Copy and Edit

Aws Solutions Architect - Associate (05)

Description

Quiz on Aws Solutions Architect - Associate (05), created by Romulo Maciel on 18/05/2020.
Romulo Maciel
Quiz by Romulo Maciel, updated more than 1 year ago
Romulo Maciel
Created by Romulo Maciel about 5 years ago
212
0
0
1 2 3 4 5 (0)

Resource summary

Question 1

Question
A Solutions Architect is designing a system that will store Personally Identifiable Information (PII) in an Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and unencrypted data should never be sent to AWS. What Amazon S3 encryption technique should the Architect choose?
Answer
  • A. Amazon S3 client-side encryption with an AWS KMS-managed customer master key (CMK)
  • B. Amazon S3 server-side encryption with an AWS KMS-managed key
  • C. Amazon S3 client-side encryption with a client-side master key
  • D. Amazon S3 server-side encryption with a customer-provided key

Question 2

Question
A Security team reviewed their company's VPC Flow Logs and found that traffic is being directed to the internet. The application in the VPC uses Amazon EC2 instances for compute and Amazon S3 for storage. The company's goal is to eliminate internet access and allow the application to continue to function. What change should be made in the VPC before updating the route table?
Answer
  • A. Create a NAT gateway for Amazon S3 access
  • B. Create a VPC endpoint for Amazon S3 access
  • C. Create a VPC endpoint for Amazon EC2 access
  • D. Create a NAT gateway for Amazon EC2 access

Question 3

Question
A company is deploying a reporting application on Amazon EC2. The application is expected to generate 1,000 documents every hour and each document will be 800 MB. The company is concerned about strong data consistency and file locking, as various applications hosted on other EC2 instances will process the report documents in parallel when they become available. What storage solution will meet these requirements with the LEAST amount of administrative overhead?
Answer
  • A. Amazon EFS
  • B. Amazon S3
  • C. Amazon ElastiCache
  • D. Amazon EBS

Question 4

Question
A Solutions Architect is building a WordPress-based web application hosted on AWS using Amazon EC2. This application serves as a blog for an international internet security company. The application must be geographically redundant and scalable. It must separate the public Amazon EC2 web servers from the private Amazon RDS database, it must be highly available, and it must support dynamic port routing. Which combination of AWS services or capabilities will meet these requirements?
Answer
  • A. AWS Auto Scaling with a Classic Load Balancer, and AWS CloudTrail
  • B. Amazon Route 53, Auto Scaling with an Application Load Balancer, and Amazon CloudFront
  • C. A VPC, a NAT gateway and Auto Scaling with a Network Load Balancer
  • D. CloudFront, Route 53, and Auto Scaling with a Classic Load Balancer

Question 5

Question
An e-commerce application places orders in an Amazon SQS queue. When a message is received, Amazon EC2 worker instances process the request. The EC2 instances are in an Auto Scaling group. How should the architecture be designed to scale up and down with the LEAST amount of operational overhead?
Answer
  • A. Use an Amazon CloudWatch alarm on the EC2 CPU to scale the Auto Scaling group up and down.
  • B. Use an EC2 Auto Scaling health check for messages processed on the EC2 instances to scale up and down.
  • C. Use an Amazon CloudWatch alarm based on the number of visible messages to scale the Auto Scaling group up or down.
  • D. Use an Amazon CloudWatch alarm based on the CPU to scale the Auto Scaling group up or down.

Question 6

Question
A customer is migrating to AWS and requires applications to access Network File System shares without code changes. Data is critical and accessed frequently. Which storage solution should a Solutions Architect recommend to maximize availability and durability?
Answer
  • A. Amazon EBS
  • B. Amazon S3
  • C. AWS Storage Gateway for files
  • D. Amazon EFS

Question 7

Question
A company has many applications on Amazon EC2 instances running in Auto Scaling groups. Company policies require that data on the attached Amazon EBS volume must be retained. Which actions will meet this requirement without impacting performance?
Answer
  • A. Enable Termination Protection on the Amazon EC2 instances.
  • B. Disable DeleteOnTermination for the Amazon EBS volumes.
  • C. Use Amazon EC2 user data to set up a synchronization job for root volume data.
  • D. Change the auto scaling Health Check to point to a source on the root volume.

Question 8

Question
A company wants to expand its web services from us-east-1 into ap-southeast-1. The company stores a large amount of static content on its website, and recently received complaints about slow loading speeds and the website timing out. What should be done to meet the expansion goal while also addressing the latency and timeout issues?
Answer
  • A. Store the static content in Amazon S3 and enable S3 Transfer Acceleration.
  • B. Store the static content in an Amazon EBS volume in the ap-southeast-1 region and provision larger Amazon EC2 instances for the website.
  • C. Use an Amazon Route 53 simple routing policy to distribute cached content across three regions.
  • D. Use Amazon S3 to store the static content and configure an Amazon CloudFront distribution.

