Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS Study Deck - SAA > More Test Questions - 4 > Flashcards

More Test Questions - 4 Flashcards

1
Q

A company is deploying an Amazon ElastiCache for Redis cluster. To enhance security a password should be required to access the database. What should the solutions architect use?

1: AWS Directory Service
2: AWS IAM Policy
3: Redis AUTH command
4: VPC Security Group

A

1: AWS Directory Service
2: AWS IAM Policy

3: Redis AUTH command

4: VPC Security Group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

To increase performance and redundancy for an application a company has decided to run multiple implementations in different AWS Regions behind network load balancers. The company currently advertise the application using two public IP addresses from separate /24 address ranges and would prefer not to change these. Users should be directed to the closest available application endpoint. Which actions should a solutions architect take? (Select TWO)

1: Create an Amazon Route 53 geolocation based routing policy
2: Create an AWS Global Accelerator and attach endpoints in each AWS Region
3: Assign new static anycast IP addresses and modify any existing pointers
4: Migrate both public IP addresses to the AWS Global Accelerator
5: Create PTR records to map existing public IP addresses to an Alias 3.

A

1: Create an Amazon Route 53 geolocation based routing policy

2: Create an AWS Global Accelerator and attach endpoints in each AWS Region

3: Assign new static anycast IP addresses and modify any existing pointers

4: Migrate both public IP addresses to the AWS Global Accelerator

5: Create PTR records to map existing public IP addresses to an Alias 3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Three Amazon VPCs are used by a company in the same region. The company has two AWS Direct Connect connections to two separate company offices and wishes to share these with all three VPCs. A Solutions Architect has created an AWS Direct Connect gateway. How can the required connectivity be configured?

1: Associate the Direct Connect gateway to a transit gateway
2: Associate the Direct Connect gateway to a virtual private gateway in each VPC
3: Create a VPC peering connection between the VPCs and route entries for the Direct Connect Gateway
4: Create a transit virtual interface between the Direct Connect gateway and each VPC

A

1: Associate the Direct Connect gateway to a transit gateway

2: Associate the Direct Connect gateway to a virtual private gateway in each VPC
3: Create a VPC peering connection between the VPCs and route entries for the Direct Connect Gateway
4: Create a transit virtual interface between the Direct Connect gateway and each VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A retail organization sends coupons out twice a week and this results in a predictable surge in sales traffic. The application runs on Amazon EC2 instances behind an Elastic Load Balancer. The organization is looking for ways to reduce cost without impacting performance or reliability. How can they achieve this goal?

1: Purchase scheduled reserved instances
2: Use a mixture of spot instances and on demand instances
3: Increase the instance size of the existing EC2 instances
4: Purchase Amazon EC2 dedicated hosts

A

1: Purchase scheduled reserved instances

2: Use a mixture of spot instances and on demand instances
3: Increase the instance size of the existing EC2 instances
4: Purchase Amazon EC2 dedicated hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Over 500 TB of data must be analyzed using standard SQL business intelligence tools. The dataset consists of a combination of structured data and unstructured data. The unstructured data is small and stored on Amazon S3. Which AWS services are most suitable for performing analytics on the data?

1: Amazon RDS MariaDB with Amazon Athena
2: Amazon DynamoDB with Amazon DynamoDB Accelerator (DAX)
3: Amazon ElastiCache for Redis with cluster mode enabled
4: Amazon Redshift with Amazon Redshift Spectrum

A

1: Amazon RDS MariaDB with Amazon Athena
2: Amazon DynamoDB with Amazon DynamoDB Accelerator (DAX)
3: Amazon ElastiCache for Redis with cluster mode enabled

4: Amazon Redshift with Amazon Redshift Spectrum

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An application is being monitored using Amazon GuardDuty. A Solutions Architect needs to be notified by email of medium to high severity events. How can this be achieved?

1: Configure an Amazon CloudWatch alarm that triggers based on a GuardDuty metric
2: Create an Amazon CloudWatch events rule that triggers an Amazon SNS topic
3: Create an Amazon CloudWatch Logs rule that triggers an AWS Lambda function
4: Configure an Amazon CloudTrail alarm the triggers based on GuardDuty API activity

A

1: Configure an Amazon CloudWatch alarm that triggers based on a GuardDuty metric

2: Create an Amazon CloudWatch events rule that triggers an Amazon SNS topic

3: Create an Amazon CloudWatch Logs rule that triggers an AWS Lambda function
4: Configure an Amazon CloudTrail alarm the triggers based on GuardDuty API activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company is migrating a decoupled application to AWS. The application uses a message broker based on the MQTT protocol. The application will be migrated to Amazon EC2 instances and the solution for the message broker must not require rewriting application code. Which AWS service can be used for the migrated message broker?

1: Amazon SQS
2: Amazon SNS
3: Amazon MQ
4: AWS Step Functions

A

1: Amazon SQS
2: Amazon SNS

3: Amazon MQ

4: AWS Step Functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A HR application stores employment records on Amazon S3. Regulations mandate the records are retained for seven years. Once created the records are accessed infrequently for the first three months and then must be available within 10 minutes if required thereafter. Which lifecycle action meets the requirements whilst MINIMIZING cost?

1: Store the data in S3 Standard for 3 months, then transition to S3 Glacier
2: Store the data in S3 Standard-IA for 3 months, then transition to S3 Glacier
3: Store the data in S3 Standard for 3 months, then transition to S3 Standard-IA
4: Store the data in S3 Intelligent Tiering for 3 months, then transition to S3 Standard-IA

A

1: Store the data in S3 Standard for 3 months, then transition to S3 Glacier

2: Store the data in S3 Standard-IA for 3 months, then transition to S3 Glacier

3: Store the data in S3 Standard for 3 months, then transition to S3 Standard-IA
4: Store the data in S3 Intelligent Tiering for 3 months, then transition to S3 Standard-IA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A highly elastic application consists of three tiers. The application tier runs in an Auto Scaling group and processes data and writes it to an Amazon RDS MySQL database. The Solutions Architect wants to restrict access to the database tier to only accept traffic from the instances in the application tier. However, instances in the application tier are being constantly launched and terminated. How can the Solutions Architect configure secure access to the database tier?

1: Configure the database security group to allow traffic only from the application security group
2: Configure the database security group to allow traffic only from port 3306
3: Configure a Network ACL on the database subnet to deny all traffic to ports other than 3306
4: Configure a Network ACL on the database subnet to allow all traffic from the application subnet

A

1: Configure the database security group to allow traffic only from the application security group

2: Configure the database security group to allow traffic only from port 3306
3: Configure a Network ACL on the database subnet to deny all traffic to ports other than 3306
4: Configure a Network ACL on the database subnet to allow all traffic from the application subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A Solutions Architect is rearchitecting an application with decoupling. The application will send batches of up to 1000 messages per second that must be received in the correct order by the consumers. Which action should the Solutions Architect take?

1: Create an Amazon SQS Standard queue
2: Create an Amazon SNS topic
3: Create an Amazon SQS FIFO queue
4: Create an AWS Step Functions state machine

A

1: Create an Amazon SQS Standard queue
2: Create an Amazon SNS topic

3: Create an Amazon SQS FIFO queue

4: Create an AWS Step Functions state machine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A Solutions Architect is designing an application that consists of AWS Lambda and Amazon RDS Aurora MySQL. The Lambda function must use database credentials to authenticate to MySQL and security policy mandates that these credentials must not be stored in the function code. How can the Solutions Architect securely store the database credentials and make them available to the function?

1: Store the credentials in AWS Key Management Service and use environment variables in the function code pointing to KMS
2: Store the credentials in Systems Manager Parameter Store and update the function code and execution role
3: Use the AWSAuthenticationPlugin and associate an IAM user account in the MySQL database
4: Create an IAM policy and store the credentials in the policy. Attach the policy to the Lambda function execution role

A

1: Store the credentials in AWS Key Management Service and use environment variables in the function code pointing to KMS

2: Store the credentials in Systems Manager Parameter Store and update the function code and execution role

3: Use the AWSAuthenticationPlugin and associate an IAM user account in the MySQL database
4: Create an IAM policy and store the credentials in the policy. Attach the policy to the Lambda function execution role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company are finalizing their disaster recovery plan. A limited set of core services will be replicated to the DR site ready to seamlessly take over the in the event of a disaster. All other services will be switched off. Which DR strategy is the company using?

1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site

A

1: Backup and restore

2: Pilot light

3: Warm standby
4: Multi-site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An application that runs a computational fluid dynamics workload uses a tightly-coupled HPC architecture that uses the MPI protocol and runs across many nodes. A service-managed deployment is required to minimize operational overhead. Which deployment option is MOST suitable for provisioning and managing the resources required for this use case?

1: Use Amazon EC2 Auto Scaling to deploy instances in multiple subnets
2: Use AWS CloudFormation to deploy a Cluster Placement Group on EC2
3: Use AWS Batch to deploy a multi-node parallel job
4: Use AWS Elastic Beanstalk to provision and manage the EC2 instances

A

1: Use Amazon EC2 Auto Scaling to deploy instances in multiple subnets
2: Use AWS CloudFormation to deploy a Cluster Placement Group on EC2

3: Use AWS Batch to deploy a multi-node parallel job

4: Use AWS Elastic Beanstalk to provision and manage the EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A Solutions Architect is designing an application that will run on an Amazon EC2 instance. The application must asynchronously invoke and AWS Lambda function to analyze thousands of .CSV files. The services should be decoupled. Which service can be used to decouple the compute services?

1: Amazon SQS
2: Amazon SNS
3: Amazon Kinesis
4: Amazon OpsWorks

A

1: Amazon SQS

2: Amazon SNS

3: Amazon Kinesis
4: Amazon OpsWorks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A large MongoDB database running on-premises must be migrated to Amazon DynamoDB within the next few weeks. The database is too large to migrate over the company’s limited internet bandwidth so an alternative solution must be used. What should a Solutions Architect recommend?

1: Setup an AWS Direct Connect and migrate the database to Amazon DynamoDB using the AWS Database Migration Service (DMS)
2: Use the Schema Conversion Tool (SCT) to extract and load the data to an AWS Snowball Edge device. Use the AWS Database Migration Service (DMS) to migrate the data to Amazon DynamoDB
3: Enable compression on the MongoDB database and use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon DynamoDB
4: Use the AWS Database Migration Service (DMS) to extract and load the data to an AWS Snowball Edge device. Complete the migration to Amazon DynamoDB using AWS DMS in the AWS Cloud

A

1: Setup an AWS Direct Connect and migrate the database to Amazon DynamoDB using the AWS Database Migration Service (DMS)

2: Use the Schema Conversion Tool (SCT) to extract and load the data to an AWS Snowball Edge device. Use the AWS Database Migration Service (DMS) to migrate the data to Amazon DynamoDB

3: Enable compression on the MongoDB database and use the AWS Database Migration Service (DMS) to directly migrate the database to Amazon DynamoDB
4: Use the AWS Database Migration Service (DMS) to extract and load the data to an AWS Snowball Edge device. Complete the migration to Amazon DynamoDB using AWS DMS in the AWS Cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Every time an item in an Amazon DynamoDB table is modified a record must be retained for compliance reasons. What is the most efficient solution to recording this information?

1: Enable Amazon CloudWatch Logs. Configure an AWS Lambda function to monitor the log files and record deleted item data to an Amazon S3 bucket
2: Enable DynamoDB Streams. Configure an AWS Lambda function to poll the stream and record the modified item data to an Amazon S3 bucket
3: Enable Amazon CloudTrail. Configure an Amazon EC2 instance to monitor activity in the CloudTrail log files and record changed items in another DynamoDB table
4: Enable DynamoDB Global Tables. Enable DynamoDB streams on the multi-region table and save the output directly to an Amazon S3 bucket

A

1: Enable Amazon CloudWatch Logs. Configure an AWS Lambda function to monitor the log files and record deleted item data to an Amazon S3 bucket

2: Enable DynamoDB Streams. Configure an AWS Lambda function to poll the stream and record the modified item data to an Amazon S3 bucket

3: Enable Amazon CloudTrail. Configure an Amazon EC2 instance to monitor activity in the CloudTrail log files and record changed items in another DynamoDB table
4: Enable DynamoDB Global Tables. Enable DynamoDB streams on the multi-region table and save the output directly to an Amazon S3 bucket

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An application in a private subnet needs to query data in an Amazon DynamoDB table. Use of the DynamoDB public endpoints must be avoided. What is the most EFFICIENT and secure method of enabling access to the table?

1: Create an interface VPC endpoint in the VPC with an Elastic Network Interface (ENI)
2: Create a gateway VPC endpoint and add an entry to the route table
3: Create a private Amazon DynamoDB endpoint and connect to it using an AWS VPN
4: Create a software VPN between DynamoDB and the application in the private subnet

A

1: Create an interface VPC endpoint in the VPC with an Elastic Network Interface (ENI)

2: Create a gateway VPC endpoint and add an entry to the route table

3: Create a private Amazon DynamoDB endpoint and connect to it using an AWS VPN
4: Create a software VPN between DynamoDB and the application in the private subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A Solutions Architect needs to select a low-cost, short-term option for adding resilience to an AWS Direct Connect connection. What is the MOST cost-effective solution to provide a backup for the Direct Connect connection?

1: Implement a second AWS Direct Connection
2: Implement an IPSec VPN connection and use the same BGP prefix
3: Configure AWS Transit Gateway with an IPSec VPN backup
4: Configure an IPSec VPN connection over the Direct Connect link

A

1: Implement a second AWS Direct Connection

2: Implement an IPSec VPN connection and use the same BGP prefix

3: Configure AWS Transit Gateway with an IPSec VPN backup
4: Configure an IPSec VPN connection over the Direct Connect link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The disk configuration for an Amazon EC2 instance must be finalized. The instance will be running an application that requires heavy read/ write IOPS. A single volume is required that is 500 GiB in size and needs to support 20,000 IOPS. What EBS volume type should be selected?

1: EBS General Purpose SSD
2: EBS Provisioned IOPS SSD
3: EBS General Purpose SSD in a RAID 1 configuration
4: EBS Throughput Optimized HDD

A

1: EBS General Purpose SSD

2: EBS Provisioned IOPS SSD

3: EBS General Purpose SSD in a RAID 1 configuration
4: EBS Throughput Optimized HDD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A new application you are designing will store data in an Amazon Aurora MySQL DB. You are looking for a way to enable inter-region disaster recovery capabilities with fast replication and fast failover. Which of the following options is the BEST solution?

1: Use Amazon Aurora Global Database
2: Enable Multi-AZ for the Aurora DB
3: Create an EBS backup of the Aurora volumes and use cross-region replication to copy the snapshot
4: Create a cross-region Aurora Read Replica

A

1: Use Amazon Aurora Global Database

2: Enable Multi-AZ for the Aurora DB
3: Create an EBS backup of the Aurora volumes and use cross-region replication to copy the snapshot
4: Create a cross-region Aurora Read Replica

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A Solutions Architect regularly launches EC2 instances manually from the console and wants to streamline the process to reduce administrative overhead. Which feature of EC2 enables storing of settings such as AMI ID, instance type, key pairs and Security Groups?

1: Placement Groups
2: Launch Templates
3: Run Command
4: Launch Configurations

A

1: Placement Groups

2: Launch Templates

3: Run Command
4: Launch Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

You recently noticed that your Network Load Balancer (NLB) in one of your VPCs is not distributing traffic evenly between EC2 instances in your AZs. There are an odd number of EC2 instances spread across two AZs. The NLB is configured with a TCP listener on port 80 and is using active health checks. What is the most likely problem?

1: There is no HTTP listener
2: Health checks are failing in one AZ due to latency
3: NLB can only load balance within a single AZ
4: Cross-zone load balancing is disabled

A

1: There is no HTTP listener
2: Health checks are failing in one AZ due to latency
3: NLB can only load balance within a single AZ

4: Cross-zone load balancing is disabled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A Solutions Architect is creating a design for a multi-tiered serverless application. Which two services form the application facing services from the AWS serverless infrastructure? (Select TWO)

1: API Gateway
2: AWS Cognito
3: AWS Lambda
4: Amazon ECS
5: Elastic Load Balancer

A

1: API Gateway

2: AWS Cognito

3: AWS Lambda

4: Amazon ECS
5: Elastic Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A Solutions Architect attempted to restart a stopped EC2 instance and it immediately changed from a pending state to a terminated state. What are the most likely explanations? (Select TWO)

1: You’ve reached your EBS volume limit
2: An EBS snapshot is corrupt
3: AWS does not currently have enough available On-Demand capacity to service your request
4: You have reached the limit on the number of instances that you can launch in a region
5: The AMI is unsupported

A

1: You’ve reached your EBS volume limit

2: An EBS snapshot is corrupt

3: AWS does not currently have enough available On-Demand capacity to service your request
4: You have reached the limit on the number of instances that you can launch in a region
5: The AMI is unsupported

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

One of the applications you manage on RDS uses the MySQL DB and has been suffering from performance issues. You would like to setup a reporting process that will perform queries on the database but you’re concerned that the extra load will further impact the performance of the DB and may lead to poor customer experience. What would be the best course of action to take so you can implement the reporting process?

1: Configure Multi-AZ to setup a secondary database instance in another region
2: Deploy a Read Replica to setup a secondary read-only database instance
3: Deploy a Read Replica to setup a secondary read and write database instance
4: Configure Multi-AZ to setup a secondary database instance in another Availability Zone

A

1: Configure Multi-AZ to setup a secondary database instance in another region

2: Deploy a Read Replica to setup a secondary read-only database instance

3: Deploy a Read Replica to setup a secondary read and write database instance
4: Configure Multi-AZ to setup a secondary database instance in another Availability Zone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A Solutions Architect is building a new Amazon Elastic Container Service (ECS) cluster. The ECS instances are running the EC2 launch type and load balancing is required to distribute connections to the tasks. It is required that the mapping of ports is performed dynamically and connections are routed to different groups of servers based on the path in the URL. Which AWS service should the Solutions Architect choose to fulfil these requirements?

1: An Amazon ECS Service
2: Application Load Balancer
3: Network Load Balancer
4: Classic Load Balancer

A

1: An Amazon ECS Service

2: Application Load Balancer

3: Network Load Balancer
4: Classic Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A Solutions Architect needs to connect from an office location to a Linux instance that is running in a public subnet in an Amazon VPC using the Internet. Which of the following items are required to enable this access? (Select TWO)

1: A bastion host
2: A NAT Gateway
3: A Public or Elastic IP address on the EC2 instance
4: An Internet Gateway attached to the VPC and route table attached to the public subnet pointing to it
5: An IPSec VPN

A

1: A bastion host
2: A NAT Gateway

3: A Public or Elastic IP address on the EC2 instance

4: An Internet Gateway attached to the VPC and route table attached to the public subnet pointing to it

5: An IPSec VPN

28
Q

An Auto Scaling Group is unable to respond quickly enough to load changes resulting in lost messages from another application tier. The messages are typically around 128KB in size. What is the best design option to prevent the messages from being lost?

1: Store the messages on Amazon S3
2: Launch an Elastic Load Balancer
3: Store the messages on an SQS queue
4: Use larger EC2 instance sizes

A

1: Store the messages on Amazon S3
2: Launch an Elastic Load Balancer

3: Store the messages on an SQS queue

4: Use larger EC2 instance sizes

29
Q

A Solutions Architect needs to run a production batch process quickly that will use several EC2 instances. The process cannot be interrupted and must be completed within a short time period. What is likely to be the MOST cost-effective choice of EC2 instance type to use for this requirement?

1: Reserved instances
2: Spot instances
3: Flexible instances
4: On-demand instances

A

1: Reserved instances
2: Spot instances
3: Flexible instances

4: On-demand instances

30
Q

A Solutions Architect would like to implement a method of automating the creation, retention, and deletion of backups for the Amazon EBS

volumes in an Amazon VPC. What is the easiest way to automate these tasks using AWS tools?

1: Configure EBS volume replication to create a backup on Amazon S3
2: Use the EBS Data Lifecycle Manager (DLM) to manage snapshots of the volumes
3: Create a scheduled job and run the AWS CLI command “create-backup” to take backups of the EBS volumes
4: Create a scheduled job and run the AWS CLI command “create-snapshot” to take backups of the EBS volumes

A

1: Configure EBS volume replication to create a backup on Amazon S3

2: Use the EBS Data Lifecycle Manager (DLM) to manage snapshots of the volumes

3: Create a scheduled job and run the AWS CLI command “create-backup” to take backups of the EBS volumes
4: Create a scheduled job and run the AWS CLI command “create-snapshot” to take backups of the EBS volumes

31
Q

A mobile app uploads usage information to a database. Amazon Cognito is being used for authentication, authorization and user management and users sign-in with Facebook IDs. In order to securely store data in DynamoDB, the design should use temporary AWS credentials. What feature of Amazon Cognito is used to obtain temporary credentials to access AWS services?

1: User Pools
2: Identity Pools
3: Key Pairs
4: SAML Identity Providers

A

1: User Pools

2: Identity Pools

3: Key Pairs
4: SAML Identity Providers

32
Q

A website uses web servers behind an Internet-facing Elastic Load Balancer. What record set should be created to point the customer’s DNS zone apex record at the ELB?

1: Create a PTR record pointing to the DNS name of the load balancer
2: Create an A record pointing to the DNS name of the load balancer
3: Create a CNAME record that is an Alias, and select the ELB DNS as a target
4: Create an A record that is an Alias, and select the ELB DNS as a target

A

1: Create a PTR record pointing to the DNS name of the load balancer
2: Create an A record pointing to the DNS name of the load balancer
3: Create a CNAME record that is an Alias, and select the ELB DNS as a target

4: Create an A record that is an Alias, and select the ELB DNS as a target

33
Q

A Solutions Architect has been assigned the task of moving some sensitive documents into the AWS cloud. The security of the documents must be maintained. Which AWS features can help ensure that the sensitive documents cannot be read even if they are compromised? (Select TWO)

1: AWS IAM Access Policy
2: Amazon S3 Server-Side Encryption
3: Amazon EBS snapshots
4: Amazon S3 cross region replication
5: Amazon EBS encryption with Customer Managed Keys

A

1: AWS IAM Access Policy

2: Amazon S3 Server-Side Encryption

3: Amazon EBS snapshots
4: Amazon S3 cross region replication

5: Amazon EBS encryption with Customer Managed Keys

34
Q

A membership website has become quite popular and is gaining members quickly. The website currently runs on Amazon EC2 instances with one web server instance and one database instance running MySQL. A Solutions Architect is concerned about the lack of high-availability in the current architecture. What can the Solutions Architect do to easily enable high availability without making major changes to the architecture?

1: Create a Read Replica in another availability zone
2: Enable Multi-AZ for the MySQL instance
3: Install MySQL on an EC2 instance in the same availability zone and enable replication
4: Install MySQL on an EC2 instance in another availability zone and enable replication

A

1: Create a Read Replica in another availability zone
2: Enable Multi-AZ for the MySQL instance
3: Install MySQL on an EC2 instance in the same availability zone and enable replication

4: Install MySQL on an EC2 instance in another availability zone and enable replication

35
Q

A Solutions Architect has setup a VPC with a public subnet and a VPN-only subnet. The public subnet is associated with a custom route table that has a route to an Internet Gateway. The VPN-only subnet is associated with the main route table and has a route to a virtual private gateway. The Architect has created a new subnet in the VPC and launched an EC2 instance in it. However, the instance cannot connect to the Internet. What is the MOST likely reason?

1: The subnet has been automatically associated with the main route table which does not have a route to the Internet
2: The new subnet has not been associated with a route table
3: The Internet Gateway is experiencing connectivity problems
4: There is no NAT Gateway available in the new subnet so Internet connectivity is not possible

A

1: The subnet has been automatically associated with the main route table which does not have a route to the Internet

2: The new subnet has not been associated with a route table
3: The Internet Gateway is experiencing connectivity problems
4: There is no NAT Gateway available in the new subnet so Internet connectivity is not possible

36
Q

A customer has a public-facing web application hosted on a single Amazon Elastic Compute Cloud (EC2) instance serving videos directly from an Amazon S3 bucket. Which of the following will restrict third parties from directly accessing the video assets in the bucket?

1: Launch the website Amazon EC2 instance using an IAM role that is authorized to access the videos
2: Restrict access to the bucket to the public CIDR range of the company locations
3: Use a bucket policy to only allow referrals from the main website URL
4: Use a bucket policy to only allow the public IP address of the Amazon EC2 instance hosting the customer website

A

1: Launch the website Amazon EC2 instance using an IAM role that is authorized to access the videos
2: Restrict access to the bucket to the public CIDR range of the company locations

3: Use a bucket policy to only allow referrals from the main website URL

4: Use a bucket policy to only allow the public IP address of the Amazon EC2 instance hosting the customer website

37
Q

A Solutions Architect is creating an AWS CloudFormation template that will provision a new EC2 instance and new EBS volume. What must be specified to associate the block store with the instance?

1: Both the EC2 physical ID and the EBS physical ID
2: The EC2 physical ID
3: Both the EC2 logical ID and the EBS logical ID
4: The EC2 logical ID

A

1: Both the EC2 physical ID and the EBS physical ID
2: The EC2 physical ID

3: Both the EC2 logical ID and the EBS logical ID

4: The EC2 logical ID

38
Q

An application stores encrypted data in Amazon S3 buckets. A Solutions Architect needs to be able to query the encrypted data using SQL queries and write the encrypted results back the S3 bucket. As the data is sensitive fine-grained control must be implemented over access to the S3 bucket. What combination of services represent the BEST options support these requirements? (Select TWO)

1: Use AWS Glue to extract the data, analyze it, and load it back to the S3 bucket
2: Use bucket ACLs to restrict access to the bucket
3: Use IAM policies to restrict access to the bucket
4: Use Athena for querying the data and writing the results back to the bucket
5: Use the AWS KMS API to query the encrypted data, and the S3 API for writing the results

A

1: Use AWS Glue to extract the data, analyze it, and load it back to the S3 bucket
2: Use bucket ACLs to restrict access to the bucket

3: Use IAM policies to restrict access to the bucket

4: Use Athena for querying the data and writing the results back to the bucket

5: Use the AWS KMS API to query the encrypted data, and the S3 API for writing the results

39
Q

A Solutions Architect works for a systems integrator running a platform that stores medical records. The government security policy mandates that patient data that contains personally identifiable information (PII) must be encrypted at all times, both at rest and in transit. Amazon S3 is used to back up data into the AWS cloud. How can the Solutions Architect ensure the medical records are properly secured? (Select TWO)

1: Before uploading the data to S3 over HTTPS, encrypt the data locally using your own encryption keys
2: Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-128
3: Attach an encrypted EBS volume to an EC2 instance
4: Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-256
5: Upload the data using CloudFront with an EC2 origin

A

1: Before uploading the data to S3 over HTTPS, encrypt the data locally using your own encryption keys

2: Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-128
3: Attach an encrypted EBS volume to an EC2 instance

4: Enable Server Side Encryption with S3 managed keys on an S3 bucket using AES-256

5: Upload the data using CloudFront with an EC2 origin

40
Q

A Solutions Architect is considering the best approach to enabling Internet access for EC2 instances in a private subnet. What advantages do NAT Gateways have over NAT Instances? (Select TWO)

1: Can be assigned to security groups
2: Can be used as a bastion host
3: Managed for you by AWS
4: Highly available within each AZ 5: Can be scaled up manually

A

1: Can be assigned to security groups
2: Can be used as a bastion host

3: Managed for you by AWS

4: Highly available within each AZ 5: Can be scaled up manually

41
Q

A Solutions Architect must design a solution for providing single sign-on to existing staff in a company. The staff manage on-premise web applications and also need access to the AWS management console to manage resources in the AWS cloud. Which combination of services are BEST suited to delivering these requirements?

1: Use IAM and Amazon Cognito
2: Use your on-premise LDAP directory with IAM
3: Use the AWS Secure Token Service (STS) and SAML
4: Use IAM and MFA

A

1: Use IAM and Amazon Cognito
2: Use your on-premise LDAP directory with IAM

3: Use the AWS Secure Token Service (STS) and SAML

4: Use IAM and MFA

42
Q

A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 Instances running behind an Elastic Load Balancer. The security team requires that all web servers must be accessible only through the Elastic Load Balancer and that none of the web servers are directly accessible from the Internet. How should the Architect meet these requirements?

1: Create an Amazon CloudFront distribution in front of the Elastic Load Balancer
2: Configure the web servers’ security group to deny traffic from the Internet
3: Configure the web tier security group to allow only traffic from the Elastic Load Balancer
4: Install a Load Balancer on an Amazon EC2 instance

A

1: Create an Amazon CloudFront distribution in front of the Elastic Load Balancer
2: Configure the web servers’ security group to deny traffic from the Internet

3: Configure the web tier security group to allow only traffic from the Elastic Load Balancer

4: Install a Load Balancer on an Amazon EC2 instance

43
Q

A Solutions Architect is creating a URL that lets users who sign in to the organization’s network securely access the AWS Management Console. The URL will include a sign-in token that authenticates the user to AWS. Microsoft Active Directory Federation Services is being used as the identity provider (IdP). Which of the steps below will the Solutions Architect need to include when developing the custom identity broker? (Select TWO)

1: Call the AWS federation endpoint and supply the temporary security credentials to request a sign-in token
2: Call the AWS Security Token Service (AWS STS) AssumeRole or GetFederationToken API operations to obtain temporary security credentials for the user
3: Assume an IAM Role through the console or programmatically with the AWS CLI, Tools for Windows PowerShell or API
4: Generate a pre-signed URL programmatically using the AWS SDK for Java or the AWS SDK for .NET
5: Delegate access to the IdP through the “Configure Provider” wizard in the IAM console

A

1: Call the AWS federation endpoint and supply the temporary security credentials to request a sign-in token

2: Call the AWS Security Token Service (AWS STS) AssumeRole or GetFederationToken API operations to obtain temporary security credentials for the user

3: Assume an IAM Role through the console or programmatically with the AWS CLI, Tools for Windows PowerShell or API
4: Generate a pre-signed URL programmatically using the AWS SDK for Java or the AWS SDK for .NET
5: Delegate access to the IdP through the “Configure Provider” wizard in the IAM console

44
Q

Some Amazon ECS containers are running on a cluster using the EC2 launch type. The current configuration uses the container instance’s IAM roles for assigning permissions to the containerized applications. A Solutions Architect needs to implement more granular permissions so that some applications can be assigned more restrictive permissions. How can this be achieved?

1: This cannot be changed as IAM roles can only be linked to container instances
2: This can be achieved using IAM roles for tasks, and splitting the containers according to the permissions required to different task definition profiles
3: This can be achieved by configuring a resource-based policy for each application
4: This can only be achieved using the Fargate launch type

A

1: This cannot be changed as IAM roles can only be linked to container instances

2: This can be achieved using IAM roles for tasks, and splitting the containers according to the permissions required to different task definition profiles

3: This can be achieved by configuring a resource-based policy for each application
4: This can only be achieved using the Fargate launch type

45
Q

An application uses a combination of Reserved and On-Demand instances to handle typical load. The application involves performing analytics on a set of data. A Solutions Architect needs to temporarily deploy a large number of EC2 instances. The instances must be available for a short period of time until the analytics job is completed. If job completion is not time-critical, what is likely to be the MOST cost-effective choice of EC2 instance type to use for this requirement?

1: Use Spot instances
2: Use dedicated hosts
3: Use On-Demand instances
4: Use Reserved instances

A

1: Use Spot instances

2: Use dedicated hosts
3: Use On-Demand instances
4: Use Reserved instances

46
Q

There is a problem with an EC2 instance that was launched by Amazon EC2 Auto Scaling. The EC2 status checks have reported that the instance is “Impaired”. What action will EC2 Auto Scaling take?

1: Auto Scaling will perform Availability Zone rebalancing
2: It will wait a few minutes for the instance to recover and if it does not it will mark the instance for termination, terminate it, and then launch a replacement
3: Auto Scaling performs its own status checks and does not integrate with EC2 status checks
4: It will launch a new instance immediately and then mark the impaired one for replacement

A

1: Auto Scaling will perform Availability Zone rebalancing

2: It will wait a few minutes for the instance to recover and if it does not it will mark the instance for termination, terminate it, and then launch a replacement

3: Auto Scaling performs its own status checks and does not integrate with EC2 status checks
4: It will launch a new instance immediately and then mark the impaired one for replacement

47
Q

A pharmaceutical company uses a strict process for release automation that involves building and testing services in 3 separate VPCs. A peering topology is configured with VPC-A peered with VPC-B and VPC-B peered with VPC-C. The development team wants to modify the process so that they can release code directly from VPC-A to VPC-C. How can this be accomplished?

1: Update VPC-Bs route table with peering targets for VPC-A and VPC-C and enable route propagation
2: Create a new VPC peering connection between VPC-A and VPC-C
3: Update the CIDR blocks to match to enable inter-VPC routing
4: Update VPC-As route table with an entry using the VPC peering as a target

A

1: Update VPC-Bs route table with peering targets for VPC-A and VPC-C and enable route propagation

2: Create a new VPC peering connection between VPC-A and VPC-C

3: Update the CIDR blocks to match to enable inter-VPC routing
4: Update VPC-As route table with an entry using the VPC peering as a target

48
Q

A Solutions Architect needs to work programmatically with IAM. Which feature of IAM allows direct access to the IAM web service using HTTPS to call service actions and what is the method of authentication that must be used? (Select TWO)

1: OpenID Connect
2: Query API
3: API Gateway
4: Access key ID and secret access key
5: IAM role

A

1: OpenID Connect

2: Query API

3: API Gateway

4: Access key ID and secret access key

5: IAM role

49
Q

The Systems Administrators in a company currently use Chef for configuration management of on-premise servers. Which AWS service can a Solutions Architect use that will provide a fully-managed configuration management service that will enable the use of existing Chef cookbooks?

1: Elastic Beanstalk
2: CloudFormation
3: OpsWorks for Chef Automate
4: Opsworks Stacks

A

1: Elastic Beanstalk
2: CloudFormation

3: OpsWorks for Chef Automate

4: Opsworks Stacks

50
Q

An Amazon RDS Multi-AZ deployment is running in an Amazon VPC. An outage occurs in the availability zone of the primary RDS database instance. What actions will take place in this circumstance? (Select TWO)

1: The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance
2: A failover will take place once the connection draining timer has expired
3: A manual failover of the DB instance will need to be initiated using Reboot with failover
4: The primary DB instance will switch over automatically to the standby replica
5: Due to the loss of network connectivity the process to switch to the standby replica cannot take place

A

1: The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance

2: A failover will take place once the connection draining timer has expired
3: A manual failover of the DB instance will need to be initiated using Reboot with failover

4: The primary DB instance will switch over automatically to the standby replica

5: Due to the loss of network connectivity the process to switch to the standby replica cannot take place

51
Q

A Solutions Architect is designing a web-facing application. The application will run on Amazon EC2 instances behind Elastic Load Balancers in multiple regions in an active/passive configuration. The website address the application runs on is example.com. AWS Route 53 will be used to perform DNS resolution for the application. How should the Solutions Architect configure AWS Route 53 in this scenario based on AWS best practices? (Select TWO)

1: Use a Failover Routing Policy
2: Set Evaluate Target Health to “No” for the primary
3: Use a Weighted Routing Policy
4: Connect the ELBs using Alias records
5: Connect the ELBs using CNAME records

A

1: Use a Failover Routing Policy

2: Set Evaluate Target Health to “No” for the primary
3: Use a Weighted Routing Policy

4: Connect the ELBs using Alias records

5: Connect the ELBs using CNAME records

52
Q

A Solutions Architect is designing a new retail website for a high-profile company. The company has previously been the victim of targeted distributed denial-of-service (DDoS) attacks and has requested that the design includes mitigation techniques. Which of the following are the BEST techniques to help ensure the availability of the services is not compromised in an attack? (Select TWO)

1: Configure Auto Scaling with a high maximum number of instances to ensure it can scale accordingly
2: Use CloudFront for distributing both static and dynamic content
3: Use Spot instances to reduce the cost impact in case of attack
4: Use encryption on your EBS volumes
5: Use Placement Groups to ensure high bandwidth and low latency

A

1: Configure Auto Scaling with a high maximum number of instances to ensure it can scale accordingly

2: Use CloudFront for distributing both static and dynamic content

3: Use Spot instances to reduce the cost impact in case of attack
4: Use encryption on your EBS volumes
5: Use Placement Groups to ensure high bandwidth and low latency

53
Q

An application running on Amazon EC2 requires an EBS volume for saving structured data. The application vendor suggests that the performance of the disk should be up to 3 IOPS per GB. The capacity is expected to grow to 2 TB. Taking into account cost effectiveness, which EBS volume type should be used?

1: Throughput Optimized HDD (ST1)
2: General Purpose (GP2)
3: Provisioned IOPS (Io1)
4: Cold HDD (SC1)

A

1: Throughput Optimized HDD (ST1)

2: General Purpose (GP2)

3: Provisioned IOPS (Io1)
4: Cold HDD (SC1)

54
Q

An application in an Amazon VPC uses an Auto Scaling Group that spans 3 AZs and there are currently 4 Amazon EC2 instances running in the group. What actions will Auto Scaling take, by default, if it needs to terminate an EC2 instance?

1: Randomly select one of the 3 AZs, and then terminate an instance in that AZ
2: Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected
3: Send an SNS notification, if configured to do so
4: Wait for the cooldown period and then terminate the instance that has been running the longest
5: Terminate an instance in the AZ which currently has 2 running EC2 instances

A

1: Randomly select one of the 3 AZs, and then terminate an instance in that AZ
2: Terminate the instance with the least active network connections. If multiple instances meet this criterion, one will be randomly selected

3: Send an SNS notification, if configured to do so

4: Wait for the cooldown period and then terminate the instance that has been running the longest

5: Terminate an instance in the AZ which currently has 2 running EC2 instances

55
Q

Several environments are being created in a single Amazon VPC. The Solutions Architect needs to implement a system of categorization that allows for identification of Amazon EC2 resources by business unit, owner, or environment. Which AWS feature can be used?

1: Parameters
2: Metadata
3: Custom filters
4: Tags

A

1: Parameters
2: Metadata
3: Custom filters

4: Tags

56
Q

An organization has a data lake on Amazon S3 and needs to find a solution for performing in-place queries of the data assets in the data lake. The requirement is to perform both data discovery and SQL querying, and complex queries from a large number of concurrent users using BI tools. What is the BEST combination of AWS services to use in this situation? (Select TWO)

1: RedShift Spectrum for the complex queries
2: Amazon Athena for the ad hoc SQL querying
3: AWS Glue for the ad hoc SQL querying
4: AWS Lambda for the complex queries
5: Amazon Kinesis for the complex queries

A

1: RedShift Spectrum for the complex queries

2: Amazon Athena for the ad hoc SQL querying

3: AWS Glue for the ad hoc SQL querying
4: AWS Lambda for the complex queries
5: Amazon Kinesis for the complex queries

57
Q

When using throttling controls with API Gateway what happens when request submissions exceed the steady-state request rate and burst limits?

1: API Gateway fails the limit-exceeding requests and returns “429 Too Many Requests” error responses to the client
2: The requests will be buffered in a cache until the load reduces
3: API Gateway drops the requests and does not return a response to the client
4: API Gateway fails the limit-exceeding requests and returns “500 Internal Server Error” error responses to the client

A

1: API Gateway fails the limit-exceeding requests and returns “429 Too Many Requests” error responses to the client

2: The requests will be buffered in a cache until the load reduces
3: API Gateway drops the requests and does not return a response to the client
4: API Gateway fails the limit-exceeding requests and returns “500 Internal Server Error” error responses to the client

58
Q

A Solutions Architect created a new VPC and setup an Auto Scaling Group to maintain a desired count of 2 Amazon EC2 instances. The security team has requested that the EC2 instances be located in a private subnet. To distribute load, an Internet-facing Application Load Balancer (ALB) is also required. With the security team’s requirements in mind, what else needs to be done to get this configuration to work? (Select TWO)

1: Attach an Internet Gateway to the private subnets
2: Associate the public subnets with the ALB
3: Add an Elastic IP address to each EC2 instance in the private subnet
4: Add a NAT gateway to the private subnet
5: For each private subnet create a corresponding public subnet in the same AZ

A

1: Attach an Internet Gateway to the private subnets

2: Associate the public subnets with the ALB

3: Add an Elastic IP address to each EC2 instance in the private subnet
4: Add a NAT gateway to the private subnet

5: For each private subnet create a corresponding public subnet in the same AZ

59
Q

An application running AWS uses an Elastic Load Balancer (ELB) to distribute connections between EC2 instances. A Solutions Architect needs to record information on the requester, IP, and request type for connections made to the ELB. Additionally, the Architect will also need to perform some analysis on the log files. Which AWS services and configuration options can be used to collect and then analyze the logs? (Select TWO)

1: Use EMR for analyzing the log files
2: Update the application to use DynamoDB for storing log files
3: Use Elastic Transcoder to analyze the log files
4: Enable Access Logs on the ELB and store the log files on S3
5: Enable Access Logs on the EC2 instances and store the log files on S3

A

1: Use EMR for analyzing the log files

2: Update the application to use DynamoDB for storing log files
3: Use Elastic Transcoder to analyze the log files

4: Enable Access Logs on the ELB and store the log files on S3

5: Enable Access Logs on the EC2 instances and store the log files on S3

60
Q

A Solutions Architect would like to store a backup of an Amazon EBS volume on Amazon S3. What is the easiest way of achieving this?

1: Use SWF to automatically create a backup of your EBS volumes and then upload them to an S3 bucket
2: You don’t need to do anything, EBS volumes are automatically backed up by default
3: Write a custom script to automatically copy your data to an S3 bucket
4: Create a snapshot of the volume

A

1: Use SWF to automatically create a backup of your EBS volumes and then upload them to an S3 bucket
2: You don’t need to do anything, EBS volumes are automatically backed up by default
3: Write a custom script to automatically copy your data to an S3 bucket

4: Create a snapshot of the volume

61
Q

An application will gather data from a website hosted on an EC2 instance and write the data to an S3 bucket. The application will use API calls to interact with the EC2 instance and S3 bucket. Which Amazon S3 access control method will be the MOST operationally efficient? (Select TWO)

1: Create a bucket policy
2: Grant programmatic access
3: Use key pairs
4: Grant AWS Management Console access
5: Create an IAM policy

A

1: Create a bucket policy

2: Grant programmatic access

3: Use key pairs
4: Grant AWS Management Console access

5: Create an IAM policy

62
Q

An Amazon CloudWatch alarm recently notified a Solutions Architect that the load on an Amazon DynamoDB table is getting close to the provisioned capacity for writes. The DynamoDB table is part of a two-tier customer-facing application and is configured using provisioned capacity. What will happen if the limit for the provisioned capacity for writes is reached?

1: The requests will be throttled, and fail with an HTTP 503 code (Service Unavailable)
2: DynamoDB scales automatically so there’s no need to worry
3: The requests will be throttled, and fail with an HTTP 400 code (Bad Request) and a ProvisionedThroughputExceededException
4: The requests will succeed, and an HTTP 200 status code will be returned

A

1: The requests will be throttled, and fail with an HTTP 503 code (Service Unavailable)
2: DynamoDB scales automatically so there’s no need to worry

3: The requests will be throttled, and fail with an HTTP 400 code (Bad Request) and a ProvisionedThroughputExceededException

4: The requests will succeed, and an HTTP 200 status code will be returned

63
Q

A Solutions Architect is creating the business process workflows associated with an order fulfilment system. What AWS service can assist with coordinating tasks across distributed application components?

1: AWS STS
2: Amazon SQS
3: Amazon SWF
4: Amazon SNS

A

1: AWS STS
2: Amazon SQS

3: Amazon SWF

4: Amazon SNS

64
Q

An EC2 instance in an Auto Scaling group is having some issues that are causing it to launch new instances based on the dynamic scaling policy. A Solutions Architect needs to troubleshoot the EC2 instance and prevent the Auto Scaling group from launching new instances temporarily. What is the best method to accomplish this? (Select TWO)

1: Remove the EC2 instance from the Target Group
2: Disable the launch configuration associated with the EC2 instance
3: Place the EC2 instance that is experiencing issues into the Standby state
4: Suspend the scaling processes responsible for launching new instances
5: Disable the dynamic scaling policy

A

1: Remove the EC2 instance from the Target Group
2: Disable the launch configuration associated with the EC2 instance

3: Place the EC2 instance that is experiencing issues into the Standby state

4: Suspend the scaling processes responsible for launching new instances

5: Disable the dynamic scaling policy

65
Q

An Amazon VPC has been deployed with private and public subnets. A MySQL database server running on an Amazon EC2 instance will soon be launched. According to AWS best practice, which subnet should the database server be launched into?

1: It doesn’t matter
2: The private subnet
3: The public subnet
4: The subnet that is mapped to the primary AZ in the region

A

1: It doesn’t matter

2: The private subnet

3: The public subnet
4: The subnet that is mapped to the primary AZ in the region

AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions