2024 AWS-Solutions-Architect-Professional exam torrent AWS-Solutions-Architect-Professional Study Guide [Q221-Q240]

2024 AWS-Solutions-Architect-Professional exam torrent AWS-Solutions-Architect-Professional Study Guide

Easily pass AWS-Solutions-Architect-Professional Exam with our Dumps & PDF Test Engine

Holding the AWS Certified Solutions Architect - Professional certification is a testament to the candidate's expertise in designing and deploying scalable, highly available, and fault-tolerant systems on AWS. It is a valuable certification for professionals who want to advance their career in cloud computing and stand out in a competitive job market. Additionally, the certification demonstrates to employers and clients that the candidate has the skills and knowledge needed to deliver high-quality solutions on AWS.

To pass the AWS-Solutions-Architect-Professional exam, candidates need to have a strong understanding of AWS services such as EC2, S3, RDS, and VPC, as well as experience designing and deploying complex, multi-tier applications on AWS. They must also be familiar with AWS security and compliance requirements, and be able to design cost-optimized solutions that meet business requirements.

Amazon AWS-Solutions-Architect-Professional (AWS Certified Solutions Architect - Professional) Exam is a certification exam offered by Amazon Web Services (AWS) to test the skills and knowledge of IT professionals who design and deploy scalable, highly available, and fault-tolerant systems on AWS. AWS-Solutions-Architect-Professional exam is designed for professionals who have already obtained the AWS Certified Solutions Architect - Associate certification and have at least two years of hands-on experience in designing and deploying AWS-based applications.

 

NEW QUESTION # 221
A retail company is running an application that stores invoice files in Amazon S3 bucket and metadata about the files in an Amazon. The S3 bucket and DynamoDB table are in us-east-1. The company wants to protect itself from data corruption and loss of connectivity to either Region.
Which option meets these requirements?

• A. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Enable versioning on the S3 bucket.
• B. Create an AWS Lambda function triggered by Amazon CloudWatch Events to make regular backups of the DynamoDB table. Set up S3 cross-region replication from us-east-1 to eu-west-1. Set up MFA delete on the S3 bucket in us-east-1.
• C. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable continuous backup on the DynamoDB table in us-east-1. Set up S3 cross-region replication from us-east-1 to eu-west-1.
• D. Create a DynamoDB global table to replicate data between us-east-1 and eu-west-1. Enable versioning on the S3 bucket. Implement strict ACLs on the S3 bucket.

Answer: A

Explanation:
https://aws.amazon.com/blogs/aws/new-cross-region-replication-for-amazon-s3/

NEW QUESTION # 222
A company is implementing a multi-account strategy; however, the Management team has expressed concerns that services like DNS may become overly complex. The company needs a solution that allows private DNS to be shared among virtual private clouds (VPCs) in different accounts. The company will have approximately 50 accounts in total.
What solution would create the LEAST complex DNS architecture and ensure that each VPC can resolve all AWS resources?

• A. Create a shared services VPC in a central account. Create a VPC peering connection from the VPCs in other accounts to the shared services VPC. Create an Amazon Route 53 privately hosted zone in the shared services VPC with resource record sets for the domain and subdomains. Allow UDP and TCP port 53 over the VPC peering connections.
• B. Create a shared services VPC in a central account, and create a VPC peering connection from the shared services VPC to each of the VPCs in the other accounts. Within Amazon Route 53, create a privately hosted zone in the shared services VPC and resource record sets for the domain and subdomains. Programmatically associate other VPCs with the hosted zone.
• C. Set the VPC attributes enableDnsHostnames and enableDnsSupport to "false" in every VPC.
  Create an AWS Direct Connect connection with a private virtual interface. Allow UDP and TCP port 53 over the virtual interface. Use the on-premises DNS servers to resolve the IP addresses in each VPC on AWS.
• D. Create a VPC peering connection among the VPCs in all accounts. Set the VPC attributes enableDnsHostnames and enableDnsSupport to "true" for each VPC. Create an Amazon Route
  53 private zone for each VPC. Create resource record sets for the domain and subdomains.
  Programmatically associate the hosted zones in each VPC with the other VPCs.

