03 December, 2023

How Many Questions Of AWS-Certified-Solutions-Architect-Professional Actual Test

Exam Code: AWS-Certified-Solutions-Architect-Professional (Practice Exam Latest Test Questions VCE PDF)
Exam Name: Amazon AWS Certified Solutions Architect Professional
Certification Provider: Amazon
Free Today! Guaranteed Training- Pass AWS-Certified-Solutions-Architect-Professional Exam.

Free demo questions for Amazon AWS-Certified-Solutions-Architect-Professional Exam Dumps Below:

Page: 1 / 33

Total 398 questions Full Exam Access

Question 1

An organization is planning to extend their data center by connecting their DC with the AWS VPC using the VPN gateway. The organization is setting up a dynamically routed VPN connection. Which of the below mentioned answers is not required to setup this configuration?

The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha.

Elastic IP ranges that the organization wants to advertise over the VPN connection to the VPC.

Internet-routable IP address (static) of the customer gateway's external interface.

Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gatewa

My answer: -

Reference answer: B

Reference analysis:

The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. The organization wants to extend their network into the cloud and also directly access the internet from their AWS VPC. Thus, the organization should setup a Virtual Private Cloud (VPC) with a public subnet and a private subnet, and a virtual private gateway to enable communication with their data center network over an IPsec VPN tunnel. To setup this configuration the organization needs to use the Amazon VPC with a VPN connection. The organization network administrator must designate a physical appliance as a customer gateway and configure it. The organization would need the below mentioned information to setup this configuration:
The type of customer gateway, such as Cisco ASA, Juniper J-Series, Juniper SSG, Yamaha Internet-routable IP address (static) of the customer gateway's external interface
Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the customer gateway, if the organization is creating a dynamically routed VPN connection.
Internal network IP ranges that the user wants to advertise over the VPN connection to the VPC. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.htmI

Question 2

Which of the following statements is correct about AWS Direct Connect?

Connections to AWS Direct Connect require double clad fiber for 1 gigabit Ethernet with Auto Negotiation enabled for the port.

An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with.

AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 50 gigabit Ethernet cable.

To use AWS Direct Connect, your network must be colocated with a new AWS Direct Connect locatio

Question 3

An ERP application is deployed across multiple AZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours ago.
What DR strategy could be used to achieve this RTO and RPO in the event of this kind of failure?

Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.

Use synchronous database master-slave replication between two availability zones.

Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In S3 every 5 minutes.

Take 15 minute DB backups stored In Glacier with transaction logs stored in S3 every 5 minute

Question 4

IAM Secure And Scalable is an organization which provides scalable and secure SAAS to its clients. They are planning to host a web server and App server on AWS VPC as separate tiers. The organization wants to implement the scalability by configuring Auto Scaling and load balancer with their app servers (middle tier) too. Which of the below mentioned options suits their requirements?

Since ELB is internet facing, it is recommended to setup HAProxy as the Load balancer within the VPC.

Create an Internet facing ELB with VPC and configure all the App servers with it.

The user should make ELB with EC2-CLASSIC and enable SSH with it for security.

Create an Internal Load balancer with VPC and register all the App sewers with i

Question 5

In the context of IAM roles for Amazon EC2, which of the following NOT true about delegating permission to make API requests?

You cannot create an IAM role.

You can have the application retrieve a set of temporary credentials and use them.

You can specify the role when you launch your instances.

You can define which accounts or AWS services can assume the rol

Question 6

In which step of using AWS Direct Connect should the user determine the required port speed?

Complete the Cross Connect

Verify Your Virtual Interface

Download Router Configuration

Submit AWS Direct Connect Connection Request

Question 7

A customer is deploying an SSL enabled web application to AWS and would like to implement a separation of roles between the EC2 service administrators that are entitled to login to instances as well as making API calls and the security officers who will maintain and have exclusive access to the appIication’s X.509 certificate that contains the private key.

Upload the certificate on an S3 bucket owned by the security officers and accessible only by EC2 Role of the web servers.

Configure the web servers to retrieve the certificate upon boot from an CIoudHSM is managed by the security officers.

Configure system permissions on the web servers to restrict access to the certificate only to the authority security officers

Configure IAM policies authorizing access to the certificate store only to the security officers and terminate SSL on an ELB.

Question 8

An AWS customer runs a public blogging website. The site users upload two million blog entries a month. The average blog entry size is 200 KB. The access rate to blog entries drops to negligible 6 months after publication and users rarely access a blog entry 1 year after publication. Additionally, blog entries have a high update rate during the first 3 months following publication, this drops to no updates after 6 months. The customer wants to use CIoudFront to improve his user's load times. Which of the following recommendations would you make to the customer?

