A company hosts an application on multiple Amazon EC2 instances. The application processes messages from an Amazon SQS queue, writes to an Amazon RDS table, and deletes the message from the queue. Occasional duplicate records are found in the RDS table. The SQS queue does not contain any duplicate messages.
What should a solutions architect do to ensure messages are being processed once only?
Use the CreateQueue API call to create a new queue.
Use the AddPermission API call to add appropriate permissions.
Use the ReceiveMessage API call to set an appropriate wait time.
Use the ChangeMessageVisibility API call to increase the visibility timeout.
Answer is Use the ChangeMessageVisibility API call to increase the visibility timeout.
To ensure that messages are being processed only once, a solutions architect should use the ChangeMessageVisibility API call to increase the visibility timeout which is Option D.
The visibility timeout determines the amount of time that a message received from an SQS queue is hidden from other consumers while the message is being processed. If the processing of a message takes longer than the visibility timeout, the message will become visible to other consumers and may be processed again. By increasing the visibility timeout, the solutions architect can ensure that the message is not made visible to other consumers until the processing is complete and the message can be safely deleted from the queue.
Option A (Use the CreateQueue API call to create a new queue) would not address the issue of duplicate message processing.
Option B (Use the AddPermission API call to add appropriate permissions) is not relevant to this issue because it deals with setting permissions for accessing an SQS queue, which is not related to preventing duplicate records in the RDS table.
Option C (Use the ReceiveMessage API call to set an appropriate wait time) is not relevant to this issue because it is related to configuring how long the ReceiveMessage API call should wait for new messages to arrive in the SQS queue before returning an empty response. It does not address the issue of duplicate records in the RDS table.
A company is running a business-critical web application on Amazon EC2 instances behind an Application Load Balancer. The EC2 instances are in an Auto Scaling group. The application uses an Amazon Aurora PostgreSQL database that is deployed in a single Availability Zone. The company wants the application to be highly available with minimum downtime and minimum loss of data.
Which solution will meet these requirements with the LEAST operational effort?
Place the EC2 instances in different AWS Regions. Use Amazon Route 53 health checks to redirect traffic. Use Aurora PostgreSQL Cross-Region Replication.
Configure the Auto Scaling group to use multiple Availability Zones. Configure the database as Multi-AZ. Configure an Amazon RDS Proxy instance for the database.
Configure the Auto Scaling group to use one Availability Zone. Generate hourly snapshots of the database. Recover the database from the snapshots in the event of a failure.
Configure the Auto Scaling group to use multiple AWS Regions. Write the data from the application to Amazon S3. Use S3 Event Notifications to launch an AWS Lambda function to write the data to the database.
Answer is Configure the Auto Scaling group to use multiple Availability Zones. Configure the database as Multi-AZ. Configure an Amazon RDS Proxy instance for the database.
This solution will meet the requirements of high availability with minimum downtime and minimum loss of data with the least operational effort. By configuring the Auto Scaling group to use multiple Availability Zones, the web application will be able to withstand the failure of one Availability Zone without any disruption to the service. By configuring the database as Multi-AZ, the database will automatically failover to a standby instance in a different Availability Zone in the event of a failure, ensuring minimal downtime. Additionally, using an RDS Proxy instance will help to improve the performance and scalability of the database.
A. This approach provides geographic redundancy, it introduces additional complexity and operational effort, including managing replication, handling latency, and potentially higher data transfer costs.
C. While snapshots can be used for data backup and recovery, they do not provide real-time failover capabilities and can result in significant data loss if a failure occurs between snapshots.
D. While this approach offers some decoupling and scalability benefits, it adds complexity to the data flow and introduces additional overhead for data processing.
A company wants to move a multi-tiered application from on premises to the AWS Cloud to improve the application's performance. The application consists of application tiers that communicate with each other by way of RESTful services. Transactions are dropped when one tier becomes overloaded. A solutions architect must design a solution that resolves these issues and modernizes the application.
Which solution meets these requirements and is the MOST operationally efficient?
Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer. Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services.
Use Amazon CloudWatch metrics to analyze the application performance history to determine the servers' peak utilization during the performance failures. Increase the size of the application server's Amazon EC2 instances to meet the peak requirements.
Use Amazon Simple Notification Service (Amazon SNS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SNS queue length and scale up and down as required.
Use Amazon Simple Queue Service (Amazon SQS) to handle the messaging between application servers running on Amazon EC2 in an Auto Scaling group. Use Amazon CloudWatch to monitor the SQS queue length and scale up when communication failures are detected.
