Amazon AWS Certified Solutions Architect – Professional SAP-C02 Exam Dumps and Practice Test Questions Set 2 Q21-40

Visit here for our full Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam dumps and practice test questions.

Question 21:

A company is deploying a web application that must scale dynamically and handle millions of requests per second globally. The architecture should minimize latency and cost while providing high availability. Which combination of services should the solutions architect use?

Answer:

A) Amazon EC2 Auto Scaling with Application Load Balancer and CloudFront
B) Amazon ECS with Fargate, Route 53 latency-based routing, and CloudFront
C) Amazon S3 static website hosting with CloudFront
D) Amazon Lambda with API Gateway and CloudFront

Explanation:

The correct answer is D) Amazon Lambda with API Gateway and CloudFront.

Using Lambda eliminates the need to manage EC2 instances or container orchestration, providing serverless compute that scales automatically based on incoming request volume. API Gateway acts as a front-end to Lambda functions, handling authentication, throttling, and routing requests efficiently. CloudFront caches content and distributes it at edge locations globally, reducing latency for end-users. This combination ensures high availability, cost efficiency, and elastic scaling to handle millions of requests per second.

Option A, while scalable, requires managing EC2 instances and scaling policies, adding operational complexity and potential underutilization costs. Option B reduces server management by using Fargate but may not scale as efficiently under extreme load as a fully serverless solution. Option C is suitable for purely static content but cannot handle dynamic workloads or business logic processing.

Lambda with API Gateway and CloudFront also integrates with CloudWatch for monitoring execution metrics, X-Ray for tracing requests, and IAM for access control, allowing full observability and security compliance. Serverless architectures reduce cost by paying only for actual execution time and eliminate the risk of overprovisioning resources. Edge caching through CloudFront ensures minimal latency globally, while API Gateway ensures reliable routing, throttling, and protection against sudden traffic spikes. This design is ideal for modern event-driven web applications requiring global availability and low operational overhead.

Question 22:

A company wants to ensure compliance with regulatory requirements for data stored in Amazon S3. Data must be encrypted at rest, access must be logged, and any changes to configuration should be monitored. Which combination of AWS services and features should the architect implement?

Answer:

A) Amazon S3 with KMS-managed keys, CloudTrail logging, and AWS Config
B) Amazon S3 server-side encryption with AES-256, CloudWatch Logs, and IAM roles
C) Amazon S3 public bucket with SSL, CloudTrail, and lifecycle policies
D) Amazon S3 client-side encryption, CloudWatch Metrics, and Route 53

Explanation:

The correct answer is A) Amazon S3 with KMS-managed keys, CloudTrail logging, and AWS Config.

Amazon S3 with KMS-managed keys ensures that all objects are encrypted at rest using managed encryption keys. CloudTrail tracks all API calls and user activity, providing a detailed audit trail necessary for compliance and forensic investigations. AWS Config monitors changes to bucket configurations, such as bucket policies or encryption settings, enabling continuous compliance assessment and alerts if resources drift from desired configurations.

Option B, while including encryption and CloudWatch Logs, does not provide comprehensive tracking of API activity across S3, which is required for compliance. CloudWatch Metrics captures only operational metrics, not API-level auditing. Option C, using a public bucket, exposes data and violates regulatory standards. Lifecycle policies do not monitor changes to bucket configurations and do not enforce encryption. Option D, using client-side encryption and CloudWatch, introduces operational complexity without centralized key management or automated compliance monitoring.

The architecture with KMS, CloudTrail, and Config ensures that sensitive data is encrypted, access is monitored, and any configuration changes are detected automatically. Additionally, KMS allows fine-grained access control for encryption keys, enabling separation of duties between administrators and data owners. CloudTrail integration with S3 ensures all read and write operations are captured, while AWS Config rules can automatically alert or remediate non-compliant changes, maintaining continuous regulatory compliance. This solution provides a robust, secure, and auditable storage environment.

Question 23:

A company needs to implement a highly available and low-latency relational database for a globally distributed application. The application must handle high read traffic from multiple regions. Which AWS solution is most appropriate?

Answer:

A) Amazon RDS MySQL with Read Replicas
B) Amazon Aurora Global Database
C) Amazon DynamoDB with global tables
D) Amazon Redshift with Concurrency Scaling

Explanation:

The correct answer is B) Amazon Aurora Global Database.

