AWS Certified Solutions Architect Associate Practice Test (SAA-C03)

Storing the logs in Amazon S3 Standard is the most cost-effective and scalable solution. Amazon S3 offers durable, highly available storage with low latency access, ideal for storing large amounts of data that need to be accessed quickly. It can automatically scale to store the required amount (400 GB per day × 30 days) without upfront capacity provisioning, reducing costs compared to block or file storage options. Amazon EFS is a managed file system ideal for shared access and persistent file storage, but it is more expensive than S3 for large-scale log storage and not optimized for high-volume data storage with lifecycle management. Amazon EBS is a block storage service primarily used for EC2 instance storage. It's not ideal for large-scale, long-term log storage due to its higher cost and manual management overhead compared to S3.

Setting up an Amazon CloudFront distribution in front of the Amazon EC2 instances would cache the content at multiple edge locations across the globe, significantly reducing latency for international users by serving requests from the nearest edge location. This approach effectively scales the network architecture to accommodate a global audience. An additional AWS Direct Connect would establish a private connectivity between on-premises and AWS, which does not inherently address global user latency. Amazon Route 53 geo-proximity routing is more about directing traffic based on geographic location rather than scaling, and increasing the instance size addresses compute scaling but does not directly impact network scaling to accommodate global users.

The best option for migrating large volumes of data offline due to bandwidth constraints is using a physical data transport solution that securely moves data into and out of cloud services. Among the options provided, only one service specifically caters to this need by employing physical storage devices to facilitate the transfer process. Other listed services are primarily intended for online data transfer and streaming, or for establishing a dedicated network connection, and are not optimized for scenarios where an offline, physical transfer is required.

The question asks what can you do to maintain operational continuity if one data center in a region has an outage. Keep in mind that with AWS, one region is made of many data centers groups into availability zones. Therefor, a multi-AZ setup would help mitigate and prevent outages during a data center outage.

Choosing a Multi-AZ deployment for an RDS instance provides high availability by automatically maintaining a synchronous standby replica in a different data center, or Availability Zone. In case of an infrastructure failure, the database will fail over to the standby so that database operations can resume quickly without manual intervention. This choice is the most aligned with the requirement for operational continuity within a single region in the face of a data center outage. The other answers either describe strategies that introduce geographical redundancy, which goes beyond the scope of the question, or load balancing, which does not address the need for automatic failover at the data layer.

The correct answer is to move the data to S3 Glacier after 30 days and delete it after one year. This strategy is cost-effective because S3 Glacier provides low-cost storage for long-term archiving of data that is rarely accessed. Since the data is not needed for real-time analysis after the initial 30 days, transitioning to a less expensive storage class until the compliance retention period expires will result in cost savings. Other options like moving the data to S3 Standard-Infrequent Access or keeping it on S3 Standard are not as cost-efficient for the given access patterns.

The best choice in this scenario is AWS Backup, as it provides a managed service specifically designed for automated backup solutions across various AWS resources. It ensures high durability by storing backups across multiple facilities and enables users to define policies for backup schedules, retention management, and lifecycle rules. This comprehensive backup approach helps companies to comply with regulatory requirements and is scalable to accommodate growing data needs. While creating snapshots or using the Storage Gateway can be part of a backup strategy, they do not provide the full suite of management features and automated capabilities as AWS Backup. Furthermore, enabling versioning on Amazon S3 is primarily for object-level storage and is not suitable for backing up entire virtual server environments.

The recommended approach for integrating a centralized directory service with the cloud provider for access management is to use a service designed for identity federation, such as AWS IAM Identity Center, which allows the assignment of cloud roles to on-premises identities. Other suggested methods either do not offer direct federation with directory services or do not follow the best practices for integrating existing user credentials with cloud resources.

Amazon S3 Glacier Instant Retrieval is designed for data that is infrequently accessed but requires millisecond retrieval. It offers the lowest storage cost for such data while providing immediate access when needed. Although Amazon S3 Standard-Infrequent Access also provides millisecond retrieval, it has a higher storage cost compared to S3 Glacier Instant Retrieval. Amazon S3 Glacier Deep Archive is more cost-effective in terms of storage cost but does not support millisecond retrieval, as retrieval times can take up to 12 hours. Amazon S3 Standard is intended for frequently accessed data and is more expensive for infrequent access patterns.

The most fitting service for hosting containers where management of the underlying infrastructure is abstracted away is Fargate, which provides on-demand, right-sized compute capacity for containers. It allows developers to focus on building applications without the hassle of managing the servers or clusters running the containers. This service offers automatic scaling, allowing it to handle variable traffic loads effectively. Other compute services like EC2 or ECS with EC2 require manual management of servers or clusters. Lambda is designed for serverless functions, not container management, and is not optimized for such a scenario. EMR focuses on big data and isn't suited for general web application hosting, while Batch processes batch jobs and isn't geared toward real-time container orchestration.

Amazon S3 with Amazon CloudFront is the best choice for serving content at scale with low latency. S3 provides durable storage and easy scalability for storing product images, while CloudFront, a content delivery network (CDN), caches the images close to the users at edge locations, thus reducing latency when accessing these assets during high traffic events. Amazon EBS is not designed for serving static content directly to users and does not integrate with a CDN. Amazon EFS is tailored for file system use cases and not optimized for delivering static content over the internet. Amazon EFS when connected to one or more EC2 instances could potentially handle large workloads, but it is not the most efficient choice when directly serving content at scale to many users compared to using Amazon S3 with CloudFront.

The best security practice for managing an application's permissions is to create a role with the specific privileges needed and then attach it to the virtual server. This method supports the principle of least privilege by only granting access that is necessary for the application's function, without the need to manage or expose static credentials. Using static credentials or high-level access like the root account's credentials can lead to significant security risks, including potential unauthorized access if the credentials are compromised.

File gateway mode of a certain hybrid storage service provides a seamless way to integrate on-premises file systems with cloud storage like Amazon S3, ensuring low-latency access via local caching. It also offers automatic tiering capabilities to transition data to cost-saving storage classes after set periods of inactivity. This makes it a suitable solution for the financial institution's requirements. The alternatives mentioned do not offer the same combined functionality regarding local caching, seamless integration with cloud storage, and automatic tiering based on inactivity, thus, they would not present the most efficient solution for the given scenario.

Amazon CloudFront is the service designed to reduce latency by caching content in edge locations around the world. When users request content, it is served from the nearest edge location, speeding up the delivery. Upgrading server capacity does not address the core issue of geographical distance. While load balancers improve the distribution of traffic across resources, they are typically used within a particular region rather than globally. ElastiCache improves the performance of data retrieval within the system but won't be as effective for global content delivery as a CDN, which also provides caching but at the edge, closer to international users.

The most cost-effective strategy would be to use Amazon S3 to store the logs in the S3 Standard tier for the first month when immediate access to logs is required for potential analysis. After the initial month, transitioning the logs to S3 Standard-Infrequent Access (S3 Standard-IA) provides cheaper storage while still offering quick access when needed for quarterly analysis. Finally, after the quarter, moving the logs to Amazon S3 Glacier or S3 Glacier Deep Archive for long-term archival as these are the most cost-effective options for data that requires infrequent access.

Amazon RDS Proxy is designed to handle a large volume of concurrent database connections and smooth out spikes in connection requests to RDS databases. It mitigates database overload by absorbing the connections to create a connection pool and by reducing database failovers through intelligent load balancing. Using RDS Proxy decreases the need to refactor the applications that are not designed to manage such spikes, which distinguishes it from the other answer options that do not offer the same degree of functionality for this specific requirement.