Question 9

Question
An application is scanning an Amazon DynamoDB table that was created with default settings. The application occasionally reads stale data when it queries the table. How can this issue be corrected?
Answer
  • A. Increase the provisioned read capacity of the table.
  • B. Enable AutoScaling on the DynamoDB table.
  • C. Update the application to use strongly consistent reads.
  • D. Re-create the DynamoDB table with eventual consistency disabled.

Question 10

Question
A company is setting up a new website for online sales. The company will have a web tier and a database tier. The web tier consists of load-balanced, auto-scaled Amazon EC2 instances in multiple Availability Zones (AZs). The database tier is an Amazon RDS Multi-AZ deployment. The EC2 instances must connect securely to the database. How should the resources be launched?
Answer
  • A. EC2 instances: public subnet RDS database instances: public subnet Load balancer: public subnet
  • B. EC2 instances: public subnet RDS database instances: private subnet Load balancer: private subnet
  • C. EC2 instances: private subnet RDS database instances: public subnet Load balancer: public subnet
  • D. EC2 instances: private subnet RDS database instances: private subnet Load balancer: public subnet

Question 11

Question
A customer set up an Amazon VPC with one private subnet and one public subnet with a NAT gateway. The VPC will contain a group of Amazon EC2 instances. All instances will configure themselves at startup by downloading a bootstrap script from an Amazon S3 bucket with a policy that only allows access from the customer's Amazon EC2 instances and then deploys an application through GIT. A Solutions Architect has been asked to design a solution that provides the highest level of security regarding network connectivity to the Amazon EC2 instances. How should the Architect design the infrastructure?
Answer
  • A. Place the Amazon EC2 instances in the public subnet, with no EIPs; route outgoing traffic through the internet gateway.
  • B. Place the Amazon EC2 instances in a public subnet, and assign EIPs; route outgoing traffic through the NAT gateway.
  • C. Place the Amazon EC2 instances in a private subnet, and assign EIPs; route outgoing traffic through the internet gateway.
  • D. Place the Amazon EC2 instances in a private subnet, with no EIPs; route outgoing traffic through the NAT gateway

Question 12

Question
A company processed 10 TB of raw data to generate quarterly reports. Although it is unlikely to be used again, the raw data needs to be preserved for compliance and auditing purposes. What is the MOST cost-effective way to store the data in AWS?
Answer
  • A. Amazon EBS Cold HDD (sc1)
  • B. Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
  • C. Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
  • D. Amazon Glacier

Question 13

Question
A Solutions Architect needs to design a solution that will allow Website Developers to deploy static web content without managing server infrastructure. All web content must be accessed over HTTPS with a custom domain name. The solution should be scalable as the company continues to grow. Which of the following will provide the MOST cost-effective solution?
Answer
  • A. Amazon EC2 instance with Amazon EBS
  • B. AWS Lambda function with Amazon API Gateway
  • C. Amazon CloudFront with an Amazon S3 bucket origin
  • D. Amazon S3 with a static website

Question 14

Question
A company is running a series of national TV campaigns. These 30-second advertisements will introduce sudden traffic peaks targeted at a Node.js application. The company expects traffic to increase from five requests each minute to more than 5,000 requests each minute. Which AWS service should a Solutions Architect use to ensure traffic surges can be handled?
Answer
  • A. AWS Lambda
  • B. Amazon ElastiCache
  • C. Size EC2 instances to handle peak load
  • D. An Auto Scaling group for EC2 instances

Question 15

Question
An insurance company stores all documents related to annual policies for the duration of the policies. The documents are created once and then stored until they are required, typically at the end of the policy. A document must be capable of being retrieved immediately. The company is now moving their document management to the AWS Cloud. Which service should a Solutions Architect recommend as a cost-effective solution that meets the company's requirements?
Answer
  • A. Amazon RDS MySQL
  • B. Amazon S3 Standard-Infrequent Access
  • C. Amazon Glacier
  • D. Amazon S3 Standard

Question 16

Question
How can a user track memory usage in an EC2 instance?
Answer
  • A. Call Amazon CloudWatch to retrieve the memory usage metric data that exists for the EC2 instance.
  • B. Assign an IAM role to the EC2 instance with an IAM policy granting access to the desired metric.
  • C. Use an instance type that supports memory usage reporting to a metric by default.
  • D. Place an agent on the EC2 instance to push memory usage to an Amazon CloudWatch custom metric.

Question 17

Question
A Solutions Architect must design a storage solution for incoming billing reports in CSV format. The data does not need to be scanned frequently and is discarded after 30 days. Which service will be MOST cost-effective in meeting these requirements?
Answer
  • A. Import the logs into an RDS MySQL instance.
  • B. Use AWS Data Pipeline to import the logs into a DynamoDB table.
  • C. Write the files to an S3 bucket and use Amazon Athena to query the data.
  • D. Import the logs to an Amazon Redshift cluster

Question 18

Question
A Solutions Architect needs to deploy an HTTP/HTTPS service on Amazon EC2 instances with support for WebSockets using load balancers. How can the Architect meet these requirements?
Answer
  • A. Configure a Network Load Balancer.
  • B. Configure an Application Load Balancer.
  • C. Configure a Classic Load Balancer.
  • D. Configure a Layer-4 Load Balancer.

Question 19

Question
A Solution Architect is designing a web application that runs on Amazon EC2 instances behind a load balancer. All data in transit must be encrypted. Which solutions will meet the encryption requirement? (Select TWO.)
Answer
  • A. Use an Application Load Balancer (ALB) in passthrough mode, then terminate SSL on EC2 instances.
  • B. Use an Application Load Balancer (ALB) with a TCP listener, then terminate SSL on EC2 instances.
  • C. Use a Network Load Balancer (NLB) with a TCP listener, then terminate SSL on EC2 instances.
  • D. Use an Application Load Balancer (ALB) with an HTTPS listener, then install SSL certificates on the ALB and EC2 instances.
  • E. Use a Network Load Balancer (NLB) with an HTTPS listener, then install SSL certificates on the NLB and EC2 instances.

Question 20

Question
A user is designing a new service that receives location updates from 3,600 rental cars every hour. The cars upload their location to an Amazon S3 bucket. Each location must be checked for distance from the original rental location. Which services will process the updates and automatically scale?
Answer
  • A. Amazon EC2 and Amazon EBS
  • B. Amazon Kinesis Firehouse and Amazon S3
  • C. Amazon ECS and Amazon RDS
  • D. Amazon S3 events and AWS Lambda

Question 21

Question
A company is writing a new service running on Amazon EC2 that must create thumbnail images of thousands of images in a large archive. The system will write scratch data to storage during the process. Which storage service is best suited for this scenario?
Answer
  • A. EC2 instance store
  • B. Amazon EFS
  • C. Amazon CloudSearch
  • D. Amazon EBS Throughput Optimized HDD (st1)

Question 22

Question
A company's Amazon RDS MySQL DB instance may be rebooted for maintenance and to apply patches. This database is critical and potential user disruption must be minimized. What should the Solution Architect do in this scenario?
Answer
  • A. Set up an RDS MySQL cluster
  • B. Create an RDS MySQL Read Replica.
  • C. Set RDS MySQL to Multi-AZ.
  • D. Create an Amazon EC2 instance MySQL cluster.

Question 23

Question
A retail company operates an e-commerce environment that runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Amazon EC2 Auto Scaling group. Images are hosted in an Amazon S3 bucket using a custom domain name. During a flash sale with 10,000 simultaneous users, some images on the website are not loading. What should be done to resolve the performance issue?
Answer
  • A. Move the images to the EC2 instances in the Auto Scaling group.
  • B. Enable Transfer Acceleration for the S3 bucket.
  • C. Configure an Amazon CloudFront distribution with the S3 bucket as the origin.
  • D. Increase the number of minimum, desired, and maximum EC2 instances in the Auto Scaling group.

Question 24

Question
A solutions Architect is designing a new workload where an AWS Lambda function will access an Amazon DynamoDB table. What is the MOST secure means of granting the Lambda function access to the DynamoDB table?
Answer
  • A. Create an identity and access management (IAM) role with the necessary permissions to access the DynamoDB table, and assign the role to the Lambda function.
  • B. Create a DynamoDB user name and password and give them to the Developer to use in the Lambda function.
  • C. Create an identity and access management (IAM) user, and create access and secret keys for the user. Give the user the necessary permissions to access the DynamoDB table. Have the Developer use these keys to access the resources.
  • D. Create an identity and access management (IAM) role allowing access from AWS Lambda and assign the role to the DynamoDB table.

Question 25

Question
A web application runs on Amazon EC2 instances behind an ELB Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. Every night, the Auto Scaling group doubles in size. Traffic analysis shows that users in a particular region are requesting the same static content stored locally on the EC2 instances. How can a Solutions Architect reduces the need to scale and improve application performance for the users?
Answer
  • A. Re-deploy the application in a new VPC that is closer to the users making the requests.
  • B. Create an Amazon CloudFront distribution for the site and redirect user traffic to the distribution.
  • C. Store the contents on Amazon EFS instead of the EC2 root volume.
  • D. Implement Amazon Redshift to create a repository of the content closer to the users.

Question 26

Question
A Solutions Architect is designing an application that will run on Amazon ECS behind an Application Load Balancer (ALB). For security reasons, the Amazon EC2 host instances for the ECS cluster are in a private subnet. What should be done to ensure that the incoming traffic to the host instances is from the ALB only?
Answer
  • A. Create network ACL rules for the private subnet to allow incoming traffic on ports 32768 through 61000 from the IP address of the ALB only.
  • B. Update the EC2 cluster security group to allow incoming access from the IP address of the ALB only.
  • C. Modify the security group used by the EC2 cluster to allow incoming traffic from the security group used by the ALB only.
  • D. Enable AWS WAF on the ALB and enable the ECS rule.

Question 27

Question
A company wants to improve latency by hosting images within a public Amazon S3 bucket fronted by an Amazon CloudFront distribution. The company wants to restrict access to the S3 bucket to include the CloudFront distribution only, while also allowing CloudFront to continue proper functionality. What should be done after making the bucket private to restrict access with the LEAST operational overhead?
Answer
  • A. Create a CloudFront origin access identity and create a security group that allows access from CloudFront.
  • B. Create a CloudFront origin access identity and update the bucket policy to grant access to it.
  • C. Create a bucket policy restricting all access to the bucket to include CloudFront IPs only.
  • D. Enable the CloudFront option to restrict viewer access and update the bucket policy to allow the distribution.

Question 28

Question
A Solutions Architect is designing a new architecture that will use an Amazon EC2 Auto Scaling group. Which of the following factors determine the health check grace period? (Select TWO.)
Answer
  • A. How frequently the Auto Scaling group scales up or down.
  • B. How many Amazon CloudWatch alarms are configured for status checks.
  • C. How much of the application code is embedded in the AMI.
  • D. How long it takes for the Auto Scaling group to detect a failure.
  • E. How long the bootstrap script takes to run.

Question 29

Question
A company plans to deploy a new application in AWS that reads and writes information to a database. The company wants to deploy the application in two different AWS Regions in an active-active configuration. The databases need to replicate to keep information in sync. What should be used to meet these requirements?
Answer
  • A. Amazon Athena with Amazon S3 cross-region replication
  • B. AWS Database Migration Service with change data capture
  • C. Amazon DynamoDB with global tables
  • D. Amazon RDS for PostgreSQL with a cross-region Read Replica

Question 30

Question
A company is developing a data lake solution in Amazon S3 to analyze large-scale datasets. The solution makes infrequent SQL queries only. In addition, the company wants to minimize infrastructure costs. Which AWS service should be used to meet these requirements?
Answer
  • A. Amazon Athena
  • B. Amazon Redshift Spectrum
  • C. Amazon RDS for PostgreSQL
  • D. Amazon Aurora

Question 31

Question
A company needs to store data for 5 years. The company will need to have immediate and highly available access to the data at any point in time, but will not require frequent access. What lifecycle action should be taked to meet the requirements while reducing costs?
Answer
  • A. Transition objects from Amazon S3 Standard to Amazon S3 Standard-Infrequent Access (S3 Standard-IA)
  • B. Transition objects to expire after 5 years.
  • C. Transition objects from Amazon S3 Standard to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
  • D. Transition objects from Amazon S3 Standard to the GLACIER storage class.

Question 32

Question
A company wants to create an application that will transmit protected health information (PHI) to thousands of service consumers in different AWS accounts. The application servers will sit in private VPC subnets. The routing for the application must be fault tolerant. What should be done to meet these requirements?
Answer
  • A. Create a VPC endpoint service and grant permissions to specific service consumers to create a connection.
  • B. Create a virtual private gateway connection between each pair of service provider VPCs and service consumer VPCs.
  • C. Create an internal Application Load Balancer in the service provider VPC and put application servers behind it.
  • D. Create a proxy server in the service provider VPC to route requests from service consumers to the application servers.

Question 33

Question
A company hosts a website using Amazon API Gateway on the front end. Recently, there has been heavy traffic on the website and the company wants to control access by allowing authenticated traffic only. How should the company limit access to authenticated users only? (Select TWO.)
Answer
  • A. Allow users that are authenticated through Amazon Cognito.
  • B. Limit traffic through API Gateway.
  • C. Allow X.509 certificates to authenticate traffic.
  • D. Deploy AWS KMS to identify users.
  • E. Assign permissions in AWS IAM to allow users.

Question 34

Question
A company needs to use AWS resources to expand capacity for a website hosted in an on- premises data center. The AWS resources will include load balancers, Auto Scaling, and Amazon EC2 instances that will access an on-premises database. Network connectivity has been established, but no traffic is going to the AWS environment. How should Amazon Route 53 be configured to distribute load to the AWS environment? (Select TWO.)
Answer
  • A. Set up a weighted routing policy, distributing the workload between the load balancer and the on-premises environment.
  • B. Set up an A record to point the DNS name to the IP address of the load balancer.
  • C. Create multiple A records for the EC2 instances.
  • D. Set up a geolocation routing policy to distribute the workload between the load balancer and the on- premises environment.
  • E. Set up a routing policy for failover using the on-premises environment as primary and the load balancer as secondary.

Question 35

Question
A Solutions Architect is reviewing an application that writes data to an Amazon DynamoDB table on a daily basis Random table roads occur many times per second. The company needs to allow thousands of low latency roods and avoid any negative impact to the rest of the application. What should the Solutions Architect do to meets the company's goals?
Answer
  • A. A Use DynamoDB Accelerator to cache reads
  • B. DynamoDB write capacity units
  • C. Add Amazon SQS to decouple requests
  • D. Implement Amazon Kinesis to decouple requests

Question 36

Question
As AWS grows, most of your clients' main concerns seem to be about security, especially when all of their competitors also seem to be using AWS. One of your clients asks you whether having a competitor who hosts their EC2 instances on the same physical host would make it easier for the competitor to hack into the client's data. Which of the following statements would be the best choice to put your client's mind at rest?
Answer
  • A. Different instances running on the same physical machine are isolated from each other via a 256- bit Advanced Encryption Standard (AES-256).
  • B. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor and via a 256-bit Advanced Encryption Standard (AES-256).
  • C. Different instances running on the same physical machine are isolated from each other via the Xen hypervisor.
  • D. Different instances running on the same physical machine are isolated from each other via IAM permissions.

Question 37

Question
A Solutions Architect is considering possible options for improving the security of the data stored on an Amazon EBS volume attached to on Amazon EC2 instance. Which solution will improve the security of the data?
Answer
  • A. Use AWS KMS to encrypt the EBS volume
  • B. Create an I AM policy that restricts read and write access to the volume
  • C. Migrate the sensitive data to an instance store volume
  • D. Use Amazon single sign-on to control login access to the EC2 instance

Question 38

Question
A Solutions Architect is designing an application in AWS The Architect must not expose the application or database tier over the Internet for security reasons The application must be low- cost and have a scalable front end The databases and application tier must have only one-way Internet access to download software and patch updates. Which solution helps to meet these requirements?
Answer
  • A. Use a NAT Gateway as the front end for the application tier and to enable the private resources to have Internet access.
  • B. Use an Amazon EC2-based proxy server as the front end for the application tier and a NAT Gateway to allow Internet access for private resources.
  • C. Use an ELB Classic Load Balancer as the front end for the application tier, and an Amazon EC2 proxy server to allow Internet access for private resources.
  • D. Use an ELB Classic Load Balancer as the front end for the application tier, and a NAT Gateway to allow Internet access for private resources.

Question 39

Question
A company is designing a new application to collect data on user behavior tor analysis at a later time. Amazon Kinesis Data Streams will be used to receive user interaction events. What should be done to ensure the event data is retained indefinitely?
Answer
  • A. Configure the stream to write records to an attached Amazon EBS volume
  • B. Configure an Amazon Kinesis Data Firehose delivery stream to store data on Amazon S3
  • C. Configure the stream data retention period to retain the data indefinitely
  • D. Configure an Amazon EC2 consumer to read from the data stream and store records in Amazon SQS

Question 40

Question
An application server needs to be in an private subnet without access to the Internet. The solution must retrieve and upload Amazon S3 bucket. How should a Solutions Architect design a solution to meet these requirements?
Answer
  • A. Use Amazon S3 VPC endpoints
  • B. Deploy a proxy server
  • C. Use a NAT Gateway
  • D. Use a private Amazon S3 bucket

Question 41

Question
A photo-sharing website running on AWS allows users to generate thumbnail images of photos stored in Amazon S3. An amazon DynamoDB Table maintains the locations of photos and thumbnails are easily re- created from the originals it they are accidentally. How should the thumbnail images be stored to ensure the LOWEST cost?
Answer
  • A. Amazon S3 Standard-Infrequent Access (S3 Standard-IA) with cross-region replication
  • B. Amazon S3
  • C. Amazon Glacier
  • D. Amazon S3 with cross-region replication

Question 42

Question
A Solutions Architect is designing a database solution that must support a high rate of random disk reads and writes. It must provide consistent performance and requires long-term persistence. Which storage solution BEST meets these requirements'?
Answer
  • A. An Amazon EBS Provisioned IOPS volume
  • B. An Amazon EBS General Purpose volume
  • C. An Amazon EBS Magnetic volume
  • D. An Amazon EC2 Instance Store

Question 43

Question
A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the problem. One of the streams has a total of 10 Mb/s throughput. What should the Solutions Architect recommend to improve performance?
Answer
  • A. Use AWS Lambda to preprocess the data and transform the records into a simpler format,such as CSV.
  • B. Run the MergeShard command to reduce the number of shards that the consumer can more easily process.
  • C. Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput.
  • D. Run the UpdateShardCount command to increase the number of shards in the stream

Question 44

Question
A Solutions Architect must select the storage type for a big data application that requires very high sequential I/A. The data must persist if the instance is stopped. Which of the following storage types will provide the best fit at the LOWEST cost for the application?
Answer
  • A. An Amazon EC2 instance store local SSD volume
  • B. An Amazon EBS provisioned IOPS SSD volume
  • C. An Amazon EBS throughout optimized HDD volume
  • D. An Amazon EBS general purpose.

Question 45

Question
A website Keeps a record of user actions using a globally unique identifier (GUID) retrieved from Amazon Aurora in place of the user name within the audit record. Security protocols state that the GUID content must not leave the company's Amazon VPC. As the web traffic has increased, the number of web servers and Aurora read replicas has also increased to keep up with the user record reads for the GUID. What should be done to reduce the number of read replicas required while improving performance?
Answer
  • A. Keep the user name and GUID in memory on the web server instance so that the association can be remade on demand. Remove the record after 30 minutes.
  • B. Deploy a Amazon ElastiCache for Redis server into the infrastructure and store the user name and GUID there. Retrieve the GUID from ElastiCache when required
  • C. Encrypt the GUID using Base64 and store it in the user's session cookie. Decrypt the GUID when an audit record is needed
  • D. Change the GUID to an MD5 hash of the user name, so that the value can be calculated on demand without referring to the database

Question 46

Question
A Solutions Architect must design a solution that encrypts data in Amazon S3. Corporate policy mandates encryption keys be generated and managed on premises. Which solution should the Architect use to meet the security requirements?
Answer
  • A. AWS CloudHSM
  • B. SSE-KMS: Server-side encryption with AWS KMS managed keys
  • C. SSE-S3: Server-side encryption with Amazon-managed master key
  • D. SSE-C: Server-side encryption with customer-provided encryption keys

Question 47

Question
A Solutions Architect is investigating purchasing options for a batch processing application on Amazon EC2. The batch job downloads an image trom an Amazon S3 bucket, adds copyright information and uploads it back to Amazon S3. It normally takes 5 to 10 hours to process all the files uploaded each week. The application has built-in capabilities to process files in parallel recover from the instance failures and continue the processing from where it left off. What is the MOST cost-effective purchasing option the Solutions Architect can recommend?
Answer
  • A. Standard Reserved Instances
  • B. Scheduled Reserved Instances
  • C. Spot Instances
  • D. On-Demand Instances

Question 48

Question
A Solutions Architect is designing an application that requires having six Amazon EC2 instances running at all times. The application will be deployed in the sa-east-1 region, which has three Availability Zones: sa-east-1a, sa-east-1b and sa-east-1c. Which action will provide 100 percent fault tolerance and the LOWEST cost in the event that one Availability Zone in the region becomes unavailable?
Answer
  • A. Deploy six Amazon EC2 instances in sa-east-la, six Amazon EC2 instances a sa-east-1b and six Amazon EC2 instances in sa-east-1c
  • B. Deploy six Amazon EC2 instances in sa-east-1a, four Amazon EC2 instances in sa-east-1b and two Amazon EC2 instances in sa-east-1c
  • C. Deploy three Amazon EC2 instances in sa-east-1a, three Amazon EC2 instances in sa-east-1b and three Amazon instances in sa-east-1c
  • D. Deploy two Amazon EC2 instances in sa-east-1a, two Amazon EC2 instances in sa-east-1b, and two Amazon E. instances in sa-east-1c

Question 49

Question
A Solutions Architect must design a web application that will be hosted on AWS, allowing users to purchase access to premium shared content that is stored in an S3 bucket Upon payment, content will be available for download for 14 days before the user is denied access. Which of the following would be the LEAST complicated implementation?
Answer
  • A. Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days
  • B. Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.
  • C. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
  • D. Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL, and recreate the URL as necessary.

Question 50

Question
A Solutions Architect is creating a multi-tiered architecture for an application that includes a public facing web tier. Security requirements state that the Amazon EC2 instances running in the application tier must not be accessible directly from the internet. What should be done to accomplish this?
Answer
  • A. Create a multi-VPC peering mesh with network access rules limiting communications to specific ports Implement an internet gateway on each VPC for external connectivity.
  • B. Place all instances in a single Amazon VPC with AWS WAF as the web front-end communication conduit. Configure a NAT gateway for external communications.
  • C. Use VPC peering to peer with on-premises hardware. Direct enterprise traffic through the VPC peer connection to the instances hosted in the private VPC.
  • D. Deploy the web and application instances in a private subnet. Provision an Application Load Balancer in the public subnet Install an internet gateway and use security groups to control communications between the layers

Question 51

Question
In Amazon EC2, while sharing an Amazon EBS snapshot, can the snapshots with AWS Marketplace product codes be public?
Answer
  • A. Yes, but only for US-based providers.
  • B. Yes, they can be public.
  • C. No, they cannot be made public.
  • D. Yes, they are automatically made public by the system.

Question 52

Question
A company is launching a static website using the zone apex (mycompany com). The company wants to use Amazon Route 53 for DNS. Which steps should the company perform to implement a scalable and cost-effective solution? (Select TWO )
Answer
  • A. A Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint.
  • B. Host the website using AWS Elastic Beanstalk and map a Route 53 alias record to the Beanstalk stack.
  • C. Host the website on an Amazon EC2 instance, and map a Route alias record to the public IP address of the Amazon.
  • D. Serve the website from an Amazon S3 bucket and map a Route 53 alias record to the website.
  • E. Create a Route 53 hosted zone, and set the NS record of the domain to use Route 53 name servers.

Question 53

Question
An organization has created an application which is hosted on the AWS EC2 instance. The application stores images to S3 when the end user uploads to it. The organization does not want to store the AWS secure credentials required to access the S3 inside the instance. Which of the below mentioned options is a possible solution to avoid any security threat?
Answer
  • A. Use the IAM based single sign between the AWS resources and the organization application.
  • B. Use the IAM role and assign it to the instance.
  • C. Since the application is hosted on EC2, it does not need credentials to access S3.
  • D. Use the X.509 certificates instead of the access and the secret access keys.

Question 54

Question
In an experiment, if the minimum size for an Auto Scaling group is 1 instance. Which of the following statements holds true when you terminate the running instance?
Answer
  • A. Auto Scaling must launch a new instance to replace it.
  • B. Auto Scaling will raise an alarm and send a notification to the user for action.
  • C. Auto Scaling must configure the schedule activity that terminates the instance after 5 days.
  • D. Auto Scaling will terminate the experiment.

Question 55

Question
A Solutions Architect plans to migrate a load balancer tier from a data center to AWS. Several websites have multiple domains that require secure load balancing. The Architect decides to use Elastic Load Balancing Application Load Balancers. What is the MOST efficient method for achieving secure communication?
Answer
  • A. Create a wildcard certificate and upload it to the Application Load Balancer.
  • B. Create an SNI certificate and upload it to the Application Load Balancer
  • C. Create a secondary proxy server to terminate SSL traffic before the traffic reaches the Application Load Balancer
  • D. Let a third-party Certificate Manager manage certificates required to all domains and upload them to the Application Load Balancer

Question 56

Question
You need to set up a complex network infrastructure for your organization that will be reasonably easy to deploy, replicate, control, and track changes on. Which AWS service would be best to use to help you accomplish this?
Answer
  • A. AWS Import/Export
  • B. AWS CloudFormation
  • C. Amazon Route 53
  • D. Amazon CloudWatch

Question 57

Question
You have just been given a scope for a new client who has an enormous amount of data(petabytes) that he constantly needs analysed. Currently he is paying a huge amount of money for a data warehousing company to do this for him and is wondering if AWS can provide a cheaper solution. Do you think AWS has a solution for this?
Answer
  • A. Yes. Amazon SimpleDB
  • B. No. Not presently
  • C. Yes. Amazon Redshift
  • D. Yes. Your choice of relational AMIs on Amazon EC2 and EBS