Aurora Global Database allows a primary region to asynchronously replicate data to up to five secondary regions with low latency. This supports high availability, disaster recovery, and read scaling across regions. Applications in secondary regions can perform read operations locally, minimizing latency for global users. Failover to a secondary region can occur in minutes, ensuring business continuity in the event of a regional outage.

Option A provides regional read replicas but does not natively support multi-region low-latency reads and failover, making it less suitable for globally distributed applications. Option C, DynamoDB with global tables, is a NoSQL solution and may not satisfy transactional relational requirements. Option D, Redshift, is optimized for analytical workloads rather than high-performance transactional operations.

Aurora Global Database also benefits from automatic storage scaling, continuous backups, and integration with CloudWatch for performance monitoring. Data is replicated across multiple AZs in each region for durability, and the architecture supports minimal downtime migrations and cross-region disaster recovery planning. This approach ensures that globally distributed users experience low latency and high availability while maintaining the ACID properties and transactional guarantees required by relational databases.

Question 24:

A company needs to implement a secure mechanism for cross-account S3 bucket access for a multi-tenant application. The solution must follow the principle of least privilege. Which AWS architecture is recommended?

Answer:

A) IAM roles with bucket policies for cross-account access
B) Public S3 bucket with object ACLs
C) Manual copying of objects between accounts
D) S3 replication without IAM permissions

Explanation:

The correct answer is A) IAM roles with bucket policies for cross-account access.

Using IAM roles allows users or applications in one account to assume a role with temporary credentials, granting access to S3 resources in another account. Bucket policies define which actions are permitted, ensuring fine-grained access control and adherence to the principle of least privilege. This approach also supports auditing via CloudTrail, enabling tracking of access and operations performed across accounts.

Option B exposes data publicly, violating security best practices. Option C is operationally complex and error-prone, leading to potential data inconsistencies. Option D, S3 replication, only copies objects to another account or bucket but does not provide direct, secure access for users or applications.

The recommended architecture ensures secure cross-account data sharing while maintaining encryption at rest and in transit using KMS, logging all access events, and implementing IAM policies to restrict access to authorized users only. Temporary credentials reduce risk exposure, and auditing ensures compliance with organizational security standards. Additionally, lifecycle policies can manage data retention and replication to optimize storage costs.

Question 25:

A company runs a microservices application that requires decoupled components and high message throughput. Which AWS service combination provides reliable message delivery with scalability?

Answer:

A) Amazon SQS with Lambda consumers
B) Amazon SNS with S3
C) Amazon Kinesis Data Streams with EC2 consumers
D) Amazon RDS with SQS

Explanation:

The correct answer is A) Amazon SQS with Lambda consumers.

SQS is a fully managed message queue service that provides reliable, durable message storage with at-least-once delivery. Lambda functions can consume messages asynchronously, automatically scaling based on queue depth. This ensures decoupling of services, high throughput, and fault tolerance.

Option B (SNS with S3) is suitable for notifications but does not guarantee ordered or durable message delivery. Option C (Kinesis Data Streams) is designed for streaming and analytics workloads, not decoupling simple microservices. Option D (RDS with SQS) is inefficient for high-volume messaging and tightly couples services.

SQS with Lambda supports features like dead-letter queues, message visibility timeouts, and batch processing, ensuring that message processing failures are handled gracefully. This combination enables developers to build loosely coupled architectures, where producers and consumers operate independently, enhancing maintainability and scalability.

Question 26:

A web application requires caching frequently accessed database queries to improve performance. Which solution is most suitable?

Answer:

A) Amazon ElastiCache (Redis)
B) Amazon RDS Read Replicas
C) Amazon DynamoDB Accelerator (DAX)
D) Amazon S3

Explanation:

The correct answer is C) Amazon DynamoDB Accelerator (DAX).

DAX is an in-memory cache for DynamoDB that reduces read latency from milliseconds to microseconds, providing high throughput for read-heavy workloads. It eliminates the need for developers to implement complex caching logic in application code.

Option A (ElastiCache Redis) is a general-purpose cache, but integration with DynamoDB requires additional development effort. Option B (RDS Read Replicas) helps with database scaling but does not provide sub-millisecond caching. Option D (S3) is object storage and unsuitable for caching database query results.

DAX is fully managed, scales automatically, supports encryption in transit and at rest, and integrates seamlessly with DynamoDB applications. This ensures predictable performance for high-volume applications while simplifying operational management and reducing latency significantly.