Answer: B

Explanation:
B: enableDnsHostnames: Indicates whether instances with public IP addresses get corresponding public DNS hostnames. If this attribute is true, instances in the VPC get public DNS hostnames, but only if the enableDnsSupport attribute is also set to true. enableDnsSupport:
Indicates whether the DNS resolution is supported. This is not needed.
C: Do it from the central account is less complex and faster.
D: This is not recommended and not the least complex solution. This will be difficult to maintain too. I don't think it's even possible.

NEW QUESTION # 223
A company is running a tone-of-business (LOB) application on AWS to support its users The application runs in one VPC. with a backup copy in a second VPC in a different AWS Region for disaster recovery The company has a single AWS Direct Connect connection between its on-premises network and AWS The connection terminates at a Direct Connect gateway All access to the application must originate from the company's on-premises network, and traffic must be encrypted in transit through the use of Psec. The company is routing traffic through a VPN tunnel over the Direct Connect connection to provide the required encryption.
A business continuity audit determines that the Direct Connect connection represents a potential single point of failure for access to the application The company needs to remediate this issue as quickly as possible.
Which approach will meet these requirements?

• A. Configure an AWS Site-to-Site VPN connection over the internet Terminate the VPN connection at a virtual private gateway in the secondary Region
• B. Order a second Direct Connect connection to a different Direct Connect location. Terminate the second Direct Connect connection at the same Direct Connect gateway.
• C. Create a transit gateway. Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway. Order a second Direct Connect connection, and terminate it at the transit gateway.
• D. Create a transit gateway Attach the VPCs to the transit gateway, and connect the transit gateway to the Direct Connect gateway Configure an AWS Site-to-Site VPN connection, and terminate it at the transit gateway

Answer: D

NEW QUESTION # 224
You currently operate a web application In the AWS US-East region The application runs on an
auto-scaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer
has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM
And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of
these solutions would you recommend?

• A. Create a new CloudTrail with one new S3 bucket to store the logs Configure SNS to send log file
  delivery notifications to your management system Use IAM roles and S3 bucket policies on the S3 bucket
  mat stores your logs.
• B. Create a new CloudTrail trail with one new S3 bucket to store the logs and with the global services
  option selected Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3
  bucket that stores your logs.
• C. Create three new CloudTrail trails with three new S3 buckets to store the logs one for the AWS
  Management console, one for AWS SDKs and one for command line tools Use IAM roles and S3 bucket
  policies on the S3 buckets that store your logs.
• D. Create a new CloudTrail trail with an existing S3 bucket to store the logs and with the global services
  option selected Use S3 ACLs and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores
  your logs.

Answer: B

NEW QUESTION # 225
A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI The company's engineers rely heavily on SSH access to the instances for troubleshooting.
The company's existing architecture includes the following
* A VPC with private and public subnets, and a NAT gateway
* Site-to-Site VPN for connectivity with the on-premises environment
* EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers Which strategy should a solutions architect use''

• A. Update the EC2 security groups to only allow Inbound TCP on port 22 to the IP addresses of the engineer's devices Enable AWS Config for EC2 security group resource changes Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules
• B. Update the EC2 security groups to only allow Inbound TCP on port 22 to the IP addresses of the engineer's devices Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs
• C. Create an 1AM role with the AmazonSSMManaged InstanceCore managed policy attached Attach the 1AM role to all the EC2 instances Remove all security group rules attached to the EC2 instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin lor their devices and remotely access the instances by using the start-session API call from Systems Manager
• D. Install and configure EC2 Instance Connect on the fleet of EC2 instances Remove all security group rules attached to EC2 instances that allow Inbound TCP on port 22 Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI

Answer: B

NEW QUESTION # 226
A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution.
Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.
Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Select TWO.)

• A. Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode.
• B. Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode.
• C. Use AWS Contig lo report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedlnstances actions.
• D. In each AWS account, create an IAM policy with a DENY rule to the
  ec2:PurchaseReservedlnstancesOffering and ec2:ModifyReservedInstances actions.
• E. Create an SCP that contains a deny rule to the ec2:PurchaseReservedlnstancesOffering and ec2: Modify Reserved Instances actions. Attach the SCP to each organizational unit (OU) of the AWS Organizations structure.

Answer: A,E

Explanation:
Explanation
https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnableAllFeatures.html
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp-strategies.html A: By ensuring all AWS accounts are part of an organization in AWS Organizations, it allows for centralized management and control of the accounts. This can help enforce the new purchasing process by giving a dedicated team the ability to manage and enforce policies across all accounts. D: By creating an SCP (Service Control Policy) that denies access to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions, it enforces the new centralized purchasing process. Attaching the SCP to each OU (organizational unit) within the organization ensures that all business units are adhering to the new process.

NEW QUESTION # 227
A travel company built a web application that uses Amazon Simple Email Service (Amazon SES) to send email notifications to users. The company needs to enable logging to help troubleshoot email delivery issues.
The company also needs the ability to do searches that are based on recipient, subject, and time sent.
Which combination of steps should a solutions architect take to meet these requirements? (Select TWO.)

• A. Enable AWS CloudTrail logging. Specify an Amazon S3 bucket as the destination for the logs.
• B. Use Amazon Athena to query the logs in Amazon CloudWatch for recipient, subject, and time sent.
• C. Create an Amazon CloudWatch log group. Configure Amazon SES to send logs to the log group.
• D. Use Amazon Athena to query the logs in the Amazon S3 bucket for recipient, subject, and time sent.
• E. Create an Amazon SES configuration set with Amazon Kinesis Data Firehose as the destination.
  Choose to send logs to an Amazon S3 bucket.

Answer: A,D

NEW QUESTION # 228
Company is developing a gene reporting device that will collect genomic information to assist researchers with collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide Information back to researchers. The data platform must meet the following requirements:
*Provide near-real-time analytics of the inbound genomic data
*Ensure the data is flexible, parallel, and durable
*Deliver results of processing to a data warehouse
Which strategy should a solutions architect use to meet these requirements?

• A. Use Amazon S3 to collect the inbound device data, analyze the data from Amazon SOS with Kinesis, and save the results to an Amazon Redshift cluster.
• B. Use an Amazon API Gateway to put requests into an Amazon SQS queue, analyze the data with an AWS Lambda function, and save the results to an Amazon Redshift cluster using Amazon EMR.
• C. Use Amazon Kinesis Data Firehose to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon RDS instance.
• D. Use Amazon Kinesis Data Streams to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon Redshift duster using Amazon EMR

Answer: C

NEW QUESTION # 229
A user has created a VPC with public and private subnets using the VPC wizard. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.0.0/24 . The NAT instance ID is i-a12345.
Which of the below mentioned entries are required in the main route table attached with the private subnet to allow instances to connect with the internet?

• A. Destination: 0.0.0.0/0 and Target: i-a12345
• B. Destination: 20.0.0.0/0 and Target: i-a12345
• C. Destination: 20.0.0.0/0 and Target: 80
• D. Destination: 20.0.0.0/24 and Target: i-a12345

Answer: A

Explanation:
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create two route tables and attach to the subnets. The main route table will have the entry "Destination: 0.0.0.0/0 and Target: i-a12345", which allows all the instances in the private subnet to connect to the internet using NAT.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

NEW QUESTION # 230
You want to establish redundant VPN connections and customer gateways on your network by setting up a second VPN connection. Which of the following will ensure that this functions correctly?

• A. The customer gateway IP address for the second VPN connection must be privately accessible and be the same public IP address that you are using for the first VPN connection.
• B. The virtual gateway IP address for the second VPN connection must be publicly accessible.
• C. The customer gateway IP address for the second VPN connection must be publicly accessible.
• D. The customer gateway IP address for the second VPN connection must use dynamic routes.

