a few seconds to several minutes. Which architecture will minimize cost and ensure all videos are processed, even if Lambda execution timeout is reached?

Question 239easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will be accessed by users globally. The application uses Amazon CloudFront as a CDN and stores static content in Amazon S3. The dynamic content is served from EC2 instances in a single AWS Region. Which of the following will improve performance for users in distant regions with the LEAST operational effort?

Question 240mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a data lake on Amazon S3 using Parquet files. The data will be queried by multiple teams using Amazon Athena. The security team requires that access to sensitive columns (e.g., PII) be restricted based on the user's role. Which solution provides column-level access control with the LEAST administrative overhead?

Question 241hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a multi-tier application that must achieve a Recovery Time Objective (RTO) of 1 hour and a Recovery Point Objective (RPO) of 15 minutes for a database tier. The application uses Amazon RDS for MySQL with Multi-AZ deployment. Which disaster recovery strategy meets these requirements at the LOWEST cost?

Question 242easymultiple choice
Read the full Design for New Solutions explanation →

A company is migrating its on-premises Oracle database to Amazon RDS for Oracle. The database is 2 TB in size and has a 100 Mbps internet connection. The migration must be completed within a week and have minimal downtime. Which AWS service should the company use to transfer the initial database dump to AWS?

Question 243mediummulti select
Read the full Design for New Solutions explanation →

Which TWO actions will improve the security posture of an Amazon S3 bucket used to store sensitive data? (Choose two.)

Question 244hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a high-performance computing (HPC) workload on AWS. The workload requires tightly coupled inter-node communication with low latency and high bandwidth. Which THREE services or features should the architect consider to meet these requirements? (Choose three.)

Question 245mediummulti select
Read the full Design for New Solutions explanation →

Which TWO strategies can reduce the cost of storing infrequently accessed data in Amazon S3 while maintaining millisecond retrieval latency? (Choose two.)

Question 246hardmulti select
Read the full NAT/PAT explanation →

Which THREE design patterns can help a microservices application achieve loose coupling and independent deployability? (Choose three.)

Question 247mediummultiple choice
Read the full NAT/PAT explanation →

A company runs a critical web application on EC2 instances in an Auto Scaling group across three Availability Zones. The application uses an Application Load Balancer (ALB) with a target group that has health checks configured. Recently, the operations team noticed that during a deployment, the ALB started routing traffic to a new instance before it was ready to serve requests, causing a brief period of errors. The team wants to ensure that new instances are fully initialized and ready before receiving traffic. The application takes about 30 seconds to start up. Current health check settings: health check protocol HTTP, path /, interval 30 seconds, timeout 5 seconds, healthy threshold 2, unhealthy threshold 2. The deployment uses the Auto Scaling group's instance refresh feature. Which of the following is the MOST effective way to prevent traffic from being sent to instances that are not ready?

Question 248hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data processing pipeline for real-time analytics. The pipeline ingests data from IoT devices that send JSON messages via MQTT to AWS IoT Core. The messages must be processed in real-time to detect anomalies and the results must be stored in Amazon S3 for later analysis. The company currently uses a Lambda function to process each message, but as the number of devices grows, the Lambda function is being throttled due to concurrency limits. The company needs a solution that scales to handle thousands of devices per second without losing messages. The processed data must be available in S3 within 1 minute of ingestion. Which architecture should the company use?

Question 249mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture on AWS. Each service needs its own DynamoDB table, and services must be fully isolated. Which networking design ensures that services can only communicate through APIs and not directly to each other's databases?

Question 250hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy application to AWS. The application requires a shared file system that can be mounted by hundreds of EC2 instances across multiple Availability Zones. The file system must provide high throughput and low latency. Which storage solution meets these requirements?

Question 251easymultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is designing a disaster recovery plan for a critical application. The application runs on EC2 instances behind an Application Load Balancer (ALB) in us-east-1. The recovery time objective (RTO) is 15 minutes, and the recovery point objective (RPO) is 1 hour. Which approach meets these requirements?

Question 252hardmultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a serverless application using AWS Lambda. The application processes high-resolution images and stores them in Amazon S3. The processing time for each image is variable, but some images require more than 15 minutes to process. Lambda has a maximum execution time of 15 minutes. How can the company process these long-running image transformations?

Question 253easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will be accessed by users worldwide. The application should have low latency and high availability. The application uses a stateless web tier and a relational database. Which architecture minimizes latency for global users?

Question 254mediummultiple choice
Read the full NAT/PAT explanation →

A company is deploying a containerized application on Amazon ECS. The application must be highly available and scale automatically based on CPU utilization. The application also needs to be accessible from the internet via a single endpoint. Which combination of services should the solutions architect use?

Question 255mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new system to ingest and process real-time streaming data from thousands of IoT devices. The system must be able to handle variable throughput and provide durable storage for the data. The data will be processed by a Lambda function and then stored in Amazon S3. Which two services should be used together to build this ingestion pipeline?

Question 256hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new solution to host a static website with global low latency. The website content is stored in an S3 bucket and must be secured with HTTPS. Which three services or features should be used together to meet these requirements?

Question 257mediummulti select
Read the full Design for New Solutions explanation →

A company is building a new application that requires a relational database with high availability across multiple Availability Zones. The database must automatically failover with minimal downtime. Which two AWS services or features meet these requirements?

Question 258hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new data lake on AWS. The data lake will store raw data from various sources in Amazon S3. The data will be processed using AWS Glue ETL jobs and queried using Amazon Athena. To optimize costs and performance, which three practices should the solutions architect implement?

Question 259hardmultiple choice
Read the full Design for New Solutions explanation →

A company runs a critical e-commerce platform on AWS. The application is deployed across multiple Availability Zones in a single region (us-east-1). The architecture includes an Application Load Balancer (ALB), an EC2 Auto Scaling group, and an Amazon RDS for MySQL Multi-AZ database. The application experiences periodic spikes in traffic, and the Auto Scaling group scales out successfully. However, during a recent traffic spike, the database CPU utilization reached 90%, causing increased latency and some database connection timeouts. The company needs to improve the database performance to handle the spikes without over-provisioning. The solutions architect must design a solution that reduces the load on the primary database instance and improves read scalability. The application is read-heavy, with a read-to-write ratio of 80:20. Which solution should the architect implement?

Question 260mediummultiple choice
Study the full Python automation breakdown →

A company is designing a new microservices application on AWS. The application consists of several services that need to communicate asynchronously. One service generates orders and sends them to a processing service. The order volume can vary significantly, and the processing service must scale independently. The company wants to use a managed service to decouple the services and ensure that messages are not lost. The processing service is written in Python and runs on AWS Lambda. The solutions architect needs to design the message delivery mechanism. The architect decides to use Amazon SQS. However, the Lambda function sometimes fails to process a message due to a transient error, and the message should be retried. After a maximum of three retries, the message should be moved to a dead-letter queue for analysis. Which configuration should the architect use?

Question 261mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy on-premises application to AWS. The application requires a shared file system that supports the NFS protocol and must be accessible from multiple EC2 instances across different Availability Zones. The file system must provide high durability and low latency. The company also needs to control access to the file system using IAM policies. The solutions architect needs to choose the appropriate AWS storage service. Which service should the architect use?

Question 262mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic e-commerce application to a microservices architecture on AWS. The application consists of several services that need to communicate asynchronously. The company wants to decouple the services and ensure that messages are processed exactly once and in order. The current solution uses a single Amazon SQS queue with multiple consumers, but messages are sometimes processed out of order or duplicated. The company needs a solution that guarantees order and exactly-once processing without introducing significant latency. Which approach should be used?

Question 263hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare startup is building a HIPAA-compliant application on AWS. The application uses Amazon RDS for MySQL to store patient data. The compliance team requires that all database changes be audited, including SELECT statements. The current solution enables general query logs on the RDS instance, but the logs are stored locally and are lost when the instance is rebooted. Additionally, the logs are consuming significant storage on the instance. The startup needs a durable, scalable, and cost-effective solution for storing and querying database audit logs. Which solution meets these requirements?

Question 264easymultiple choice
Read the full Design for New Solutions explanation →

A company is running a web application on AWS Elastic Beanstalk with an Auto Scaling group behind an Application Load Balancer. The application stores session state in an Amazon DynamoDB table. During a traffic spike, the application becomes slow and some users are logged out unexpectedly. The operations team notices that the DynamoDB table's read capacity utilization is consistently at 100%. The company needs to improve the performance of the session store without over-provisioning capacity. Which solution should be implemented?

Question 265mediummultiple choice
Read the full NAT/PAT explanation →

A company is deploying a new microservices application on Amazon ECS using Fargate. The application consists of several services that need to communicate with each other. The company wants to use service discovery so that services can find each other by name. Additionally, the company needs to ensure that traffic between services is encrypted in transit. The security team requires that all inter-service traffic uses TLS. Which combination of services should be used to meet these requirements?

Question 266hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a new application that processes sensitive transactions. The application runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application writes transaction logs to an Amazon EFS file system. The company needs to ensure that the logs are encrypted at rest using a customer-managed AWS KMS key. Additionally, the logs must be retained for 7 years and should not be accessible after that period. Which solution meets the encryption and retention requirements?

Question 267mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a new serverless application using AWS Lambda functions. The application processes images uploaded to an Amazon S3 bucket. Each image triggers a Lambda function that resizes the image and stores the result in another S3 bucket. The company expects a high volume of uploads, up to 10,000 images per minute. The current Lambda function is configured with a timeout of 5 minutes and 1024 MB of memory. During testing, the Lambda function times out for large images. What should the company do to ensure the function can process large images without timing out?

