Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Study Deck - SAA > More Test Questions - 6 > Flashcards

More Test Questions - 6 Flashcards

1
Q

A company runs a streaming media service and the content is stored on Amazon S3. The media catalog server pulls updated content from S3 and can issue over 1 million read operations per second for short periods. Latency must be kept under 5ms for these updates. Which solution will provide the BEST performance for the media catalog updates?

1: Update the application code to use an Amazon ElastiCache for Redis cluster
2: Implement Amazon CloudFront and cache the content at Edge Locations
3: Update the application code to use an Amazon DynamoDB Accelerator cluster
4: Implement an Instance store volume on the media catalog server

A

1: Update the application code to use an Amazon ElastiCache for Redis cluster

2: Implement Amazon CloudFront and cache the content at Edge Locations
3: Update the application code to use an Amazon DynamoDB Accelerator cluster
4: Implement an Instance store volume on the media catalog server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Three AWS accounts are owned by the same company but in different regions. Account Z has two AWS Direct Connect connections to two separate company offices. Accounts A and B require the ability to route across account Z’s Direct Connect connections to each company office. A Solutions Architect has created an AWS Direct Connect gateway in account Z. How can the required connectivity be configured?

1: Associate the Direct Connect gateway to a transit gateway in each region
2: Associate the Direct Connect gateway to a virtual private gateway in account A and B
3: Create a VPC Endpoint to the Direct Connect gateway in account A and B
4: Create a PrivateLink connection in Account Z and ENIs in accounts A and B

A

1: Associate the Direct Connect gateway to a transit gateway in each region

2: Associate the Direct Connect gateway to a virtual private gateway in account A and B

3: Create a VPC Endpoint to the Direct Connect gateway in account A and B
4: Create a PrivateLink connection in Account Z and ENIs in accounts A and B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A tool needs to analyze data stored in an Amazon S3 bucket. Processing the data takes a few seconds and results are then written to another S3 bucket. Less than 256 MB of memory is needed to run the process. What would be the MOST cost-effective compute solutions for this use case?

1: AWS Fargate tasks
2: AWS Lambda functions
3: Amazon EC2 spot instances
4: Amazon Elastic Beanstalk

A

1: AWS Fargate tasks

2: AWS Lambda functions

3: Amazon EC2 spot instances
4: Amazon Elastic Beanstalk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An application makes calls to a REST API running on Amazon EC2 instances behind an Application Load Balancer (ALB). Most API calls complete quickly. However, a single endpoint is making API calls that require much longer to complete and this is introducing overall latency into the system. What steps can a Solutions Architect take to minimize the effects of the long-running API calls?

1: Change the EC2 instance to one with enhanced networking to reduce latency
2: Create an Amazon SQS queue and decouple the long-running API calls
3: Increase the ALB idle timeout to allow the long-running requests to complete
4: Change the ALB to a Network Load Balancer (NLB) and use SSL/TLS termination

A

1: Change the EC2 instance to one with enhanced networking to reduce latency

2: Create an Amazon SQS queue and decouple the long-running API calls

3: Increase the ALB idle timeout to allow the long-running requests to complete
4: Change the ALB to a Network Load Balancer (NLB) and use SSL/TLS termination

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An application runs on EC2 instances in a private subnet behind an Application Load Balancer in a public subnet. The application is highly available and distributed across multiple AZs. The EC2 instances must make API calls to an internet-based service. How can the Solutions Architect enable highly available internet connectivity?

1: Create a NAT gateway and attach it to the VPC. Add a route to the gateway to each private subnet route table
2: Configure an internet gateway. Add a route to the gateway to each private subnet route table
3: Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance
4: Create a NAT gateway in the public subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway

A

1: Create a NAT gateway and attach it to the VPC. Add a route to the gateway to each private subnet route table
2: Configure an internet gateway. Add a route to the gateway to each private subnet route table
3: Create a NAT instance in the private subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT instance

4: Create a NAT gateway in the public subnet of each AZ. Update the route tables for each private subnet to direct internet-bound traffic to the NAT gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A legacy application is being migrated into AWS. The application has a large amount of data that is rarely accessed. When files are accessed, they are retrieved sequentially. The application will be migrated onto an Amazon EC2 instance. What is the LEAST expensive EBS volume type for this use case?

1: Cold HDD (sc1)
2: Provisioned IOPS SSD (io1)
3: General Purpose SSD (gp2)
4: Throughput Optimized HDD (st1)

A

1: Cold HDD (sc1)

2: Provisioned IOPS SSD (io1)
3: General Purpose SSD (gp2)
4: Throughput Optimized HDD (st1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application uses an Amazon RDS database and Amazon EC2 instances in a web tier. The web tier instances must not be directly accessible from the internet to improve security. How can a Solutions Architect meet these requirements?

1: Launch the EC2 instances in a private subnet and create an Application Load Balancer in a public subnet
2: Launch the EC2 instances in a private subnet with a NAT gateway and update the route table
3: Launch the EC2 instances in a public subnet and use AWS WAF to protect the instances from internet-based attacks
4: Launch the EC2 instances in a public subnet and create an Application Load Balancer in a public subnet

A

1: Launch the EC2 instances in a private subnet and create an Application Load Balancer in a public subnet

2: Launch the EC2 instances in a private subnet with a NAT gateway and update the route table
3: Launch the EC2 instances in a public subnet and use AWS WAF to protect the instances from internet-based attacks
4: Launch the EC2 instances in a public subnet and create an Application Load Balancer in a public subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A company runs an application on premises that stores a large quantity of semi-structured data using key-value pairs. The application code will be migrated to AWS Lambda and a highly scalable solution is required for storing the data. Which datastore will be the best fit for these requirements?

