- (Exam Topic 1)
A company is creating a sequel for a popular online game. A large number of users from all over the world will play the game within the first week after launch. Currently, the game consists of the following components deployed in a single AWS Region:
• Amazon S3 bucket that stores game assets
• Amazon DynamoDB table that stores player scores
A solutions architect needs to design a multi-Region solution that will reduce latency improve reliability, and require the least effort to implement
What should the solutions architect do to meet these requirements?

1. A. Create an Amazon CloudFront distribution to serve assets from the S3 bucket Configure S3Cross-Region Replication Create a new DynamoDB able in a new Region Use the new table as a replica target tor DynamoDB global tables.
2. B. Create an Amazon CloudFront distribution to serve assets from the S3 bucke
3. C. Configure S3Same-Region Replicatio
4. D. Create a new DynamoDB able m a new Regio
5. E. Configure asynchronous replication between the DynamoDB tables by using AWS Database Migration Service (AWS DMS) with change data capture (CDC)
6. F. Create another S3 bucket in a new Region and configure S3 Cross-Region Replication between the buckets Create an Amazon CloudFront distribution and configure origin failover with two origins accessing the S3 buckets in each Regio
7. G. Configure DynamoDB global tables by enabling Amazon DynamoDB Streams, and add a replica table in a new Region.
8. H. Create another S3 bucket in the same Region, and configure S3 Same-Region Replication between the buckets- Create an Amazon CloudFront distribution and configure origin failover with two origin accessing the S3 buckets Create a new DynamoDB table m a new Region Use the new table as a replica target for DynamoDB global tables.

Correct Answer: C
https://aws.amazon.com/premiumsupport/knowledge-center/dynamodb-global-table-stream-lambda/?nc1=h_ls

- (Exam Topic 1)
A company recently deployed an application on AWS. The application uses Amazon DynamoDB. The company measured the application load and configured the RCUs and WCUs on the DynamoDB table to
match the expected peak load. The peak load occurs once a week for a 4-hour period and is double the average load. The application load is close to the average load tor the rest of the week. The access pattern includes many more writes to the table than reads of the table.
A solutions architect needs to implement a solution to minimize the cost of the table. Which solution will meet these requirements?

1. A. Use AWS Application Auto Scaling to increase capacity during the peak perio
2. B. Purchase reserved RCUs and WCUs to match the average load.
3. C. Configure on-demand capacity mode for the table.
4. D. Configure DynamoDB Accelerator (DAX) in front of the tabl
5. E. Reduce the provisioned read capacity to match the new peak load on the table.
6. F. Configure DynamoDB Accelerator (DAX) in front of the tabl
7. G. Configure on-demand capacity mode for the table.

Correct Answer: D
This solution meets the requirements by using Application Auto Scaling to automatically increase capacity during the peak period, which will handle the double the average load. And by purchasing reserved RCUs and WCUs to match the average load, it will minimize the cost of the table for the rest of the week when the load is close to the average.

- (Exam Topic 3)
A company provides a software as a service (SaaS) application that runs in the AWS Cloud. The application runs on Amazon EC2 instances behind a Network Load Balancer (NLB). The instances are in an Auto Scaling group and are distributed across three Availability Zones in a single AWS Region.
The company is deploying the application into additional Regions. The company must provide static IP addresses for the application to customers so that the customers can add the IP addresses to allow lists.
The solution must automatically route customers to the Region that is geographically closest to them. Which solution will meet these requirements?

1. A. Create an Amazon CloudFront distributio
2. B. Create a CloudFront origin grou
3. C. Add the NLB for each additional Region to the origin grou
4. D. Provide customers with the IP address ranges of the distribution's edge locations.
5. E. Create an AWS Global Accelerator standard accelerato
6. F. Create a standard accelerator endpoint for the NLB in each additional Regio
7. G. Provide customers with the Global Accelerator IP address.
8. H. Create an Amazon CloudFront distributio
9. I. Create a custom origin for the NLB in each additional Regio
10. J. Provide customers with the IP address ranges of the distribution's edge locations.
11. K. Create an AWS Global Accelerator custom routing accelerato
12. L. Create a listener for the custom routing accelerato
13. M. Add the IP address and ports for the NLB in each additional Regio
14. N. Provide customers with the Global Accelerator IP address.

Correct Answer: B
AWS Global Accelerator is a networking service that helps you improve the availability and performance of the applications that you offer to your global users1. It provides static IP addresses that act as a fixed entry point to your applications and route user traffic to the optimal endpoint based on performance, health, and policies that you configure1. By creating a standard accelerator endpoint for the NLB in each additional Region, you can ensure that customers are automatically directed to the Region that is
geographically closest to them2. You can also provide customers with the Global Accelerator IP address, which is anycast from AWS edge locations and does not change when you add or remove endpoints3.
References:
What is AWS Global Accelerator?
Standard accelerator endpoints
AWS Global Accelerator IP addresses

- (Exam Topic 3)
A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies.
A solutions architect needs to allow an IAM user in Account A to assume a role in Account B.
Which combination of steps must the solutions architect take to meet this requirement? (Select THREE.)

1. A. Configure the SCP for Account A to allow the action.
2. B. Configure the resource-based policies to allow the action.
3. C. Configure the identity-based policy on the user in Account A to allow the action.
4. D. Configure the identity-based policy on the user in Account B to allow the action.
5. E. Configure the trust policy on the target role in Account B to allow the action.
6. F. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.

Correct Answer: BCE
Resource-based policies are policies that you attach to a resource, such as an IAM role, to specify who can access the resource and what actions they can perform on it1. Identity-based policies are policies that you attach to an IAM user, group, or role to specify what actions they can perform on which resources2. Trust policies are special types of resource-based policies that define which principals (such as IAM users or roles) can assume a role3.
To allow an IAM user in Account A to assume a role in Account B, the solutions architect needs to do the following:
Configure the resource-based policy on the target role in Account B to allow the action sts:AssumeRole for the IAM user in Account A. This policy grants permission to the IAM user to assume the role4.
Configure the identity-based policy on the user in Account A to allow the action sts:AssumeRole for the target role in Account B. This policy grants permission to the user to perform the action of assuming the role5.
Configure the trust policy on the target role in Account B to allow the principal of the IAM user in Account A. This policy defines who can assume the role.
References:
Resource-based policies
Identity-based policies
Trust policies
Granting a user permissions to switch roles
Switching roles
[Modifying a role trust policy]