Question 268easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on AWS. The application needs to store and retrieve user session data with low latency. The session data is small (less than 1 KB per user) and must be highly available. The company expects up to 10 million active users per day. Which AWS service should be used as the session store?

Question 269hardmultiple choice
Read the full NAT/PAT explanation →

A company is deploying a new web application on AWS that requires a highly available and scalable architecture. The application consists of a stateless web tier and a stateful database tier. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. The database tier uses Amazon Aurora MySQL. The company expects variable traffic patterns and wants to automatically scale the web tier based on CPU utilization. Additionally, the company wants to ensure that the database can handle increased read traffic without manual intervention. Which combination of actions should the company take?

Question 270mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a new data analytics platform on AWS. The platform ingests streaming data from multiple sources, processes it in real time, and stores the results in Amazon S3 for later analysis. The data volume is expected to be up to 50 GB per day. The company needs to choose a service for real-time stream processing. Which AWS service is most appropriate for this use case?

Question 271easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires secure storage of secrets such as database passwords and API keys. The application runs on Amazon EC2 instances. The company wants to centralize secret management and automatically rotate secrets. Which AWS service should be used?

Question 272mediummultiple choice
Review the full routing breakdown →

A company is building a new microservices architecture on AWS using Amazon ECS with Fargate. The services need to communicate with each other using RESTful APIs. The company wants to implement an API gateway to handle authentication, rate limiting, and request routing. Which AWS service should be used as the API gateway?

Question 273hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy on-premises application to AWS. The application uses a monolithic architecture and a MySQL database. The company wants to refactor the application into microservices and use a NoSQL database for better scalability. The new application will be deployed on Amazon EKS. The database must be highly available and support automatic scaling. Which database service should the company use?

Question 274easymultiple choice
Read the full Design for New Solutions explanation →

A company is building a new application that will run on AWS Lambda. The application needs to store and retrieve user preferences in a key-value format. The data is accessed frequently and must be highly available. The company expects low latency for reads and writes. Which AWS service should be used as the data store?

Question 275mediummultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a new web application that uses Amazon S3 to store static content and Amazon CloudFront for content delivery. The application also uses an API Gateway with Lambda for backend logic. The company wants to protect the API from common web exploits like SQL injection and cross-site scripting. Which AWS service should be added to the architecture?

Question 276hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on AWS. The data lake will store structured and unstructured data from various sources. The company needs a solution that can automatically catalog the data and make it searchable. Data will be stored in Amazon S3. Which AWS service should be used to catalog and enable search across the data lake?

Question 277mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances. The application needs to access an Amazon S3 bucket to read and write objects. The company wants to ensure that the EC2 instances can access the S3 bucket without storing AWS credentials on the instances. Which TWO steps should the company take?

Question 278mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. The application must process messages from an Amazon SQS queue and store results in an Amazon DynamoDB table. The workload is unpredictable and can scale from 0 to thousands of messages per second. What is the MOST cost-effective and scalable architecture?

Question 279hardmultiple choice
Review the full routing breakdown →

A company is designing a multi-region active-active application using Amazon Route 53 latency-based routing. The application runs on Amazon EC2 instances behind Application Load Balancers (ALBs) in two AWS Regions. The company needs to ensure that if one region becomes unavailable, traffic is automatically routed to the healthy region with minimal disruption. Which configuration meets these requirements?

Question 280easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a new solution to store and analyze large amounts of log data from multiple sources. The logs must be retained for 90 days for recent analysis, and then archived to a more cost-effective storage class for an additional 5 years. The solution must support SQL-based queries. Which combination of AWS services should the company use?

Question 281mediummultiple choice
Review the full subnetting walkthrough →

A company is designing a serverless application using AWS Lambda that needs to access a private Amazon RDS for MySQL database. The Lambda function is deployed in a VPC with the appropriate security groups. The database is in a private subnet. The company wants to avoid storing database credentials in the Lambda function code. What should the company do to securely access the database?

Question 282hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on Amazon S3. The data is ingested from various sources and must be encrypted at rest. The company has a strict requirement to use an AWS KMS customer master key (CMK) that is stored in a different AWS account for additional security. The S3 bucket is in Account A, and the KMS key is in Account B. Which steps are necessary to enable server-side encryption with AWS KMS (SSE-KMS) for objects in the S3 bucket?

Question 283easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a highly available web application on AWS. The application consists of an Application Load Balancer (ALB) that distributes traffic to EC2 instances in an Auto Scaling group across multiple Availability Zones. The application state is stored in an Amazon ElastiCache for Redis cluster. The company wants to minimize downtime during patching of the Redis cluster. What should the company do?

Question 284mediummultiple choice
Read the full DNS explanation →

A company is designing a new microservices architecture on Amazon ECS with Fargate. The services need to communicate with each other securely. The company wants to use service discovery so that services can find each other using DNS names. Which AWS service should the company use?

Question 285hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that will use Amazon DynamoDB as its primary database. The application has two access patterns: one requires strongly consistent reads, and the other requires eventually consistent reads. The company wants to minimize costs while meeting the read consistency requirements. How should the company configure DynamoDB reads?

Question 286mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new solution to host a static website on AWS. The website content is stored in an Amazon S3 bucket. The company wants to use a custom domain name (e.g., www.example.com) and enforce HTTPS. Which combination of AWS services should the company use?

Question 287hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The application data is stored on Amazon EBS volumes. The recovery point objective (RPO) is 15 minutes, and the recovery time objective (RTO) is 2 hours. Which TWO actions should the company take to meet these objectives? (Choose two.)

Question 288mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The application needs to access an Amazon RDS for PostgreSQL database. The database credentials must be rotated automatically every 30 days. Which THREE steps should the company take to securely manage the credentials? (Choose three.)

Question 289easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new web application that will be deployed on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must be highly available and fault-tolerant across multiple Availability Zones. Which THREE actions should the company take to meet these requirements? (Choose three.)

Question 290hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. An IAM policy is attached to a user. When the user tries to upload an object to the S3 bucket 'my-bucket' using the AWS CLI without specifying server-side encryption, the upload fails. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
```
Question 291mediummultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A solutions architect is designing a new application that requires three EC2 instances running in different Availability Zones in us-east-1. The architect runs the AWS CLI command shown and sees three instances running in three AZs. However, the application is not highly available because if one AZ fails, the application loses one-third of its capacity. The architect needs to ensure that the application can survive the loss of an entire AZ without manual intervention. What should the architect do?

Network Topology
$ aws ec2 describe-instancesquery 'Reservations[*].Instances[*].[InstanceIdoutput table+Refer to the exhibit.```| DescribeInstances || i-0abcd1234efgh5678| running| us-east-1a || i-0abcd1234efgh5679| running| us-east-1b || i-0abcd1234efgh5680| running| us-east-1c |
Question 292easymultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A company is designing a new solution and uses this AWS CloudFormation template to create an S3 bucket. The company wants to ensure that objects are automatically deleted after 1 year. However, the current template does not delete objects. What is the reason?

Exhibit

Refer to the exhibit.

```
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  MyBucket:
    Type: 'AWS::S3::Bucket'
    Properties:
      BucketName: my-app-data-bucket
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ArchiveRule
            Status: Enabled
            Transitions:
              - TransitionInDays: 30
                StorageClass: STANDARD_IA
              - TransitionInDays: 90
                StorageClass: GLACIER
            ExpirationInDays: 365
```
Question 293mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application requires that users' session data be stored durably and with low latency. The session data is accessed frequently but is rarely updated. Which solution is MOST cost-effective?

Question 294hardmultiple choice
Review the full routing breakdown →

A company is designing a multi-region active-active architecture for a web application using Amazon Route 53 latency-based routing. The application runs on EC2 instances in Auto Scaling groups with Application Load Balancers in each region. The application uses an Amazon Aurora global database for its data tier. The architecture must provide the lowest possible RTO and RPO for regional failures. What should the company do to meet these requirements?

Question 295easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless data processing pipeline using AWS Lambda functions. The pipeline processes messages from an Amazon SQS queue. Each message takes approximately 30 seconds to process, and the pipeline must handle bursts of up to 10,000 messages per minute. The messages must be processed in the order they are received. Which solution meets these requirements?

Question 296mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new solution to store and analyze large volumes of IoT sensor data. The data is time-series and must be retained for 90 days. The company needs to run complex SQL queries on the data and expects low latency for the most recent 7 days of data. Which TWO solutions meet these requirements? (Choose TWO.)

Question 297hardmulti select
Review the full routing breakdown →

A company is designing a hybrid cloud solution that extends its on-premises data center to AWS. The company has a 10 Gbps AWS Direct Connect connection and needs to securely connect multiple VPCs and on-premises networks with transitive routing. The solution must be highly available and use AWS managed services. Which TWO components should the company include in the design? (Choose TWO.)

Question 298easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. The application needs to store files in Amazon S3. The company has a strict security requirement that the application must not have any long-term credentials stored in the container image or environment variables. Which THREE steps should the company take to meet this requirement? (Choose THREE.)

Question 299mediummultiple choice
Read the full Design for New Solutions explanation →

A company has an S3 bucket with server-side encryption using S3-Managed Keys (SSE-S3). The IAM policy shown in the exhibit is attached to a user. When the user attempts to download an object using the AWS CLI with no encryption headers, the request fails. What is the MOST likely reason?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "AES256"
        }
      }
    }
  ]
}
Question 300hardmultiple choice
Read the full Design for New Solutions explanation →

A CloudFormation stack creation failed with the status shown in the exhibit. The stack was created using a template that defines an EC2 instance, a security group, and an Elastic IP address. What is the MOST likely cause of the failure?

Exhibit

Refer to the exhibit.

Status: ROLLBACK_COMPLETE
Resource Status:
- Logical ID: MyEC2Instance
  Physical ID: i-1234567890abcdef0
  Status: CREATE_COMPLETE
- Logical ID: MySecurityGroup
  Physical ID: sg-12345678
  Status: CREATE_COMPLETE
- Logical ID: MyEIP
  Physical ID: eipalloc-12345678
  Status: CREATE_FAILED
  Reason: The maximum number of addresses has been reached.
Question 301easymultiple choice
Read the full Design for New Solutions explanation →

A company has three EC2 instances as shown in the exhibit. The company wants to use an Application Load Balancer to distribute traffic across these instances with cross-zone load balancing enabled. How will the traffic be distributed?

Network Topology
aws ec2 describe-instancesregion us-east-1query 'Reservations[*].Instances[*].[InstanceIdoutput textRefer to the exhibit.i-0abcd1234efgh5678 us-east-1ai-0abcd1234efgh5679 us-east-1bi-0abcd1234efgh5680 us-east-1a
Question 302mediummultiple choice
Review the full routing breakdown →

A company is designing a new microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other using REST APIs. The company wants to implement a service mesh to handle traffic routing, observability, and security. Which AWS service should the company use?

Question 303hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a data lake on AWS using Amazon S3 as the storage layer. The data lake will ingest data from multiple sources, including streaming data from Amazon Kinesis Data Streams and batch data from on-premises systems via AWS Snowball. The company needs to catalog the data and make it available for querying with Amazon Athena and Amazon Redshift Spectrum. Which combination of services should the company use to meet these requirements?

Question 304mediummulti select
Read the full NAT/PAT explanation →

A company is designing a new solution to host a static website with global low latency. The website content is stored in an S3 bucket. The company wants to use a custom domain name and SSL/TLS termination. Which THREE services should the company use together to meet these requirements? (Choose THREE.)

Question 305hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application that runs on Amazon RDS for PostgreSQL. The application requires an RPO of 5 minutes and an RTO of 15 minutes. The primary database is in us-east-1. The recovery Region is us-west-2. Which TWO solutions meet these requirements? (Choose TWO.)

Question 306easymultiple choice
Review the full subnetting walkthrough →

A company is troubleshooting a Lambda function that is timing out when trying to connect to an RDS database in a VPC. The Lambda function configuration is shown in the exhibit. The function has a timeout of 30 seconds and a memory size of 128 MB. The VPC has subnets in multiple Availability Zones, but the function only has one subnet configured. What change will MOST LIKELY resolve the timeout?

Network Topology
aws lambda get-function-configurationfunction-name my-functionregion us-east-1Refer to the exhibit."FunctionName": "my-function","Runtime": "python3.9","Role": "arn:aws:iam::123456789012:role/lambda-role","Handler": "index.handler","CodeSize": 500,"Description": "","Timeout": 30,"MemorySize": 128,"LastModified": "2023-01-15T10:00:00.000+0000","VpcConfig": {"SubnetIds": ["subnet-12345678"],"SecurityGroupIds": ["sg-12345678"]},"TracingConfig": {"Mode": "PassThrough"
Question 307hardmultiple choice
Read the full Design for New Solutions explanation →

A company has a bucket policy on an S3 bucket as shown in the exhibit. A cross-account role (CrossAccountRole) is used to access the bucket. The role has an IAM policy that allows s3:GetObject and s3:PutObject on the bucket. When users assume the role and try to upload objects without specifying encryption, the upload fails. What must the users do to successfully upload objects?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::123456789012:role/CrossAccountRole"
      },
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-server-side-encryption": "aws:kms"
        }
      }
    }
  ]
}
Question 308mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda to process incoming files from Amazon S3. Each file is less than 1 MB and processing must complete within 10 seconds. The application must handle bursts of up to 1,000 concurrent invocations. Which configuration will provide the MOST cost-effective solution?

Question 309hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region disaster recovery solution for a stateful web application on Amazon EC2 with an Amazon Aurora MySQL database. The RPO must be less than 1 second and RTO less than 5 minutes. The application uses a custom TCP port 8080. What is the MOST cost-effective architecture?

Question 310easymultiple choice
Read the full Design for New Solutions explanation →

A company is building a microservices architecture on Amazon ECS with Fargate. Each service must be isolated and communicate only via APIs. The company needs to enforce that services cannot directly access each other's databases. Which approach should be used?

Question 311mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application must maintain session state. The company expects steady traffic with occasional spikes. Which solution is MOST scalable and cost-effective?

Question 312hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to AWS. The application uses a proprietary binary protocol over TCP. The company wants to modernize the architecture using microservices while minimizing changes to the client. Which approach should the company use?

Question 313easymultiple choice
Read the full Design for New Solutions explanation →

A company needs to store application logs for at least one year with the ability to query them occasionally. The logs are generated at a rate of 10 GB per day. Which storage solution is MOST cost-effective?

Question 314mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a hybrid cloud architecture that requires low-latency connectivity between on-premises and AWS. The company has multiple branch offices connecting to a central data center. The data center must be connected to AWS with 10 Gbps throughput and high availability. Which solution should the company choose?

Question 315hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a data lake on Amazon S3. The data is ingested from multiple sources and must be encrypted at rest using customer-managed keys. The company also needs to audit all access to the data lake. Which combination of services should be used?

Question 316easymultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a web application on AWS that must scale automatically based on CPU utilization. The application runs on Amazon EC2 instances in an Auto Scaling group. Which configuration is required for the Auto Scaling group to scale based on CPU?

Question 317mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a solution to process real-time streaming data from IoT devices. The data must be ingested, processed with sub-second latency, and stored for analytics. Which services should the company use? (Choose TWO.)

Question 318hardmulti select
Read the full Design for New Solutions explanation →

A company is migrating a legacy application to AWS. The application requires static IP addresses for whitelisting by third-party APIs. The company plans to use an Application Load Balancer with EC2 instances. Which two steps should the company take to ensure the ALB has a consistent set of IP addresses? (Choose TWO.)

Question 319mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will use Amazon S3 to store sensitive customer data. The data must be encrypted at rest and in transit. The company also needs to ensure that only authorized users can access the data. Which three steps should the company take? (Choose THREE.)

Question 320mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to AWS. The application currently uses a shared file system for storing user uploads. The solution architect needs to design a highly available and scalable storage solution that supports concurrent read/write operations from multiple EC2 instances. Which AWS service should be used?

Question 321hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a serverless data processing pipeline using AWS Lambda to process messages from an Amazon SQS queue. The messages are generated by thousands of IoT devices. The architect needs to ensure that messages are processed in order within each device's stream and that failures are handled without data loss. Which combination of services should the architect use?

Question 322easymultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is designing a web application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application requires that users' session data be stored and made available across all instances. Which solution is MOST cost-effective and scalable?

Question 323hardmultiple choice
Read the full NAT/PAT explanation →

A company is building a microservices architecture on Amazon ECS. Services need to communicate with each other and with external SaaS applications. The architect must ensure that service discovery is dynamic and that traffic to external services is routed through a single egress point for security and monitoring. Which combination of services should the architect use?

Question 324mediummultiple choice
Read the full Design for New Solutions explanation →

A financial services company needs to store transaction records for 7 years to meet regulatory requirements. The records must be retrievable within 24 hours of a request. The volume of data is 10 TB per year. Which storage solution is MOST cost-effective?

Question 325mediummultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a containerized application on Amazon EKS. The application needs to access an Amazon RDS database. The security team requires that database credentials be rotated automatically and never stored in plaintext. Which solution should the architect use?

Question 326hardmultiple choice
Read the full Design for New Solutions explanation →

A company runs a critical workload on EC2 instances in an Auto Scaling group. The application is stateless and can handle instance failures. The architect needs to ensure that the application remains available during a regional outage. What is the MOST cost-effective and resilient architecture?

Question 327easymultiple choice
