ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 1015 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 1015
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company is deploying a new API to AWS. The API uses Amazon API Gateway with a Regional API endpoint and an AWS Lambda function for hosting. The API retrieves data from an external vendor API, stores data in an Amazon DynamoDB global table, and retrieves data from the DynamoDB global table. The API key for the vendor's API is stored in AWS Secrets Manager and is encrypted with a customer managed key in AWS Key Management Service (AWS KMS). The company has deployed its own API into a single AWS Region.

A solutions architect needs to change the API components of the company's API to ensure that the components can run across multiple Regions in an active-active configuration.

Which combination of changes will meet this requirement with the LEAST operational overhead? (Choose three.)

  • A. Deploy the API to multiple Regions. Configure Amazon Route 53 with custom domain names that route traffic to each Regional API endpoint. Implement a Route 53 multivalue answer routing policy.
  • B. Create a new KMS multi-Region customer managed key. Create a new KMS customer managed replica key in each in-scope Region.
  • C. Replicate the existing Secrets Manager secret to other Regions. For each in-scope Region's replicated secret, select the appropriate KMS key.
  • D. Create a new AWS managed KMS key in each in-scope Region. Convert an existing key to a multi-Region key. Use the multi-Region key in other Regions.
  • E. Create a new Secrets Manager secret in each in-scope Region. Copy the secret value from the existing Region to the new secret in each in-scope Region.
  • F. Modify the deployment process for the Lambda function to repeat the deployment across in-scope Regions. Turn on the multi-Region option for the existing API. Select the Lambda function that is deployed in each Region as the backend for the multi-Region API.
Show Suggested Answer Hide Answer
Suggested Answer: BCF 🗳️
by Appon at Dec. 12, 2022, 3:50 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
LuongTo
4 months, 2 weeks ago
Selected Answer: ABC
A: lambda is regional service, need to deploy in other regions and Route 53 multivalue answer routing policy https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-multivalue.html B: customer-manage is okay https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html C: secret manager https://docs.aws.amazon.com/secretsmanager/latest/userguide/replicate-secrets.html D “AWS managed KMS key” out E quite manual than C F out since lambda is a regional service. There is not an option like multi-region.
upvoted 2 times
...
marszalekm
1 year, 3 months ago
If you are choosing F then please provide details how to "Turn on the multi-Region option for API" because such option does not exist https://repost.aws/questions/QUSs8ODCyJSRWR7mawaUIl4g/multi-region-strategy-for-api-gateway
upvoted 2 times
...
ggrodskiy
1 year, 9 months ago
Correct ABC
upvoted 3 times
...
dev112233xx
1 year, 11 months ago
Selected Answer: BCF
B- Create new KMS in other region because you can't replicate existing KMS C- Replicate the existing Secrets Manager secret F- weird wording but i guess "multi-region option" means "edge optimized" , but it's better than A because it also handle the Lambda deployment to the other region
upvoted 1 times
Jesuisleon
1 year, 11 months ago
A is wrong beacuse it should use latency routing not multivalue routing, see "https://aws.amazon.com/blogs/compute/building-a-multi-region-serverless-application-with-amazon-api-gateway-and-aws-lambda/"
upvoted 2 times
...
...
andras
2 years, 1 month ago
Selected Answer: ABF
https://aws.amazon.com/blogs/compute/building-a-multi-region-serverless-application-with-amazon-api-gateway-and-aws-lambda/
upvoted 1 times
Jesuisleon
1 year, 11 months ago
Based on your link, the correct answer should be BCF. A is wrong because it uses route 53 multivalue routing, your link mentions "latency routing" search "Use the health check when you set up the record set and the latency routing, for example, for us-east-1".
upvoted 1 times
...
...
ccort
2 years, 3 months ago
Selected Answer: BCF
BCF seems correct. You CANNOT convert a kms key to multi region, or vice versa.
upvoted 3 times
...
ggrodskiy
2 years, 4 months ago
Correct BCF
upvoted 1 times
ggrodskiy
1 year, 9 months ago
Correct ABC. F. Modifying the deployment process for the Lambda function to repeat the deployment across in-scope Regions will increase your operational overhead and complexity, as you will have to manage multiple Lambda functions and their configurations. Turning on the multi-Region option for the existing API is not possible, as only new APIs can be created as multi-Region APIs.
upvoted 1 times
...
...
Appon
2 years, 4 months ago
BCF correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago