1. A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed.What should the solutions architect recommend?

A) Use Amazon CloudFront with a custom origin pointing to the on-premises servers
B) Use an Amazon Route 53 geo-proximity routing policy pointing to on-premises servers.
C) Launch an Amazon EC2 instance in us-east-1 and migrate the site to it.
D) Move the website to Amazon S3. Use cross-Region replication between Regions.



2. A company has a web server running on an Amazon EC2 instance in a public subnet with an Elastic IP address. The default security group is assigned to the EC2 instance. The default network ACL has been modified to block all traffic. A solutions architect needs to make the web server accessible from everywhere on port 443. Which combination of steps will accomplish this task? (Choose two.)(Select 2answers)

A) Update the network ACL to allow inbound TCP port 443 from source 0.0.0.0/0 and outbound TCP port 32768-65535 to destination 0/0.0.0/0.
B) Update the network ACL to allow TCP port 443 from source 0.0.0.0/0.
C) Create a security group with a rule to allow TCP port 443 to destination 0.0.0.0/0.
D) Create a security group with a rule to allow TCP port 443 from source 0.0.0.0/0.
E) Update the network ACL to allow inbound/outbound TCP port 443 from source 0.0.0.0/0 and to destination 0.0.0.0/0.


3. A company mandates that an Amazon S3 gateway endpoint must allow traffic to trusted buckets only.Which method should a solutions architect implement to meet this requirement?

A) Create an S3 endpoint policy for each of the company's S3 gateway endpoints that provides access to the Amazon Resource Name (ARN) of the trusted S3 buckets.
B) Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's trusted VPCs.
C) Create an S3 endpoint policy for each of the company's S3 gateway endpoints that blocks access from any VPC other than the company's trusted VPCs.
D) Create a bucket policy for each of the company's trusted S3 buckets that allows traffic only from the company's S3 gateway endpoint IDs.



4. A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server database running on Amazon EC2 instance with Windows Server 2016. The solution must be able to be integrated in to the corporate Active Directory domain, be highly durable, be managed by AWS, and provided levels of throughput and IOPS.Which solution meets these requirements?

A) Use Amazon FSx for Windows File Server
B) Use AWS Storage Gateway in file gateway mode.
C) Deploy a Windows file server on two On Demand instances across two Availability Zones.
D) Use Amazon Elastic File System (Amazon EFS)



5. A company has recently updated its internal security standards. The company must now ensure all Amazon S3 buckets and Amazon Elastic Block Store (Amazon EBS) volumes are encrypted with keys created and periodically rotated by internal security specialists. The company is looking for a native, software-based AWS service to accomplish this goal.What should a solutions architect recommend as a solution?

A) Use AWS Key Management Service (AWS KMS) with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in AWS KMS.
B) Use AWS Systems Manager Parameter Store with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the Parameter Store.
C) Use AWS Secrets Manager with customer master keys (CMKs) to store master key material and apply a routine to create a new CMK periodically and replace it in AWS Secrets Manager.
D) Use an AWS CloudHSM cluster with customer master keys (CMKs) to store master key material and apply a routine to re-create a new key periodically and replace it in the CloudHSM cluster nodes.