Domain 1: Design for Organizational Complexity 12.5%
1.1. Determine cross-account authentication and access strategy for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements).
1.2. Determine how to design networks for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements).
1.3. Determine how to design a multi-account AWS environment for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements).
Prohibit the use of unapproved services in production AWS accounts and minimize additional management overhead as the number of accounts increases
Different teams all have their own non-production accounts with AWS Organizations. Constraints need to be put in place to control costs without affecting IAM permissions.
VPC A is peered with VPC B and VPC C. VPC B and VPC C have matching CIDR blocks, and their subnets have matching CIDR blocks. The route table for subnet B in VPC B points to the VPC peering connection pcx-aaaabbbb to access the VPC A subnet. The VPC A route table is configured to send 10.0.0.0/16 traffic to peering connection pcx-aaaaccccc.
|Subnet B in VPC B||10.0.0.0/16||Local|
Domain 2: Design for New Solutions 31%
2.1. Determine security requirements and controls when designing and implementing a solution.
2.2. Determine a solution design and implementation strategy to meet reliability requirements.
2.3. Determine a solution design to ensure business continuity.
2.4. Determine a solution design to meet performance objectives.
2.5. Determine a deployment strategy to meet business requirements when designing and implementing a solution.
you are designing an application that will perform several calculations each night. the calculations are independent of each other and may take several hours to complete. what design will minimize costs, minimize interdependencies, and execute the calculations in parallel?
you are designing an automated DR plan for a multi-tier web application. it must failover to a second region with an RTO of 30 minutes and an RPO of 15 minutes. there is a health check alarm that publishes an SNS notification if the application fails.
you want to monitor and analyze network traffic for possible threats. what solution requires minimal development and administration, scales to accommodate large amounts of network traffic, and allows queries and visualizations of the data?
your application uses a log stream. each record in the stream may contain up to 400 KB od data. design a solution to caputure a subset of metrics from the stream to be analyzed for trends over time using complex SQL queries.
you're deploying a database server cluster that requires minimum network latency between nodes and maximum network throughput. What features in EC2 will be useful?
you are migrating an application that uses an API key which is stored in a local file. after the migration, the application will be run on EC2 instances and the API key must be more secure. The API key should be unique for each environment, access requests should be auditable, it should be encrypted at rest, and access permissions should be granular.
Domain 3: Migration Planning 15%
3.1. Select existing workloads and processes for potential migration to the cloud.
3.2. Select migration tools and/or services for new and migrated solutions based on detailed AWS knowledge.
3.3. Determine a new cloud architecture for an existing solution.
3.4. Determine a strategy for migrating existing on-premises workloads to the cloud.
You are migrating a MySQL database. The database is forecasted to grow and the company wants to reduce the administrative/operational burden of maintaining it. What is a cost-effective solution that can be implemented quickly, requires minimal administration, and offers high performance now and in the future? Must be HA and remain operational during the migration.
You must regularly transfer data from on-prem to S3. Data must be encrypted in-transit and at-rest. Data cannot traverse the public internet. The bucket can only be accessed from on-prem network and VPC.
a company wants to migrate a multi-tier web app with minimal changes to the code, cost, and platform management. the stack consists of a hardware load balancer, 2 apache hosts, 4 Java/Tomcat application servers, and a MySQL server.
Domain 4: Cost Control 12.5%
4.1. Select a cost-effective pricing model for a solution.
4.2. Determine which controls to design and implement that will ensure cost optimization.
4.3. Identify opportunities to reduce cost in an existing solution.
an application receives data every hour, on the hour. the data is processed for 50 minutes and produces a 10GB output. This output is heavily accessed during the first hour it is available with useage dropping as new outputs become available. what's the MOST cost-effective architecture?
A company is migrating all of its data to S3 within the next 4 weeks. There is 900 TB and a 100 Mbps internet link. Up to 20% of the throughput is regularly used by existing systems. Whats the MOST cost-effective way to migrate the data in time?
Domain 5: Continuous Improvement for Existing Solutions 29%
5.1. Troubleshoot solution architectures.
5.2. Determine a strategy to improve an existing solution for operational excellence.
5.3. Determine a strategy to improve the reliability of an existing solution.
5.4. Determine a strategy to improve the performance of an existing solution.
5.5. Determine a strategy to improve the security of an existing solution.
5.6. Determine how to improve the deployment of an existing solution.
Your application accesses a on-premises database over a 1 Gbps AWS Direct Connect link. The database is also used by applications in the data center. What can you do to make your architecture better?
Your application sends logs to CloudWatch and also has a DynamoDB table to record the number of times different operations are invoked. The number of GET invocations are much higher in the logs than what is recorded in the DynamoDB table.
an application uploads files greater than 10 GB to S3, but far away locations have performance issues.
An application runs its database on an RDS instance. During peak usage periods, some user requests time out. The CloudWatch DiskQueueDepth metric spikes during these periods. How can you improve the application?
Your web app sits behind an ELB ALB. There have been spikes in traffic that cause the app to slow down and fail. Logs reveal the additional traffic contained malformed request from multiple sources. What solution will MOST quickly block these types of attacks? AKA "how to minimize the impact of a DDoS attack?"