Answer: C

Explanation:
To establish redundant VPN connections and customer gateways on your network, you would need to set up a second VPN connection. However, you must ensure that the customer gateway IP address for the second VPN connection is publicly accessible.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html

NEW QUESTION # 231
You are responsible for a web application that consists of an Elastic Load Balancing (ELB) load balancer
in front of an Auto Scaling group of Amazon Elastic Compute Cloud (EC2) instances. For a recent
deployment of a new version of the application, a new Amazon Machine Image (AMI) was created, and
the Auto Scaling group was updated with a new launch configuration that refers to this new AMI. During
the deployment, you received complaints from users that the website was responding with errors. All
instances passed the ELB health checks.
What should you do in order to avoid errors for future deployments? (Choose 2 answer)

• A. Increase the Elastic Load Balancing Unhealthy Threshold to a higher value to prevent an unhealthy
  instance from going into service behind the load balancer.
• B. Enable EC2 instance CloudWatch alerts to change the launch configuration's AMI to the previous one.
  Gradually terminate instances that are using the new AMI.
• C. Set the Elastic Load Balancing health check configuration to target a part of the application that fully
  tests application health and returns an error if the tests fail.
• D. Add an Elastic Load Balancing health check to the Auto Scaling group. Set a short period for the health
  checks to operate as soon as possible in order to prevent premature registration of the instance to the
  load balancer.
• E. Create a new launch configuration that refers to the new AMI, and associate it with the group. Double
  the size of the group, wait for the new instances to become healthy, and reduce back to the original size.
  If new instances do not become healthy, associate the previous launch configuration.

Answer: C,E

NEW QUESTION # 232
A company wants to deploy an AWS WAF solution to manage AWS WAF rules across multiple AWS accounts. The accounts are managed under different OUs in AWS Organizations.
Administrators must be able to add or remove accounts or OUs from managed AWS WAF rule sets as needed.
Administrators also must have the ability to automatically update and remediate noncompliant AWS WAF rules in all accounts Which solution meets these requirements with the LEAST amount of operational overhead?

• A. Use AWS Firewall Manager to manage AWS WAF rules across accounts in the organization. Use an AWS Systems Manager Parameter Store parameter to store account numbers and OUs to manage Update the parameter as needed to add or remove accounts or OUs Use an Amazon EventBridge (Amazon CloudWatch Events) rule to identify any changes to the parameter and to invoke an AWS Lambda function to update the security policy in the Firewall Manager administrative account
• B. Create AWS WAF rules in the management account of the organization. Use AWS Lambda environment variables to store account numbers and OUs to manage Update environment variables as needed to add or remove accounts or OUs Create cross-account 1AM roles in member accounts.
  Assume the roles by using AWS Security Token Service (AWS STS) in the Lambda function to create and update AWS WAF rules in the member accounts
• C. Use AWS Control Tower to manage AWS WAF rules across accounts in the organization. Use AWS Key Management Service (AWS KMS) to store account numbers and OUs to manage Update AWS KMS as needed to add or remove accounts or OUs. Create 1AM users in member accounts Allow AWS Control Tower in the management account to use the access key and secret access key to create and update AWS WAF rules in the member accounts
• D. Deploy an organization-wide AWS Conng rule that requires all resources in the selected OUs to associate the AWS WAF rules. Deploy automated remediation actions by using AWS Lambda to fix noncompliant resources. Deploy AWS WAF rules by using an AWS CloudFormation stack set to target the same OUs where the AWS Config rule is applied.

Answer: D

NEW QUESTION # 233
A company wants to migrate its workloads from on premises to AWS. The workloads run on Linux and Windows. The company has a large on-premises intra structure that consists of physical machines and VMs that host numerous applications.
The company must capture details about the system configuration. system performance. running processure and network coi.net lions of its o. -premises ,on boards. The company also must divide the on-premises applications into groups for AWS migrations. The company needs recommendations for Amazon EC2 instance types so that the company can run its workloads on AWS in the most cost-effective manner.
Which combination of steps should a solutions architect take to meet these requirements? (Select THREE.)

• A. Import data about server sizes into AWS Trusted Advisor. Follow the recommendations for cost optimization.
• B. Assess the existing applications by installing AWS Application Discovery Agent on the physical machines and VMs.
• C. Group servers into applications for migration by using AWS Migration Hub.
• D. Group servers into applications for migration by using AWS Systems Manager Application Manager.
• E. Assess the existing applications by installing AWS Systems Manager Agent on the physical machines and VMs
• F. Generate recommended instance types and associated costs by using AWS Migration Hub.

Answer: B,C,F

Explanation:
Explanation
https://docs.aws.amazon.com/application-discovery/latest/userguide/discovery-agent.html
https://docs.aws.amazon.com/migrationhub/latest/ug/ec2-recommendations.html

NEW QUESTION # 234
A user has created a VPC with public and private subnets. The VPC has CIDR 20.0.0.0/16. The private subnet uses CIDR 20.0.1.0/24 and the public subnet uses CIDR 20.0.0.0/24. The user is planning to host a web server in the public subnet (port 80) and a DB server in the private subnet (port 3306). The user is configuring a security group of the NAT instance.
Which of the below mentioned entries is not required in NAT's security group for the database servers to connect to the Internet for software updates?

• A. For Outbound allow Destination: 0.0.0.0/0 on port 443
• B. For Inbound allow Source: 20.0.1.0/24 on port 80
• C. For Inbound allow Source: 20.0.0.0/24 on port 80
• D. For Outbound allow Destination: 0.0.0.0/0 on port 80

Answer: C

Explanation:
Explanation
A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet to host the web server and DB server respectively, the user should configure that the instances in the private subnet can connect to the internet using the NAT instances. The user should first configure that NAT can receive traffic on ports 80 and 443 from the private subnet. Thus, allow ports 80 and 443 in Inbound for the private subnet 20.0.1.0/24. Now to route this traffic to the internet configure ports 80 and 443 in Outbound with destination 0.0.0.0/0. The NAT should not have an entry for the public subnet CIDR.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html

NEW QUESTION # 235
A company is migrating its marketing website and content management system from an on-premises data center to AWS. The company wants the AWS application to be developed in a VPC with Amazon EC2 instances used for the web servers and an Amazon RDS instance for the database.
The company has a runbook document that describes the installation process of the on-premises system. The company would like to base the AWS system on the processes referenced in the runbook document. The runbook document describes the installation and configuration of the operating systems, network settings, the website, and content management system software on the servers. After the migration is complete, the company wants to be able to make changes quickly to take advantage of other AWS features.
How can the application and environment be deployed and automated in AWS, while allowing for future changes?

• A. Update the runbook to describe how to create the VPC, the EC2 instances, and the RDS instance for the application by using the AWS Console. Make sure that the rest of the steps in the runbook are updated to reflect any changes that may come from the AWS migration.
• B. Write an AWS CloudFormation template that creates the VPC, the EC2 instances, and the RDS instance for the application. Ensure that the rest of the steps in the runbook are updated to reflect any changes that may come from the AWS migration.
• C. Write a Python script that uses the AWS API to create the VPC, the EC2 instances, and the RDS instance for the application. Write shell scripts that implement the rest of the steps in the runbook.
  Have the Python script copy and run the shell scripts on the newly created instances to complete the installation.
• D. Write an AWS CloudFormation template that creates the VPC, the EC2 instances, and the RDS instance for the application. Include EC2 user data in the AWS CloudFormation template to install and configure the software.

Answer: D

NEW QUESTION # 236
____________pricing offers significant savings over the normal price of DynamoDB provisioned throughput capacity.

• A. Reserved Point
• B. Discount Voucher
• C. Discount Service
• D. Reserved Capacity

Answer: D

Explanation:
Explanation
Reserved Capacity pricing offers significant savings over the normal price of DynamoDB provisioned throughput capacity. When you buy Reserved Capacity, you pay a one-time upfront fee and commit to paying for a minimum usage level, at the hourly rates indicated above, for the duration of the Reserved Capacity term.
http://aws.amazon.com/dynamodb/pricing/

NEW QUESTION # 237
A company wants to move a web application to AWS. The application stores session information locally on each web server, which will make auto scaling difficult. As part of the migration, the application will be rewritten to decouple the session data from the web servers. The company requires low latency, scalability, and availability.
Which service will meet the requirements for storing the session information in the MOST cost- effective way?

• A. Amazon ElastiCache with the Memcached engine
• B. Amazon S3
• C. Amazon ElastiCache with the Redis engine
• D. Amazon RDS MySQL

Answer: C

Explanation:
While Key/Value data stores are known to be extremely fast and provide sub-millisecond latency, the added network latency and added cost are the drawbacks. An added benefit of leveraging Key/Value stores is that they can also be utilized to cache any data, not just HTTP sessions, which can help boost the overall performance of your applications.
A vs D: ElastiCache offerings for In-Memory key/value stores include ElastiCache for Redis, which can support replication, and ElastiCache for Memcached which does not support replication.
https://aws.amazon.com/caching/session-management/

NEW QUESTION # 238
A company has detected to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
Grid instances must communicate with Amazon S3 retrieve data to be processed.
* Grid instances must communicate with Amazon DynamoDB to track intermediate data,
* The job scheduler need only to communicate with the Amazon EC2 API to start new grid nodes.
* A key requirement is that the environment has no access to the internet, either directly or via the on-premises proxy. However, the application needs to be able to seamlessly communicate to Amazon S3, Amazon DynamoDB, and Amazon EC2 API, without the need for reconfiguration for each new deployment.
Which of the following should the Solutions Architect do to achieve this target architecture?
(Choose three.)

• A. Enable an interface VPC endpoint for EC2.
• B. Configure Amazon S3 endpoint policy to permit access only from the grid nodes.
• C. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint.
• D. Disable Private DNS Name Support.
• E. Enable VPC endpoints for Amazon S3 and DynamoDB.
• F. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint.

Answer: B,C,F

NEW QUESTION # 239
A company is migrating its marketing website and content management system from an on-premises data center to AWS. The company wants the AWS application to be deployed in a VPC with Amazon EC2 instances used for the web servers and an Amazon RDS instance for the database.
The company has a runbook document that describes the installation process of the on-premises system. The company would like to base the AWS system on the processes referenced in the runbook document. The runbook document describes the installation and configuration of the operating systems, network settings, the website, and content management system software on the servers After the migration is complete, the company wants to be able to make changes quickly to take advantage of other AWS features.
How can the application and environment be deployed and automated m AWS. while allowing for future changes?

• A. Update the runbook to describe how to create the VPC. the EC2 instances and the RDS instance for the application by using the AWS Console Make sure that the rest of the steps in the runbook are updated to reflect any changes that may come from the AWS migration
• B. Write an AWS CloudFormation template that creates the VPC the EC2 instances, and the RDS instance for the application Include EC2 user data in the AWS Cloud Formation template to install and configure the software.
• C. Write a Python script that uses the AWS API to create the VPC. the EC2 instances and the RDS instance for the application Write shell scripts that implement the rest of the steps in the runbook Have the Python script copy and run the shell scripts on the newly created instances to complete the installation
• D. Write an AWS Cloud Formation template that creates the VPC, the EC2 instances, and the RDS instance for the application Ensure that the rest of the steps in the runbook are updated to reflect any changes that may come from the AWS migration

Answer: B

NEW QUESTION # 240
......

AWS-Solutions-Architect-Professional PDF Pass Leader, AWS-Solutions-Architect-Professional Latest Real Test: https://passguide.validtorrent.com/AWS-Solutions-Architect-Professional-valid-exam-torrent.html