2. A company is performing an AWS Well-Architected Framework review of an existing workload deployed on AWS. The review identified a public-facing website running on the same Amazon EC2 instance as a Microsoft Active Directory domain controller that was install recently to support other AWS services. A solutions architect needs to recommend a new design that would improve the security of the architecture and minimize the administrative demand on IT staff.What should the solutions architect recommend?

A) Use AWS Directory Service to create a managed Active Directory. Uninstall Active Directory on the current EC2 instance.
B) Enable AWS Single Sign-On (AWS SSO) with Security Assertion Markup Language (SAML) 2.0 federation with the current Active Directory controller. Modify the EC2 instance's security group to deny public access to Active Directory.
C) Use AWS Directory Service to create an Active Directory connector. Proxy Active Directory requests to the Active domain controller running on the current EC2 instance.
D) Create another EC2 instance in the same subnet and reinstall Active Directory on it. Uninstall Active Directory.



3. A Solution Architect is designing a three-tier web application. The Architect wants to restrict access to the database tier to accept traffic from the application servers only. However, these application servers are in an Auto Scaling group and may vary in quantity.How should the Architect configure the database servers to meet the requirements?

A) Configure the database security group to allow database traffic from the application server IP addresses.
B) Configure the database subnet network ACL to deny all inbound non-database traffic from the application-tier subnet.
C) Configure the database security group to allow database traffic from the application server security group.
D) Configure the database subnet network ACL to allow inbound database traffic from the application-tier subnet.



4. A company's website is used to sell products to the public. The site runs on Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). There is also an Amazon CloudFront distribution, and AWS WAF is being used to protect against SQL injection attacks. The ALB is the origin for the CloudFront distribution. A recent review of security logs revealed an external malicious IP that needs to be blocked from accessing the website.What should a solutions architect do to protect the application?

A) Modify the security groups for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.
B) Modify the network ACL on the CloudFront distribution to add a deny rule for the malicious IP address.
C) Modify the configuration of AWS WAF to add an IP match condition to block the malicious IP address.
D) Modify the network ACL for the EC2 instances in the target groups behind the ALB to deny the malicious IP address.



5. A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs.Which pricing model should the company choose?

A) Spot Block Instances
B) On-Demand Instances
C) Reserved Instances
D) Scheduled Reserved Instances