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda. The Lambda function needs to process files uploaded to an S3 bucket. The function should be triggered as soon as a new object is created. How should the architect configure this?

Question 328mediummultiple choice
Read the full Design for New Solutions explanation →

A company has a multi-account AWS organization. The security team wants to centrally manage and enforce that all S3 buckets are encrypted with a specific KMS key. Which approach should the architect recommend?

Question 329mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery strategy for a production database running on Amazon RDS for MySQL. The RTO is 15 minutes and RPO is 1 hour. Which TWO solutions meet these requirements? (Choose two.)

Question 330hardmulti select
Read the full Design for New Solutions explanation →

A company is deploying a web application on AWS. The application runs on EC2 instances behind an ALB. The security team requires that all traffic between the ALB and the EC2 instances be encrypted, and that the EC2 instances only accept traffic from the ALB. Which THREE steps should the architect take? (Choose three.)

Question 331easymulti select
Read the full Design for New Solutions explanation →

A company is building a data lake on Amazon S3. The data comes from various sources and must be encrypted at rest. The security policy requires that the encryption keys be managed by the company and rotated annually. Which TWO solutions meet these requirements? (Choose two.)

Question 332mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process messages from an SQS queue. The messages must be processed in real-time with minimal latency, and the processing time per message varies from 100 ms to 5 seconds. The company wants to minimize cost and operational overhead. Which solution should the architect recommend?

Question 333hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region active-active application that uses Amazon DynamoDB global tables. The application must be able to handle write conflicts that may occur when the same item is updated in two different regions at the same time. The company needs to ensure that the application uses the most recently written data. What should the architect recommend?

Question 334easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will serve static content (HTML, CSS, JS, images) to users globally. The application must have low latency and high availability. Content changes infrequently, but when updated, the changes must be reflected immediately. Which solution should the architect recommend?

Question 335hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new data lake on AWS. The data lake will store petabytes of data from various sources, including IoT devices, application logs, and streaming data. The data must be stored cost-effectively, and access patterns vary from frequently accessed recent data to rarely accessed historical data. The company also needs to run SQL queries on the data. Which solution should the architect recommend?

Question 336mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. Each microservice is deployed as a containerized application and must be able to scale independently. The company wants to minimize operational overhead for managing the containers and the underlying infrastructure. Which solution should the architect recommend?

Question 337mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a relational database. The application has variable traffic, with high spikes during business hours and low traffic at night. The company wants to minimize costs while ensuring the database can handle the spikes. Which solution should the architect recommend?

Question 338hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new system that will ingest and process real-time streaming data from thousands of IoT devices. Each device sends data every second. The data must be processed with low latency (under 1 second) and then stored in Amazon S3 for long-term analytics. The company also needs to be able to reprocess data in case of processing errors. Which solution should the architect recommend?

Question 339easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will be deployed on EC2 instances across multiple Availability Zones. The application must be highly available and must automatically recover from instance failures. Which solution should the architect recommend?

Question 340mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless application that uses Amazon API Gateway and AWS Lambda. The application must authenticate users using a third-party identity provider (IdP) that supports OpenID Connect (OIDC). The company wants to offload authentication to the API Gateway. Which solution should the architect recommend?

Question 341mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will store sensitive customer data in Amazon S3. The data must be encrypted at rest. The company wants to use an encryption solution that provides an audit trail of when keys are used and by whom. The company also wants to rotate the encryption keys automatically every year. Which two options meet these requirements? (Choose TWO.)

Question 342hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will use Amazon DynamoDB as its database. The application will have a heavy read workload with occasional write spikes. The company wants to minimize costs while ensuring that reads are eventually consistent and writes are not throttled. Which three options should the architect consider? (Choose THREE.)

Question 343easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new web application that will run on EC2 instances behind an Application Load Balancer (ALB). The application must be highly available across multiple Availability Zones. The company wants to ensure that if an EC2 instance fails, the load balancer stops sending traffic to it. Which two steps should the architect take? (Choose TWO.)

Question 344mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a multi-tier web application on AWS. The web tier must automatically scale based on CPU utilization, and the application tier must process messages from an SQS queue. The application tier instances are frequently terminated and replaced due to scaling events. Where should the application logs be stored to ensure they are retained regardless of instance lifecycle?

Question 345easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to decouple a microservices architecture where one service (producer) sends events to another service (consumer). The producer can generate bursts of events, and the consumer processes them in batches. The solution must be serverless and handle potential consumer failures without losing events. Which AWS service should be used as the message broker?

Question 346hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application that runs on EC2 instances in a single AWS Region. The application uses a custom AMI that is updated weekly. The recovery point objective (RPO) is 15 minutes, and the recovery time objective (RTO) is 4 hours. The solution must minimize cost while meeting these objectives. Which approach should be used?

Question 347mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless data processing pipeline. An AWS Lambda function processes records from an Amazon Kinesis Data Stream. The function runs for an average of 30 seconds per record, and the stream has 10 shards. The company expects a sustained load of 5,000 records per second. What is the primary consideration to ensure the Lambda function can scale to handle the load?

Question 348easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will store sensitive user data in an Amazon RDS for PostgreSQL database. The data must be encrypted at rest and in transit. The company also requires automated backups with a retention period of 35 days. What is the MOST secure and cost-effective configuration?

Question 349hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a global application that requires a highly available and low-latency API. The API will be consumed by clients across the world. The backend consists of an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances in a single AWS Region. The company wants to improve performance for global users. Which solution meets these requirements with minimal operational overhead?

Question 350easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The Lambda function needs to access an Amazon RDS database. The database is in a VPC without public internet access. What is the MOST secure way to allow the Lambda function to connect to the database?

Question 351mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a data lake on Amazon S3. The data will be ingested from various sources, including streaming data from IoT devices. The data must be processed in near real-time to derive insights. The company wants to use serverless technologies to minimize operational overhead. Which combination of services should the company use?

Question 352mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate launch type. The application needs to store session state that is shared across multiple tasks. The session data must be highly available and low-latency. Which AWS service should be used to store the session state?

Question 353mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will use Amazon S3 to store user-uploaded images. The application must enforce that all uploads are encrypted in transit and at rest. Additionally, the bucket must be configured to block all public access. Which TWO actions should be taken to meet these requirements?

Question 354hardmulti select
Read the full DNS explanation →

A company is designing a new microservices architecture using Amazon ECS with the Fargate launch type. The services need to communicate securely within a VPC. The company requires that inter-service communication is encrypted and that the services can discover each other using DNS names. Which THREE steps should the company take to meet these requirements?

Question 355easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances. The application writes logs to local disk, and the logs must be aggregated centrally for analysis. The company wants a solution that requires minimal configuration and can handle high log volume. Which TWO AWS services should the company use?

Question 356mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region disaster recovery solution for a stateless web application running on Amazon ECS Fargate. The application uses an Application Load Balancer and stores session data in Amazon ElastiCache for Redis. The company needs to achieve an RPO of 15 minutes and an RTO of 30 minutes. What is the MOST cost-effective design that meets these requirements?

Question 357hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless data processing pipeline that uses AWS Lambda to process messages from Amazon SQS. Each message requires 5 minutes of processing time. The company expects a steady state of 1,000 messages per second. What is the MOST scalable and cost-effective design?

Question 358easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to store application logs in Amazon S3 with a lifecycle policy that moves objects to S3 Glacier Instant Retrieval after 30 days and deletes them after 1 year. The logs are accessed frequently in the first 30 days but rarely after. Which storage class should the company use for the first 30 days?

Question 359mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a highly available application on AWS that uses an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances. The application requires that the client's IP address be preserved in the application logs. The company also needs to perform SSL termination at the load balancer. How should the company configure the ALB to meet these requirements?

Question 360hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a real-time analytics platform that ingests data from thousands of IoT devices. Each device sends a JSON payload every second. The company needs to store the raw data for a month and then aggregate it into hourly summaries for long-term storage. The solution must be serverless and cost-effective. Which combination of AWS services should the company use?

Question 361mediummultiple choice
Read the full DNS explanation →

A company is designing a microservices architecture using Amazon ECS with Fargate. Each microservice needs to communicate with others via REST APIs. The company wants to ensure that communication is encrypted in transit and that services can discover each other using DNS names. Which set of actions should the company take?

Question 362easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a cost-effective solution to store and serve large media files (e.g., videos) to users globally. The files are frequently accessed initially but become rarely accessed after 30 days. The company needs millisecond retrieval for the first 30 days and can tolerate retrieval times of minutes after that. What storage solution should the company use?

Question 363hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application that uses AWS Lambda to process events from Amazon DynamoDB Streams. The Lambda function updates an Amazon RDS for MySQL database. The company expects a high volume of updates and is concerned about the Lambda function causing too many connections to the database. How should the company design the solution to manage the database connection pool effectively?

Question 364mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a relational database. The application has variable workloads with predictable spikes. The company wants to minimize costs while ensuring that the database can handle the spikes. Which Amazon RDS feature should the company use?

Question 365mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a data lake on Amazon S3. Data is ingested from multiple sources and stored as Parquet files partitioned by date. The company needs to ensure that only authorized users can access the data, and that the data is encrypted at rest. Which TWO actions should the company take to meet these requirements? (Choose TWO.)

