Question1. You are responsible for optimizing performance of a movie streaming website. Currently, you are working on the search functionality and have discovered that anytime the library database of titles is searched, the load on the database is reaching peak levels. Your current architecture consists of a PostgreSQL database on an extra-large instance. How would you update your architecture to better handle the load? (Choose two.) A. Re-create the database instance on a larger instance using EBS volumes with provisioned IOPS as the volume type. B. Add an RDS Multi-AZ setup to increase the read performance of the media library database. C. Add an ElastiCache store to cache data because searches will often return common data over multiple reads. D. Shard the database into multiple copies installed on multiple instances. Ans. (A, C). First, a larger instance with the fastest possible volume type—provisioned IOPS—is generally going to improve overall performance, so A is a good idea. Second, ElastiCache will provide faster responses and reduce database reads over time. A and C are both valid approaches. A Multi-AZ setup is for disaster recovery, and sharding is high overhead and could potentially increase response time, rather than reduce it, in this use case. Question2. Which of the following are engines used by ElastiCache? A. Redis, Memcached B. Redis, Memcached C. Sharding, Redis D. Memcached, Redshift Ans. (B). Redis and Memcached are engines available for use by ElastiCache. reddit is an online information site, and Redshift is a data warehousing and OLAP service. Question3. Which of the following are AWS-supported solutions for encrypting data at rest when that data is objects stored in S3 buckets? (Choose two.) A. ElastiCache for Memcached B. AWS Key Management Service C. Customer-provided keys D. AWS Encryption Ans. (B, C). AWS allows a number of options for encrypting data at rest. In the supplied solutions, AWS Key Management Service (KMS) is an AWS-managed solution for data encryption, and customer-provided keys are allowed as well. In the latter case, customers provide the keys and AWS handles encryption of data using those keys. ElastiCache for memcached does not support encryption and, further, is not a solution for encrypting data but instead a caching service. AWS Encryption is not an actual AWS service. Question4. You have been brought into a new organization with over 20 different AWS accounts. You are tasked with improving the cost management of the organization and want to recommend the use of AWS Organizations and the consolidated billing feature. Which of the following are advantages of consolidated billing that you could use to support your case? (Choose two.) A. Multiple accounts can be combined and, through that combination, receive discounts that may reduce the total cost of all the accounts. B. Traffic between accounts will not be subject to data transfer charges if those accounts are all in AWS Organizations. C. All accounts in AWS Organizations will receive a 5% billing reduction in consolidated billing. D. All accounts can be tracked individually and through a single tool. Ans. (A, D). AWS Organizations allows the management of multiple accounts in one place and allows tracking of those individual accounts (D). Additionally, in many cases, AWS will allow discounts based on total services used rather than treating each account individually (A). Question5. You are tasked with improving security at an organization that has recently begun using the cloud. It has five developers, a financial manager, and two support engineers. Currently, all eight staff are using the AWS root user for their account. What changes would you make to improve security? (Choose two.) A. Get all the users to download the AWS CLI and change the root password. B. Create a new IAM user for each of the eight staff members and provide credentials to each user. C. Put the five developers in the Power Users group, the financial manager in the Billing group, and the support engineers in the Support User group. D. Create a new group with access to the IAM service and ensure that at least one developer is in that group. Ans. (B, C). The biggest issue here is that all the users are using the root account, meaning there’s a shared password and that users have far more permissions than they should. These can both be addressed by creating new IAM users for each user (B) and putting those users in predefined groups according to their job function (C). Developers don’t need access to IAM in general, so D is incorrect, and while changing the root password is a good idea, A is also incorrect because a financial manager (and possibly support engineers) may not need the AWS CLI as their access mechanism. Question6. You need to support a cluster of instances that will host a high-volume, high-load Oracle database installation. You cannot use RDS because of a custom plug-in that the database instances require. Which EBS volume…