AWS Certified Solutions Architect Associate Practice Test (SAA-C03)

Amazon EFS is the correct choice because it is a managed file storage service that can be shared between multiple EC2 instances and supports the NFS protocol, which is required by the application. This makes it ideal for concurrent access to shared file systems. Amazon S3, while highly durable and suited for object storage, does not support the NFS protocol natively and would require additional steps to mount as a file system, making it less appropriate for this use case. Amazon EBS is block storage which does not support file-sharing capabilities and typically can be mounted to a single instance. Amazon FSx for Windows File Server provides fully managed file storage but uses the SMB protocol, which is not compatible with the requirement for NFS.

Switching the table to on-demand capacity mode is the recommended way to accommodate sudden, unpredictable spikes. In on-demand mode, DynamoDB automatically and instantly scales to any previously reached traffic level and doubles new peaks, eliminating the need for capacity planning and preventing throttling for most workloads. Manually increasing provisioned capacity or requesting a service-quota increase still requires forecasting and can be quickly outpaced by another spike. CloudWatch alarms provide visibility but do not solve the throttling problem themselves.

AWS documentation calls on-demand the default and recommended throughput option that "automatically scales to accommodate the most demanding workloads" and explicitly notes that auto scaling/manual scaling is "not recommended as a solution for dealing with spikey workloads."

Amazon Kinesis Data Streams is the optimal service for scenarios where data arrives at variable rates, particularly when dealing with intermittent surges leading to high-velocity data inflows. It is designed to handle real-time streaming of large volumes of data and can scale automatically to match the throughput requirements during peak times. AWS DataSync is more suitable for data transfer tasks. Amazon SQS is useful for message queuing but not for real-time streaming, and AWS Direct Connect is a connectivity solution that doesn’t directly address the handling of variable-rate data inflows.

Amazon Simple Queue Service (SQS) is designed for decoupling producers and consumers with a fully managed message queue. Standard queues provide at-least-once delivery and automatically scale to virtually any throughput, allowing independent scaling of microservices .

Amazon Kinesis Data Streams is optimized for real-time analytics of large, ordered data streams and requires shard management; it is more complex than needed for simple message hand-off and may lose data if consumers fall behind shard retention.

Amazon EventBridge offers at-least-once event delivery but is optimized for routing events to multiple targets and has soft throughput quotas that can throttle extreme burst traffic.

AWS Step Functions orchestrates stateful workflows rather than providing a high-throughput message buffer between microservices.

Therefore, SQS is the most appropriate choice.

The implementation and application of cost allocation tags to resources is a sound approach because they empower the company to assign descriptive labels to resources, which can be leveraged to segment and categorize spending. When generating cost analysis reports, these tags can be used to parse out expenses, yielding a granular view of resource consumption and financial overhead attributed to each project team, thus facilitating precise chargeback and financial governance.

Amazon DynamoDB is the optimal solution for this use case as it provides a NoSQL database with the ability to scale automatically to accommodate high ingest rates of transaction records. It is designed for applications that require consistent, single-digit millisecond latency for any scale. Additionally, DynamoDB offers strong consistency, ensuring that after a write, any subsequent read will reflect the change. In contrast, RDS is better suited for structured data requiring relational capabilities, Neptune is tailored for graph database use cases, and DocumentDB is optimized for JSON document storage which, while capable of handling key-value pairs, is not as cost-effective or performant for this specific scenario as DynamoDB.

Using Amazon EC2 instances with Auto Scaling groups allows the company to automatically adjust the number of instances based on real-time demand. This approach ensures that sufficient compute resources are available during traffic spikes while scaling down during low-demand periods to optimize costs. Deploying the application in a single large EC2 instance lacks the flexibility to automatically scale up and down and could lead to performance bottlenecks during peak times. Running the application in AWS Lambda with provisioned concurrency is suitable for event-driven, stateless applications but may not be ideal for a stateful e-commerce platform. Utilizing Amazon Lightsail offers simplified management but does not provide the advanced scaling capabilities required for handling significant traffic variations.

The service best suited for automating the discovery and classification of sensitive content, allowing the enforcement of retention policies, is Amazon Macie. It leverages machine learning and pattern matching to assist in accurately and efficiently identifying and classifying different types of content, making it ideal for this requirement. While other services mentioned may be related to data management or protection, none offer the same specialization in automated data discovery and classification as Macie.

Implementing read replicas using Amazon RDS allows you to handle read-heavy database workloads by creating one or more read-only copies of your database. This approach offloads read queries from the primary database, thus enhancing performance and availability without impacting the primary database's performance. Although the other options might appear feasible, they either do not address the requirement (such as Data Lifecycle Policy, which is related to data retention rather than read capacity) or are less efficient for the needs stated (like Multi-AZ deployment, which primarily addresses high availability and failover rather than read scalability). Caching with Amazon ElastiCache could improve read performance, but for read-heavy relational database applications, read replicas are purpose-built to serve this requirement and are the most cost-effective solution.

By adjusting the security group tied to the EC2 instances allowing only ingress on port 443, the Architect ensures that merely HTTPS traffic, which is encrypted, can reach the EC2 servers. This practice does not disrupt the high availability since it doesn't impose any constraints on the distribution of incoming requests by the load balancer, which is already set to handle secure connections. Additionally, this method aligns with least privilege security principles. Altering policies on different aspects, such as network ACLs or instance-based packet filtering, would not provide the same targeted control or may add complexity without addressing the exclusive requirement of encrypted traffic directly reaching the servers.

According to the shared responsibility model for security in the cloud, while the provider is responsible for the security of the cloud infrastructure (computing hardware, storage, and networking), the customer is responsible for securing the data processed and stored within the cloud environment. This extends to client-side data encryption, which is the customer's duty, and not the provider's.

The optimal choice for performing immediate, ad-hoc exploratory analysis on structured log data is a serverless interactive query service that directly analyzes data in storage, using familiar SQL syntax, requires no infrastructure to manage, and scales automatically. Amazon Athena meets all these criteria. Alternatives such as a managed data lake solution or a business intelligence service, are less suitable primarily because they serve different stages of the data analysis pipeline – the former for data storage and security configuration, and the latter for visualizations and business intelligence insights post data analysis rather than raw data processing.

Amazon Macie is the AWS service specifically crafted for the purpose of analyzing and securing content that resides within Amazon S3. It uses machine learning and pattern matching to automatically recognize sensitive information such as healthcare records. When it detects unsecured data or abnormal data access patterns, it triggers alerts. This fits the requirement of the healthcare company to keep its patient records secure according to compliance regulations. Amazon GuardDuty is a threat detection service that monitors malicious activities rather than classifying content. While AWS Secrets Manager secures and rotates secrets such as database credentials and API keys, it does not classify or monitor object content within S3. Lastly, Amazon Cognito focuses on user identity management and would not assist with the data classification or monitoring needs of the healthcare company.

Amazon S3 is the most cost-effective service for hosting static websites. It provides scalability, high availability, and is more cost-efficient compared to using compute instances or containers for serving static content. There is no need for a traditional server setup, and it can handle the predictable traffic easily. Elastic Beanstalk, while capable of running static websites, includes additional infrastructure management that is not needed for static content, thereby increasing costs unnecessarily. AWS Lambda is meant for running code in response to events and is not a typical choice for hosting a full static website. Amazon EC2 instances would provide more capacity than required for static content, leading to higher costs.

The most appropriate service is Amazon SQS FIFO queue (a managed message queue with FIFO capabilities). A FIFO queue guarantees exactly-once delivery and preserves strict ordering within a message group, which is critical for maintaining accurate inventory counts.

A standard publish/subscribe service such as an Amazon SNS standard topic offers at-least-once delivery and only best-effort ordering, so it could deliver transactions out of order. Workflow-orchestration services coordinate tasks but do not buffer or order messages. A serverless function alone is compute, not a durable message queue, and offers no ordering guarantees.

AWS Cost Explorer integrates with cost-allocation tags that you activate in the Billing console. After tags such as Department or CostCenter are activated, you can group and filter spend in Cost Explorer to view the exact costs incurred by each department for any time range. This satisfies the need for interactive, tag-based chargeback analysis without requiring external tooling.

Implementing EC2 Auto Scaling with dynamic scaling policies is the correct strategy in this scenario. Dynamic scaling adjusts the number of EC2 instances automatically in response to real-time demand, such as the unpredictable bursts of traffic caused by sporadic marketing campaigns. This action prevents over-provisioning (and thus overspending) during normal operation and also ensures performance isn't sacrificed during unexpected surges in demand.

Reserved Instances would not be cost-effective due to the unpredictable nature of the traffic, and Spot Instances might be interrupted during peak loads, leading to potential performance issues. On-demand instances alone would maintain performance but would not be cost-optimized.

Amazon ElastiCache is designed to store data in-memory to provide low-latency access to hot data. This helps improve the performance of applications by allowing quick retrieval of information which is accessed frequently, thus reducing the need to access slower disk-based storage systems. It is commonly used to enhance response times for dynamic web applications that require rapid data access.

The Application Load Balancer (ALB) is the only Elastic Load Balancing option that offers all of the needed features in one service:

• Layer-7 (HTTP/HTTPS) support that allows an HTTP/1.1 Upgrade to WebSocket (ws/wss) - native in ALB.
• HTTP-cookie-based stickiness that can be enabled at the target-group level.

Classic Load Balancer does not support WebSocket at all, and while a Network Load Balancer can carry WebSocket traffic over TCP/TLS listeners, it only offers source-IP affinity (and none for TLS listeners), not application-cookie stickiness. Route 53 is a DNS service and does not provide session stickiness.

Therefore, an Application Load Balancer best satisfies both the WebSocket and sticky-session requirements.

Amazon CloudFront is the appropriate service for efficiently caching and delivering web content to users with minimized load times because it is a content delivery network (CDN) that stores copies of content at edge locations closer to users worldwide. This proximity reduces latency and improves data transfer speeds, enhancing the user experience. The incorrect options provided do serve other specific purposes, such as improving application performance across regions (Global Accelerator), establishing dedicated network connections (Direct Connect), and offering managed file storage (Elastic File System), but they do not focus on caching and delivering web content globally like CloudFront does.