- (Exam Topic 1)
A company gives users the ability to upload images from a custom application. The upload process invokes an AWS Lambda function that processes and stores the image in an Amazon S3 bucket. The application invokes the Lambda function by using a specific function version ARN.
The Lambda function accepts image processing parameters by using environment variables. The company often adjusts the environment variables of the Lambda function to achieve optimal image processing output. The company tests different parameters and publishes a new function version with the updated environment variables after validating results. This update process also requires frequent changes to the custom application to invoke the new function version ARN. These changes cause interruptions for users.
A solutions architect needs to simplify this process to minimize disruption to users. Which solution will meet these requirements with the LEAST operational overhead?

1. A. Directly modify the environment variables of the published Lambda function versio
2. B. Use theSLATEST version to test image processing parameters.
3. C. Create an Amazon DynamoDB table to store the image processing parameter
4. D. Modify the Lambda function to retrieve the image processing parameters from the DynamoDB table.
5. E. Directly code the image processing parameters within the Lambda function and remove the environment variable
6. F. Publish a new function version when the company updates the parameters.
7. G. Create a Lambda function alia
8. H. Modify the client application to use the function alias AR
9. I. Reconfigure the Lambda alias to point to new versions of the function when the company finishes testing.

Correct Answer: D
A Lambda function alias allows you to point to a specific version of a function and also can be updated to point to a new version of the function without modifying the client application. This way, the company can test different versions of the function with different environment variables and, once the optimal parameters are found, update the alias to point to the new version, without the need to update the client application.
By using this approach, the company can simplify the process of updating the environment variables, minimize disruption to users, and reduce the operational overhead.
Reference:
AWS Lambda documentation: https://aws.amazon.com/lambda/
AWS Lambda Aliases documentation: https://docs.aws.amazon.com/lambda/latest/dg/aliases-intro.html AWS Lambda versioning and aliases documentation:
https://aws.amazon.com/blogs/compute/versioning-aliases-in-aws-lambda/

- (Exam Topic 3)
A company recently wanted a web application from an on-premises data center to the AWS Cloud. The web application infrastructure consists of an Amazon CloudFront distribution that routes to an Application Load Balancer (ALB), with Amazon Elastic Container Service (Amazon ECS) to process requests. A recent security audit revealed that the web application is accessible by using both CloudFront and ALB endpoints. However. the company requires that the web application must be accessible only by using the CloudFront endpoint.
Which solution will meet this requirement with the LEAST amount of effort?

1. A. Create a new security group and attach it to the CloudFront distributio
2. B. Update the ALB security group ingress to allow access only from the CloudFront security group.
3. C. Update ALB security group ingress to allow access only from the CloudFront managed prefix list.
4. D. Create a VPC interface endpoint for Elastic Load Balancin
5. E. Update the ALB scheme from internet-facing to internal_
6. F. Extract CloudFront IPS from the AWS provided ip-ranges.json documen
7. G. Update ALB security group ingress to allow access only from CloudFront IPs.

Correct Answer: B
The CloudFront managed prefix list contains the IP ranges for all CloudFront edge locations. By updating the ALB security group ingress to allow access only from this prefix list, the web application will be accessible only by using the CloudFront endpoint. This solution requires the least amount of effort compared to the other options, which involve creating new resources or updating existing ones. This solution also avoids hard-coding IP addresses, which can change over time.
Reference: section “Security and Compliance”

- (Exam Topic 1)
A financial services company receives a regular data feed from its credit card servicing partner Approximately 5.1 records are sent every 15 minutes in plaintext, delivered over HTTPS directly into an Amazon S3 bucket with server-side encryption. This feed contains sensitive credit card primary account number (PAN) data The company needs to automatically mask the PAN before sending the data to another S3 bucket for additional internal processing. The company also needs to remove and merge specific fields, and then transform the record into JSON format Additionally, extra feeds are likely to be added in the future, so any design needs to be easily expandable.
Which solutions will meet these requirements?

1. A. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queu
2. B. Trigger another Lambda function when new messages arrive in the SQS queue to process the records, writing the results to a temporary location in Amazon S3. Trigger a final Lambda function once the SQS queue is empty to transform the records into JSON format and send the results to another S3 bucket for internal processing.
3. C. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queu
4. D. Configure an AWS Fargate container application to automatically scale to a single instance when the SQS queue contains message
5. E. Have the application process each record, and transform the record into JSON forma
6. F. When the queue is empty, send the results to another S3 bucket for internal processing and scale down the AWS Fargate instance.
7. G. Create an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to matc
8. H. Trigger an AWS Lambda function on file delivery to start an AWS Glue ETL job to transform the entire record according to the processing and transformation requirement
9. I. Define the output format as JSO
10. J. Once complete, have the ETL job send the results to another S3 bucket for internal processing.
11. K. Create an AWS Glue crawler and custom classifier based upon the data feed formats and build a table definition to matc
12. L. Perform an Amazon Athena query on file delivery to start an Amazon EMR ETLjob to transform the entire record according to the processing and transformation requirement
13. M. Define the output format as JSO
14. N. Once complete, send the results to another S3 bucket for internal processing and scale down the EMR cluster.

Correct Answer: C
You can use a Glue crawler to populate the AWS Glue Data Catalog with tables. The Lambda function can be triggered using S3 event notifications when object create events occur. The Lambda function will then trigger the Glue ETL job to transform the records masking the sensitive data and modifying the output format to JSON. This solution meets all requirements.

- (Exam Topic 2)
A company is migrating its development and production workloads to a new organization in AWS Organizations. The company has created a separate member account for development and a separate member account for production. Consolidated billing is linked to the management account. In the management account, a solutions architect needs to create an 1AM user that can stop or terminate resources in both member accounts.
Which solution will meet this requirement?

1. A. Create an IAM user and a cross-account role in the management accoun
2. B. Configure the cross-account role with least privilege access to the member accounts.
3. C. Create an IAM user in each member accoun
4. D. In the management account, create a cross-account role that has least privilege acces
5. E. Grant the IAM users access to the cross-account role by using a trust policy.
6. F. Create an IAM user in the management accoun
7. G. In the member accounts, create an IAM group that has least privilege acces
8. H. Add the IAM user from the management account to each IAM group in the member accounts.
9. I. Create an IAM user in the management accoun
10. J. In the member accounts, create cross-account roles that have least privilege acces
11. K. Grant the IAM user access to the roles by using a trust policy.

Correct Answer: D
Cross account role should be created in destination(member) account. The role has trust entity to master account.

- (Exam Topic 3)
A company is developing a gene reporting device that will collect genomic information to assist researchers with collecting large samples of data from a diverse population. The device will push 8 KB of genomic data every second to a data platform that will need to process and analyze the data and provide information back to researchers. The data platform must meet the following requirements:
• Provide near-real-time analytics of the inbound genomic data
• Ensure the data is flexible, parallel, and durable
• Deliver results of processing to a data warehouse
Which strategy should a solutions architect use to meet these requirements?

1. A. Use Amazon Kinesis Data Firehose to collect the inbound sensor data, analyze the data with Kinesis clients, and save the results to an Amazon RDS instance.
2. B. Use Amazon Kinesis Data Streams to collect the inbound sensor data, analyze the data with Kinesisclients, and save the results to an Amazon Redshift cluster using Amazon EMR.
3. C. Use Amazon S3 to collect the inbound device data, analyze the data from Amazon SOS with Kinesis, and save the results to an Amazon Redshift cluster.
4. D. Use an Amazon API Gateway to put requests into an Amazon SQS queue, analyze the data with an AWS Lambda function, and save the results to an Amazon Redshift cluster using Amazon EMR.

Correct Answer: B
Kinesis Data Streams is a real-time streaming service and provide near-real-time analytics. Also the question "Deliver results of processing to a data warehouse" and this option has redshift cluster which is a powerful data warehousing solution that can handle large-scale analytics workloads.