1: Amazon EFS
2: Amazon RDS MySQL
3: Amazon EBS
4: Amazon DynamoDB

A

1: Amazon EFS
2: Amazon RDS MySQL
3: Amazon EBS

4: Amazon DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An application uses a MySQL database running on an Amazon EC2 instance. The application generates high I/O and constant writes to a single table on the database. Which Amazon EBS volume type will provide the MOST consistent performance and low latency?

1: General Purpose SSD (gp2)
2: Provisioned IOPS SSD (io1)
3: Throughput Optimized HDD (st1)
4: Cold HDD (sc1)

A

1: General Purpose SSD (gp2)

2: Provisioned IOPS SSD (io1)

3: Throughput Optimized HDD (st1)
4: Cold HDD (sc1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A Solutions Architect needs to capture information about the traffic that reaches an Amazon Elastic Load Balancer. The information should include the source, destination, and protocol. What is the most secure and reliable method for gathering this data?

1: Create a VPC flow log for each network interface associated with the ELB
2: Enable Amazon CloudTrail logging and configure packet capturing
3: Use Amazon CloudWatch Logs to review detailed logging information
4: Create a VPC flow log for the subnets in which the ELB is running

A

1: Create a VPC flow log for each network interface associated with the ELB

2: Enable Amazon CloudTrail logging and configure packet capturing
3: Use Amazon CloudWatch Logs to review detailed logging information
4: Create a VPC flow log for the subnets in which the ELB is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The Solutions Architect in charge of a critical application must ensure the Amazon EC2 instances are able to be launched in another AWS Region in the event of a disaster. What steps should the Solutions Architect take? (Select TWO)

1: Launch instances in the second Region using the S3 API
2: Create AMIs of the instances and copy them to another Region
3: Enable cross-region snapshots for the Amazon EC2 instances
4: Launch instances in the second Region from the AMIs
5: Copy the snapshots using Amazon S3 cross-region replication

A

1: Launch instances in the second Region using the S3 API

2: Create AMIs of the instances and copy them to another Region

3: Enable cross-region snapshots for the Amazon EC2 instances

4: Launch instances in the second Region from the AMIs

5: Copy the snapshots using Amazon S3 cross-region replication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company needs to ensure that they can failover between AWS Regions in the event of a disaster seamlessly with minimal downtime and data loss. The applications will run in an active-active configuration. Which DR strategy should a Solutions Architect recommend?

1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site

A

1: Backup and restore
2: Pilot light
3: Warm standby

4: Multi-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A company has launched a multi-tier application architecture. The web tier and database tier run on Amazon EC2 instances in private subnets within the same Availability Zone. Which combination of steps should a Solutions Architect take to add high availability to this architecture? (Select TWO)

1: Create new public subnets in the same AZ for high availability and move the web tier to the public subnets
2: Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs
3: Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer (ALB)
4: Create new private subnets in the same VPC but in a different AZ. Create a database using Amazon EC2 in one AZ
5: Create new private subnets in the same VPC but in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment

A

1: Create new public subnets in the same AZ for high availability and move the web tier to the public subnets

2: Create an Amazon EC2 Auto Scaling group and Application Load Balancer (ALB) spanning multiple AZs

3: Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer (ALB)
4: Create new private subnets in the same VPC but in a different AZ. Create a database using Amazon EC2 in one AZ

5: Create new private subnets in the same VPC but in a different AZ. Migrate the database to an Amazon RDS multi-AZ deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An on-premises server runs a MySQL database and will be migrated to the AWS Cloud. The company require a managed solution that supports high availability and automatic failover in the event of the outage of an Availability Zone (AZ). Which solution is the BEST fit for these requirements?

1: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon RDS MySQL Multi-AZ deployment
2: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon EC2 MySQL Multi-AZ deployment
3: Create a snapshot of the MySQL database server and use AWS DataSync to migrate the data Amazon S3. Launch a new Amazon RDS MySQL Multi-AZ deployment from the snapshot
4: Use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon RDS MySQL. Use the Schema Conversion Tool (SCT) to enable conversion from MySQL to Amazon RDS

A

1: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon RDS MySQL Multi-AZ deployment

2: Use the AWS Database Migration Service (DMS) to directly migrate the database to an Amazon EC2 MySQL Multi-AZ deployment
3: Create a snapshot of the MySQL database server and use AWS DataSync to migrate the data Amazon S3. Launch a new Amazon RDS MySQL Multi-AZ deployment from the snapshot
4: Use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon RDS MySQL. Use the Schema Conversion Tool (SCT) to enable conversion from MySQL to Amazon RDS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The database layer of an on-premises web application is being migrated to AWS. The database currently uses an in-memory cache. A Solutions Architect must deliver a solution that supports high availability and replication for the caching layer. Which service should the Solutions Architect recommend?

1: Amazon ElastiCache Redis
2: Amazon RDS Multi-AZ
3: Amazon ElastiCache Memcached
4: Amazon DynamoDB

A

1: Amazon ElastiCache Redis

2: Amazon RDS Multi-AZ
3: Amazon ElastiCache Memcached
4: Amazon DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A Solutions Architect has created an AWS Organization with several AWS accounts. Security policy requires that use of specific API actions are limited across all accounts. The Solutions Architect requires a method of centrally controlling these actions. What is the SIMPLEST method of achieving the requirements?

1: Create a Network ACL that limits access to the services or actions and attach it to all relevant subnets
2: Create an IAM policy in the root account and attach it to users and groups in each account
3: Create cross-account roles in each account to limit access to the services and actions that are allowed
4: Create a service control policy in the root organizational unit to deny access to the services or actions

A

1: Create a Network ACL that limits access to the services or actions and attach it to all relevant subnets
2: Create an IAM policy in the root account and attach it to users and groups in each account
3: Create cross-account roles in each account to limit access to the services and actions that are allowed

4: Create a service control policy in the root organizational unit to deny access to the services or actions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A company has a fleet of Amazon EC2 instances behind an Elastic Load Balancer (ELB) that are a mixture of c4.2xlarge instance types and c5.large instances. The load on the CPUs on the c5.large instances has been very high, often hitting 100% utilization, whereas the c4.2xlarge instances have been performing well. What should a Solutions Architect recommend to resolve the performance issues?

1: Enable the weighted routing policy on the ELB and configure a higher weighting for the c4.2xlarge instances
2: Add all of the instances into a Placement Group
3: Change the configuration to use only c4.2xlarge instance types
4: Add more c5.large instances to spread the load more evenly

A

1: Enable the weighted routing policy on the ELB and configure a higher weighting for the c4.2xlarge instances
2: Add all of the instances into a Placement Group

3: Change the configuration to use only c4.2xlarge instance types

4: Add more c5.large instances to spread the load more evenly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A Solutions Architect created a new IAM user account for a temporary employee who recently joined the company. The user does not have permissions to perform any actions, which statement is true about newly created users in IAM?

1: They are created with no permissions
2: They are created with limited permissions
3: They are created with full permissions
4: They are created with user privileges

A

1: They are created with no permissions

2: They are created with limited permissions
3: They are created with full permissions
4: They are created with user privileges

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A government agency is using CloudFront for a web application that receives personally identifiable information (PII) from citizens. What feature of CloudFront applies an extra level of encryption at CloudFront edge locations to ensure the PII data is secured end-to-end?

1: Object invalidation
2: Field-level encryption
3: RTMP distribution
4: Origin access identity

A

1: Object invalidation

2: Field-level encryption

3: RTMP distribution
4: Origin access identity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A company has multiple Amazon VPCs that are peered with each other. The company would like to use a single Elastic Load Balancer (ELB) to route traffic to multiple EC2 instances in peered VPCs within the same region. How can this be achieved?

1: This is not possible, the instances that an ELB routes traffic to must be in the same VPC
2: This is possible using the Classic Load Balancer (CLB) if using Instance IDs
3: This is possible using the Network Load Balancer (NLB) and Application Load Balancer (ALB) if using IP addresses as targets
4: This is not possible with ELB, you would need to use Route 53

A

1: This is not possible, the instances that an ELB routes traffic to must be in the same VPC
2: This is possible using the Classic Load Balancer (CLB) if using Instance IDs

3: This is possible using the Network Load Balancer (NLB) and Application Load Balancer (ALB) if using IP addresses as targets

4: This is not possible with ELB, you would need to use Route 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Some data has become corrupted in an Amazon RDS database. A Solutions Architect plans to use point-in-time restore to recover the data to the last known good configuration. Which of the following statements is correct about restoring an RDS database to a specific point-in-time? (Select TWO)

1: You can restore up to the last 5 minutes
2: Custom DB security groups are applied to the new DB instance
3: You can restore up to the last 1 minute
4: The default DB security group is applied to the new DB instance

A

1: You can restore up to the last 5 minutes

2: Custom DB security groups are applied to the new DB instance
3: You can restore up to the last 1 minute

4: The default DB security group is applied to the new DB instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

An application is generating a large amount of clickstream events data that is being stored on S3. The business needs to understand customer behavior and want to run complex analytics queries against the data. Which AWS service can be used for this requirement?

1: Amazon RedShift
2: Amazon Neptune
3: Amazon RDS
4: Amazon Kinesis Firehose

A

1: Amazon RedShift

2: Amazon Neptune
3: Amazon RDS
4: Amazon Kinesis Firehose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A Solutions Architect is deploying a production application that will use several Amazon EC2 instances and run constantly on an ongoing basis. The application cannot be interrupted or restarted. Which EC2 pricing model would be best for this workload?

1: Reserved instances
2: On-demand instances
3: Spot instances
4: Flexible instances

A

1: Reserved instances

2: On-demand instances
3: Spot instances
4: Flexible instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A customer has requested some advice on how to implement security measures in their Amazon VPC. The client has recently been the victim of some hacking attempts. The client wants to implement measures to mitigate further threats. The client has explained that the attacks always come from the same small block of IP addresses. What would be a quick and easy measure to help prevent further attacks?

1: Use a Security Group rule that denies connections from the block of IP addresses
2: Use CloudFront’s DDoS prevention features
3: Create a Bastion Host restrict all connections to the Bastion Host only
4: Use a Network ACL rule that denies connections from the block of IP addresses

A

1: Use a Security Group rule that denies connections from the block of IP addresses
2: Use CloudFront’s DDoS prevention features
3: Create a Bastion Host restrict all connections to the Bastion Host only

4: Use a Network ACL rule that denies connections from the block of IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An Amazon EC2 instance has been launched into an Amazon VPC. A Solutions Architect needs to ensure that instances have both a private and public DNS hostnames. Assuming settings were not changed during creation of the VPC, how will DNS hostnames be assigned by default? (Select TWO)