Question 27:

A company wants to implement a disaster recovery strategy for an application with an RPO of 1 minute and RTO of 10 minutes. Which AWS architecture is recommended?

Answer:

A) Multi-region active-active deployment with Aurora Global Database
B) Backup and restore from S3 once per day
C) Standby EC2 instances in another AZ without replication
D) Cross-region replication using manual scripts

Explanation:

The correct answer is A) Multi-region active-active deployment with Aurora Global Database.

Aurora Global Database replicates data asynchronously to multiple regions with typical latency under a second, allowing near-zero data loss (RPO) and failover within minutes (RTO). Active-active deployment ensures that all regions can serve read requests, improving performance and availability.

Option B cannot meet the required RPO and RTO due to daily backups. Option C does not provide real-time replication or failover. Option D is error-prone and operationally complex.

Aurora’s architecture automatically replicates six copies of data across three AZs per region, supports cross-region replication, and provides continuous backups. CloudWatch monitors performance, and failover occurs automatically with minimal downtime. This approach guarantees compliance with stringent recovery objectives while maintaining high availability.

Question 28:

A company wants to migrate an on-premises Oracle database to AWS with minimal downtime. Which solution is most appropriate?

Answer:

A) AWS Database Migration Service (DMS) with continuous replication
B) Manual export/import using Oracle Data Pump
C) AWS Snowball
D) S3 batch copy

Explanation:

The correct answer is A) AWS Database Migration Service (DMS) with continuous replication.

DMS enables near-zero downtime migrations by replicating ongoing changes from the source database to the target AWS database. It supports heterogeneous migrations and allows cutover when the target is synchronized.

Option B introduces downtime during export/import. Option C is for offline data transfer and not suitable for continuous replication. Option D cannot handle transactional data migration.

DMS also supports schema conversion, integrates with CloudWatch for monitoring, and provides automatic failover mechanisms. This approach reduces operational disruption, ensures data integrity, and allows applications to continue functioning during the migration process.

Question 29:

A company wants to implement an event-driven architecture that processes incoming IoT data in real-time. The architecture must ensure durability, ordering of messages per device, and scalability to millions of devices. Which AWS service combination should be used?

Answer:

A) Amazon Kinesis Data Streams with Lambda consumers
B) Amazon SQS standard queues with Lambda
C) Amazon SNS topics with S3 triggers
D) Amazon DynamoDB Streams only

Explanation:

The correct answer is A) Amazon Kinesis Data Streams with Lambda consumers.

Amazon Kinesis Data Streams is a fully managed, scalable, and durable streaming service designed for real-time data ingestion. In this scenario, IoT devices continuously generate large amounts of data that must be processed in near real-time. Kinesis Data Streams supports ordered message delivery at the shard level, ensuring that all events from a single device are processed in sequence. This is critical for IoT use cases where the order of events, such as sensor readings or telemetry, affects analytics or decision-making processes.

Lambda functions can be used as consumers for Kinesis streams, enabling serverless processing of incoming events without managing infrastructure. Lambda automatically scales with the number of shards, ensuring that processing keeps pace with incoming data, even as the number of devices grows into the millions. Lambda also supports batch processing of records, which improves efficiency and reduces cost by aggregating events into single function invocations.

Option B, using SQS standard queues with Lambda, is not suitable because standard queues provide at-least-once delivery, which may result in duplicate messages. While deduplication can be handled at the application level, it adds complexity and may not guarantee strict ordering of messages per device. FIFO queues support ordering but have limitations in throughput compared to Kinesis, which could become a bottleneck when scaling to millions of devices.

Option C, using SNS topics with S3 triggers, is designed for pub/sub notification scenarios rather than ordered, real-time stream processing. SNS ensures at-least-once delivery and does not preserve strict ordering. S3 triggers are event-driven but introduce latency because they are triggered only when objects are uploaded, making this solution unsuitable for real-time IoT processing.

Option D, using DynamoDB Streams, captures changes in DynamoDB tables but is limited to data changes in those tables. It cannot ingest or process arbitrary IoT data streams, and scaling is constrained by DynamoDB write throughput. Additionally, it does not natively provide shard-level ordering for high-throughput streaming data.

Kinesis Data Streams provides strong durability guarantees, replicating data across multiple Availability Zones to prevent data loss. Data retention can be configured from 24 hours to 7 days, or longer using extended retention, allowing downstream analytics, reprocessing, and debugging. Kinesis integrates with CloudWatch to provide detailed monitoring for stream health, shard iterator age, and Lambda function errors.

For IoT scenarios, Kinesis can be integrated with AWS IoT Core for device authentication and secure ingestion. IoT Core can route messages directly to Kinesis Data Streams, ensuring seamless integration with downstream analytics or processing pipelines. Data from Kinesis can be stored in Amazon S3, Amazon Redshift, or DynamoDB for historical analysis, machine learning, or reporting.

This architecture ensures durability, high availability, ordering per device, and elastic scalability. It also simplifies operational management because Lambda abstracts server provisioning and scaling, reducing the need for custom infrastructure. Security can be enforced through IAM roles, KMS encryption for data at rest, and TLS for data in transit.

Overall, Kinesis Data Streams with Lambda provides a robust, high-throughput, low-latency solution for IoT workloads, meeting the stringent requirements of durability, ordering, scalability, and operational simplicity. It supports event replay, real-time analytics, and integration with machine learning services, making it the most comprehensive option for this use case.

Question 30:

A company is deploying a multi-tier web application on AWS that requires a relational database with automated backups, point-in-time recovery, and horizontal read scalability. Which AWS database solution should the solutions architect recommend?

Answer:

A) Amazon RDS MySQL with Multi-AZ
B) Amazon Aurora MySQL with Aurora Replicas
C) Amazon DynamoDB with global tables
D) Amazon Redshift

Explanation:

The correct answer is B) Amazon Aurora MySQL with Aurora Replicas.

Amazon Aurora is a fully managed relational database engine compatible with MySQL and PostgreSQL. It is designed to provide high performance, durability, and scalability while minimizing operational complexity. Aurora automatically replicates six copies of data across three Availability Zones, providing fault tolerance and high availability. Automated backups are continuous and stored in Amazon S3, enabling point-in-time recovery, which allows restoring the database to any second within the backup retention period.

Aurora Replicas provide horizontal read scalability, allowing up to 15 read replicas per cluster with very low replication latency. These replicas can handle read-heavy workloads without impacting the primary instance. In addition, a read replica can be promoted to become the primary database in case of failover, ensuring high availability.

Option A, Amazon RDS MySQL with Multi-AZ deployment, provides synchronous replication to a standby instance in another AZ. This setup ensures high availability but does not automatically scale read workloads. Read replicas must be provisioned manually, and replication lag may impact performance.

Option C, Amazon DynamoDB with global tables, is a NoSQL service optimized for key-value or document data models. While it provides high availability and global replication, it is not suitable for transactional relational workloads that require ACID compliance, complex queries, or joins.

Option D, Amazon Redshift, is a data warehouse optimized for analytics rather than transactional workloads. It cannot efficiently handle online transaction processing (OLTP) scenarios or provide point-in-time recovery for operational databases.

Aurora provides advanced features such as fast database cloning, Global Database for cross-region replication, and serverless configurations for automatic scaling of compute and storage. It integrates with AWS services such as CloudWatch for monitoring, IAM for access control, CloudTrail for auditing, and KMS for encryption. The combination of these capabilities ensures that the database is secure, highly available, and performant under variable workloads.

Operational management is simplified because Aurora handles patching, backup, replication, and failover automatically. Aurora also separates compute and storage layers, allowing the database to scale storage automatically without downtime. This ensures that applications remain highly available and responsive, even as data grows.

In conclusion, Aurora MySQL with Aurora Replicas offers the best combination of high availability, automated backups, point-in-time recovery, read scaling, and operational simplicity. It is ideal for enterprise-grade applications that require durability, consistency, and elastic scaling while minimizing administrative overhead. This makes Aurora the preferred choice for modern multi-tier web applications requiring high-performance relational databases.

Question 31:

A company needs to implement a disaster recovery solution for an enterprise application running in AWS. The solution must support an RPO of 5 minutes and an RTO of 15 minutes. Which AWS architecture meets these requirements?

Answer:

A) Multi-region deployment with Aurora Global Database
B) Daily backups to S3 with restore
C) Standby EC2 instances in another AZ without replication
D) Manual cross-region copy of EBS snapshots

Explanation:

The correct answer is A) Multi-region deployment with Aurora Global Database.

Aurora Global Database replicates data asynchronously from a primary region to up to five secondary regions with typical replication lag under a second. This enables near-zero RPO and rapid failover in case of regional outages, meeting stringent recovery point and recovery time objectives. The multi-region architecture ensures that applications remain available globally and that data loss is minimized.

Option B, using daily backups to S3, cannot meet the RPO of 5 minutes, as data generated after the last backup could be lost. Restoring from S3 backups introduces additional downtime, failing to meet the RTO of 15 minutes.

Option C, maintaining standby EC2 instances in another AZ, is insufficient because AZ-level redundancy does not protect against region-wide failures. Moreover, without real-time replication, the standby instances would be out of date, increasing RPO and RTO.

Option D, manually copying EBS snapshots across regions, is operationally complex and slow, introducing significant lag and risk. It cannot guarantee that data is current, and recovery times are unpredictable.

Aurora Global Database also supports fast failover, read scaling in secondary regions, and integration with CloudWatch for monitoring replication lag and database health. Cross-region replication uses physical replication, minimizing latency, and providing strong durability guarantees. The architecture also supports continuous backup to S3 for point-in-time recovery.

Security is enhanced by encrypting data at rest using KMS, controlling access via IAM roles, and auditing all operations with CloudTrail. The system supports scaling of both read and write workloads, ensuring that the architecture remains performant during failover or traffic spikes.

This design ensures compliance with business continuity objectives, provides a cost-effective and operationally simple solution, and maintains enterprise-grade resilience, high availability, and low latency for global users.

Question 32:

A company wants to implement a global content delivery solution for its dynamic web application. The architecture must reduce latency, provide high availability, and scale automatically during traffic spikes. Which AWS service combination should the solutions architect recommend?

Answer:

A) Amazon CloudFront with Application Load Balancer and EC2 Auto Scaling
B) Amazon S3 with Transfer Acceleration
C) Amazon Route 53 latency-based routing only
D) AWS Global Accelerator with EC2 instances

Explanation:

The correct answer is A) Amazon CloudFront with Application Load Balancer and EC2 Auto Scaling.

Amazon CloudFront is a content delivery network (CDN) that caches both static and dynamic content at edge locations globally. By serving content closer to end-users, CloudFront significantly reduces latency for web requests. When integrated with an Application Load Balancer (ALB), CloudFront can route dynamic requests efficiently to backend EC2 instances distributed across multiple Availability Zones, ensuring high availability. EC2 Auto Scaling automatically adjusts the number of instances based on demand, maintaining performance during traffic spikes while optimizing cost.

Option B, S3 with Transfer Acceleration, is primarily for accelerating uploads and downloads to S3 buckets. While it reduces latency for object transfer, it does not provide load balancing, automatic scaling of compute resources, or routing for dynamic web applications. Therefore, S3 Transfer Acceleration alone is insufficient for a dynamic web application.

Option C, Route 53 latency-based routing, directs users to the region with the lowest latency. While this helps improve performance for global users, it does not handle application-level load balancing or dynamic content caching. It also does not provide automatic scaling of backend resources, which is critical during sudden spikes in traffic.

Option D, AWS Global Accelerator, optimizes network traffic at the TCP/UDP level and improves application availability by routing traffic to the optimal endpoint. However, it does not cache content or provide application-layer routing, meaning dynamic content is still dependent on backend instance performance. It also does not include auto-scaling capabilities on its own.

Combining CloudFront with ALB and EC2 Auto Scaling ensures several advantages:

Latency Reduction: CloudFront caches static assets and can also accelerate dynamic content using its regional edge caches. Requests are routed to the nearest edge location, minimizing round-trip time.

High Availability: ALB distributes traffic across multiple AZs. If one AZ fails, traffic is automatically routed to healthy instances in other AZs, reducing the risk of downtime.

Scalability: Auto Scaling dynamically adjusts the number of EC2 instances based on metrics such as CPU utilization, request count per target, or custom CloudWatch metrics. This ensures the application can handle both predictable and unexpected traffic spikes without manual intervention.

Security Integration: CloudFront integrates with AWS WAF to filter malicious requests at the edge, reducing exposure to attacks. ALB supports SSL/TLS termination for secure connections and integrates with IAM and ACM for certificate management.

Operational Efficiency: The architecture reduces operational overhead by leveraging managed services. CloudFront handles global caching and routing, ALB handles health checks and traffic distribution, and Auto Scaling manages instance lifecycle without manual provisioning.

Cost Optimization: Auto Scaling ensures that compute resources are only used when needed, reducing operational costs. CloudFront reduces load on backend instances by caching frequently accessed content.