Duplicate entries into two different buckets and create two separate CIoudFront distributions where S3 access is restricted only to Cloud Front identity

Create a CIoudFront distribution with "US Europe" price class for US/Europe users and a different CIoudFront distribution with "AII Edge Locations" for the remaining users.

Create a CIoudFront distribution with S3 access restricted only to the CIoudFront identity and partition the blog entry's location in S3 according to the month it was uploaded to be used with CIoudFront behaviors.

Create a CIoudFront distribution with Restrict Viewer Access Forward Query string set to true and minimum TTL of 0.

Question 9

One of your AWS Data Pipeline actMties has failed consequently and has entered a hard failure state after retrying thrice. You want to try it again. Is it possible to increase the number of automatic retries to more than thrice?

Yes, you can increase the number of automatic retries to 6.

Yes, you can increase the number of automatic retries to indefinite number.

No, you cannot increase the number of automatic retries.

Yes, you can increase the number of automatic retries to 10.

Question 10

A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum.
What AWS architecture would you recommend?

ASK their customers to use an S3 client instead of an FTP clien

Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the 'username' Policy variable.

Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.

Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshol

Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.

Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.

Question 11

Regarding Identity and Access Management (IAM), Which type of special account belonging to your application allows your code to access Google services programmatically?

Service account

Simple Key

OAuth

Code account

Question 12

In the context of Amazon E|astiCache CLI, which of the following commands can you use to view all EIastiCache instance events for the past 24 hours?

elasticache-events --duration 24

elasticache-events --duration 1440

elasticache-describe-events --duration 24

elasticache describe-events --source-type cache-cluster --duration 1440

Question 13

When using Numeric Conditions within IAM, short versions of the available comparators can be used instead of the more verbose versions. Which of the following is the short version of the Numeric Condition "NumericLessThanEquaIs"?

numlteq

numlteql

numltequals

numeql

Question 14

You are designing a data leak prevention solution for your VPC environment. You want your VPC Instances to be able to access software depots and distributions on the Internet for product updates. The depots and distributions are accessible via third party CDNs by their URLs. You want to explicitly deny any other outbound connections from your VPC instances to hosts on the internet.
Which of the following options would you consider?

Configure a web proxy server in your VPC and enforce URL-based rules for outbound access Remove default routes.

Implement security groups and configure outbound rules to only permit traffic to software depots.

Move all your instances into private VPC subnets remove default routes from all routing tables and add specific routes to the software depots and distributions only.

Implement network access control lists to all specific destinations, with an Implicit deny as a rul

Question 15

You have subscribed to the AWS Business and Enterprise support plan. Your business has a backlog of problems, and you need about 20 of your IAM users to open technical support cases. How many users can open technical support cases under the AWS Business and Enterprise support plan?

5 users

10 users

Unlimited

1 user

Question 16

A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?

EBS bandwidth of dedicated instance exceeding the PIOPS

EC2 bandwidth

EBS volume size

Instance type is not EBS optimized

Question 17

A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS CIoudHSM is the best service for this. However, there seem to be a few pre-requisites before this can happen, one of those being a security group that has certain ports open. Which of the following is correct in regards to those security groups?

A security group that has no ports open to your network.

A security group that has only port 3389 (for RDP) open to your network.

A security group that has only port 22 (for SSH) open to your network.

A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your networ

Question 18

You need a persistent and durable storage to trace call actMty of an IVR (Interactive Voice Response) system. Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or terminated. An external application needs to know each minute the list of currently active calls. Usually there are a few calls/second, but once per month there is a periodic peak up to 1000 calls/second for a few hours. The system is open 24/7 and any downtime should be avoided. Historical data is periodically archived to files. Cost saving is a priority for this project.
What database implementation would better fit this scenario, keeping costs as low as possible?

Use DynamoDB with a "CaIIs" table and a Global Secondary Index on a "State" attribute that can equal to "active" or "terminated". In this way the Global Secondary Index can be used for all items in the table.

Use RDS Multi-AZ with a "CALLS" table and an indexed "STATE" field that can be equal to "ACT|VE"or 'TERMINATED". In this way the SQL query is optimized by the use of the Index.

Use RDS Nlulti-AZ with two tables, one for "ACT|VE_CALLS" and one for "TERMINATED_CALLS". In this way the "ACTIVE_CALLS" table is always small and effective to access.

Use DynamoDB with a "CaIIs" table and a Global Secondary Index on a "Is Active" attribute that is present for active calls onl

In this way the Global Secondary Index is sparse and more effective.

Question 19

Your startup wants to implement an order fulfillment process for selling a personalized gadget that needs an average of 3-4 days to produce with some orders taking up to 6 months you expect 10 orders per day on your first day. 1000 orders per day after 6 months and 10,000 orders after 12 months.
Orders coming in are checked for consistency men dispatched to your manufacturing plant for production quality control packaging shipment and payment processing If the product does not meet the quality standards at any stage of the process employees may force the process to repeat a step Customers are notified via email about order status and any critical issues with their orders such as payment failure.
Your case architecture includes AWS Elastic Beanstalk for your website with an RDS MySQL instance for customer data and orders.
How can you implement the order fulfillment process while making sure that the emails are delivered reliably?

Add a business process management application to your Elastic Beanstalk app sewers and re-use the ROS database for tracking order status use one of the Elastic Beanstalk instances to send emails to customers.

Use SWF with an Auto Scaling group of actMty workers and a decider instance in another Auto Scaling group with min/max=1 Use the decider instance to send emails to customers.

Use SWF with an Auto Scaling group of actMty workers and a decider instance in another Auto Scaling group with min/max=1 use SES to send emails to customers.

Use an SQS queue to manage all process tasks Use an Auto Scaling group of EC2 Instances that poll the tasks and execute the

Use SES to send emails to customers.

Question 20

If no explicit deny is found while applying IAM's Policy Evaluation Logic, the enforcement code looks for any instructions that would apply to the request.

"cancel"

"suspend"

"a||ow"

"vaIid"

Question 21

An organization is setting up an application on AWS to have both High Availabilty (HA) and Disaster Recovery (DR). The organization wants to have both Recovery point objective (RPO) and Recovery time objective (RTO) of 10 minutes. Which of the below mentioned service configurations does not help the organization achieve the said RPO and RTO?

Take a snapshot of the data every 10 minutes and copy it to the other region.

Use an elastic IP to assign to a running instance and use Route 53 to map the user’s domain with that IP.

Create ELB with multi- region routing to allow automated failover when required.

Use an AMI copy to keep the AMI available in other region

Question 22

How much memory does the cr1.8xIarge instance type provide?

224 GB

124 GB

184 GB

244 GB

Question 23

You are designing a personal document-archMng solution for your global enterprise with thousands of employee. Each employee has potentially gigabytes of data to be backed up in this archMng solution. The solution will be exposed to the employees as an application, where they can just drag and drop their files to the archMng system. Employees can retrieve their archives through a web interface. The corporate network has high bandwidth AWS Direct Connect connectMty to AWS.
You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

Manage encryption keys on-premises in an encrypted relational databas

Set up an on-premises server with sufficient storage to temporarily store files, and then upload them to Amazon S3, providing a client-side master key.

Mange encryption keys in a Hardware Security ModuIe (HSM) appliance on-premises serve r with sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.

Nlanage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple Storage Service (S3) with client-side encryption using a KMS customer master key ID, and configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage tier.

Manage encryption keys in an AWS C|oudHSNI applianc

Encrypt files prior to uploading on the employee desktop, and then upload directly into Amazon Glacier.

Question 24

You are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon S3, across the AWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider.
What is the correct way to configure AWS Direct connect for access to services such as Amazon S3?

Configure a public Interface on your AWS Direct Connect link Configure a static route via your AWS Direct Connect link that points to Amazon S3 Advertise a default route to AWS using BGP.

Create a private interface on your AWS Direct Connect lin

Configure a static route via your AWS Direct connect link that points to Amazon S3 Configure specific routes to your network in your VPC.

Create a public interface on your AWS Direct Connect link Redistribute BGP routes into your existing routing infrastructure; advertise specific routes for your network to AWS.

Create a private interface on your AWS Direct connect lin

Redistribute BGP routes into your existing routing infrastructure and advertise a default route to AWS.

Question 25

An organization is hosting a scalable web application using AWS. The organization has configured internet facing ELB and Auto Scaling to make the application scalable. Which of the below mentioned
statements is required to be followed when the application is planning to host a web application on VPC?

The ELB can be in a public or a private subnet but should have the ENI which is attached to an elastic IP.

The ELB must not be in any subnet; instead it should face the internet directly.

The ELB must be in a public subnet of the VPC to face the internet traffic.

The ELB can be in a public or a private subnet but must have routing tables attached to divert the internet traffic to it.

Page: 1 / 33

Total 398 questions Full Exam Access