Answer is Use Amazon API Gateway and direct transactions to the AWS Lambda functions as the application layer. Use Amazon Simple Queue Service (Amazon SQS) as the communication layer between application services.
RESTful services = API Gateways.
A and D are both good solution however A will suffice the requirement as it is the most operational efficient for modern applications, AWS Lambda will scale elastically when application will become overloaded and the fact that it is serverless. SQS will handle the queue as well.
A company receives 10 TB of instrumentation data each day from several machines located at a single factory. The data consists of JSON files stored on a storage area network (SAN) in an on-premises data center located within the factory. The company wants to send this data to Amazon S3 where it can be accessed by several additional systems that provide critical near-real-time analytics. A secure transfer is important because the data is considered sensitive.
Which solution offers the MOST reliable data transfer?
AWS DataSync over public internet
AWS DataSync over AWS Direct Connect
AWS Database Migration Service (AWS DMS) over public internet
AWS Database Migration Service (AWS DMS) over AWS Direct Connect
Answer is AWS DataSync over AWS Direct Connect
The most reliable solution for transferring the data in a secure manner would be option B: AWS DataSync over AWS Direct Connect.
AWS DataSync is a data transfer service that uses network optimization techniques to transfer data efficiently and securely between on-premises storage systems and Amazon S3 or other storage targets. When used over AWS Direct Connect, DataSync can provide a dedicated and secure network connection between your on-premises data center and AWS. This can help to ensure a more reliable and secure data transfer compared to using the public internet.
Option A, AWS DataSync over the public internet, is not as reliable as using Direct Connect, as it can be subject to potential network issues or congestion.
Option C, AWS Database Migration Service (DMS) over the public internet, is not a suitable solution for transferring large amounts of data, as it is designed for migrating databases rather than transferring large amounts of data from a storage area network (SAN).
Option D, AWS DMS over AWS Direct Connect, is also not a suitable solution, as it is designed for migrating databases and may not be efficient for transferring large amounts of data from a SAN.
Question 65
A company needs to configure a real-time data ingestion architecture for its application. The company needs an API, a process that transforms data as the data is streamed, and a storage solution for the data.
Which solution will meet these requirements with the LEAST operational overhead?
Deploy an Amazon EC2 instance to host an API that sends data to an Amazon Kinesis data stream. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data source. Use AWS Lambda functions to transform the data. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.
Deploy an Amazon EC2 instance to host an API that sends data to AWS Glue. Stop source/destination checking on the EC2 instance. Use AWS Glue to transform the data and to send the data to Amazon S3.
Configure an Amazon API Gateway API to send data to an Amazon Kinesis data stream. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data source. Use AWS Lambda functions to transform the data. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.
Configure an Amazon API Gateway API to send data to AWS Glue. Use AWS Lambda functions to transform the data. Use AWS Glue to send the data to Amazon S3.
Answer is Configure an Amazon API Gateway API to send data to an Amazon Kinesis data stream. Create an Amazon Kinesis Data Firehose delivery stream that uses the Kinesis data stream as a data source. Use AWS Lambda functions to transform the data. Use the Kinesis Data Firehose delivery stream to send the data to Amazon S3.
You can use Amazon API Gateway as a fully managed service to create, publish, maintain, monitor, and secure APIs. This means that you don't have to worry about the operational overhead of deploying and maintaining an EC2 instance to host the API.
Amazon Kinesis Data Firehose, which is a fully managed service for delivering real-time streaming data to destinations such as Amazon S3. With Kinesis Data Firehose, you don't have to worry about the operational overhead of setting up and maintaining a data ingestion infrastructure.
Finally, AWS Lambda, which is a fully managed service for running code in response to events. With AWS Lambda, you don't have to worry about the operational overhead of setting up and maintaining a server to run the data transformation code.
Overall, Option C provides a fully managed solution for real-time data ingestion with minimal operational overhead.
Option A is incorrect because it involves deploying an EC2 instance to host an API, which adds operational overhead in the form of maintaining and securing the instance.
Option B is incorrect because it involves deploying an EC2 instance to host an API and disabling source/destination checking on the instance. Disabling source/destination checking can make the instance vulnerable to attacks, which adds operational overhead in the form of securing the instance.
Option D is incorrect because it involves using AWS Glue to send the data to Amazon S3, which adds operational overhead in the form of maintaining and securing the AWS Glue infrastructure.
Question 66
A solutions architect is designing the cloud architecture for a new application being deployed on AWS. The process should run in parallel while adding and removing application nodes as needed based on the number of jobs to be processed. The processor application is stateless. The solutions architect must ensure that the application is loosely coupled and the job items are durably stored.
Which design should the solutions architect use?
Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on CPU usage.
Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch configuration that uses the AMI. Create an Auto Scaling group using the launch configuration. Set the scaling policy for the Auto Scaling group to add and remove nodes based on network usage.
Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
Create an Amazon SNS topic to send the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of messages published to the SNS topic.
Answer is Create an Amazon SQS queue to hold the jobs that need to be processed. Create an Amazon Machine Image (AMI) that consists of the processor application. Create a launch template that uses the AMI. Create an Auto Scaling group using the launch template. Set the scaling policy for the Auto Scaling group to add and remove nodes based on the number of items in the SQS queue.
This design follows the best practices for loosely coupled and scalable architecture. By using SQS, the jobs are durably stored in the queue, ensuring they are not lost. The processor application is stateless, which aligns with the design requirement. The AMI allows for consistent deployment of the application. The launch template and ASG facilitate the dynamic scaling of the application based on the number of items in the SQS, ensuring parallel processing of jobs.
Options A and D suggest using SNS, which is a publish/subscribe messaging service and may not provide the durability required for job storage.
Option B suggests using network usage as a scaling metric, which may not be directly related to the number of jobs to be processed. The number of items in the SQS provides a more accurate metric for scaling based on the workload.
Question 67
A company hosts an application on AWS Lambda functions that are invoked by an Amazon API Gateway API. The Lambda functions save customer data to an Amazon Aurora MySQL database. Whenever the company upgrades the database, the Lambda functions fail to establish database connections until the upgrade is complete. The result is that customer data is not recorded for some of the event.
A solutions architect needs to design a solution that stores customer data that is created during database upgrades.
Which solution will meet these requirements?
Provision an Amazon RDS proxy to sit between the Lambda functions and the database. Configure the Lambda functions to connect to the RDS proxy.
Increase the run time of the Lambda functions to the maximum. Create a retry mechanism in the code that stores the customer data in the database.
Persist the customer data to Lambda local storage. Configure new Lambda functions to scan the local storage to save the customer data to the database.
Store the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Create a new Lambda function that polls the queue and stores the customer data in the database.
Answer is Store the customer data in an Amazon Simple Queue Service (Amazon SQS) FIFO queue. Create a new Lambda function that polls the queue and stores the customer data in the database.
RDS proxy can improve application availability in such a situation by waiting for the new database instance to be functional and maintaining any requests received from the application during this time. The end result is that the application is more resilient to issues with the underlying database. This will enable solution to hold data till the time DB comes back to normal.
A company has a large Microsoft SharePoint deployment running on-premises that requires Microsoft Windows shared file storage. The company wants to migrate this workload to the AWS Cloud and is considering various storage options. The storage solution must be highly available and integrated with Active Directory for access control.
Which solution will satisfy these requirements?
Configure Amazon EFS storage and set the Active Directory domain for authentication.
Create an SMB file share on an AWS Storage Gateway file gateway in two Availability Zones.
Create an Amazon S3 bucket and configure Microsoft Windows Server to mount it as a volume.
Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
Answer is Create an Amazon FSx for Windows File Server file system on AWS and set the Active Directory domain for authentication.
Amazon FSx for Windows File Server is a fully managed file storage service that is designed to be used with Microsoft Windows workloads. It is integrated with Active Directory for access control and is highly available, as it stores data across multiple availability zones. Additionally, FSx can be used to migrate data from on-premises Microsoft Windows file servers to the AWS Cloud. This makes it a good fit for the requirements described in the question.
A. EFS does not provide native integration with AD for access control. While you can configure EFS to work with AD, it requires additional setup and is not as straightforward as using a dedicated Windows file system like FSx for Windows File Server.
B. It may introduce additional complexity for this use case. Creating an SMB file share using AWS Storage Gateway would require maintaining the gateway and managing the synchronization between on-premises and AWS storage.
C. S3 does not natively provide the SMB file protocol required for MS SharePoint and Windows shared file storage. While it is possible to mount an S3 as a volume using 3rd-party tools or configurations, it is not the recommended.
A company is implementing a shared storage solution for a gaming application that is hosted in an on-premises data center. The company needs the ability to use Lustre clients to access data. The solution must be fully managed.
Which solution meets these requirements?
Create an AWS Storage Gateway file gateway. Create a file share that uses the required client protocol. Connect the application server to the file share.
Create an Amazon EC2 Windows instance. Install and configure a Windows file share role on the instance. Connect the application server to the file share.
Create an Amazon Elastic File System (Amazon EFS) file system, and configure it to support Lustre. Attach the file system to the origin server. Connect the application server to the file system.
Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.
Answer is Create an Amazon FSx for Lustre file system. Attach the file system to the origin server. Connect the application server to the file system.
Amazon FSx for Lustre is a fully managed file system that is designed for high-performance workloads, such as gaming applications. It provides a high-performance, scalable, and fully managed file system that is optimized for Lustre clients, and it is fully integrated with Amazon EC2. It is the only option that meets the requirements of being fully managed and able to support Lustre clients.
A. Lustre client access is not supported by AWS Storage Gateway file gateway.
B. Creating a Windows file share on an EC2 Windows instance is suitable for Windows-based file sharing, but it does not provide the required Lustre client access. Lustre is a high-performance parallel file system primarily used in high-performance computing (HPC) environments.
C. EFS does not natively support Lustre client access. Although EFS is a managed file storage service, it is designed for general-purpose file storage and is not optimized for Lustre workloads.
Question 70
A company wants to migrate an on-premises data center to AWS. The data center hosts an SFTP server that stores its data on an NFS-based file system. The server holds 200 GB of data that needs to be transferred. The server must be hosted on an Amazon EC2 instance that uses an Amazon Elastic File System (Amazon EFS) file system.
Which combination of steps should a solutions architect take to automate this task? (Choose two.)
Launch the EC2 instance into the same Availability Zone as the EFS file system.
Install an AWS DataSync agent in the on-premises data center.
Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance for the data.
Manually use an operating system copy command to push the data to the EC2 instance.
Use AWS DataSync to create a suitable location configuration for the on-premises SFTP server.
Answers are;
B. Install an AWS DataSync agent in the on-premises data center.
E. Use AWS DataSync to create a suitable location configuration for the on-premises SFTP server.
To automate the process of transferring the data from the on-premises SFTP server to an EC2 instance with an EFS file system, you can use AWS DataSync. AWS DataSync is a fully managed data transfer service that simplifies, automates, and accelerates transferring data between on-premises storage systems and Amazon S3, Amazon EFS, or Amazon FSx for Windows File Server.
To use AWS DataSync for this task, you should first install an AWS DataSync agent in the on-premises data center. This agent is a lightweight software application that you install on your on-premises data source. The agent communicates with the AWS DataSync service to transfer data between the data source and target locations.
Next, you should use AWS DataSync to create a suitable location configuration for the on-premises SFTP server. A location represents a data source or a data destination in an AWS DataSync task. You can create a location for the on-premises SFTP server by specifying the IP address, the path to the data, and the necessary credentials to access the data.
Once you have created the location configuration for the on-premises SFTP server, you can use AWS DataSync to transfer the data to the EC2 instance with the EFS file system. AWS DataSync handles the data transfer process automatically and efficiently, transferring the data at high speeds and minimizing downtime.
Explanation of other options
A. Launch the EC2 instance into the same Availability Zone as the EFS file system.
This option is not wrong, but it is not directly related to automating the process of transferring the data from the on-premises SFTP server to the EC2 instance with the EFS file system. Launching the EC2 instance into the same Availability Zone as the EFS file system can improve the performance and reliability of the file system, as it reduces the latency between the EC2 instance and the file system. However, it is not necessary for automating the data transfer process.
C. Create a secondary Amazon Elastic Block Store (Amazon EBS) volume on the EC2 instance for the data.
This option is incorrect because Amazon EBS is a block-level storage service that is designed for use with Amazon EC2 instances. It is not suitable for storing large amounts of data that need to be accessed by multiple EC2 instances, like in the case of the NFS-based file system on the on-premises SFTP server. Instead, you should use Amazon EFS, which is a fully managed, scalable, and distributed file system that can be accessed by multiple EC2 instances concurrently.
D. Manually use an operating system copy command to push the data to the EC2 instance.
This option is not wrong, but it is not the most efficient or automated way to transfer the data from the on-premises SFTP server to the EC2 instance with the EFS file system. Manually transferring the data using an operating system copy command would require manual intervention and would not scale well for large amounts of data. It would also not provide the same level of performance and reliability as a fully managed service like AWS DataSync.