Overall, this combination ensures a resilient, low-latency, globally distributed architecture capable of handling millions of users simultaneously while maintaining security, high availability, and cost efficiency. It is a best-practice design for enterprise-grade web applications requiring dynamic content delivery and elastic scaling.

Question 33:

A company needs to migrate its on-premises SQL Server database to AWS. The application requires near-zero downtime and transactional consistency during migration. Which AWS service should the solutions architect use?

Answer:

A) AWS Database Migration Service (DMS) with continuous replication
B) Manual backup and restore using native SQL Server tools
C) AWS Snowball
D) Amazon S3 batch copy

Explanation:

The correct answer is A) AWS Database Migration Service (DMS) with continuous replication.

AWS Database Migration Service enables migration of databases to AWS with minimal downtime. Continuous replication keeps the source and target databases synchronized, allowing cutover once the target is ready. DMS supports homogeneous migrations (e.g., SQL Server to SQL Server) and heterogeneous migrations (e.g., Oracle to Aurora), ensuring transactional consistency and minimizing disruption to end users.

Option B, manual backup and restore, requires downtime because the source database must be offline to ensure consistency during the migration process. This approach cannot meet near-zero downtime requirements and increases operational risk.

Option C, AWS Snowball, is designed for large-scale offline data transfer. While it can move terabytes of data efficiently, it does not provide continuous replication or transactional consistency, and cutover still involves downtime.

Option D, S3 batch copy, is only suitable for moving object data, not relational databases, and cannot handle ongoing transactions.

With DMS, the migration process involves three main phases:

Initial Load: DMS migrates existing data from the source database to the target in a consistent state.

Change Data Capture (CDC): DMS captures ongoing changes in real-time from the source database and applies them to the target, ensuring transactional consistency.

Cutover: Once the target database is synchronized with the source, applications can be pointed to the new AWS-hosted database, achieving minimal downtime.

DMS integrates with AWS CloudWatch for monitoring replication tasks and performance metrics. It also supports integration with AWS Schema Conversion Tool (SCT) for heterogeneous migrations, automatically converting database schemas and objects to ensure compatibility. Encryption in transit and at rest is supported using TLS and KMS, respectively, ensuring compliance with security policies.

This approach ensures a smooth migration with minimal disruption to the application, transactional integrity, and scalability, making it ideal for enterprise workloads with critical data.

Question 34:

A company is building a serverless application that processes high volumes of incoming messages with exactly-once processing semantics. Which AWS service combination should the solutions architect use?

Answer:

A) Amazon Kinesis Data Streams with Lambda consumers
B) Amazon SQS standard queues with Lambda
C) Amazon SNS with S3 triggers
D) Amazon DynamoDB Streams only

Explanation:

The correct answer is A) Amazon Kinesis Data Streams with Lambda consumers.

Kinesis Data Streams provides ordered, durable streaming of messages. Each shard guarantees message order and supports exactly-once processing using Lambda checkpoints. This ensures that each message is processed once and only once, even under high throughput. Lambda scales automatically with the number of shards, allowing the system to handle millions of messages efficiently.

Option B, SQS standard queues, provides at-least-once delivery, which may result in duplicate processing. FIFO queues support ordering but have throughput limitations, making them less suitable for high-volume, event-driven workloads requiring exactly-once semantics.

Option C, SNS with S3 triggers, is suitable for notification workflows but does not guarantee ordered delivery or exactly-once processing. Option D, DynamoDB Streams, only captures changes to DynamoDB tables and cannot be used for general event streams.

Kinesis integrates with CloudWatch for monitoring shard health, Lambda execution metrics, and stream latency. Data can be retained for up to 7 days (or longer with extended retention), allowing reprocessing if needed. Security is managed through IAM policies, encryption at rest with KMS, and TLS for data in transit.

This architecture provides durability, high throughput, low latency, and ordered processing for real-time workloads. It also supports downstream analytics, machine learning, or storage pipelines without operational overhead, making it ideal for modern serverless applications with strict processing guarantees.

Question 35:

A company wants to implement a global, low-latency, highly available web application that can failover automatically across regions. Which architecture should the solutions architect recommend?

