27 November, 2023

Most Up-to-date Amazon AWS Certified Solutions Architect Professional AWS-Certified-Solutions-Architect-Professional Simulations

Real of AWS-Certified-Solutions-Architect-Professional test questions materials and free exam for Amazon certification for IT specialist, Real Success Guaranteed with Updated AWS-Certified-Solutions-Architect-Professional pdf dumps vce Materials. 100% PASS Amazon AWS Certified Solutions Architect Professional exam Today!

Online AWS-Certified-Solutions-Architect-Professional free questions and answers of New Version:

Page: 1 / 33

Total 398 questions Full Exam Access

Question 1

In Amazon Cognito what is a silent push notification?

It is a push message that is received by your application on a user's device that will not be seen by theusen

It is a push message that is received by your application on a user's device that will return the user's geolocation.

It is a push message that is received by your application on a user's device that will not be heard by the usen

It is a push message that is received by your application on a user's device that will return the user's authentication credentials.

Question 2

A user is thinking to use EBS PIOPS volume. Which of the below mentioned options is a right use case for the PIOPS EBS volume?

Analytics

System boot volume

Nlongo DB

Log processing

Question 3

An organization is setting up their website on AWS. The organization is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechanisms will not help the organization to avoid future data leaks and identify security weaknesses?

Run penetration testing on AWS with prior approval from Amazon.

Perform SQL injection for application testing.

Perform a Code Check for any memory leaks.

Perform a hardening test on the AWS instanc

Question 4

You currently operate a web application In the AWS US-East region The application runs on an
auto-scaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

Create a new C|oudTrai| trail with one new S3 bucket to store the logs and with the global services option selected Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.

Create a new CIoudTraiI with one new S3 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.

Create a new CIoudTraiI trail with an existing S3 bucket to store the logs and with the global services option selected Use S3 ACLs and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.

Create three new CIoudTraiI trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.

Question 5

A bucket owner has allowed another account’s IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account B. What will happen in this scenario?

It is not possible to give permission to multiple IAM users

AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object

The bucket policy may not be created as S3 will give error due to conflict of Access Rights

It is not possible that the IAM user of one account accesses objects of the other IAM user

Question 6

An organization is having a VPC for the HR department, and another VPC for the Admin department. The HR department requires access to all the instances running in the Admin VPC while the Admin department requires access to all the resources in the HR department. How can the organization setup
this scenario?

Setup VPC peering between the VPCs of Admin and HR.

Setup ACL with both VPCs which will allow traffic from the CIDR of the other VPC.

Setup the security group with each VPC which allows traffic from the CIDR of another VPC.

It is not possible to connect resources of one VPC from another VPC.

Question 7

A large real-estate brokerage is exploring the option o( adding a cost-effective location based alert to their existing mobile application The application backend infrastructure currently runs on AWS Users who opt in to this service will receive alerts on their mobile device regarding real-estate otters in proximity to their location. For the alerts to be relevant delivery time needs to be in the low minute count the existing mobile app has 5 million users across the US. Which one of the following architectural suggestions would you make to the customer?

The mobile application will submit its location to a web service endpoint utilizing Elastic Load Balancing and EC2 instances: DynamoDB will be used to store and retrieve relevant offers EC2 instances will communicate with mobile earners/device providers to push alerts back to mobile application.

Use AWS DirectConnect or VPN to establish connectMty with mobile carriers EC2 instances will receive the mobile applications ' location through carrier connection: RDS will be used to store and relevant offers EC2 instances will communicate with mobile carriers to push alerts back to the mobile application

The mobile application will send device location using SQ

EC2 instances will retrieve the relevant others from DynamoDB AWS MobiIe Push will be used to send offers to the mobile application

The mobile application will send device location using AWS Nlobile Push EC2 instances will retrieve the relevant offers from DynamoDB EC2 instances will communicate with mobile carriers/device providers to push alerts back to the mobile application.

Question 8

Your company hosts a social media website for storing and sharing documents. The web application allows user to upload large files while resuming and pausing the upload as needed. Currently, files are uploaded to your PHP front end backed by Elastic load Balancing and an autoscaling fileet of Amazon Elastic Compute Cloud (EC2) instances that scale upon average of bytes received (Networkln). After a file has been uploaded, it is copied to Amazon Simple Storage Service (S3). Amazon EC2 instances use an AWS Identity and Access Management (IAM) role that allows Amazon S3 uploads. Over the last six months, your user base and scale have increased significantly, forcing you to increase the Auto Scaling group’s Max parameter a few times. Your CFO is concerned about rising costs and has asked you to adjust the architecture where needed to better optimize costs.
Which architecture change could you introduce to reduce costs and still keep your web application secure and scalable?

Replace the Auto Scaling launch configuration to include c3.8xIarge instances; those instances can potentially yield a network throuthput of 10gbps.

Re-architect your ingest pattern, have the app authenticate against your identity provider, and use your identity provider as a broker fetching temporary AWS credentials from AWS Secure Token Service (GetFederationToken). Securely pass the credentials and S3 endpoint/prefix to your ap

Implement client-side logic to directly upload the file to Amazon S3 using the given credentials and S3 prefix.

Re-architect your ingest pattern, and move your web application instances into a VPC public subne

Attach a public IP address for each EC2 instance (using the Auto Scaling launch configuration settings). Use Amazon Route 53 Round Robin records set and HTTP health check to DNS load balance the apprequests; this approach will significantly reduce the cost by bypassing Elastic Load Balancing.

Implement client-side logic that used the S3 multipart upload API to directly upload the file to Amazon S3 using the given credentials and S3 prefix.

Question 9

In Amazon RDS for PostgreSQL, you can provision up to 3TB storage and 30,000 IOPS per database instance. For a workload with 50% writes and 50% reads running on a cr1.8xIarge instance, you can realize over 25,000 IOPS for PostgreSQL. However, by provisioning more than this limit, you may be able to achieve:

higher latency and lower throughput.

lower latency and higher throughput.

higher throughput only.

higher latency onl

Question 10

The CFO of a company wants to allow one of his employees to view only the AWS usage report page. Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

"Effect": "AIIow", "Action": ["Describe"], "Resource": "BiIIing"

"Effect": "AIIow", "Action": ["aws-portal: ViewBi||ing"], "Resource": "*"

"Effect": "AIIow", "Action": ["aws-portaI:ViewUsage"], "Resource": "*"

"Effect": "AIIow", "Action": ["AccountUsage], "Resource": "*"

Question 11

Attempts, one of the three types of items associated with the schedule pipeline in the AWS Data Pipeline, provides robust data management.
Which of the following statements is NOT true about Attempts?

Attempts provide robust data management.

AWS Data Pipeline retries a failed operation until the count of retries reaches the maximum number of allowed retry attempts.

An AWS Data Pipeline Attempt object compiles the pipeline components to create a set of actionable instances.

AWS Data Pipeline Attempt objects track the various attempts, results, and failure reasons if applicable.

Question 12

A user is creating a PIOPS volume. What is the maximum ratio the user should configure between PIOPS and the volume size?

Question 13

You are designing an SSUTLS solution that requires HTTPS clients to be authenticated by the Webserver using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the web server infrastructure? (Choose 2 answers)

Configure ELB with TCP listeners on TCP/443. And place the Web servers behind it.

Configure your Web servers with EIP

Place the Web servers in a Route53 Record Set and configure health checks against all Web servers.

Configure ELB with HTTPS listeners, and place the Web sewers behind it.

Configure your web sewers as the origins for a CIoudFront distributio

Use custom SSL certificates on your C|oudFront distribution.

Question 14

You have launched an EC2 instance with four (4) 500 GB EBS Provisioned IOPS volumes attached. The EC2 instance is EBS-Optimized and supports 500 Mbps throughput between EC2 and EBS. The four EBS volumes are configured as a single RAID 0 device, and each Provisioned IOPS volume is provisioned with 4,000 IOPS (4,000 16KB reads or writes), for a total of 16,000 random IOPS on the instance. The EC2 instance initially delivers the expected 16,000 IOPS random read and write performance. Sometime later, in order to increase the total random I/O performance of the instance, you
add an additional two 500 GB EBS Provisioned IOPS volumes to the RAID. Each volume is provisioned to 4,000 |OPs like the original four, for a total of 24,000 IOPS on the EC2 instance. Monitoring shows that the EC2 instance CPU utilization increased from 50% to 70%, but the total random IOPS measured at the instance level does not increase at all.
What is the problem and a valid solution?

