AWS Certified Solutions Architect Professional SAP-C02 Practice Question
An organization operates a stateless multi-tenant REST API on Amazon ECS (AWS Fargate). The service is fronted by Application Load Balancers that run in two AWS Regions (us-east-1 and eu-west-1). Security teams must allow customers to allowlist a small, unchanging set of public IP addresses. New reliability objectives specify that the application must keep working if an entire AWS Region fails, client traffic must shift to the healthy Region within 30 seconds, and failover must happen without any DNS cache flushes or other client-side changes. Operations also want a fully managed AWS solution with minimal maintenance. Which approach best meets these requirements?
Establish dedicated AWS Direct Connect connections into each Region and advertise more-specific BGP prefixes to move traffic to the standby Region when a failure is detected.
Deploy AWS Global Accelerator with an endpoint group in each Region that targets the existing Application Load Balancers and rely on Global Accelerator health checks for automatic routing.
Place the ALBs behind a single Amazon CloudFront distribution and configure an origin group for automatic origin failover between Regions.
Create active-passive Amazon Route 53 failover records that point to the ALBs, configure health checks, and reduce the record TTL to 30 seconds.
AWS Global Accelerator offers two static anycast IP addresses and continuously probes regional endpoints. When an endpoint or Region becomes unhealthy, Global Accelerator removes it from service in well under one minute and immediately routes new connections to healthy endpoints, so the 30-second objective is met. Because the same static IP addresses are used before and after failover, client devices and corporate firewalls require no DNS updates or configuration changes.
Route 53 DNS failover still depends on recursive resolvers honoring a low TTL; many resolvers cache records longer than the configured TTL, so convergence can exceed the 30-second goal and exposes changing IP addresses. CloudFront origin failover is limited to GET/HEAD/OPTIONS requests and, by default, can spend up to 30 seconds trying the primary origin before switching, which may breach the RTO and does not provide static IPs. Direct Connect is a private network link; shifting traffic between Regions requires BGP route manipulation and cannot guarantee automated failover within the required timeframe. Therefore, deploying AWS Global Accelerator in front of the existing Application Load Balancers is the most reliable and operationally efficient solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AWS Global Accelerator and how does it enable static IP addresses?
Open an interactive chat with Bash
How do Global Accelerator health checks improve reliability during failover?
Open an interactive chat with Bash
Why is Global Accelerator preferred over Route 53 for this scenario?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Continuous Improvement for Existing Solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access