Question 58

Question
A Solutions Architect is designing an elastic application that will have between 10 and 5O Amazon EC2 concurrent instances running dependent on load. Each instance must mount storage that will read and write to the same 50 GB folder. Which storage type meets the requirements?
Answer
  • A. Amazon S3
  • B. Amazon EFS
  • C. Amazon EBS volumes
  • D. Amazon EC2 instance store

Question 59

Question
is a fast, flexible, fully managed push messaging service.
Answer
  • A. Amazon SNS
  • B. Amazon SES
  • C. Amazon SQS
  • D. Amazon FPS

Question 60

Question
In Amazon RDS, security groups are ideally used to:
Answer
  • A. Define maintenance period for database engines
  • B. Launch Amazon RDS instances in a subnet
  • C. Create, describe, modify, and delete DB instances
  • D. Control what IP addresses or EC2 instances can connect to your databases on a DB instance

Question 61

Question
A company is designing a new application to collect data on user behavior tor analysis at a later time Amazon Kinesis Data Streams will be used to receive user interaction events. What should be done to ensure the event data is retained indefinitely?
Answer
  • A. Configure the stream to write records to an attached Amazon EBS volume.
  • B. Configure an Amazon Kinesis Data Firehose delivery stream to store data on Amazon S3.
  • C. Configure the stream data retention period to retain the data indefinitely.
  • D. Configure an Amazon EC2 consumer to read from the data stream and store records in Amazon SQS.

Question 62

Question
Users submit requests to a service that takes several minutes to process. A Solutions Architect needs to ensure that these requests are processed at least once, and that the service has the ability to handle large increases in the number of requests. How should these requirements be met?
Answer
  • A. Put the requests into an Amazon SQS queue and configure Amazon EC2 instances to poll the queue
  • B. Publish the message to an Amazon SNS topic that an Amazon EC2 subscriber can receive and process
  • C. Save the requests to an Amazon DynamoDB table with a DynamoDB stream that triggers an Amazon EC2 Spot Instance
  • D. Use Amazon S3 to store the requests and configure an event notification to have Amazon EC2 instances process the new object.

Question 63

Question
A Solutions Architect is designing an Amazon VPC that requires access to a remote API server using IPv6. Resources within the VPC should not be accessed directly from the Internet. How should this be achieved?
Answer
  • A. Use a NAT gateway and deny public access using security groups
  • B. Attach an egress-only internet gateway and update the routing tables
  • C. Use a NAT gateway and update the routing tables
  • D. Attach an internet gateway and deny public access using security groups

Question 64

Question
When designing an Amazon SQS message-processing solution, messages in the queue must be processed before the maximum retention time has elapsed. Which actions will meet this requirement? (Choose two.)
Answer
  • A. Use AWS STS to process the messages
  • B. Use Amazon EBS-optimized Amazon EC2 instances to process the messages
  • C. Use Amazon EC2 instances in an Auto Scaling group with scaling triggered based on the queue length.
  • D. Increase the SQS queue attribute for the message retention period
  • E. Convert the SQS queue to a first-in first-out (FIFO) queue

Question 65

Question
A company deployed a three-tier web application on Amazon EBS backed Amazon EC2 instances for the web and application tiers, and Amazon RDS for the database tier. The company is concerned about loss of data in the web and application tiers. What is the MOST efficient way to prevent data loss?
Answer
  • A. Create an Amazon EFS file system and run a shell script to copy the data.
  • B. Create an Amazon EBS snapshot using an Amazon CloudWatch Events rule
  • C. Create an Amazon S3 snapshot policy to back up the Amazon EBS volumes
  • D. Create a snapshot lifecycle policy that takes periodic snapshots of the Amazon EBS volumes
Show full summary Hide full summary

0 comments

There are no comments, be the first and leave one below:

Want to create your own Quizzes for free with GoConqr? Learn more.

Similar

Chemistry Quiz General -3
lauren_johncock
Cognitive Psychology Key Terms
Veleka Georgieva
AQA GCSE Physics Unit 3 Mindmap
Gabi Germain
PSBD TEST # 3
yog thapa
Salesforce Admin 201 Exam Chunk 6 (156-179)
Brianne Wright
The GoConqr Guide to End of Term Exams
Sarah Egan
Creating Mind Maps with GoConqr
Sarah Egan
Část 3.
Gábi Krsková
General Pathoanatomy Final MCQs (1-110)- 3rd Year- PMU
Med Student
Reabilitarea medicala 2022
Anastasia Cechina
Browse Library