Free AWS Certified Solutions Architect Associate SAA-C03 Practice Test

The correct option for workloads that are flexible and can tolerate interruptions is to use the cloud provider's excess capacity at a significantly reduced cost. Spot Instances offer this advantage by allowing you to bid for this unused capacity. The costs are substantially lower compared to the standard on-demand rate, making this the most cost-effective option for the given scenario. Other purchase options like On-Demand, Reserved, or committing to a Savings Plan do not provide the level of cost savings suitable for interruptible and variable workloads.

Using IAM roles for EC2 instances is the recommended best practice for providing AWS service access from applications running on EC2, as IAM roles provide temporary security credentials that are automatically rotated and do not require manual management. Storing static IAM user credentials on the instance is less secure because it risks exposing long-term credentials if the instance is compromised.

The correct service for managing SSL/TLS certificates is AWS Certificate Manager (ACM), which handles the provisioning, management, and deployment of public and private SSL/TLS certificates. AWS Key Management Service (KMS) is focused on creating and controlling keys for encryption, not on SSL/TLS certificates. AWS Secrets Manager is involved with storing, managing, and retrieving database credentials, API keys, and other secrets, and does not directly manage SSL/TLS certificates. AWS Identity Center provides identity services and single sign-on but is not related to SSL/TLS certificate management.

Implementing EC2 Auto Scaling with dynamic scaling policies is the correct strategy in this scenario. Dynamic scaling adjusts the number of EC2 instances automatically in response to real-time demand, such as the unpredictable bursts of traffic caused by sporadic marketing campaigns. This action prevents over-provisioning (and thus overspending) during normal operation and also ensures performance isn't sacrificed during unexpected surges in demand.

Reserved Instances would not be cost-effective due to the unpredictable nature of the traffic, and Spot Instances might be interrupted during peak loads, leading to potential performance issues. On-demand instances alone would maintain performance but would not be cost-optimized.

Amazon S3 Glacier is designed for data archiving, offering very low storage costs for long-term archiving where data is infrequently accessed. Its retrieval times can be slow (from minutes to hours), which aligns with the company's requirements for rare access and is acceptable in the case of legal issues. Amazon S3 Standard offers higher availability and faster access but at higher costs and is not suitable for archiving. Amazon S3 Intelligent-Tiering is designed to optimize costs by automatically moving data to the most cost-effective access tier, but has a monitoring and automation cost, making it less attractive for purely archival information. Amazon S3 One Zone-Infrequent Access provides a lower-cost option compared to Standard, but still costs more than Glacier and is most effective when you need quicker access to infrequently accessed data.

The service that fits the requirements of being serverless and capable of handling fluctuating data processing workloads is AWS Glue. It allows the automation of converting data into a consistent and query-optimized format without the need to manage the underlying infrastructure. It supports various data formats and has built-in capabilities for data cleansing and transformation, which makes it a suitable choice for preparing data for analytics in a data warehouse. Other options like AWS Data Pipeline offer managed ETL service but are not serverless, and using Amazon EC2 would require managing servers. AWS Lambda is serverless but is not primarily designed for ETL workflows and may not be as robust or straightforward when dealing with complex and large-scale data transformation as AWS Glue.

Amazon RDS Proxy is designed to handle a large volume of concurrent database connections and smooth out spikes in connection requests to RDS databases. It mitigates database overload by absorbing the connections to create a connection pool and by reducing database failovers through intelligent load balancing. Using RDS Proxy decreases the need to refactor the applications that are not designed to manage such spikes, which distinguishes it from the other answer options that do not offer the same degree of functionality for this specific requirement.

Amazon Simple Queue Service (SQS) enables the queuing of messages, which helps in decoupling the components of a system. For the trading company's need to buffer transaction orders and allow for delayed processing, SQS is a fitting choice as it can handle a high volume of messages and maintain them until the consuming service is ready to process. This ensures that the architecture can scale and that the individual components are loosely coupled. On the other hand, AWS Transfer Family is used primarily for secure file transfer and does not provide queuing capabilities. The AWS Secrets Manager is tailored for managing sensitive information, which is not relevant to the message queuing requirement. Amazon RDS is a database service and does not offer message queuing functionality.

Amazon Kinesis is the correct service for this scenario as it is specifically tailored for real-time streaming and processing of large volumes of data. Kinesis allows the capture, processing, and analysis of streaming data, enabling insights almost immediately after data is produced. Other services like Amazon Athena and AWS Glue are designed for querying stored data and data transformation tasks, respectively, and do not by themselves handle the real-time streaming capabilities required by the scenario depicted in the question. While AWS DataSync is used for data transfer purposes, it does not cater to real-time data processing needs.

Amazon S3 Standard-Infrequent Access (S3 Standard-IA) is the appropriate choice for data that is accessed less frequently, but requires rapid access when needed, making it suitable for the log files after they are initially analyzed. It provides a cost-saving over using Amazon S3 Standard and offers the required availability and performance. S3 One Zone-IA has lower storage costs compared to S3 Standard-IA, but due to its lack of redundancy across multiple Availability Zones, it is not recommended for newly created logs that might be critical. S3 Glacier and S3 Glacier Deep Archive have retrieval times that range from minutes to hours and are intended for long-term archiving, not suitable for logs that need to be immediately analyzed upon creation.

AWS Aurora Serverless adjusts its compute capacity to the current workload and charges based on the actual consumed compute capacity, making it cost-effective for variable workloads and reducing the need for database administration, as the capacity management is fully handled by AWS. Other options might provide some of these features, but Aurora Serverless uniquely fulfills all the criteria specified. For example, Amazon RDS requires capacity provisioning that doesn't automatically scale and incurs costs for unused resources. DynamoDB, while having auto-scaling capabilities, is not a relational database and might involve significant schema changes. AWS Redshift is optimized for data warehousing and analytics rather than transactional workloads.

Placing the database server in a private subnet with no direct access from the internet and configuring the security group associated with the database server to allow traffic only from the security group of the web server ensures that only the web server can communicate with the database. Other options, such as placing the database server in a public subnet or allowing direct internet access, would violate security best practices by potentially exposing the database to unauthorized access.

AWS Lambda is a serverless compute service that automatically scales to match the demand of triggering events and charges on a per-request basis. This makes it ideal for handling unpredictable workloads such as the image processing required by the mobile application during spikes in activity, without incurring costs during idle times. Amazon EC2 would require manual scaling and constant running costs regardless of demand. AWS Fargate, while it provides container management, still requires capacity management and potentially suffers from cold starts. AWS Batch is meant for batch processing workloads and lacks the real-time event-driven model needed here.

Designing for resilience includes planning for unexpected spikes in traffic and ensuring that AWS services can scale to meet demand. Increasing the provisioned read/write capacity units for the DynamoDB table is the correct action to address the issue. By provisioning more throughput, the ability to handle higher levels of traffic without throttling is ensured. Requesting a service quota increase would be relevant if the application was hitting account-level service limits, but this is less likely to be the immediate solution to throttling, which is often encountered at the table level. Similarly, monitoring with Amazon CloudWatch is useful for awareness and alarms, but it does not address the need to accommodate increased traffic. Implementing exponential backoff is a retry strategy to handle request throttling but does not by itself prevent throttling from occurring initially.

For applications with variable traffic and occasional spikes, a balance between compute, memory, and networking is often required. General Purpose instance families, such as the T3 or M5, are designed for such use cases, offering a good balance of resources and the ability to burst in performance, which allows them to handle occasional spikes efficiently. The Compute Optimized family is better for compute-intensive applications, and Memory Optimized instances cater to workloads that require large amounts of memory. Accelerated Computing instances are specialized for workloads that need hardware acceleration provided by GPU or FPGA.