1. A solutions architect is performing a security review of a recently migrated workload. The workload is a web application that consists of Amazon EC2 instances in an Auto Scaling Load Balancer. The solution architect must improve the security posture and minimize the impact of a DDoS attack on resources.Which solution is MOST effective?

A) Enable VPC Flow Logs and store them in Amazon S3. Create a custom AWS Lambda function that parses the logs looking for a DDoS attack. Modify a network ACL addresses
B) Configure an AWS WAF ACL with rate-based rules. Create an Amazon CloudFront distribution that points to the Application Load Balancer. Enable the WAF ACL on the
C) Enable Amazon Guard Duty and configure findings written to Amazon CloudWatch. Create an event with CloudWatch Events for DDoS alerts that triggers Amazon Sim (Amazon SNS). Have Amazon SNS invoke a custom AWS Lambda function that parses the logs, looking for a DDoS attack. Modify a network ACL to block identified
D) Create a custom AWS Lambda function that adds identified attacks into a common vulnerability pool to capture a potential DDoS attack. Use the identified information block access



2. A leasing company generates and emails PDF statements every month for all its customers. Each statement is about 400 KB in size. Customers can download their statements from the website for up to 30 days from when the statements were generated. At the end of their 3-years lease, the customers are emailed a ZIP file that contains all the statements.What is the MOST cost-effective storage solution for this situation?

A) Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 One Zone-Infrequent Access (53 One Zone-IA) storage after 30days.
B) Store the statements using the Amazon S3 Glacier storage class. Create a lifecycle policy to move the statement to Amazon S3 Glacier Deep Archive storage after 30 days
C) Store the statements using the Amazon S3 Standard-Infrequent Access (S3 Standard-IA) storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 30 days.
D) Store the statements using the Amazon S3 Standard storage class. Create a lifecycle policy to move the statements to Amazon S3 Glacier storage after 1 day.



3. A company is hosting multiple websites for several lines of business under its registered parent domain. Users accessing these website will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server-side scripts like PHP and JavaScript. Some of the websites experience peak access during the first two hours of business with constant usage throughput the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic partterns while keeping costs low.Which combination of AWS services or features will meet these requirements? Select two(Select 2answers)

A) Application Load Balancer
B) Amazon S3 website hosting
C) AWS Batch
D) Network Load Balancer
E) Amazon EC2 Auto Scaling


4. A company has an Amazon EC2 instance running on a private subnet that needs to access a public website to download patches and updates. The company does not want external websites to see the EC2 instance IP address or initiate connections to it.How can a solutions architect achieve this objective?

A) Create a NAT gateway in a public subnet. Route outbound traffic from the private subnet through the NAT gateway
B) Create a site-to-site VPN connection between the private subnet and the network in which the public site is deployed
C) Create a security group that only allows connections from the IP address range of the public website. Attach the security group to the EC2 instance.
D) Create a network ACL for the private subnet where the EC2 instance deployed only allows access from the IP address range of the public website.



5. A company is managing health records on-premises. The company must keep these records indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The CTO is concerned because there are already millions of records not being used by any application, and the current infrastructure is running out of space. The CTO has requested a solutions architect design a solution to move existing data and support future records.Which services can the solutions architect recommend to meet these requirements?

A) Use AWS Data Sync to move existing data to AWS. Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS Cloud Trial with management events.
B) Use AWS Storage Gateway to move existing data to AWS. Use Amazon S3 to storage existing and new data Enable Amazon S3 object lock and enable AWS Cloud Trial with management events.
C) Use AWS DataSync to move existing data to AWS. Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS Cloud Trial with data events.
D) Use AWS Storage Gateway to move existing data to AWS. Use Amazon Enable Block Store to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging.