AWS Solution Architect Associate Question
Answers Free
1. A web application allows customers to
upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda
function that inserts a message to an SQS queue. A singleEC2 instance reads
messages from the queue, processes them, and stores them in an DynamoDB table
partitioned by unique order I Next month traffic is expected to increase by a
factor of 10 and a Solutions Architect is reviewing the architecture for
possible scaling problems. Which component is MOST likely to need re-architecting
to be able to scale to accommodate the new traffic?
- Lambda function
- SQS queue
- EC2 instance
- DynamoDB table
2. Organization XYZ is planning to build
an online chat application for their enterprise level collaboration for their
employees across the world. They are looking
for a single digit latency fully managed database to store and retrieve
conversations. What would AWS Database service you recommend?
- AWS DynamoDB
- AWS RDS
- AWS Redshift
- AWS Aurora
3. A company is developing a highly
available web application using stateless web servers. Which services are suitable
for storing session state data? (Select TWO)
- CloudWatch
- DynamoDB
- Elastic Load Balancing
- ElastiCache
- Storage Gateway
4. You have an S3 bucket that receives
photos uploaded by customers. When an object is uploaded, an event notification
is sent to an SQS queue with the object details. You also have an ECS cluster
that gets messages from the queue to do the batch processing. The queue size
may change greatly depending on the number of incoming messages and backend
processing speed. Which metric would you use to scale up/down the ECS cluster
capacity?
- The number of messages in the SQS queue.
- Memory usage of the ECS cluster.
- Number of objects in the S3 bucket.
- Number of containers in the ECS cluster.
5. A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The application tier must read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
- Public subnets for both the application tier and the database cluster
- Public subnets for the application tier, and private subnets for the database cluster
- Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster
- Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway
6. A Solutions Architect is designing a
critical business application with a relational database that runs on an EC2
instance. It requires a single EBS volume that can support up to 16,000 IOPS. Which
Amazon EBS volume type can meet the performance requirements of this
application?
- EBS Provisioned IOPS SSD
- EBS Throughput Optimized HDD
- EBS General Purpose SSD
- EBS Cold HDD
7. An organization is building an Amazon
Redshift cluster in their shared services VP The cluster will host sensitive
data. How can the organization control which networks can access the cluster?
- Run the cluster in a different VPC and connect through VPC peering.
- Create a database user inside the Amazon Redshift cluster only for users on the network.
- Define a cluster security group for the cluster that allows access from the allowed networks.
- Only allow access to networks that connect with the shared services network via VPN.
8. An application running on EC2
instances processes sensitive information stored on Amazon S3. The information
is accessed over the Internet. The security team is concerned that the Internet
connectivity to Amazon S3 is a security risk. Which solution will resolve the
security concern?
- Access the data through an Internet Gateway.
- Access the data through a VPN connection.
- Access the data through a NAT Gateway.
- Access the data through a VPC endpoint for Amazon S3.
9. A web application allows customers to
upload orders to an S3 bucket. The resulting Amazon S3 events trigger a Lambda
function that inserts a message to an SQS queue. A single EC2 instance reads
messages from the queue, processes them, and stores them in an DynamoDB table
partitioned by unique order I Next month traffic is expected to increase by a
factor of 10 and a Solutions Architect is reviewing the architecture for
possible scaling problems. Which component is MOST likely to need
re-architecting to be able to scale to accommodate the new traffic?
- Lambda function
- SQS queue
- EC2 instance
- DynamoDB table
10. An International company has deployed
a multi-tier web application that relies on DynamoDB in a single region. For
regulatory reasons they need disaster recovery capability in a separate region
with a Recovery Time Objective of 2 hours and a Recovery Point Objective of 24
hours they should synchronize their data on a regular basis and be able to revision
me web application rapidly using Cloud Formation. The objective is to minimize
changes to the existing web application, control the throughput of DynamoDB
used for the synchronization of data and synchronize only the modified
elements. Which design would you choose to meet these requirements?
- Use AWS data Pipeline to schedule a
DynamoDB cross region copy once a day. create a ×’€Lastupdated×’€ attribute attribute in your DynamoDB table
that would represent the timestamp of the last update and use it as a filter.
- Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation and push it to QynamoDB in the second region.
- Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then schedule another task immediately after it that will import data from S3 to DynamoDB in the other region.
- Send also each Ante into an SQS queue in me second region; use an auto-scaiing group behind the SQS queue to replay the write in the second region.
11. A company is storing an access key
(access key ID and secret access key) in a text file on a custom AMI. The
company uses the access key to access DynamoDB tables from instances created
from the AMI. The security team has mandated a more secure solution. Which
solution will meet the security team’s mandate?
- Put the access key in an S3 bucket, and retrieve the access key on boot from the instance.
- Pass the access key to the instances through instance user data.
- Obtain the access key from a key server launched in a private subnet.
- Create an IAM role with permissions to access the table, and launch all instances with the new role.
12. A company is migrating to the AWS Cloud. A file server is the first workload to migrate. Users must be able to access the file share using the Server Message Block (SMB) protocol. Which AWS managed service meets these requirements?
- Amazon EBS
- Amazon EC2
- Amazon FSx
- Amazon S3
13. A company wants to deploy a shared file system for its .NET application servers and Microsoft SQL Server database running on Amazon EC2 instance with Windows Server 2016. The solution must be able to be integrated into the corporate Active Directory domain, be highly durable, be managed by AWS, and provided levels of throughput and IOPS. Which solution meets these requirements?
- Use Amazon Elastic File System (Amazon EFS)
- Use AWS Storage Gateway in file gateway mode
- Use Amazon FSx for Windows File Server
- Deploy a Windows file server on two On Demand instances across two Availability zones.
14 A solutions architect is working on optimizing a legacy document management application running on Microsoft Windows Server in an on-premises data center. The application stores a large number of files on a network file share. The chief information officer wants to reduce the on-premises data center footprint and minimize storage costs by moving on-premises storage to AWS. What should the solutions architect do to meet these requirements!
- Set up Amazon Elastic File System (Amazon EFS),
- Set up AWS Storage Gateway as a volume gateway
- Set up an AWS Storage Gateway file gateway.
- Set up an Amazon Elastic Block Store (Amazon EBS) volume.
15. A company decides to migrate its three-tier web application from on-premises to the AWS Cloud. The new database must be capable of dynamically scaling storage capacity and performing table joins. Which AWS service meets these requirements?
- Amazon Aurora
- Amazon RDS for SqlServer
- Amazon Dynamo DB Streams
- Amazon DynamoDB on-demand
16. Application developers have noticed that a production application is very slow when business reporting users run large production reports against the Amazon RDS instance backing the application. The CPU and memory utilization metrics for the RDS instance do not exceed 60% while the reporting queries are running. The business reporting users must be able to generate reports without affecting the applications performance. Which action will accomplish this?
- Increase the size of the RDS instance
- Create a read replication and connect the business reports to it.
- Create a read replica and connect the application to it.
- Enable multiple Availability Zones on the RDS instance
17. A solution architect must migrate a Windows Internet Information Services (IIS) web application to AWS. The application currently relies on a file share hosted in the user's on-premises network-attached storage (NAS). The solution architected has proposed migrating the IIS web servers. Which replacement to the on-promises file share is MOST resilient and durable?
- Migrate the file Share to Amazon RDS
- Migrate the file Share to Amazon FSx for Windows File Server
- Migrate the tile Share to AWS Storage Gateway
- Migrate the tile share to Amazon Elastic File System (Amazon EFS)
18. A company is running a two-tier e-commerce website using services. The current architect uses a publish-facing Elastic Load Balancer that sends traffic to Amazon EC2 instances in a private subnet. The static content is hosted on EC2 instances, and the dynamic content is retrieved from a MYSQL database. The application is running in the United States. The company recently started selling to users in Europe and Australia. A solution architect needs to design solution so their international users have an improved browsing experience. Which solution is MOST cost-effective?
- Host the entire website on Amazon S3
- Use Amazon CloudFront and Amazon S3 to host static images
- Increase the number of public load balancers and EC2 instances
- Deploy the two-tier website in AWS Regions in Europe and Australia.
19. A company needs to implement a relational database with a multi-Region disaster recovery Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of 1 minute. Which AWS solution can achieve this?
- Amazon RDS for MySQL with Multi-AZ enabled
- Amazon Aurora Global Database
- Amazon Dynamo DB global tables
- Amazon RDS for MySQL with a cross-Region snapshot copy.
20. A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the provisioning of infrastructure resources and provide the fastest possible response time. Which combination should a solutions architect recommend to meet these requirements?
- AWS Lambda and Amazon DynamoDB,
- Application Load Balancer with Amazon EC2 Auto Scaling
- Amazon CloudFront and Amazon S3
- Amazon Route 53 with internal Application Load Balances
21. A solutions architect is using Amazon S3 to design the storage architecture of a new digital media application. The media files must be resilient to the loss of an Availability Zone. Some files are accessed frequently while other files are rarely accessed in an unpredictable pattern. The solutions architect must minimize the costs of storing and retrieving the media files. Which storage option meets these requirements?
- S3 Standard
- S3 Intelligent-Tiering
- S3 Standard-Infrequent Access (S3 Standard-IA
- S3 One Zone Infrequent Access (S3 One Zone-IA),
Linkedin Amazon Web Services AWS Lambda Test Question Answers
22. A media company stores video content in an Amazon Elastic Block Store (Amazon EBS), volume. A certain video file has become popular and a large number of users across the world are accessing this content. This has resulted in a cost increase. Which action will DECREASE cost without compromising user accessibility?
- Change the EBS volume to Provisioned IOPS (PIOPS).
- Store the video in an Amazon S3 bucket and create an Amazon CloudFront distribution
- Split the video into multiple, smaller segments so users are routed to the requested video segments only
- Clear an Amazon S3 bucket in each Region and upload the videos so users are routed to the nearest S3 bucket.
23. An application running on AWS uses an Amazon Aurora Multi-AZ deployment for its database. When evaluating performance metrics, a solutions architect discovered that the database reads are causing high I/O and adding latency to the write requests against the database. What should the solutions architect do to separate the read requests from the write requests?
- Create a read replica and modify the application to use the appropriate endpoint
- Enable read-through caching on the Amazon Aurora database.
- Update the application to read from the Multi-AZ standby instance
- Create a second Amazon Aurora database and link it to the primary database as a read replica.
24. A company's dynamic website is hosted using on-premises servers in the United States. The company is launching its product in Europe, and it wants to optimize site loading times for new European users. The site's backend must remain in the United States. The product is being launched in a few days, and an immediate solution is needed. What should the solutions architect recommend?
- Launch an Amazon EC2 instance in us-east-1 and migrate the site to it
- Move the website to Amazon S3. Use cross-region replication between Regions
- Use Amazon CloudFront with a custom origin pointing to the on-premises servers
- Use an Amazon Route 53 geo-proximity routing policy pointing to on-premises servers.
25. A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user uploaded documents in an Amazon EBS volume. For better scalability and availability, the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone, placing both behind an Application Load Balancer. After completing this change, users reported that, each time they refreshed the website, they could see one subset of their documents or the other, but never all of the documents at the same time. What should a solutions architect propose to ensure users see all of their documents at once!
- Copy the data so both EBS volumes contain all the documents
- Configure the Application Load Balancer to direct a user to the server with the documents
- Configure the Application Load Balancer to send the request to both servers. Return each document, from the correct server.
- Copy the data from both EBS volumes to Amazon EFS. Modify the application to save new documents to Amazon EFS
26. A development team needs to host a website that will be accessed by other teams. The website contents consist of HTML, CSS, client-side JavaScript, and images. Which method is the MOST cost-effective for hosting the website?
- Containerize the website and host it in AWS Fargate
- Create an Amazon S3 bucket and host the website there
- Deploy a web server on an Amazon EC2 instance to host the website
- Configure an Application Load Balancer with an AWS Lambda target that uses the Express.js framework.
27. A solutions architect is tasked with transferring 750 TB of data from a network-attached file system located at a branch office Amazon S3 Glacier. The solution must avoid saturating the branch office's low-bandwidth internet connection. What is the MOST cost-effective solution?
- Create a site-to-site VPN tunnel to an Amazon S3 bucket and transfer the files directly. Create a bucket VPC endpoint
- Order 10 AWS Snowball appliances and select an S3 Glacier vault as the destination. Create a bucket policy to enforce VPC endpoint
- Mount the network attached file system to Amazon S3 and copy the files directly. Create a lifecycle policy to S3 objects to Amazon S3 Glacier
- Order 10 AWS Snowball appliances and select an Amazon S3 bucket as the destination. Create a lifecycle policy to transition the S3 objects to Amazon S3 Glacier.
28. A new instance is launched in public VPC subnet. There is an
internet gateway and a route entry as 0.0.0.0/0 but instance can not reach
internet. Other instances in this subnet have no issue. How can this problem be
solved?
- A new security group should be created and allow outbound for any. Then instance should be attached to this security group
- instance should be terminated and relaunched again
- Instance should have either public IP or elastic IP
- NACL should be configured for outbound rule allowing for any protocol and ports
29. Which of the below mentioned steps will not be performed while creating the AMI of instance stored-backend?
- Upload the bundled volume.
- Define the AMI launch permissions.
- Bundle the volume.
- Register the AMI.
30. You have a business-critical two-tier web app currently deployed in two AZ in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZs goes off-line, and Auto Scaling cannot launch new instances in the remaining AZs. How can the current architecture be enhanced to ensure this?
- Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.
- Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.
- Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load per Region.
- Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load per region
31. How can you change the instance type used in Auto Scaling Group?
- Instances should be stopped and then type can be changed
- AS Group should be deleted and recreated
- It is not possible to change the instance type
- A new launch configuration with a new instance type should be created and attached to AS group
32. You have assigned one Elastic IP to your EC2 instance. Now we need to restart the VM without EIP changed. Which of below you should not do?
- When the instance is in VPC private subnet, stop/start works.
- Reboot the instance.
- When the instance is in VPC public subnets, stop/start works.
- Reboot and stop/start both works.
33. How can an instance be copied to another region?
- By creating an AMI and copy it to another region
- There is no way to copy an instance to another region
- First instance's root volume is detached. Then a new instance is created in another region. Finally detached volume can be attached to new instance as root device
- By stopping instance and using copy option
34. A company is hosting multiple websites for several lines of business under its registered parent domain, Users accessing these websites will be routed to appropriate backend Amazon EC2 instances based on the subdomain. The websites host static webpages, images, and server-side scripts like PHP and JavaScript. Some of the websites experience peak access during the first two hours of business with constant usage throughout the rest of the day. A solutions architect needs to design a solution that will automatically adjust capacity to these traffic patterns while keeping costs low. Which combination of AWS services or features will meet these requirements? (Choose two.),
- Amazon S3 website hosting
- AWS Batch
- Network Load Balancer
- Application Load Balancer
- Amazon EC2 Auto Scaling
35. A company must generate sales reports at the beginning of every month. The reporting process launches 20 Amazon EC2 instances on the first of the month. The process runs for 7 days and cannot be interrupted. The company wants to minimize costs. Which pricing model should the company choose?
- Reserved Instances
- Spot Block Instances
- On-Demand Instances
- Scheduled Reserved Instances
36. A company uses an Amazon S3 bucket to store static images for its website. The company configured permissions to allow access to Amazon S3 objects by privileged users only. What should a solutions architect do to protect against data loss? (Choose two.),
- Enable versioning on the S3 bucket
- Use MFA Delete to require multi-factor authentication to delete an object.
- Enable access logging on the S3 bucket
- Enable server-side encryption on the S3 bucket
- Configure an S3 lifecycle rule to transition objects to Amazon S3 Glacier
37. What is the maximum size of a general SSD EBS volume?
- 16TB
- 16TiB
- 4Gib
- 2TiB
38. The AMI ID used in an Auto Scaling policy is configured in the _______.
- Auto Scaling group
- Auto Scaling Policy
- group policy
- launch configuration
39. Your web application front end consists of multiple EC2 instances behind an Elastic Load Balancer. You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true?
- The ELB stops sending traffic to the instance that failed its health check
- The instance gets terminated automatically by the ELB.
- The instance gets quarantined by the ELB for root cause analysis.
- The instance is replaced automatically by the ELB.
40. What URL might you query on an EC2 instance in order to find the public AND private IP address of an instance?
- http://169.254.169.169/latest/meta-data/
- http://169.254.169.254/latest/meta-data/
- http://169.254.169.254/latest/user-data/
- http://169.254.169.169/latest/meta-data/
41. Which of the following AWS services allow you access to the underlying
operating system? Choose the 2 correct answers:
- Amazon RDS
- Amazon Elasticbeanstalk
- Amazon Elastic Mapreduce
- Amazon S3
42. To prevent in-flight tampering, all requests sent with API keys over REST or Query API should be sent over HTTPS connection.
- False
- True
43. Your AWS environment contains several on-demand EC2 instances dedicated to a project that has just been cancelled. Your supervisor does not want to incur charges for these on-demand instances, but also does not want to lose the data just yet because there is a chance the project may be revived in the next few days. What should you do to minimize charges for these instances in the meantime?
- Contact AWS and explain the situation
- Sell the instances on the AWS On-Demand Instance Marketplace. You can buy them back later if needed
- Stop the instances as soon as possible
- Terminate the instances as soon as possible
44. Which of the following is an invalid VPC Peering Configuration?
- You have peered three VPCs together in a full mesh configuration. The VPCs are in the same AWS account and do not have overlapping CIDR blocks.
- You have a VPC peering connection between VPC A and VPC B . VPC A also has a VPN connection to a corporate network. You use VPC A to extend the peering relationship to exist between VPC B and the corporate network so that traffic from the corporate network can directly access VPC B by using the VPN connection to VPC A.
- You have a VPC peering connection between VPC A and VPC B, which are in the same AWS account, and do not have overlapping CIDR blocks.
- You have a central VPC (VPC A), and you have a VPC peering connection between VPC A and VPC B , and between VPC A and VPC C . The VPCs are in the same AWS account, and do not have overlapping CIDR blocks.
45. What is the minimum size of an S3 object?
- 1Byte
- 1GB
- 0Byte
- 1Tb
46. You are the System Administrator for your company’s AWS account of approximately 200 IAM users. A new company policy has just been introduced that will change the access of 50 of the IAM users to have unlimited access to S3 buckets. How can you implement this effectively so that there is no need to apply the policy at the individual user level?
- Create a new role and add each user to the IAM role
- Create an IAM group, add the 50 users, and apply the policy to group
- Create a policy and apply it to multiple users using a JSON script
- Create an S3 bucket policy with unlimited access which includes each user's AWS account ID
47. Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? Choose the 2 correct answers:
- The ENI (Elastic Network Interface) is detatched
- All data on instance-store devices will be lost
- The Elastic IP will be dissociated from the instance
- The underlying host for the instance could be changed
48. Data stored on EBS volumes are automatically and redundantly stored in multiple physical volumes in the same availability zone as part of the normal operations of the EBS service and at no additional charge.
- False
- True
49. Amazon Auto Scaling is not meant to handle instant load spikes but is built to grow with a gradual increase in usage over a short time period.
- True
- False
50. A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes. Which compute model should a Solutions Architect choose to accomplish this task?
- EC2 Dedicated Hosts
- EC2 Placement Groups
- EC2 Reserved Instances
- EC2 Spot Instances
51. What is the difference between an availability zone and an edge location?
- An availability zone is an isolated location wwithin an AWS region whereas an edge location will deliver cached content to the closest location to reduce latency
- Edge locations are used as control stations for AWS resources
- An availability zone is a grouping of AWS resources in a specific region; an edge location is a specific resource within the AWS region
- None of the above
52. Which is an operational process performed by AWS for data security?
- Background virus scans of EBS volumes and EBS snapshots
- Secure wiping of EBS data when an EBS volume is unmounted
- Replicating Data over multiple AWS Regions
- Decommissioning of storage devices using industry-standard practices
53. After configuring a whole site CDN on CloudFront you receive the following
error: This distribution is not configured to allow the HTTP request method
that was used for this request. The distribution supports only cachable
requests. What is the most likely cause of this?
- Allowed HTTP methods on that specific origin is only accepting GET, HEAD, OPTIONS
- Allowed HTTP methods on that specific origin is only accepting GET, HEAD
- The CloudFront distribution is configured to the wrong origin
- Allowed HTTP methods on that specific origin is only accepting GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
54. Your application’s usage peaks at 90% during the hours of 9am and 10am everyday. All other hours require only 10% of the peak resources. What is the best way to scale your application so that you’re only paying for max resources during peak hours ?
- Proactive Cycle Scaling
- Proactive Event-based scaling
- Run enough instances to handle peek capcity
- Auto Scaling by demand
55. An application is running on Amazon EC2 instances. Sensitive information required for the application is stored in an Amazon S3 bucket. The bucket needs to be protected from internet access while only allowing services within the VPC access to the bucket. Which combination of actions should solutions archived take to accomplish this? (Choose two.)
- Enable server access logging on the bucket.
- Apply a bucket policy to restrict access to the S3 endpoint.
- Create a VPC endpoint for Amazon S3
- Add an S3 ACL to the bucket that has sensitive information.
- Restrict users using the IAM policy to use the specific bucket,
56. A web application runs on Amazon EC2 instances behind an Application Load Balancer. The application allows users to create custom reports of historical weather data. Generating a report can take up to 5 minutes. These long-running requests use many of the available incoming connections, making the system unresponsive to other users. How can a solutions architect make the system more responsive?
- Increase the idle timeout on the Application Load Balancer to 5, minutes.
- Update the client-side application code to increase its request timeout to 5 minutes.
- Use Amazon SQS with AWS Lambda to generate reports.
- Publish the reports to Amazon S3 and use Amazon CloudFront for downloading to the user.
57. A solutions architect is creating an application that will handle batch processing of large amounts of data. The input data will be held in Amazon S3 and the output data will be stored in a different S3 bucket. For processing, the application will transfer the data over the network between multiple Amazon EC2 instances. What should the solutions architect do to reduce the overall data transfer costs?
- Place all the EC2 instances in the same Availability Zone.
- Place all the EC2 instances in an Auto Scaling group.
- Place all the EC2 instances in the same AWS Region.
- Place all the EC2 instances in private subnets in multiple Availability Zones.
58. You manually launch a NAT AMI in a
public subnet. The network is properly configure Security groups and network
access control lists are property configure Instances in a private subnet can
access the NAT. The NAT can access the Internet. However, private instances
cannot access the Internet. What additional step is required to allow access
from the private instances?
- Enable Source/Destination Check on the private Instances.
- Enable Source/Destination Check on the NAT instance.
- Disable Source/Destination Check on the private instances.
- Disable Source/Destination Check on the NAT instance.
59. Which of the following approaches
provides the lowest cost for Amazon Elastic Block Store snapshots while giving
you the ability to fully restore data?
- Maintain two snapshots: the original snapshot and the latest incremental snapshot.
- Maintain a volume snapshot; subsequent snapshots will overwrite one another.
- Maintain a single snapshot the latest snapshot is both Incremental and complete.
- Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.
60. An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data on an Amazon EBS volume?
- Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS CloudHSM. Re- mount the Amazon EBS volume.
- Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old Amazon EBS volume.
- Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS volume.
- Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS volume. Mount the Amazon EBS volume.
61. An application saves the logsto an S3 bucket. A user wants to keep the logs forone month for troubleshooting purposes, and then purge the logs. What feature will enable this?
- Adding a bucket policy on the S3 bucket.
- Configuring lifecycle configuration rules on the S3 bucket.
- Creating an IAM policy for the S3 bucket.
- Enabling CORS on the S3 bucket.
62. An organization is building an Amazon Redshift cluster in their shared services VP The cluster will host sensitive data.How can the organization control which networks can access the cluster?
- A.Run the cluster in a different VPC and connect through VPC peering.
- Create a database user inside the Amazon Redshift cluster only for users on the network.
- Define a cluster security group for the cluster that allows access from the allowed networks.
- Only allow access to networks that connect with the shared services network via VPN.
63. A Solutions Architect is designing an online shopping application running in a VPC on EC2 instances behind an ELB Application Load Balancer.The instances run in an Auto Scaling group across multiple Availability Zones. The application tiermust read and write data to a customer managed database cluster. There should be no access to the database from the Internet, but the cluster must be able to obtain software patches from the Internet. Which VPC design meets these requirements?
- A.Public subnets for both the application tier and the database cluster.
- Public subnets for the application tier, and private subnets for the database cluster.
- Public subnets for the application tier and NAT Gateway, and private subnets for the database cluster.
- Public subnets for the application tier, and private subnets for the database cluster and NAT Gateway.
64. You are an AWS Solutions Architect. Your company has a successful web application deployed in an AWS Auto Scaling group. The application attracts more and more global customers. However, the application’s performance is impacte Your manager asks you how to improve the performance and availability of the application. Which of the following AWS services would you recommend?
- AWS DataSync
- Amazon DynamoDB Accelerator
- AWS Lake Formation
- AWS Global Accelerator
65. Your team is developing a high-performance computing (HPapplication. The application resolves complex, compute-intensive problems and needs a high-performance and low-latency Lustre file system. You need to configure this file system in AWS at a low cost. Which method is the most suitable?
- Create a Lustre file system through Amazon FSx.
- Launch a high-performance Lustre file system in Amazon EBS.
- Create a high-speed volume cluster in an EC2 placement group.
- Launch the Lustre file system from AWS Marketplace.
66. You host a static website in an S3 bucket and there are global clients from multiple regions. You want to use an AWS service to store cache for frequently accessed content so that the latency is reduced and the data transfer rate is increase Which of the following options would you choose?
- Use AWS SDKs to horizontally scale parallel requests to the Amazon S3 service endpoints.
- Create multiple Amazon S3 buckets and put Amazon EC2 and S3 in the same AWS Region.
- Enable Cross-Region Replication to several AWS Regions to serve customers from different locations.
- Configure CloudFront to deliver the content in the S3 bucket.
67. Your company has an online game application deployed in an Auto Scaling group. The traffic of the application is predictable. Every Friday, the traffic starts to increase, remains high on weekends and then drops on Monday. You need to plan the scaling actions for the Auto Scaling group. Which method is the most suitable for the scaling policy?
- Configure a scheduled CloudWatch event rule to launch/terminate instances at the specified time every week.
- Create a predefined target tracking scaling policy based on the average CPU metric and the ASG will scale automatically.
- Select the ASG and on the Automatic Scaling tab, add a step scaling policy to automatically scale-out/in at fixed time every week.
- Configure a scheduled action in the Auto Scaling group by specifying the recurrence, start/end time, capacities, etc
68. You are creating several EC2 instances for a new application. For better performance of the application, both low network latency and high network throughput are required for the EC2 instances. All instances should be launched in a single availability zone. How would you configure this?
- Launch all EC2 instances in a placement group using a Cluster placement strategy.
- Auto-assign a public IP when launching the EC2 instances.
- Launch EC2 instances in an EC2 placement group and select the Spread placement strategy.
- When launching the EC2 instances, select an instance type that supports enhanced networking.
69. You need to deploy a machine learning application in AWS EC2. The performance of inter-instance communication is very critical for the application and you want to attach a network device to the instance so that the performance can be greatly improve Which option is the most appropriate to improve the performance?
- Enable enhanced networking features in the EC2 instance.
- Configure Elastic Fabric Adapter (EFin the instance.
- Attach high-speed Elastic Network Interface (ENI) in the instance.
- Create an Elastic File System (EFS) and mount the file system in the instance.
70. An application saves the logs to an S3 bucket. A user wants to keep the logs for one month for troubleshooting purposes, and then purge the logs. What feature will enable this?
- Adding a bucket policy on the S3 bucket.
- Configuring lifecycle configuration rules on the S3 bucket.
- Creating an IAM policy for the S3 bucket.
- Enabling CORS on the S3 bucket.
71. Company salespeople upload their sales figures daily. A Solutions Architect needs a durable storage solution for these documents that also protects against users accidentally deleting important documents.
Which action will protect against
unintended user actions?
- Store data in an EBS volume and create snapshots once a week.
- Store data in an S3 bucket and enable versioning.
- Store data in two S3 buckets in different AWS regions.
- Store data on EC2 instance storage.
72. An application running on EC2
instances processes sensitive information stored on Amazon S3. The information
is accessed over the Internet. The security team is concerned that the Internet
connectivity to Amazon S3 is a security risk. Which solution will resolve the
security concern?
- A.Access the data through an Internet Gateway.
- Access the data through a VPN connection.
- Access the data through a NAT Gateway.
- Access the data through a VPC endpoint for Amazon S3.
73. Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? Choose the 2 correct answers:
- The ENI (Elastic Network Interface) is detatched
- All data on instance-store devices will be lost
- The Elastic IP will be dissociated from the instance
- The underlying host for the instance could be changed
74. A company hosts its website on AWS. To address the highly variable demand, the company has implemented Amazon EC2 Auto Scaling. Management is concerned that the company is over-provisioning its infrastructure, especially at the front end of the three-tier application. A solutions architect needs to ensure costs are optimized without impacting performance. What should the solutions architect do to accomplish this?
- Use Auto Scaling with Reserved Instances.
- Use Auto Scaling with a target tracking scaling policy.
- Use Auto Scaling with a scheduled scaling policy.
- Use Auto Scaling with the suspend-resume feature
75. Which statement is true about Amazon SQS? Choose the 2 correct answers:
- Amazon SQS guarantees delivery of AT LEAST 1 message and the message order which it is sent/received
- Amazon SQS (Simple Queue Service) guarantees delivery of AT LEAST 1 message and guarantees it will not create duplicates
- Amazon SQS (Simple Queue Service) guarantees delivery of AT LEAST 1 message but cannot guarantee it will not create duplicates
- Amazon SQS guarantees delivery of AT LEAST 1 message but cannot guarantee message order; but does attempt
76. A website runs a web application that receives a burst of traffic each day at noon. The users upload new pictures and content daily but have been complaining of timeouts. The architecture uses Amazon EC2 Auto Scaling groups, and the custom application consistently takes 1 minute to initiate upon boot up before responding to user requests. How should a solutions architect redesign the architecture to better respond to changing traffic?
- Configure a Network Load Balancer with a slow start configuration.
- Configure an Auto Scaling step scaling policy with an instance warmup condition.
- Configure AWS ElastiCache for Redis to offload direct requests to the servers
- Configure Amazon CloudFront to use an Application Load Balancer as the origin
77. A three-tier web application processes orders from customers. The web tier consists of Amazon EC2 instances behind an Application Load Balancer, a middle tier of three EC2 instances decoupled from the web tier using Amazon SQS, and an Amazon DynamoDB backend. At peak times, customers who submit orders using the site have to wait much longer than normal to receive confirmations due to lengthy processing times. A solutions architect needs to reduce these processing times. Which action will be MOST effective in accomplishing this?
- Replace the SQS queue with Amazon Kinesis Data Firehose:
- Use Amazon EC2 Auto Scaling to scale out the middle tier instances based on the SQS queue depth.
- Use Amazon ElastiCache for Redis in front of the DynamoDB backend tier
- Add an Amazon CloudFront distribution to cache the responses for the web tier:
78. A company has a web application with sporadic usage patterns. There is heavy usage at the beginning of each month, moderate usage at the start of each week, and unpredictable usage during the week. The application consists of a web server and a MySQL database server running inside the data center. The company would like to move the application to the AWS Cloud, and needs to select a cost-effective database platform that will not require database modifications, Which solution will meet these requirements?
- MySQL-compatible Amazon Aurora Serverless
- Amazon DynamoDB
- Amazon RDS for MySQL
- MySQL deployed on Amazon EC2 in an Auto Scaling group
79. An application requires a highly available relational database with an initial storage capacity of 8 T The database will grow by 8 GB every day. To support expected traffic, at least eight read replicas will be required to handle database reads. Which option will meet these requirements?
- DynamoDB
- Amazon S3
- Amazon Aurora
- Amazon Redshift
80. A solutions architect is designing an architecture for a new application that requires low network latency and high network throughput between Amazon ECZ instances. Which components should be included in the architectural design?
- An Auto Sealing group with Spot Instance types
- A placement group using a partition placement strategy.
- A placement group using a cluster placement strategy.
- An Auto Sealing group with On-Demand instance types:
81. As part of your application architecture requirements, the company you are working for has requested the ability to run analytics against all combined log files from the Elastic Load Balancer. Which services are used together in order to collect logs and process log file analysis in an AWS environment?
- Amazon DynamoDB to store the logs and EC2 for running custom log analysis scripts
- Amazon EC2 for storing and processing the log files
- Amazon S3 for storing ELB log files and Amazon EMR for processing the log files in analysis
- Amazon S3 for storing the ELB log files and EC2 for processing the log files in analysis
82. A solutions architect needs to design a low-latency solution for a static single-page application accessed by users utilizing a custom domain name. The solution must be serverless, encrypted in transit, and cost-effective. Which combination of AWS services and features should the solutions architect use! (Choose two.)
- Amazon EC2
- AWS Fargate
- Amazon CloudFront
- Amazon S3
- Elastie Load Balaneer
83. A company operates an eCommerce website on Amazon EC2 instances behind an Application Load Balancer (ALB) in an Auto Scaling group. The site is experiencing performance issues related to a high request rate from illegitimate external systems with changing IP addresses. The security team is worried about potential DDoS attacks against the website. The company must block the illegitimate incoming requests in a way that has a minimal impact on legitimate users. What should a solutions architect recommend?
- Deploy rules to the network ACLs associated with the ALB to block the incoming traffic.
- Deploy Amazon Guard Duty and enable rate-limiting protection when configuring Guard Duty.
- Deploy Amazon Inspector and associate it with the ALB.
- Deploy AWS WAF, associate it with the ALB, and configure a rate-limiting rule.
84. A company wants to use an AWS Region as a disaster recovery location for its on-premises infrastructure. The company has 10 TB of existing data, and the on-premise data center has a 1 Gbps internet connection. A solutions architect must find a solution so the company can have its existing data on AWS in 72 hours without transmitting it using an unencrypted channel. Which solution should the solutions architect select?
- Send the initial 10 TB of data to AWS using FTP
- Send the initial 10 TB of data to AWS using AWS Snowball
- Establish a VPN connection between Amazon VPC and the company's data center
- Establish an AWS Direct Connect connection between Amazon VPC and the companies data center
aws solution architect associate exam questions 2021
How do I pass AWS Solution Architect Associate exam in first attempt?
How to Prepare for AWS Solution Architect Associate Certification
