A company provides AWS solutions to its users with AWS CloudFormation templates. Users launch the templates in their accounts to have different solutions provisioned for them. The users want to improve the deployment strategy for solutions while retaining the ability to do the following:
* Add their own features to a solution for their specific deployments.
* Run unit tests on their changes.
* Turn features on and off for their deployments.
* Automatically update with code changes.
* Run security scanning tools for their deployments.
Which strategies should the solutions architect use to meet the requirements?

• A.Allow users to download solution code as Docker images. Use AWS CodeBuild and AWS CodePipeline for the CI/CD pipeline. Use Docker images for different solution features and the AWS CLI to turn features on and off. Use AWS CodeDeploy to run unit tests and security scans, and for deploying and updating a solution with changes.
• B.Allow users to download solution code artifacts in their Amazon S3 buckets. Use Amazon S3 and AWS CodePipeline for the CI/CD pipelines. Use CloudFormation StackSets for different solution features and to turn features on and off. Use AWS Lambda to run unit tests and security scans, and CloudFormation for deploying and updating a solution with changes.
• C.Allow users to download solution code artifacts. Use AWS CodeCommit and AWS CodePipeline for the CI/CD pipeline. Use the AWS Cloud Development Kit constructs for different solution features, and use the manifest file to turn features on and off. Use AWS CodeBuild to run unit tests and security and for deploying and updating a solution with changes.
• D.Allow users to download solution code artifacts. Use AWS CodeCommit and AWS CodePipeline for the CI/CD pipeline. Use AWS Amplify plugins for different solution features and user prompts to turn features on and off. Use AWS Lambda to run unit tests and security scans, and AWS CodeBuild for deploying and updating a solution with changes

Comment: *

Name: *

Email: *

Verification: *

A Solutions Architect must create a cost-effective backup solution for a company's 500MB source code repository of proprietary and sensitive applications. The repository runs on Linux and backs up daily to tape. Tape backups are stored for 1 year.
The current solutions are not meeting the company's needs because it is a manual process that is prone to error, expensive to maintain, and does not meet the need for a Recovery Point Objective (RPO) of 1 hour or Recovery Time Objective (RTO) of 2 hours. The new disaster recovery requirement is for backups to be stored offsite and to be able to restore a single file if needed.
Which solution meets the customer's needs for RTO, RPO, and disaster recovery with the LEAST effort and expense?

• A.Replace local tapes with an AWS Storage Gateway virtual tape library to integrate with current backup software. Run backups nightly and store the virtual tapes on Amazon S3 standard storage in US-EAST-1. Use cross-region replication to create a second copy in US-WEST-2. Use Amazon S3 lifecycle policies to perform automatic migration to Amazon Glacier and deletion of expired backups after 1 year?
• B.Configure the local source code repository to synchronize files to an AWS Storage Gateway file Amazon gateway to store backup copies in an Amazon S3 Standard bucket. Enable versioning on the Amazon S3 bucket. Create Amazon S3 lifecycle policies to automatically migrate old versions of objects to Amazon S3 Standard 0 Infrequent Access, then Amazon Glacier, then delete backups after 1 year.
• C.Replace the local source code repository storage with a Storage Gateway stored volume. Change the default snapshot frequency to 1 hour. Use Amazon S3 lifecycle policies to archive snapshots to Amazon Glacier and remove old snapshots after 1 year. Use cross-region replication to create a copy of the snapshots in US-WEST-2.
• D.Replace the local source code repository storage with a Storage Gateway cached volume. Create a snapshot schedule to take hourly snapshots. Use an Amazon CloudWatch Events schedule expression rule to run on hourly AWS Lambda task to copy snapshots from US-EAST -1 to US-WEST-2.

Comment: *

Name: *

Email: *

Verification: *

A company has an application that sends newsletters through email to users The application runs on two Amazon EC2 instances in a VPC The first EC2 instance contains the email application that sends email directly to users The second EC2 instance contains a MySQL database that is heavily dependent upon relational data Each EC2 instance is controlled by its own Auto Scaling group with a minimum and maximum of one instance Management wants improved application reliability and support for personalized email Which set of steps should a solutions architect take to meet these requirements?

• A.Migrate the database to an Amazon RDS MySQL Multi-AZ DB instance Reconfigure the email application to use Amazon Pinpoint to send email
• B.Migrate the database to Amazon DynamoDB global tables Reconfigure the email application to use Amazon Simple Email Service (Amazon SES) to send email
• C.Migrate the database to an Amazon Aurora MySQL DB cluster with Aurora Replicas. Reconfigure the email application to use Amazon Simple Notification Service (Amazon SNS) to send email
• D.Increase the minimum number of EC2 instances in the Auto Scaling group to three Reconfigure the email application to use Amazon Simple Notification Service (Amazon SNS) to send email

Comment: *

Name: *

Email: *

Verification: *

MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS RDS instead of using its own DB instance for HA and DR requirements.
The organization also wants to secure RDS access.
How should the web application be setup with RDS?

• A.Create a VPC with one public and one private subnet. Launch an application instance in the public subnet while RDS is launched in the private subnet.
• B.Setup a public and two private subnets in different AZs within a VPC and create a subnet group. Launch RDS with that subnet group.
• C.Create a network interface and attach two subnets to it. Attach that network interface with RDS while launching a DB instance.
• D.Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect them with VPC peering.

Comment: *

Name: *

Email: *

Verification: *

A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company's engineers rely heavily on SSH access to the instances for troubleshooting.
The company's existing architecture includes the following:
* A VPC with private and public subnets, and a NAT gateway
* Site-to-Site VPN for connectivity with the on-premises environment
* EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers.
Which slrategy should a solutions architect use?

• A.Create an 1AM role with the Ama2onSSMManagedlnstanceCore managed policy attached. Attach the 1AM role to all the EC2 instances. Remove all security group rules attached to the EC2
• B.Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's devices. Enable AWS Config for EC2 security group resource changes. Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules.
• C.instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin for their devices and remotely access the instances by using the start-session API call from Systems Manager.
• D.Install and configure EC2 instance Connect on the fleet of EC2 instances. Remove all security group rules attached to EC2 instances that allow inbound TCP on port 22. Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI.
• E.Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's devices. Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs.

Comment: *

Name: *

Email: *

Verification: *