The EBS-Optimized throughput limits the total IOPS that can be utilized; use an EBSOptimized instance that provides larger throughput.

Small block sizes cause performance degradation, limiting the I/O throughput; configure the instance device driver and filesystem to use 64KB blocks to increase throughput.

The standard EBS Instance root volume limits the total IOPS rate; change the instance root volume to also be a 500GB 4,000 Provisioned IOPS volume.

Larger storage volumes support higher Provisioned IOPS rates; increase the provisioned volume storage of each of the 6 EBS volumes to 1TB.

RAID 0 only scales linearly to about 4 devices; use RAID 0 with 4 EBS Provisioned IOPS volumes, but increase each Provisioned IOPS EBS volume to 6,000 IOPS.

Question 15

How many g2.2xIarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?

Question 16

A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers. Which of the following are the two flows?

Authenticated and non-authenticated

Public and private

Enhanced and basic

Single step and multistep

Question 17

A user has created a VPC with CIDR 20.0.0.0/16. The user has created one subnet with CIDR 20.0.0.0/16 in this VPC. The user is trying to create another subnet with the same VPC for CIDR 20.0.0.1/24. What will happen in this scenario?

The VPC will modify the first subnet CIDR automatically to allow the second subnet IP range

The second subnet will be created

It will throw a CIDR overlaps error

It is not possible to create a subnet with the same CIDR as VPC

Question 18

You create a VPN connection, and your VPN device supports Border Gateway Protocol (BGP). Which of the following should be specified to configure the VPN connection?

Classless routing

Classfull routing

Dynamic routing

Static routing

Question 19

How can a user list the IAM Role configured as a part of the launch config?

as-describe-Iaunch-configs --iam-profiIe

as-describe-Iaunch-configs --show-Iong

as-describe-Iaunch-configs —iam-role

as-describe-Iaunch-configs —roIe

Question 20

True or False : "|n the context of Amazon EIastiCache, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node."

True, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node since, each has a unique node identifier.

True, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node.

False, you can connect to a cache node, but not to a cluster configuration endpoint.

False, you can connect to a cluster configuration endpoint, but not to a cache nod

Question 21

Auto Scaling requests are signed with a signature calculated from the request and the user’s private key.

SSL

AES-256

HMAC-SHA1

X.509

Question 22

The user has provisioned the PIOPS volume with an EBS optimized instance. Generally speaking, in which I/O chunk should the bandwidth experienced by the user be measured by AWS?

128 KB

256 KB

64 KB

32 KB

Question 23

Which of the following cannot be used to manage Amazon EIastiCache and perform administrative tasks?

AWS software development kits (SDKs)

Amazon S3

EIastiCache command line interface (CLI)

AWS CIoudWatch

Question 24

A user is configuring MySQL RDS with PIOPS. What should be the minimum size of DB storage provided by the user?

1 TB

50 GB

5 GB

100 GB

Question 25

You are running a successful multitier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web application s database. You are currently running a MuIti-AZ RDS MySQL instance for the database tier. You also have implemented Elasticache as a database caching layer between the application tier and database tier. Please select the answer that will allow you to successfully implement the reporting tier with as little impact as possible to your database.

Continually send transaction logs from your master database to an S3 bucket and generate the reports off the S3 bucket using S3 byte range requests.

Generate the reports by querying the synchronously replicated standby RDS NIySQL instance maintained through Nlulti-AZ.

Launch a RDS Read Replica connected to your MuIti AZ master database and generate reports by querying the Read Replica.

Generate the reports by querying the EIastiCache database caching tie

Page: 1 / 33

Total 398 questions Full Exam Access