A company runs a public-facing three-tier web application in a VPC across multiple Availability Zones. Amazon EC2 instances for the application tier running in private subnets need to download software patches from the internet. However, the EC2 instances cannot be directly accessible from the internet. Which actions should be taken to allow the EC2 instances to download the needed patches? (Select TWO.)
A) Configure a NAT gateway in a public subnet. B) Define a custom route table with a route to the NAT gateway for internet traffic and associate it with the private subnets for the application tier. C) Assign Elastic IP addresses to the EC2 instances. D) Define a custom route table with a route to the internet gateway for internet traffic and associate it with the private subnets for the application tier. E) Configure a NAT instance in a private subnet
A solutions architect wants to design a solution to save costs for Amazon EC2 instances that do not need to run during a 2-week company shutdown. The applications running on the EC2 instances store data in instance memory that must be present when the instances resume operation. Which approach should the solutions architect recommend to shut down and resume the EC2 instances?
A) Modify the application to store the data on instance store volumes. Reattach the volumes while restarting them. B. Snapshot the EC2 instances before stopping them. Restore the snapshot after restarting the instances. C) Run the applications on EC2 instances enabled for hibernation. Hibernate the instances before the 2-week company shutdown. D) Note the Availability Zone for each EC2 instance before stopping it. Restart the instances in the same Availability Zones after the 2-week company shutdown.
A company plans to run a monitoring application on an Amazon EC2 instance in a VPC. Connections are made to the EC2 instance using the instance’s private IPv4 address. A solutions architect needs to design a solution that will allow traffic to be quickly directed to a standby EC2 instance if the application fails and becomes unreachable.
Which approach will meet these requirements?
A) Deploy an Application Load Balancer configured with a listener for the private IP address and register the primary EC2 instance with the load balancer. Upon failure, de-register the instance and register the standby EC2 instance. B) Configure a custom DHCP option set. Configure DHCP to assign the same private IP address to the standby EC2 instance when the primary EC2 instance fails. C) Attach a secondary elastic network interface to the EC2 instance configured with the private IP address. Move the network interface to the standby EC2 instance if the primary EC2 instance becomes unreachable. D) Associate an Elastic IP address with the network interface of the primary EC2 instance. Disassociate the Elastic IP from the primary instance upon failure and associate it with a standby EC2 instance.
An analytics company is planning to offer a web analytics service to its users. The service will require that the users’ webpages include a JavaScript script that makes authenticated GET requests to the company’s Amazon S3 bucket. What must a solutions architect do to ensure that the script will successfully execute?
A) Enable cross-origin resource sharing (CORS) on the S3 bucket. B) Enable S3 Versioning on the S3 bucket. C) Provide the users with a signed URL for the script. D) Configure an S3 bucket policy to allow public execute privileges.
A company’s security team requires that all data stored in the cloud be encrypted at rest at all times using encryption keys stored on premises. Which encryption options meet these requirements? (Select TWO.)
A) Use server-side encryption with Amazon S3 managed encryption keys (SSE-S3). B) Use server-side encryption with AWS KMS managed encryption keys (SSE-KMS). C) Use server-side encryption with customer-provided encryption keys (SSE-C). D) Use client-side encryption to provide at-rest encryption. E) Use an AWS Lambda function invoked by Amazon S3 events to encrypt the data using the customer’s keys.