1: In all VPCs instances no DNS hostnames will be assigned
2: In a non-default VPC instances will be assigned a public and private DNS hostname
3: In a default VPC instances will be assigned a public and private DNS hostname
4: In a non-default VPC instances will be assigned a private but not a public DNS hostname
5: In a default VPC instances will be assigned a private but not a public DNS hostname

A

1: In all VPCs instances no DNS hostnames will be assigned
2: In a non-default VPC instances will be assigned a public and private DNS hostname

3: In a default VPC instances will be assigned a public and private DNS hostname

4: In a non-default VPC instances will be assigned a private but not a public DNS hostname

5: In a default VPC instances will be assigned a private but not a public DNS hostname

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A fleet of Amazon EC2 instances running Linux will be launched in an Amazon VPC. An application development framework and some custom software must be installed on the instances. The installation will be initiated using some scripts. What feature enables a Solutions Architect to specify the scripts the software can be installed during the EC2 instance launch?

1: Metadata
2: Run Command
3: AWS Config
4: User Data

A

1: Metadata
2: Run Command
3: AWS Config

4: User Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A company is investigating ways to analyze and process large amounts of data in the cloud faster, without needing to load or transform the data in a data warehouse. The data resides in Amazon S3. Which AWS services would allow the company to query the data in place? (Select TWO)

1: Amazon S3 Select
2: Amazon Kinesis Data Streams
3: Amazon Elasticsearch
4: Amazon RedShift Spectrum

A

1: Amazon S3 Select

2: Amazon Kinesis Data Streams
3: Amazon Elasticsearch

4: Amazon RedShift Spectrum

28
Q

A distribution method is required for some static files. The requests will mainly be GET requests and a high volume of GETs is expected, often exceeding 2000 per second. The files are currently stored in an S3 bucket. According to AWS best practices, how can performance be optimized?

1: Use cross-region replication to spread the load across regions
2: Use ElastiCache to cache the content
3: Integrate CloudFront with S3 to cache the content
4: Use S3 Transfer Acceleration

A

1: Use cross-region replication to spread the load across regions
2: Use ElastiCache to cache the content

3: Integrate CloudFront with S3 to cache the content

4: Use S3 Transfer Acceleration

29
Q

An Auto Scaling group of Amazon EC2 instances behind an Elastic Load Balancer (ELB) is running in an Amazon VPC. Health checks are configured on the ASG to use EC2 status checks. The ELB has determined that an EC2 instance is unhealthy and has removed it from service. A Solutions Architect noticed that the instance is still running and has not been terminated by EC2 Auto Scaling. What would be an explanation for this behavior?

1: The ASG is waiting for the cooldown timer to expire before terminating the instance
2: Connection draining is enabled and the ASG is waiting for in-flight requests to complete
3: The ELB health check type has not been selected for the ASG and so it is unaware that the instance has been determined to be unhealthy by the ELB and has been removed from service
4: The health check grace period has not yet expired

A

1: The ASG is waiting for the cooldown timer to expire before terminating the instance
2: Connection draining is enabled and the ASG is waiting for in-flight requests to complete

3: The ELB health check type has not been selected for the ASG and so it is unaware that the instance has been determined to be unhealthy by the ELB and has been removed from service

4: The health check grace period has not yet expired

30
Q

A financial services company regularly runs an analysis of the day’s transaction costs, execution reporting, and market performance. The company currently uses third-party commercial software for provisioning, managing, monitoring, and scaling the computing jobs which utilize a large fleet of EC2 instances. The company is seeking to reduce costs and utilize AWS services. Which AWS service could be used in place of the third-party software?

1: Amazon Athena
2: AWS Systems Manager
3: Amazon Lex
4: AWS Batch

A

1: Amazon Athena
2: AWS Systems Manager
3: Amazon Lex

4: AWS Batch

31
Q

A customer is deploying services in a hybrid cloud model. The customer has mandated that data is transferred directly between cloud data centers, bypassing ISPs. Which AWS service can be used to enable hybrid cloud connectivity?

1: AWS Direct Connect
2: Amazon VPC
3: IPSec VPN
4: Amazon Route 53

A

1: AWS Direct Connect

2: Amazon VPC
3: IPSec VPN
4: Amazon Route 53

32
Q

An Amazon Elastic File System (EFS) has been created to store data that will be accessed by a large number of Amazon EC2 instances. The data is sensitive and a Solutions Architect is creating a design for security measures to protect the data. It is required that network traffic is restricted correctly based on firewall rules and access from hosts is restricted by user or group. How can this be achieved with Amazon EFS? (Select TWO)

1: Use POSIX permissions to control access from hosts by user or group
2: Use AWS Web Application Firewall (WAF) to protect EFS
3: Use EFS Security Groups to control network traffic
4: Use Network ACLs to control the traffic
5: Use IAM groups to control access by user or group

A

1: Use POSIX permissions to control access from hosts by user or group

2: Use AWS Web Application Firewall (WAF) to protect EFS

3: Use EFS Security Groups to control network traffic

4: Use Network ACLs to control the traffic
5: Use IAM groups to control access by user or group

33
Q

A large multi-national client has requested a design for a multi-region database. The master database will be in the EU (Frankfurt) region and databases will be located in 4 other regions to service local read traffic. The database should be a managed service including the replication. The solution should be cost-effective and secure. Which AWS service can deliver these requirements?