Question 366hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture on Amazon ECS with Fargate. The services need to communicate securely and efficiently. The company wants to implement service-to-service authentication and authorization. Which THREE steps should the company take? (Choose THREE.)

Question 367easymulti select
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for an Amazon Aurora MySQL database. The database is currently in a single AWS Region. The company needs an RPO of less than 1 minute and an RTO of less than 5 minutes. Which TWO steps should the company take? (Choose TWO.)

Question 368mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. Each service must be independently deployable and scale based on demand. The company wants to minimize operational overhead for container orchestration. Which AWS service should the company use?

Question 369hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a global application that requires low-latency read access to a database from multiple AWS regions. The database stores user profile data that is updated infrequently. The solution must ensure eventual consistency and minimize write conflicts. Which combination of AWS services should be used?

Question 370easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process streaming data from IoT devices. The data must be ingested in real-time and stored in Amazon S3 for long-term analytics. Which AWS service should be used to ingest the streaming data?

Question 371mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer. The application must handle millions of requests per day. To reduce latency and offload traffic from the EC2 instances, which AWS service should be placed in front of the load balancer?

Question 372hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3. The data will be ingested from various sources and must be encrypted at rest. The company requires that the encryption keys be managed by AWS and rotated automatically. Which encryption option should be used?

Question 373easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will be deployed on AWS. The application requires a relational database with automatic failover and high availability within a single AWS region. Which database deployment option meets these requirements?

Question 374mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda. The application needs to store and retrieve JSON documents. The company wants the lowest cost for infrequent access. Which data store should be used?

Question 375hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new solution to process a continuous stream of events from multiple sources. The events must be processed in real-time with exactly-once processing semantics. The solution should be able to handle replayed events without duplication. Which AWS service should be used for the event processing?

Question 376easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new static website hosted on Amazon S3. The website must be served over HTTPS with a custom domain name. Which AWS service should be used to achieve this?

Question 377mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new solution to store and analyze log files from multiple sources. The solution must provide near real-time analytics and the ability to query the logs using SQL. Which TWO AWS services should be used together to meet these requirements? (Choose two.)

Question 378hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that requires a highly available and durable NoSQL database. The database must be able to scale horizontally for both reads and writes. Which TWO AWS services meet these requirements? (Choose two.)

Question 379easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will process images uploaded by users. The application must automatically resize images and store them in Amazon S3. The solution should be serverless and event-driven. Which THREE AWS services should be used together? (Choose three.)

Question 380hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. An architect is troubleshooting an EC2 instance that is not responding to health checks from an Application Load Balancer. The instance is in the 'running' state. Which of the following is the most likely cause?

Network Topology
aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].State'output jsonRefer to the exhibit."Code": 16,"Name": "running"
Question 381mediummultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A company has an IAM policy that allows s3:GetObject on all objects in 'my-bucket' but denies access to objects in the 'confidential' folder. A user tries to access 's3://my-bucket/confidential/report.pdf'. What will happen?

Exhibit

Refer to the exhibit.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*"
        },
        {
            "Effect": "Deny",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/confidential/*"
        }
    ]
}
Question 382easymultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A CloudFormation stack creation failed. The architect needs to identify the reason for the failure. Which CLI command should be used to get detailed error messages?

Network Topology
aws cloudformation describe-stacksstack-name my-stackquery 'Stacks[0].StackStatus'output textRefer to the exhibit.CREATE_FAILED
Question 383mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-tier web application on AWS. The application must be highly available and scale automatically based on traffic. The web tier runs on Amazon EC2 instances behind an Application Load Balancer. The application tier also uses EC2 instances. Which solution meets these requirements with the LEAST operational overhead?

Question 384hardmultiple choice
Read the full NAT/PAT explanation →

A startup is designing a data lake on AWS using Amazon S3. They expect to ingest hundreds of terabytes of data from IoT devices daily. Data is in JSON format and will be queried using Amazon Athena. Which combination of actions will optimize query performance and minimize costs?

Question 385easymultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to a microservices architecture on AWS. They want to decouple the services and ensure that messages between services are processed asynchronously and durably. Which AWS service should they use for this purpose?

Question 386mediummulti select
Read the full Design for New Solutions explanation →

Which TWO actions improve the security of an Amazon S3 bucket that stores sensitive data?

Question 387hardmulti select
Read the full Design for New Solutions explanation →

Which THREE factors should be considered when designing a global application that requires low-latency access to static content and dynamic API responses?

Question 388mediummulti select
Read the full NAT/PAT explanation →

Which TWO design patterns help ensure data durability in Amazon S3?

Question 389mediummultiple choice
Read the full Design for New Solutions explanation →

A company plans to migrate a relational database to Amazon RDS for MySQL. They need to minimize downtime during the migration. The source database is running on-premises. Which strategy should they use?

Question 390hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a highly available architecture for a critical application on AWS. The application runs on EC2 instances and uses an Oracle database. The database must be resilient to an Availability Zone failure and must have automated failover. Which database solution meets these requirements?

Question 391easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to automate the deployment of a three-tier web application on AWS. The deployment should include the network, security groups, EC2 instances, and an Application Load Balancer. Which AWS service should they use?

Question 392mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda. The application processes files uploaded to an S3 bucket. Each file can be up to 500 MB, and processing takes up to 10 minutes. The Lambda function must be triggered as soon as a file is uploaded. Which configuration should they use?

Question 393mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a web application hosted on AWS. The primary site is in us-east-1 and the DR site is in us-west-2. The application uses an Amazon RDS for MySQL database. They need to recover the database with a Recovery Point Objective (RPO) of 5 seconds and a Recovery Time Objective (RTO) of 1 hour. Which solution meets these requirements?

Question 394mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. They need to ensure that services can communicate asynchronously without tight coupling. Which AWS service should they use for message brokering?

Question 395hardmultiple choice
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. They need to ensure that the application can handle sudden spikes in traffic without throttling. Which design should they implement?

Question 396easymultiple choice
Read the full Design for New Solutions explanation →

A company needs to store configuration data for multiple applications in a centralized, secure, and versioned manner. The configuration must be encrypted at rest and automatically rotated. Which AWS service should they use?

Question 397mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake on AWS using Amazon S3. They need to query the data using standard SQL without moving it to a separate analytics store. Which AWS service should they use?

Question 398hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a legacy monolithic application to a microservices architecture on AWS. They want to use an event-driven design where services react to state changes. Which AWS service should they use to capture, store, and replay events?

Question 399easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to deploy a containerized web application on AWS. They need to manage container orchestration, automatic scaling, and service discovery. Which AWS service should they use?

Question 400hardmultiple choice
Review the full routing breakdown →

A company is designing a multi-region active-active application using Amazon Route 53, Application Load Balancers, and Auto Scaling groups. They need to route users to the closest region with the lowest latency. Which routing policy should they use?

Question 401mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a real-time analytics pipeline for IoT data. They need to ingest millions of messages per second, process them with low latency, and store results in Amazon S3. Which combination of services should they use?

Question 402easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to provide temporary access to an S3 bucket for external partners. The access must be time-limited and restricted to specific objects. Which AWS service or feature should they use?

Question 403mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that requires high availability and disaster recovery across multiple AWS Regions. The application uses an Amazon RDS for MySQL database. Which TWO strategies should they implement to meet these requirements?

Question 404hardmulti select
Read the full Design for New Solutions explanation →

A company is building a serverless application using AWS Lambda and Amazon DynamoDB. They need to ensure that the application can handle a sudden increase in traffic without losing any data or causing errors. Which THREE strategies should they implement?

Question 405mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new web application that will be deployed on Amazon ECS with Fargate. They need to store session state for the application. Which TWO services can they use for this purpose?

Question 406hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. An IAM policy is attached to a user. The user is trying to download an object from the 'confidential' folder in 'my-bucket' using HTTP (not HTTPS). What will happen?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "192.0.2.0/24"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::my-bucket/confidential/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
Question 407mediummultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A solutions architect runs the CLI command and gets the output shown. What does the state 'running' indicate about the instance?

Network Topology
aws ec2 describe-instancesregion us-east-1query "Reservations[0].Instances[0].State"Refer to the exhibit."Code": 16,"Name": "running"
Question 408hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A CloudFormation template is used to create an S3 bucket. After deployment, the bucket is created but objects are not automatically deleted after 30 days as expected. What is the most likely cause?

Exhibit

Refer to the exhibit.
Resources:
  MyBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Sub '${AWS::StackName}-data'
      VersioningConfiguration:
        Status: Enabled
      LifecycleConfiguration:
        Rules:
          - Id: ExpireOldVersions
            Status: Enabled
            NoncurrentVersionExpirationInDays: 30
Question 409easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices-based application on AWS. They need to decouple services and ensure asynchronous communication. Which AWS service should they use?

Question 410mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to microservices on AWS. They have identified that some services require high-throughput, low-latency data sharing. Which AWS service should they use for this purpose?

Question 411hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process sensitive financial data. They need to ensure that data at rest is encrypted using customer-provided encryption keys (SSE-C) in Amazon S3. Which action is required to enable this?

Question 412mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region active-active application using Amazon DynamoDB. They need to ensure low-latency reads and writes globally. Which DynamoDB feature should they use?

Question 413easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer. They need to offload SSL/TLS termination to reduce CPU usage on the instances. What should they do?

Question 414hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will use Amazon RDS for PostgreSQL. They need to implement read replicas to offload read traffic. However, they are concerned about replication lag affecting read consistency. Which action would minimize replication lag?

Question 415mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda. The function needs to access a VPC resource. What is the correct way to configure this?

Question 416easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application to store and retrieve user profile pictures. The images will be accessed frequently and must be served with low latency. Which storage solution should they use?

Question 417mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process streaming data from IoT devices. They need to ingest data in real time and apply transformations before storing it in Amazon S3. Which AWS service should they use?

Question 418hardmultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is reviewing the above IAM policy attached to an S3 bucket. A user from IP address 10.0.1.5 makes a request over HTTP (not HTTPS). Will the user be able to download an object?

Exhibit

Refer to the exhibit.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
Question 419mediummultiple choice
Read the full Design for New Solutions explanation →

The above AWS CloudFormation template creates an S3 bucket with a bucket policy. A user from IP 198.51.100.5 tries to access an object in the bucket. What will happen?

Exhibit

Refer to the exhibit.

{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Resources": {
    "MyBucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": "my-bucket-12345",
        "VersioningConfiguration": {
          "Status": "Enabled"
        }
      }
    },
    "MyBucketPolicy": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {"Ref": "MyBucket"},
        "PolicyDocument": {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": "*",
              "Action": "s3:GetObject",
              "Resource": "arn:aws:s3:::my-bucket-12345/*",
              "Condition": {
                "IpAddress": {
                  "aws:SourceIp": "203.0.113.0/24"
                }
              }
            }
          ]
        }
      }
    }
  }
}
Question 420easymultiple choice
Read the full Design for New Solutions explanation →

The above CLI output shows the state of a CloudWatch alarm. The EC2 instance's CPU utilization averaged 85% for the last 10 minutes. What is the alarm state?

Network Topology
$ aws cloudwatch describe-alarmsalarm-names CPUUtilizationHighRefer to the exhibit."MetricAlarms": ["AlarmName": "CPUUtilizationHigh","StateValue": "ALARM","MetricName": "CPUUtilization","Namespace": "AWS/EC2","Statistic": "Average","Period": 300,"EvaluationPeriods": 2,"Threshold": 80.0,"ComparisonOperator": "GreaterThanThreshold"
Question 421mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. They need to store configuration data and secrets securely. Which services should they use? (Choose TWO.)

Question 422hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new web application with a global user base. They need to improve latency for static content and protect against DDoS attacks. Which services should they use? (Choose THREE.)

Question 423mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new data lake on Amazon S3. They need to ensure that data is encrypted at rest and that access is audited. Which services should they use? (Choose TWO.)

Question 424mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. The application experiences sudden spikes in traffic. Which AWS service should be used to handle the traffic spikes without losing any requests?

Question 425hardmultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a multi-tier web application on AWS. The application must be highly available across three Availability Zones. The web tier runs on EC2 instances behind an Application Load Balancer (ALB). The application tier runs on EC2 instances behind a Network Load Balancer (NLB). The database tier uses a Multi-AZ RDS instance. To reduce cross-AZ data transfer costs, which design should be implemented?

Question 426easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to migrate an on-premises Oracle database to Amazon Aurora PostgreSQL. The migration must have minimal downtime. Which AWS service should be used for the migration?

Question 427mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that will store sensitive user data in Amazon S3. The data must be encrypted at rest and in transit. The solution must use AWS managed keys and must be compliant with PCI DSS. Which combination of encryption options should be used?

Question 428hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture using Amazon ECS with Fargate. The services need to communicate with each other. The company wants to minimize operational overhead and ensure that service discovery is automatically updated when services scale. Which service discovery option should be used?

Question 429easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a new application that will process streaming data from IoT devices. The data must be processed in real time and then stored in Amazon S3 for long-term analytics. Which combination of AWS services should be used?

Question 430mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that requires a relational database with high read capacity. The application is read-heavy and requires low latency. Which database configuration should be used?

Question 431hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EKS. The application must be able to scale based on custom metrics such as number of messages in an SQS queue. Which Kubernetes component should be used to achieve this?

Question 432easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will store and retrieve large files (up to 5 TB). The files must be accessible via HTTPS and must be durable. Which AWS storage service should be used?

Question 433mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances in an Auto Scaling group. The application must be able to distribute incoming traffic across multiple instances. Which TWO AWS services can be used for this purpose? (Choose TWO.)

Question 434hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new data lake on Amazon S3. The data must be encrypted at rest using envelope encryption with AWS KMS. The company wants to use an AWS managed key that rotates annually. Which THREE components are required for this design? (Choose THREE.)

Question 435easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The application needs to access an Amazon RDS database. Which THREE steps are required to secure the database access? (Choose THREE.)

Question 436mediummultiple choice
Review the full subnetting walkthrough →

A company has attached the above IAM policy to an IAM role used by an EC2 instance. The EC2 instance is in a VPC with CIDR 10.0.0.0/16 and has a public IP. Which of the following statements is true regarding access to the S3 bucket?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": "10.0.0.0/8"
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "Bool": {
          "aws:SecureTransport": "false"
        }
      }
    }
  ]
}
Question 437hardmultiple choice
Read the full Design for New Solutions explanation →

A company is monitoring a Lambda function named my-function. The function has an alias 'prod' that points to version 1. The above CLI output shows two metrics for the Errors metric. What is the likely reason for two metrics?

Network Topology
$ aws cloudwatch list-metricsnamespace AWS/Lambdametric-name ErrorsRefer to the exhibit."Metrics": ["Namespace": "AWS/Lambda","MetricName": "Errors","Dimensions": ["Name": "FunctionName","Value": "my-function"},"Name": "Resource","Name": "ExecutedVersion","Value": "$LATEST""Value": "my-function:1""Value": "1"
Question 438mediummultiple choice
Review the full subnetting walkthrough →

A company deployed the above CloudFormation template. An EC2 instance launched in the PrivateSubnet needs to access the internet for software updates. Which action is required?

Exhibit

Refer to the exhibit.
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Description": "VPC with public and private subnets",
  "Resources": {
    "VPC": {
      "Type": "AWS::EC2::VPC",
      "Properties": {
        "CidrBlock": "10.0.0.0/16"
      }
    },
    "PublicSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": { "Ref": "VPC" },
        "CidrBlock": "10.0.1.0/24",
        "MapPublicIpOnLaunch": true
      }
    },
    "PrivateSubnet": {
      "Type": "AWS::EC2::Subnet",
      "Properties": {
        "VpcId": { "Ref": "VPC" },
        "CidrBlock": "10.0.2.0/24"
      }
    }
  }
}
Question 439mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic e-commerce application to AWS. The application consists of a web tier, an application tier, and a database tier. The company wants to decouple the tiers to improve scalability and resilience. Which AWS service should the company use to send messages from the web tier to the application tier asynchronously?

Question 440easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. Each microservice must store its own data and communicate with other services via RESTful APIs. The company wants to minimize operational overhead. Which data store should the company use for each microservice?

Question 441hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new real-time analytics platform that ingests millions of events per second from IoT devices. The events must be processed with low latency (under 100 ms) and stored for replay. The company wants to use managed services. Which combination of AWS services should the company use?

Question 442mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a multi-region active-active application with a relational database. The application requires strong consistency and read-after-write consistency globally. Which AWS database service should the company choose?

Question 443easymultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a serverless application using AWS Lambda, Amazon API Gateway, and Amazon DynamoDB. The company wants to secure the API by requiring authentication via a JSON Web Token (JWT). Which service should the company use to manage user authentication and issue JWTs?

Question 444hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on AWS. The data lake will store raw data in Amazon S3 and use Amazon Athena for ad-hoc queries. The company needs to ensure that only authorized users can query specific partitions based on their department. Which approach should the company use to implement fine-grained access control?

Question 445mediummultiple choice
Read the full DNS explanation →

A company is designing a containerized microservices architecture on Amazon ECS. The services must be able to discover each other using DNS names. Which AWS service should the company use for service discovery?

Question 446easymultiple choice
Read the full NAT/PAT explanation →

A company is designing a new web application that will be accessed by users worldwide. The application will serve static content (HTML, CSS, images) and dynamic API responses. The company wants to minimize latency for all users. Which combination of AWS services should the company use?

Question 447mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will process sensitive financial data. The application must encrypt data at rest and in transit. The company wants to use AWS managed keys for encryption. Which AWS service should the company use to create and manage the encryption keys?

Question 448hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new data processing pipeline that uses AWS Glue to run ETL jobs. The pipeline must process data from multiple sources with varying schemas and load the results into Amazon Redshift. The data must be partitioned by date and encrypted at rest. Which TWO AWS services or features should the company use to meet these requirements? (Choose two.)

Question 449mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new disaster recovery (DR) strategy for its critical applications. The DR plan must achieve a recovery time objective (RTO) of 15 minutes and a recovery point objective (RPO) of 1 minute. The applications run on Amazon EC2 instances with Amazon EBS volumes. Which THREE actions should the company take to meet these requirements? (Choose three.)

Question 450mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application that uses AWS Lambda, Amazon DynamoDB, and Amazon API Gateway. The application must handle burst traffic and cannot lose any data. The company wants to use a dead-letter queue (DLQ) for failed Lambda invocations. Which TWO services can be used as a DLQ for Lambda? (Choose two.)

Question 451hardmultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A company has an S3 bucket policy that allows GetObject access from two IP ranges (10.0.0.0/16 and 192.168.0.0/16). The policy also denies all S3 actions on the 'confidential/' prefix unless the request comes from the 10.0.0.0/16 range. Which of the following statements is true?

Exhibit

Refer to the exhibit.
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example-bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "10.0.0.0/16",
            "192.168.0.0/16"
          ]
        }
      }
    },
    {
      "Effect": "Deny",
      "Action": "s3:*",
      "Resource": "arn:aws:s3:::example-bucket/confidential/*",
      "Condition": {
        "NotIpAddress": {
          "aws:SourceIp": "10.0.0.0/16"
        }
      }
    }
  ]
}
Question 452mediummultiple choice
Read the full Design for New Solutions explanation →

Refer to the exhibit. A company uses AWS CloudFormation to deploy an EC2 instance. The template uses a condition to select the instance type based on the environment. The company deploys the stack with the parameter EnvType set to 'prod'. What will be the instance type of the created EC2 instance?

Exhibit

Refer to the exhibit.
{
  "Parameters": {
    "EnvType": {
      "Type": "String",
      "AllowedValues": ["dev", "prod"],
      "Default": "dev"
    }
  },
  "Conditions": {
    "IsProduction": {"Fn::Equals": [{"Ref": "EnvType"}, "prod"]}
  },
  "Resources": {
    "EC2Instance": {
      "Type": "AWS::EC2::Instance",
      "Properties": {
        "InstanceType": {
          "Fn::If": ["IsProduction", "t3.large", "t2.micro"]
        },
        "ImageId": "ami-0abcdef1234567890"
      }
    }
  }
}
Question 453hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon ECS with Fargate. The application consists of three microservices: Service A, Service B, and Service C. Service A receives HTTP requests from an Application Load Balancer and sends messages to an Amazon SQS queue. Service B polls the SQS queue and processes the messages, storing results in Amazon DynamoDB. Service C reads from DynamoDB and sends notifications via Amazon SNS. The company expects variable traffic and wants to minimize costs. During a load test, the team observes that Service B is not scaling fast enough, causing the SQS queue to grow. The team also notices that Service C is idle most of the time. Which solution should the company implement to improve scaling and reduce costs?

Question 454mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new microservices application on AWS. Each microservice will be deployed as a containerized application using Amazon ECS with Fargate launch type. The company expects variable traffic patterns and needs to ensure that the application can scale automatically based on demand. Which scaling solution should be used?

Question 455easymultiple choice
Read the full Design for New Solutions explanation →

A solutions architect is designing a new serverless application using AWS Lambda for business logic, Amazon API Gateway for RESTful APIs, and Amazon DynamoDB for data storage. The application will experience unpredictable traffic spikes. What is the MOST cost-effective way to handle concurrency and scaling?

Question 456hardmultiple choice
Read the full NAT/PAT explanation →

A company is migrating a monolithic application to a microservices architecture on AWS. The application uses a relational database with complex queries. The team wants to decouple the database layer and allow each microservice to own its data. Which design pattern should the team implement?

Question 457mediummultiple choice
Read the full NAT/PAT explanation →

A company is designing a new solution to process streaming data from IoT devices. The data must be ingested, processed in real-time, and stored in a data warehouse for analytics. The company expects millions of events per second. Which combination of AWS services should be used?

Question 458easymultiple choice
Read the full Design for New Solutions explanation →

A company needs to design a new solution for storing and retrieving user-uploaded images. The images are accessed frequently for the first 30 days and then rarely accessed after that. The company wants to minimize storage costs while maintaining low-latency access for frequently accessed images. Which storage strategy should be used?

Question 459hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new cloud-native application that will be deployed across multiple AWS Regions for high availability. The application uses Amazon Aurora Global Database for its primary data store. The company needs to ensure that in the event of a regional failure, the secondary region can be promoted to primary with minimal data loss. Which configuration should be used?

Question 460mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new solution to securely store and manage secrets for applications running on AWS. The secrets include database credentials, API keys, and OAuth tokens. The solution must automatically rotate secrets and integrate with AWS services like Amazon RDS. Which AWS service should be used?

Question 461hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new data lake solution on AWS using Amazon S3 as the storage layer. The data lake will be used by multiple teams for analytics and machine learning. The company needs to enforce fine-grained access control at the object level, enable auditing of data access, and ensure that sensitive data is masked for unauthorized users. Which combination of AWS services should be used?

Question 462mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new container-based application using Amazon EKS. The application requires persistent storage for stateful workloads, such as databases. The storage must be highly available and durable across multiple Availability Zones. Which storage solution should be used?

Question 463mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a new serverless application that processes orders from an e-commerce website. The application uses AWS Lambda functions that are invoked by Amazon API Gateway. The company expects a sudden spike in traffic during a flash sale. Which TWO strategies should be used to ensure the application can handle the spike without errors? (Choose two.)

Question 464hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new disaster recovery solution for a critical application that runs on Amazon EC2 instances in a single AWS Region. The solution must have a Recovery Time Objective (RTO) of less than 15 minutes and a Recovery Point Objective (RPO) of less than 5 minutes. The application data is stored on Amazon EBS volumes. Which THREE steps should be taken to meet these requirements? (Choose three.)

Question 465easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application that will run on Amazon EC2 instances behind an Application Load Balancer (ALB). The application must be highly available and fault-tolerant across multiple Availability Zones. Which TWO actions should be taken to achieve this? (Choose two.)

Question 466mediummulti select
Review the full routing breakdown →

A company is designing a new event-driven architecture using AWS services. The system must process events from multiple sources, filter and route events to different consumers, and ensure that events are processed exactly once. Which THREE services should be used to build this architecture? (Choose three.)

Question 467hardmultiple choice
Read the full NAT/PAT explanation →

A company is designing a new cloud-native application that uses Amazon API Gateway, AWS Lambda, and Amazon DynamoDB. The application handles user authentication using Amazon Cognito User Pools. During a stress test, the team notices that some requests are failing with HTTP 503 (Service Unavailable) errors. The CloudWatch logs show that Lambda functions are being throttled, and the DynamoDB table is experiencing high write throttling. The team needs to resolve these issues while maintaining low latency. Which solution is the MOST effective?

Question 468mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new solution to host a static website with global audience. The website content includes HTML, CSS, JavaScript, and images. The company wants to minimize latency for users worldwide and reduce the load on the origin server. The origin server is an Amazon S3 bucket configured for static website hosting. Which solution should be used to achieve these goals?

Question 469mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a microservices architecture on AWS ECS with Fargate. Each service needs to store and retrieve session state. The solution must be highly available and low latency. Which AWS service should be used for session state storage?

Question 470hardmultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic application to a serverless architecture using AWS Lambda. The application reads and writes to an Amazon RDS for PostgreSQL database. The database connection pool is exhausted during peak traffic. Which design change should a solutions architect recommend to avoid connection exhaustion?

Question 471easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to store application logs in a centralized location for analysis. The logs are generated by EC2 instances in an Auto Scaling group. The solution must be cost-effective and support real-time analysis. Which service should be used to collect and analyze the logs?

Question 472mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a disaster recovery solution for a critical application running on EC2 with data in an Amazon RDS MySQL Multi-AZ DB instance. The recovery time objective (RTO) is 15 minutes and recovery point objective (RPO) is 1 hour. Which strategy meets these requirements?

Question 473hardmultiple choice
Read the full Design for New Solutions explanation →

A company is deploying a web application on AWS Elastic Beanstalk. The application must be accessible over HTTPS only and must automatically redirect HTTP requests to HTTPS. The SSL/TLS certificate is provided by AWS Certificate Manager (ACM). How should this be configured?

Question 474easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to decouple a frontend API from backend processing to improve scalability and fault tolerance. The frontend sends requests that can be processed asynchronously. Which AWS service should be used to decouple the components?

Question 475mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a data lake solution on Amazon S3. Data is ingested from multiple sources and stored in a raw bucket. The data must be processed and transformed before being moved to a curated bucket. The processing logic is complex and includes conditional transformations. Which service should be used to orchestrate the transformation pipeline?

Question 476hardmultiple choice
Read the full Design for New Solutions explanation →

A company is building a high-performance computing (HPC) cluster on AWS for genomics research. The compute nodes require low-latency inter-node communication. Which networking solution should be used?

Question 477mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a CI/CD pipeline for a containerized application using AWS CodePipeline. The application is deployed to Amazon ECS with Fargate. The pipeline must automatically build and test code changes before deploying to production. Which service should be used to build and test the Docker images?

Question 478mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a web application that must support millions of concurrent users. The application uses a RESTful API frontend and a relational database backend. Which TWO strategies should be implemented to improve scalability?

Question 479hardmulti select
Read the full Design for New Solutions explanation →

A company is migrating a legacy application to AWS. The application consists of several components that communicate via TCP. The solutions architect must design a solution that minimizes operational overhead and provides high availability. Which TWO strategies should be used?

Question 480easymulti select
Read the full Design for New Solutions explanation →

A company wants to implement a serverless data processing pipeline on AWS. The pipeline reads CSV files from Amazon S3, transforms the data, and loads it into Amazon Redshift. Which THREE AWS services should be used to build this pipeline?

Question 481mediummulti select
Read the full Design for New Solutions explanation →

A company is designing a multi-tier web application that must be fault-tolerant and scalable. The application uses an Application Load Balancer (ALB) to distribute traffic to EC2 instances in an Auto Scaling group. The instances run a web server and a backend application. Which TWO steps should be taken to ensure the application can scale without data loss?

Question 482hardmulti select
Read the full Design for New Solutions explanation →

A company is deploying a containerized application on Amazon ECS with Fargate. The application needs to be accessible from the internet and must be secured with an AWS WAF. Which TWO steps should be taken to achieve this?

Question 483hardmultiple choice
Read the full Design for New Solutions explanation →

A company is running a production web application on AWS using an Application Load Balancer (ALB) in front of an Auto Scaling group of EC2 instances. The application uses a MySQL database hosted on Amazon RDS with Multi-AZ enabled. Recently, during a traffic spike, some users experienced increased latency and occasional 503 errors. The operations team noticed that the database CPU utilization reached 100% and the number of database connections peaked at the maximum limit. The application team confirmed that the application uses connection pooling on the EC2 instances but the pool size is fixed. Which solution should the solutions architect recommend to prevent recurrence?

Question 484mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new microservices architecture on AWS. They need to ensure that services can communicate asynchronously without tight coupling. Which AWS service should they use to decouple the services while providing durable message storage?

Question 485hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application that will store sensitive data in Amazon S3. The data must be encrypted at rest using a key that is rotated every 90 days. The company wants to use AWS managed services to minimize operational overhead. Which encryption solution should they choose?

Question 486easymultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new web application that will run on Amazon EC2 instances behind an Application Load Balancer. The application must handle sudden spikes in traffic without manual intervention. Which scaling approach should they use?

Question 487mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new data lake on Amazon S3. They need to query the data using standard SQL and expect to run complex queries that scan large datasets. The query performance should be optimized to minimize data scanned. Which service should they use?

Question 488hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new multi-region application that requires a global database with low-latency reads and writes. The application must be able to survive a regional outage. Which database solution should they choose?

Question 489mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new serverless application using AWS Lambda. The function must process a file uploaded to S3 and then send a notification to an external API. The external API has a rate limit of 10 requests per second. Which approach should they use to handle throttling?

Question 490mediummulti select
Read the full NAT/PAT explanation →

A company is designing a new cloud-native application that will run on Amazon ECS with Fargate. The application must store logs centrally for analysis. Which TWO services can be used to collect and analyze logs from ECS Fargate tasks?

Question 491hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new disaster recovery solution for a critical application running on Amazon EC2. They need to replicate data across AWS Regions with a Recovery Point Objective (RPO) of 15 minutes and a Recovery Time Objective (RTO) of 1 hour. Which THREE actions should they take to meet these objectives?

Question 492easymulti select
Review the full subnetting walkthrough →

A company is designing a new VPC for a web application that must be accessible from the internet. The application will run on EC2 instances in private subnets. Which TWO components are required to allow the EC2 instances to access the internet for updates?

Question 493hardmulti select
Read the full Design for New Solutions explanation →

A company is designing a new CI/CD pipeline for a containerized application. They want to automatically build, test, and deploy the application to Amazon EKS. Which THREE AWS services should they use to implement this pipeline?

Question 494mediummultiple choice
Read the full NAT/PAT explanation →

A developer ran the AWS CLI command shown in the exhibit. The instance has an attached EBS volume with 'DeleteOnTermination' set to false. The instance will be started again soon. What will happen to the EBS volume when the instance is stopped?

Network Topology
aws ec2 describe-instancesinstance-ids i-1234567890abcdef0query 'Reservations[0].Instances[0].State'Refer to the exhibit."Code": 80,"Name": "stopped"
Question 495hardmultiple choice
Read the full Design for New Solutions explanation →

A security engineer created the S3 bucket policy shown in the exhibit. The policy is intended to allow the role MyAppRole to get objects only if they are encrypted with SSE-S3. However, the role is getting access denied errors when trying to get objects that are encrypted with SSE-S3. What is the most likely cause?

Exhibit

Refer to the exhibit.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::my-bucket/*",
            "Principal": {
                "AWS": "arn:aws:iam::123456789012:role/MyAppRole"
            },
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        }
    ]
}
Question 496mediummultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a new application that processes sensitive transactions. The application runs on Amazon ECS with Fargate. The compliance team requires that all data in transit between the application and the database must be encrypted. The database is an Amazon RDS for PostgreSQL instance. The application connects to the database using a connection string that includes the database endpoint. The security team has enabled encryption in transit on the RDS instance using a certificate. The application is currently failing to connect to the database with an error related to SSL/TLS. The development team verified that the connection string includes the sslmode=require parameter. What is the most likely cause of the connection failure?

Question 497hardmultiple choice
Read the full Design for New Solutions explanation →

A media company is designing a new video processing pipeline on AWS. Videos are uploaded to an S3 bucket, which triggers an AWS Lambda function to start an AWS Elemental MediaConvert job. The MediaConvert job uses a custom job template. The pipeline must handle bursty uploads of up to 50 videos simultaneously. The company has noticed that some uploads are not being processed. The Lambda function is configured with a reserved concurrency of 10. The S3 event notification is configured to send events to the Lambda function. The MediaConvert job template is configured correctly. What is the most likely reason for the missed processing?

Question 498easymultiple choice
Read the full Design for New Solutions explanation →

A startup is designing a new web application that will be hosted on AWS. The application consists of a static frontend and a backend API. The frontend is built with React and the backend is a RESTful API built with Node.js. The startup expects low traffic initially but wants to be able to scale to millions of users. The team wants to minimize operational overhead and cost. Which architecture should they use?

Question 499mediummultiple choice
Read the full Design for New Solutions explanation →

A company is migrating a monolithic e-commerce application to AWS. The application consists of a web frontend, a REST API, and a PostgreSQL database. The migration plan is to containerize the frontend and API using Amazon ECS with Fargate, and use Amazon RDS for PostgreSQL. The company expects variable traffic with peak loads during promotional events. The architecture must be highly available and cost-effective. The operations team wants to minimize manual scaling interventions. Which solution should a Solutions Architect recommend?

Question 500hardmultiple choice
Read the full Design for New Solutions explanation →

A financial services company is designing a new system on AWS to process real-time stock trades. The system must handle up to 10,000 trades per second with end-to-end latency under 500 milliseconds. Trades are ingested via REST API, validated, enriched with market data, and stored in a database for regulatory compliance. The architecture must be highly available across three Availability Zones. The company wants to use AWS managed services to minimize operational overhead. Which solution should a Solutions Architect recommend?

Question 501easymultiple choice
Read the full NAT/PAT explanation →

A startup is building a serverless photo-sharing application on AWS. Users upload photos via a web app, which stores them in Amazon S3. Each upload triggers an AWS Lambda function that creates a thumbnail and stores it in another S3 bucket. The application is expected to have unpredictable traffic patterns. The startup wants to minimize costs and operational overhead while ensuring the thumbnail generation completes reliably. Which solution should a Solutions Architect recommend?

Question 502mediummultiple choice
Read the full Design for New Solutions explanation →

A media company is designing a new video transcoding pipeline on AWS. Raw video files (up to 10 GB each) are uploaded by users to an S3 bucket. Each upload must be transcoded into multiple formats (MP4, WebM, HLS) and stored in another S3 bucket. The transcoding job can take up to 30 minutes per file. The company needs a solution that is cost-effective and can handle hundreds of concurrent uploads. The operations team wants to minimize maintenance. Which solution should a Solutions Architect recommend?

Question 503hardmultiple choice
Read the full Design for New Solutions explanation →

A global e-commerce company is designing a new recommendation engine on AWS. The engine processes user behavior data (clicks, purchases) from multiple sources in real time and updates recommendations stored in Amazon DynamoDB. The data stream can reach 100,000 events per second. The solution must be highly available and process events with minimal latency (< 1 second). The company wants to use a managed streaming service and a real-time processing framework. Which solution should a Solutions Architect recommend?

Question 504easymultiple choice
Read the full Design for New Solutions explanation →

A small business wants to host a simple static website on AWS. The website consists of HTML, CSS, JavaScript, and images. The company expects low traffic and wants to minimize costs. The website must be highly available and load quickly for users globally. Which solution should a Solutions Architect recommend?

Question 505mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a new microservices-based application on AWS using Amazon ECS with Fargate. The application has a frontend service, an order service, and a payment service. Services communicate synchronously via REST APIs. The company expects variable traffic and wants to ensure that failures in one service do not cascade to others. Which solution should a Solutions Architect recommend?

Question 506hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare company is designing a new system on AWS to store and analyze patient health records. The system must comply with HIPAA regulations. Data includes structured lab results and unstructured clinical notes. The company needs to run complex SQL queries on the structured data and perform natural language processing (NLP) on the unstructured data. The solution should be cost-effective and minimize administrative overhead. Which solution should a Solutions Architect recommend?

Question 507easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to build a serverless backend for a mobile application. The backend provides user authentication, a REST API for data access, and stores data in a NoSQL database. The company expects the application to have unpredictable traffic, and wants to minimize costs. Which solution should a Solutions Architect recommend?

Question 508mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that processes real-time IoT sensor data from thousands of devices. The data must be ingested, processed, and stored for analysis. The company wants to use a serverless architecture to reduce operational overhead. The processing includes filtering, aggregation, and transformation. Which solution should a Solutions Architect recommend?

Question 509hardmultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new multi-region disaster recovery solution for a critical application running on AWS. The primary region is us-east-1. The application uses Amazon RDS for MySQL with Multi-AZ, and runs on EC2 instances behind an ALB. The RPO must be less than 5 minutes, and RTO less than 30 minutes. The company wants to minimize costs when the DR solution is not in use. Which solution should a Solutions Architect recommend?

Question 510easymultiple choice
Read the full Design for New Solutions explanation →

A company wants to deploy a new web application on AWS that uses a microservices architecture. The company expects rapid growth and wants to decouple services to allow independent scaling and development. The team wants to use Docker containers for consistency across environments. Which solution should a Solutions Architect recommend?

Question 511mediummultiple choice
Read the full Design for New Solutions explanation →

A company is building a new data lake on AWS to store and analyze petabytes of data from various sources. The data includes structured (CSV, Parquet), semi-structured (JSON), and unstructured (images, videos) files. The company needs a cost-effective storage solution that allows running SQL queries directly on the data without loading it into a database. Data is accessed infrequently but must be available within minutes. Which solution should a Solutions Architect recommend?

Question 512hardmultiple choice
Read the full Design for New Solutions explanation →

A gaming company is designing a new real-time multiplayer game backend on AWS. The game requires low-latency communication between players (< 50 ms) and the ability to handle up to 100,000 concurrent players. The backend must manage game state, player matchmaking, and chat. The company wants to use managed AWS services to reduce operational overhead. Which solution should a Solutions Architect recommend?

Question 513mediummultiple choice
Read the full Design for New Solutions explanation →

A company is designing a new event-driven architecture on AWS for processing orders. When a new order is placed, it must be validated, inventory checked, payment processed, and notification sent. Each step is independent and may take variable time. The company wants to decouple the steps and ensure that failures do not block the entire workflow. Which solution should a Solutions Architect recommend?

Question 514easymulti select
Read the full Design for New Solutions explanation →

A company is designing a new application on AWS that will store sensitive user data. The application must comply with data residency requirements, meaning data must remain within a specific geographic region. Which TWO architectural decisions should a Solutions Architect make to ensure compliance?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SAP-C02 Practice Test 1 — 10 Questions→SAP-C02 Practice Test 2 — 10 Questions→SAP-C02 Practice Test 3 — 10 Questions→SAP-C02 Practice Test 4 — 10 Questions→SAP-C02 Practice Test 5 — 10 Questions→SAP-C02 Practice Exam 1 — 20 Questions→SAP-C02 Practice Exam 2 — 20 Questions→SAP-C02 Practice Exam 3 — 20 Questions→SAP-C02 Practice Exam 4 — 20 Questions→Free SAP-C02 Practice Test 1 — 30 Questions→Free SAP-C02 Practice Test 2 — 30 Questions→Free SAP-C02 Practice Test 3 — 30 Questions→SAP-C02 Practice Questions 1 — 50 Questions→SAP-C02 Practice Questions 2 — 50 Questions→SAP-C02 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Design Solutions for Organizational ComplexityDesign for New SolutionsContinuous Improvement for Existing SolutionsAccelerate Workload Migration and Modernization

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Design for New Solutions setsAll Design for New Solutions questionsSAP-C02 Practice Hub