Answer:

A) Multi-region deployment with Route 53 latency-based routing, CloudFront, and multi-region ALBs
B) Single-region ALB with CloudFront
C) Amazon S3 static hosting with Transfer Acceleration
D) AWS Global Accelerator with EC2 in one region

Explanation:

The correct answer is A) Multi-region deployment with Route 53 latency-based routing, CloudFront, and multi-region ALBs.

Route 53 latency-based routing directs users to the region that offers the lowest latency. CloudFront caches content at edge locations to reduce latency for global users. Multi-region ALBs distribute traffic across healthy instances in each region, providing automatic failover.

Option B, single-region ALB, does not support regional failover. Option C, S3 with Transfer Acceleration, only accelerates object uploads/downloads, not application traffic. Option D, Global Accelerator, improves network-level performance but does not provide application-level routing or failover.

This architecture ensures high availability, low latency, and fault tolerance. Multi-region ALBs distribute requests across AZs, CloudFront reduces round-trip time for content delivery, and Route 53 ensures users are directed to the healthiest and nearest region. Security is enforced using IAM, ACM for certificates, and WAF for application protection. Logging and monitoring with CloudWatch and CloudTrail enable observability and auditing, ensuring operational excellence.

This design is ideal for enterprise-grade applications requiring global reach, seamless failover, and optimized performance for end-users worldwide. It also allows scaling both compute and content delivery independently, providing cost optimization and high resilience.

Question 36:

A company runs an e-commerce platform with unpredictable traffic patterns. The platform requires low-latency responses, high availability, and cost-efficient scaling. Which architecture should the solutions architect recommend?

Answer:

A) Amazon EC2 Auto Scaling with Application Load Balancer
B) Amazon S3 static hosting with CloudFront
C) AWS Lambda with API Gateway and CloudFront
D) Amazon ECS with EC2 launch type and manual scaling

Explanation:

The correct answer is C) AWS Lambda with API Gateway and CloudFront.

Serverless architectures using Lambda eliminate the need to provision or manage EC2 instances, making scaling automatic and cost-efficient. Lambda automatically adjusts capacity in response to traffic volume, ensuring low-latency responses even during sudden traffic spikes. API Gateway provides a fully managed front door to Lambda, handling request routing, throttling, caching, and authorization, which offloads operational complexity from the development team. CloudFront improves global performance by caching static and dynamic content at edge locations, reducing the round-trip time for end users.

Option A requires managing EC2 instances and scaling policies. While Auto Scaling ensures availability under variable load, it can lag during sudden traffic spikes, and there is a cost associated with overprovisioning.

Option B, S3 static hosting with CloudFront, is only suitable for static content and cannot process dynamic business logic or transactions.

Option D, ECS with EC2 launch type, requires manual scaling and container orchestration, which introduces operational overhead and potential scaling delays.

Using Lambda with API Gateway and CloudFront provides a fully managed, highly available, and cost-optimized solution. Security and compliance are easier to manage through IAM roles, API keys, WAF integration, and TLS encryption. Observability is supported via CloudWatch metrics, X-Ray tracing, and detailed logging for each Lambda invocation. This architecture is ideal for unpredictable workloads, ensuring responsiveness, cost efficiency, and simplified operational management.

Question 37:

A company is building a real-time analytics pipeline that ingests large volumes of log data from multiple sources. The solution must provide high throughput, durability, and scalability. Which AWS service combination should be used?

Answer:

A) Amazon Kinesis Data Streams with Lambda or EC2 consumers
B) Amazon SQS with Lambda
C) Amazon SNS with S3 triggers
D) Amazon Redshift with periodic batch ingestion

Explanation:

The correct answer is A) Amazon Kinesis Data Streams with Lambda or EC2 consumers.

Kinesis Data Streams is optimized for high-throughput, real-time ingestion of streaming data. Each stream is divided into shards, which can scale horizontally to handle millions of records per second. Data is durably stored in each shard across multiple Availability Zones, ensuring high durability and availability. Lambda or EC2 consumers can process data in near real-time, allowing analytics, transformation, or aggregation before storing results in S3, Redshift, or DynamoDB.

Option B, SQS with Lambda, is suitable for asynchronous messaging but lacks the ordered processing and shard-based parallelism required for high-throughput analytics pipelines. Standard queues provide at-least-once delivery, which may lead to duplicates, while FIFO queues limit throughput.

Option C, SNS with S3 triggers, is primarily designed for notification delivery and cannot handle large-scale stream processing or provide ordered processing guarantees.

Option D, Redshift with batch ingestion, is suitable for analytics but is not real-time. Periodic batch ingestion introduces latency and does not support high-throughput event processing at scale.

Kinesis also integrates with CloudWatch for monitoring throughput, latency, and processing metrics. Data retention can be configured from 24 hours to 7 days, allowing reprocessing if downstream systems fail or need to replay data. Security is managed through IAM, KMS encryption for data at rest, and TLS for transit.

This architecture is ideal for streaming analytics pipelines, log aggregation, or telemetry ingestion, providing a reliable, scalable, and real-time processing solution. It supports downstream analytics, dashboards, or machine learning applications without operational complexity.

Question 38:

A company wants to implement a multi-region disaster recovery solution for a transactional database with RPO under 1 minute and RTO under 5 minutes. Which AWS solution should the solutions architect recommend?

Answer:

A) Amazon Aurora Global Database
B) RDS snapshots with cross-region copy
C) Standby EC2 instances in a different region
D) Manual database replication using scripts

Explanation:

The correct answer is A) Amazon Aurora Global Database.

Aurora Global Database replicates data asynchronously from the primary region to multiple secondary regions with typical replication latency under one second. It supports fast failover, ensuring minimal downtime, which meets the stringent RPO and RTO requirements. Each secondary region can serve read workloads, improving performance for global users and providing operational continuity during regional failures.

Option B, RDS snapshots with cross-region copy, introduces latency in replication and recovery because snapshots are point-in-time backups, not continuous replication. Restoring from snapshots would exceed the required RTO.

Option C, standby EC2 instances in another region, does not provide real-time database replication. Any failover would require manual intervention and synchronization, leading to downtime and data loss.

Option D, manual replication using scripts, is operationally complex, error-prone, and does not guarantee near-zero RPO or RTO.

Aurora Global Database supports automatic storage scaling, continuous backups to S3, and integration with CloudWatch for monitoring replication lag, query performance, and instance health. Security is enhanced through IAM access control, encryption at rest with KMS, and encryption in transit. The solution also supports automated failover and read routing, ensuring high availability, operational efficiency, and compliance with enterprise SLAs.

Question 39:

A company wants to implement fine-grained access control for objects in S3 based on user identity. The solution must also enforce encryption at rest and in transit. Which architecture meets these requirements?

Answer:

A) S3 with IAM roles, bucket policies, and KMS-managed keys
B) S3 public bucket with SSL
C) S3 client-side encryption with manual key management
D) S3 server-side encryption with AES-256 only

Explanation:

The correct answer is A) S3 with IAM roles, bucket policies, and KMS-managed keys.

IAM roles allow temporary credentials for users or applications, limiting access to specific resources and actions. Bucket policies enforce fine-grained access control at the object or prefix level. KMS-managed keys ensure encryption at rest with centralized key management, and HTTPS ensures encryption in transit. CloudTrail logs all S3 API activity for auditing and compliance.

Option B exposes data publicly, violating security best practices. Option C relies on manual key management, which increases operational complexity and the risk of key compromise. Option D encrypts data at rest but does not provide centralized key management or fine-grained access control.

This architecture ensures secure, auditable, and compliant access control for S3 objects. It supports lifecycle management, versioning, and logging, allowing administrators to enforce regulatory requirements while maintaining operational efficiency and data integrity.

Question 40:

A company wants to reduce latency and improve availability for a globally distributed web application. Which combination of AWS services achieves this?

Answer:

A) Route 53 latency-based routing, CloudFront, and multi-region ALBs
B) Single-region ALB with CloudFront
C) Global Accelerator with S3 static hosting
D) CloudFront only

Explanation:

The correct answer is A) Route 53 latency-based routing, CloudFront, and multi-region ALBs.

Route 53 latency-based routing directs users to the region with the lowest latency. CloudFront caches content at edge locations globally, reducing round-trip time. Multi-region ALBs distribute traffic across multiple Availability Zones in each region, ensuring high availability and automatic failover.

Option B, single-region ALB, cannot fail over between regions. Option C, Global Accelerator, optimizes network routing but does not provide application-level load balancing. Option D, CloudFront only, cannot route traffic to healthy backend instances or manage failover.

This architecture ensures low latency, high availability, and operational resilience for global users. CloudFront caching reduces load on backend servers, and multi-region deployment ensures continuity in case of regional outages. Security, logging, and monitoring can be integrated seamlessly using AWS WAF, CloudTrail, and CloudWatch.