1: RDS with Multi-AZ
2: EC2 instances with EBS replication
3: RDS with cross-region Read Replicas
4: ElastiCache with Redis and clustering mode enabled

A

1: RDS with Multi-AZ
2: EC2 instances with EBS replication

3: RDS with cross-region Read Replicas

4: ElastiCache with Redis and clustering mode enabled

34
Q

A Solutions Architect is designing the system monitoring and deployment layers of a serverless application. The system monitoring layer will manage system visibility through recording logs and metrics and the deployment layer will deploy the application stack and manage workload changes through a release management process. The Architect needs to select the most appropriate AWS services for these functions. Which services and frameworks should be used for the system monitoring and deployment layers? (Select TWO)

1: Use AWS CloudTrail for consolidating system and application logs and monitoring custom metrics
2: Use AWS X-Ray to package, test, and deploy the serverless application stack
3: Use AWS SAM to package, test, and deploy the serverless application stack
4: Use Amazon CloudWatch for consolidating system and application logs and monitoring custom metrics
5: Use AWS Lambda to package, test, and deploy the serverless application stack

A

1: Use AWS CloudTrail for consolidating system and application logs and monitoring custom metrics
2: Use AWS X-Ray to package, test, and deploy the serverless application stack

3: Use AWS SAM to package, test, and deploy the serverless application stack

4: Use Amazon CloudWatch for consolidating system and application logs and monitoring custom metrics

5: Use AWS Lambda to package, test, and deploy the serverless application stack

35
Q

One of the departments in a company has been generating a large amount of data on Amazon S3 and costs are increasing. Data older than 90 days is rarely accessed but must be retained for several years. If this data does need to be accessed at least 24 hours notice is provided. How can a Solutions Architect optimize the costs associated with storage of this data whilst ensuring it is accessible if required?

1: Implement archival software that automatically moves the data to tape
2: Use S3 lifecycle policies to move data to the STANDARD_IA storage class
3: Use S3 lifecycle policies to move data to GLACIER after 90 days
4: Select the older data and manually migrate it to GLACIER

A

1: Implement archival software that automatically moves the data to tape
2: Use S3 lifecycle policies to move data to the STANDARD_IA storage class

3: Use S3 lifecycle policies to move data to GLACIER after 90 days

4: Select the older data and manually migrate it to GLACIER

36
Q

A Solutions Architect enabled Access Logs on an Application Load Balancer (ALB) and needs to process the log files using a hosted Hadoop service. What configuration changes and services can be leveraged to deliver this requirement?

1: Configure Access Logs to be delivered to EC2 and install Hadoop for processing the log files
2: Configure Access Logs to be delivered to DynamoDB and use EMR for processing the log files
3: Configure Access Logs to be delivered to S3 and use Kinesis for processing the log files
4: Configure Access Logs to be delivered to S3 and use EMR for processing the log files

A

1: Configure Access Logs to be delivered to EC2 and install Hadoop for processing the log files
2: Configure Access Logs to be delivered to DynamoDB and use EMR for processing the log files
3: Configure Access Logs to be delivered to S3 and use Kinesis for processing the log files

4: Configure Access Logs to be delivered to S3 and use EMR for processing the log files

37
Q

A web application receives order processing information from customers and places the messages on an Amazon SQS queue. A fleet of Amazon EC2 instances are configured to pick up the messages, process them, and store the results in a DynamoDB table. The current configuration has been resulting in a large number of empty responses to ReceiveMessage API requests. A Solutions Architect needs to eliminate empty responses to reduce operational overhead. How can this be done?

1: Use a Standard queue to provide at-least-once delivery, which means that each message is delivered at least once
2: Use a FIFO (first-in-first-out) queue to preserve the exact order in which messages are sent and received
3: Configure Long Polling to eliminate empty responses by allowing Amazon SQS to wait until a message is available in a queue before sending a response
4: Configure Short Polling to eliminate empty responses by reducing the length of time a connection request remains open

A

1: Use a Standard queue to provide at-least-once delivery, which means that each message is delivered at least once
2: Use a FIFO (first-in-first-out) queue to preserve the exact order in which messages are sent and received

3: Configure Long Polling to eliminate empty responses by allowing Amazon SQS to wait until a message is available in a queue before sending a response

4: Configure Short Polling to eliminate empty responses by reducing the length of time a connection request remains open

38
Q

A Solutions Architect has created an AWS account and selected the Asia Pacific (Sydney) region. Within the default VPC there is a default security group. What settings are configured within this security group by default? (Select TWO)

1: There is an inbound rule that allows all traffic from the security group itself
2: There is an inbound rule that allows all traffic from any address
3: There is an outbound rule that allows all traffic to the security group itself
4: There is an outbound rule that allows all traffic to all addresses
5: There is an outbound rule that allows traffic to the VPC router

A

1: There is an inbound rule that allows all traffic from the security group itself

2: There is an inbound rule that allows all traffic from any address
3: There is an outbound rule that allows all traffic to the security group itself

4: There is an outbound rule that allows all traffic to all addresses

5: There is an outbound rule that allows traffic to the VPC router

39
Q

A company is deploying a new two-tier web application that uses EC2 web servers and a DynamoDB database backend. An Internet facing ELB distributes connections between the web servers. The Solutions Architect has created a security group for the web servers and needs to create a security group for the ELB. What rules should be added? (Select TWO)

1: Add an Outbound rule that allows HTTP/HTTPS, and specify the destination as the web server security group
2: Add an Outbound rule that allows ALL TCP, and specify the destination as the Internet Gateway
3: Add an Outbound rule that allows HTTP/HTTPS, and specify the destination as VPC CIDR
4: Add an Inbound rule that allows HTTP/HTTPS, and specify the source as 0.0.0.0/0
5: Add an Inbound rule that allows HTTP/HTTPS, and specify the source as 0.0.0.0/32

A

1: Add an Outbound rule that allows HTTP/HTTPS, and specify the destination as the web server security group

2: Add an Outbound rule that allows ALL TCP, and specify the destination as the Internet Gateway
3: Add an Outbound rule that allows HTTP/HTTPS, and specify the destination as VPC CIDR

4: Add an Inbound rule that allows HTTP/HTTPS, and specify the source as 0.0.0.0/0

5: Add an Inbound rule that allows HTTP/HTTPS, and specify the source as 0.0.0.0/32

40
Q

A development team needs to run up a few lab servers on a weekend for a new project. The servers will need to run uninterrupted for a few hours. Which EC2 pricing option would be most suitable?

1: Spot
2: Reserved
3: On-Demand
4: Dedicated Instances

A

1: Spot
2: Reserved

3: On-Demand

4: Dedicated Instances

41
Q

A Solutions Architect has logged into an Amazon EC2 Linux instance using SSH and needs to determine a few pieces of information including what IAM role is assigned, the instance ID and the names of the security groups that are assigned to the instance. From the options below, what would be the best source of this information?

1: Metadata
2: Tags
3: User data
4: Parameters

A

1: Metadata

2: Tags
3: User data
4: Parameters

42
Q

An Amazon EC2 instance is generating very high packets-per-second and performance of the application stack is being impacted. A Solutions Architect needs to determine a resolution to the issue that results in improved performance. Which action should the Architect take?

1: Configure a RAID 1 array from multiple EBS volumes
2: Create a placement group and put the EC2 instance in it
3: Use enhanced networking
4: Add multiple Elastic IP addresses to the instance

A

1: Configure a RAID 1 array from multiple EBS volumes
2: Create a placement group and put the EC2 instance in it

3: Use enhanced networking

4: Add multiple Elastic IP addresses to the instance

43
Q

A company runs a web-based application that uses Amazon EC2 instances for the web front-end and Amazon RDS for the database back-end. The web application writes transaction log files to an Amazon S3 bucket and the quantity of files is becoming quite large. It is acceptable to retain the most recent 60 days of log files and permanently delete the rest. Which action can a Solutions Architect take to enable this to happen automatically?

1: Use an S3 lifecycle policy with object expiration configured to automatically remove objects that are more than 60 days old
2: Write a Ruby script that checks the age of objects and deletes any that are more than 60 days old
3: Use an S3 bucket policy that deletes objects that are more than 60 days old
4: Use an S3 lifecycle policy to move the log files that are more than 60 days old to the GLACIER storage class

A

1: Use an S3 lifecycle policy with object expiration configured to automatically remove objects that are more than 60 days old

2: Write a Ruby script that checks the age of objects and deletes any that are more than 60 days old
3: Use an S3 bucket policy that deletes objects that are more than 60 days old
4: Use an S3 lifecycle policy to move the log files that are more than 60 days old to the GLACIER storage class

44
Q

A Solutions Architect needs to upload a large (2GB) file to an S3 bucket. What is the recommended way to upload a single large file to an S3 bucket?

1: Use AWS Import/Export
2: Use Multipart Upload
3: Use a single PUT request to upload the large file
4: Use Amazon Snowball

A

1: Use AWS Import/Export

2: Use Multipart Upload

3: Use a single PUT request to upload the large file
4: Use Amazon Snowball

45
Q

Several Amazon EC2 Spot instances are being used to process messages from an Amazon SQS queue and store results in an Amazon DynamoDB table. Shortly after picking up a message from the queue AWS terminated the Spot instance. The Spot instance had not finished processing the message. What will happen to the message?

1: The message will become available for processing again after the visibility timeout expires
2: The message will be lost as it would have been deleted from the queue when processed
3: The message will remain in the queue and be immediately picked up by another instance
4: The results may be duplicated in DynamoDB as the message will likely be processed multiple times

A

1: The message will become available for processing again after the visibility timeout expires

2: The message will be lost as it would have been deleted from the queue when processed
3: The message will remain in the queue and be immediately picked up by another instance
4: The results may be duplicated in DynamoDB as the message will likely be processed multiple times

46
Q

A company is transitioning their web presence into the AWS cloud. As part of the migration the company will be running a web application both on-premises and in AWS for a period of time. During the period of co-existence, the client would like 80% of the traffic to hit the AWS-based web servers and 20% to be directed to the on-premises web servers. What method can a Solutions Architect use to distribute traffic as requested?

1: Use Route 53 with a weighted routing policy and configure the respective weights
2: Use Route 53 with a simple routing policy
3: Use an Application Load Balancer to distribute traffic based on IP address
4: Use a Network Load Balancer to distribute traffic based on Instance ID

A

1: Use Route 53 with a weighted routing policy and configure the respective weights

2: Use Route 53 with a simple routing policy
3: Use an Application Load Balancer to distribute traffic based on IP address
4: Use a Network Load Balancer to distribute traffic based on Instance ID

47
Q

A Solutions Architect has created a new Network ACL in an Amazon VPC. No rules have been created. Which of the statements below are correct regarding the default state of the Network ACL? (Select TWO)

1: There is a default inbound rule allowing traffic from the VPC CIDR block
2: There is a default outbound rule allowing traffic to the Internet Gateway
3: There is a default outbound rule allowing all traffic
4: There is a default inbound rule denying all traffic
5: There is a default outbound rule denying all traffic

A

1: There is a default inbound rule allowing traffic from the VPC CIDR block
2: There is a default outbound rule allowing traffic to the Internet Gateway
3: There is a default outbound rule allowing all traffic

4: There is a default inbound rule denying all traffic

5: There is a default outbound rule denying all traffic

48
Q

A company needs to capture detailed information about all HTTP requests that are processed by their Internet facing Application Load Balancer (ALB). The company requires information on the requester, IP address, and request type for analyzing traffic patterns to better understand their customer base. Which actions should a Solutions Architect recommend?

1: Configure metrics in CloudWatch for the ALB
2: Enable EC2 detailed monitoring
3: Enable Access Logs and store the data on S3
4: Use CloudTrail to capture all API calls made to the ALB

A

1: Configure metrics in CloudWatch for the ALB
2: Enable EC2 detailed monitoring

3: Enable Access Logs and store the data on S3

4: Use CloudTrail to capture all API calls made to the ALB

49
Q

A Solutions Architect needs to run a PowerShell script on a fleet of Amazon EC2 instances running Microsoft Windows. The instances have already been launched in an Amazon VPC. What tool can be run from the AWS Management Console that to execute the script on all target EC2 instances?

1: AWS CodeDeploy
2: AWS Config
3: Run Command
4: AWS OpsWorks

A

1: AWS CodeDeploy
2: AWS Config

3: Run Command

4: AWS OpsWorks

50
Q

A company requires an Elastic Load Balancer (ELB) for an application they are planning to deploy on AWS. The application requires extremely high throughput and extremely low latencies. The connections will be made using the TCP protocol and the ELB must support load balancing to multiple ports on an instance. Which ELB would should the company use?

1: Classic Load Balancer
2: Application Load Balancer
3: Network Load Balancer
4: Route 53

A

1: Classic Load Balancer
2: Application Load Balancer

3: Network Load Balancer

4: Route 53

51
Q

A web application runs on a series of Amazon EC2 instances behind an Application Load Balancer (ALB). A Solutions Architect is updating the configuration with a health check and needs to select the protocol to use. What options are available? (Select TWO)

1: HTTP
2: SSL
3: HTTPS
4: TCP
5: ICMP

A

1: HTTP

2: SSL

3: HTTPS

4: TCP
5: ICMP

52
Q

A Solutions Architect is designing the disk configuration for an Amazon EC2 instance. The instance needs to support a MapReduce process that requires high throughput for a large dataset with large I/O sizes. Which Amazon EBS volume is the MOST cost-effective solution for these requirements?

1: EBS General Purpose SSD in a RAID 1 configuration
2: EBS Throughput Optimized HDD
3: EBS Provisioned IOPS SSD
4: EBS General Purpose SSD

A

1: EBS General Purpose SSD in a RAID 1 configuration

2: EBS Throughput Optimized HDD

3: EBS Provisioned IOPS SSD
4: EBS General Purpose SSD

53
Q

An Amazon EBS-backed EC2 instance has been launched. A requirement has come up for some high-performance ephemeral storage. How can a Solutions Architect add a new instance store volume?

1: You must shutdown the instance in order to be able to add the instance store volume
2: You must use an Elastic Network Adapter (ENA) to add instance store volumes. First, attach an ENA, and then attach the instance store volume
3: You can specify the instance store volumes for your instance only when you launch an instance
4: You can use a block device mapping to specify additional instance store volumes when you launch your instance, or you can attach additional instance store volumes after your instance is running

A

1: You must shutdown the instance in order to be able to add the instance store volume
2: You must use an Elastic Network Adapter (ENA) to add instance store volumes. First, attach an ENA, and then attach the instance store volume

3: You can specify the instance store volumes for your instance only when you launch an instance

4: You can use a block device mapping to specify additional instance store volumes when you launch

54
Q

A large quantity of data that is rarely accessed is being archived onto Amazon Glacier. Your CIO wants to understand the resilience of the service. Which of the statements below is correct about Amazon Glacier storage? (Select TWO)

1: Data is replicated globally
2: Provides 99.999999999% durability of archives
3: Data is resilient in the event of one entire Availability Zone destruction
4: Data is resilient in the event of one entire region destruction
5: Provides 99.9% availability of archives

A

1: Data is replicated globally

2: Provides 99.999999999% durability of archives

3: Data is resilient in the event of one entire Availability Zone destruction

4: Data is resilient in the event of one entire region destruction
5: Provides 99.9% availability of archives

55
Q

A Solutions Architect is launching an Amazon EC2 instance with multiple attached volumes by modifying the block device mapping. Which block device can be specified in a block device mapping to be used with an EC2 instance? (Select TWO)

1: EBS volume
2: EFS volume
3: Instance store volume
4: Snapshot
5: S3 bucket

A

1: EBS volume

2: EFS volume

3: Instance store volume

4: Snapshot
5: S3 bucket

56
Q

An Amazon EC2 instance behind an Elastic Load Balancer (ELB) is in the process of being de-registered. Which ELB feature is used to allow existing connections to close cleanly?

1: Sticky Sessions
2: Proxy Protocol
3: Deletion Protection
4: Connection Draining

A

1: Sticky Sessions
2: Proxy Protocol
3: Deletion Protection

4: Connection Draining

57
Q

The load on a MySQL database running on Amazon EC2 is increasing and performance has been impacted. Which of the options below would help to increase storage performance? (Select TWO)

1: Use a larger instance size within the instance family
2: Use HDD, Cold (SC1) EBS volumes
3: Use Provisioned IOPS (I01) EBS volumes
4: Use EBS optimized instances
5: Create a RAID 1 array from multiple EBS volumes

A

1: Use a larger instance size within the instance family
2: Use HDD, Cold (SC1) EBS volumes

3: Use Provisioned IOPS (I01) EBS volumes

4: Use EBS optimized instances

5: Create a RAID 1 array from multiple EBS volumes

58
Q

An application receives a high traffic load between 7:30am and 9:30am daily. The application uses an Auto Scaling group to maintain three instances most of the time but during the peak period it requires six instances. How can a Solutions Architect configure Auto Scaling to perform a daily scale-out event at 7:30am and a scale-in event at 9:30am to account for the peak load?

1: Use a Simple scaling policy
2: Use a Scheduled scaling policy
3: Use a Dynamic scaling policy
4: Use a Step scaling policy

A

1: Use a Simple scaling policy

2: Use a Scheduled scaling policy

3: Use a Dynamic scaling policy
4: Use a Step scaling policy

59
Q

An on-premise data center will be connected to an Amazon VPC by a hardware VPN that has public and VPN-only subnets. The security team has requested that traffic hitting public subnets on AWS that’s destined to on-premise applications must be directed over the VPN to the corporate firewall. How can this be achieved?

1: In the VPN-only subnet route table, add a route that directs all Internet traffic to the virtual private gateway
2: In the public subnet route table, add a route for your remote network and specify the customer gateway as the target
3: Configure a NAT Gateway and configure all traffic to be directed via the virtual private gateway
4: In the public subnet route table, add a route for your remote network and specify the virtual private gateway as the target

A

1: In the VPN-only subnet route table, add a route that directs all Internet traffic to the virtual private gateway
2: In the public subnet route table, add a route for your remote network and specify the customer gateway as the target
3: Configure a NAT Gateway and configure all traffic to be directed via the virtual private gateway

4: In the public subnet route table, add a route for your remote network and specify the virtual private gateway as the target

60
Q

An Amazon DynamoDB table has a variable load, ranging from sustained heavy usage some days, to only having small spikes on others. The load is 80% read and 20% write. The provisioned throughput capacity has been configured to account for the heavy load to ensure throttling does not occur. What would be the most efficient solution to optimize cost?

1: Create a CloudWatch alarm that triggers an AWS Lambda function that adjusts the provisioned throughput
2: Create a CloudWatch alarm that notifies you of increased/decreased load, and manually adjust the provisioned throughput
3: Use DynamoDB DAX to increase the performance of the database
4: Create a DynamoDB Auto Scaling scaling policy

A

1: Create a CloudWatch alarm that triggers an AWS Lambda function that adjusts the provisioned throughput
2: Create a CloudWatch alarm that notifies you of increased/decreased load, and manually adjust the provisioned throughput
3: Use DynamoDB DAX to increase the performance of the database

4: Create a DynamoDB Auto Scaling scaling policy

61
Q

A Solutions Architect has created a VPC and is in the process of formulating the subnet design. The VPC will be used to host a two-tier application that will include Internet facing web servers, and internal-only DB servers. Zonal redundancy is required. How many subnets are required to support this requirement?

1: 2 subnets
2: 6 subnets
3: 1 subnet
4: 4 subnets

A

1: 2 subnets
2: 6 subnets
3: 1 subnet

4: 4 subnets

62
Q

The application development team in a company have developed a Java application and saved the source code in a .war file. They would like to run the application on AWS resources and are looking for a service that can handle the provisioning and management of the underlying resources it will run on. Which AWS service should a Solutions Architect recommend the Developers use to upload the Java source code file?

1: AWS Elastic Beanstalk
2: AWS CodeDeploy
3: AWS CloudFormation
4: AWS OpsWorks

A

1: AWS Elastic Beanstalk

2: AWS CodeDeploy
3: AWS CloudFormation
4: AWS OpsWorks

63
Q

A Solutions Architect has created a new security group in an Amazon VPC. No rules have been created. Which of the statements below are correct regarding the default state of the security group? (Select TWO)

1: There is an outbound rule that allows all traffic to all IP addresses
2: There are no inbound rules and traffic will be implicitly denied
3: There is an inbound rule allowing traffic from the Internet to port 22 for management
4: There are is an inbound rule that allows traffic from the Internet Gateway
5: There is an outbound rule allowing traffic to the Internet Gateway

A

1: There is an outbound rule that allows all traffic to all IP addresses

2: There are no inbound rules and traffic will be implicitly denied

3: There is an inbound rule allowing traffic from the Internet to port 22 for management
4: There are is an inbound rule that allows traffic from the Internet Gateway
5: There is an outbound rule allowing traffic to the Internet Gateway

64
Q

A security officer has requested that all data associated with a specific customer is encrypted. The data resides on Elastic Block Store (EBS) volumes. Which of the following statements about using EBS encryption are correct? (Select TWO)

1: Not all EBS types support encryption
2: All attached EBS volumes must share the same encryption state
3: All instance types support encryption
4: Data in transit between an instance and an encrypted volume is also encrypted
5: There is no direct way to change the encryption state of a volume

A

1: Not all EBS types support encryption
2: All attached EBS volumes must share the same encryption state
3: All instance types support encryption

4: Data in transit between an instance and an encrypted volume is also encrypted

5: There is no direct way to change the encryption state of a volume

65
Q

An organization in the agriculture sector is deploying sensors and smart devices around factory plants and fields. The devices will collect information and send it to cloud applications running on AWS. Which AWS service will securely connect the devices to the cloud applications?

1: AWS Glue
2: AWS IoT Core
3: AWS DMS
4: AWS Lambda

A

1: AWS Glue

2: AWS IoT Core

3: AWS DMS
4: AWS Lambda

AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions