12 July, 2021

What Highest Quality AWS-Solution-Architect-Associate Dumps Questions Is

Our pass rate is high to 98.9% and the similarity percentage between our AWS-Solution-Architect-Associate study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the Amazon AWS-Solution-Architect-Associate exam in just one try? I am currently studying for the Amazon AWS-Solution-Architect-Associate exam. Latest Amazon AWS-Solution-Architect-Associate Test exam practice questions and answers, Try Amazon AWS-Solution-Architect-Associate Brain Dumps First.

Amazon AWS-Solution-Architect-Associate Free Dumps Questions Online, Read and Test Now.

Page: 1 / 123

Total 1487 questions Full Exam Access

Question 1

Disabling automated backups _ disable the point-in-time recovery.

if configured to can

will never

will

Question 2

Which AWS instance address has the following characteristics? :" If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."

Both A and B

None of these

VPC Addresses

EC2 Addresses

Question 3

In Amazon AWS, which of the following statements is true of key pairs?

Key pairs are used only for Amazon SDKs.

Key pairs are used only for Amazon EC2 and Amazon CIoudFront.

Key pairs are used only for Elastic Load Balancing and AWS IAM.

Key pairs are used for all Amazon service

Question 4

You must increase storage size in increments of at least _ %

Question 5

A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to S3 to enhance the picture accordingly. Which of the below mentioned AWS services will help make a scalable software with the AWS infrastructure in this scenario?

AWS Simple Notification Service

AWS Simple Queue Service

AWS Elastic Transcoder

AWS Glacier

Question 6

After you recommend Amazon Redshift to a client as an alternative solution to paying data warehouses to analyze his data, your client asks you to explain why you are recommending Redshift. Which of the following would be a reasonable response to his request?

It has high performance at scale as data and query complexity grows.

It prevents reporting and analytic processing from interfering with the performance of OLTP workloads.

You don't have the administrative burden of running your own data warehouse and dealing with setup, durability, monitoring, scaling, and patching.

All answers listed are a reasonable response to his QUESTION

Question 7

While creating an Amazon RDS DB, your first task is to set up a DB that controls which IP address or EC2 instance can access your DB Instance.

security token pool

security token

security pool

security group

Question 8

Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon 53 and then transformed by a fileet of spot EC2 instances. Fi les submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?

Use a DynamoDB table with an attribute defining the priority leve

Transformation instances will scan the table for tasks, sorting the results by priority level.

Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.

Use two SQS queues, one for high priority messages, the other for default priorit

Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.

Use a single SQS queu

Each message contains the priority leve

Transformation instances pollhigh-priority messages firs

Question 9

Is creating a Read Replica of another Read Replica supported?

Only in VPC

Yes

Only in certain regions

Question 10

You are tasked with setting up a Linux bastion host for access to Amazon EC2 instances running in your VPC. Only clients connecting from the corporate external public IP address 72.34.51.100 should have SSH access to the host. Which option will meet the customer requirement?

Security Group Inbound Rule: Protocol - TC

Port Range- 22, Source 72.34.51. 100/32

Security Group Inbound Rule: Protocol - UDP, Port Range- 22, Source 72.34.51.100/32

Network ACL Inbound Rule: Protocol - UDP, Port Range- 22, Source 72.34.51.100/32

Network ACL Inbound Rule: Protocol - TCP, Port Range-22, Source 72.34.51.100/0

Question 11

You have been setting up an Amazon Virtual Private Cloud (Amazon VPC) for your company, including setting up subnets. Security is a concern, and you are not sure which is the best security practice for securing subnets in your VPC. Which statement below is correct in describing the protection of AWS resources in each subnet?

You can use multiple layers of security, including security groups and network access control lists (ACL).

You can only use access control lists (ACL).

You don't need any security in subnets.

You can use multiple layers of security, including security groups, network access control lists (ACL) and CIoudHSM.

Question 12

You have been given a scope to deploy some AWS infrastructure for a large organisation. The requirements are that you will have a lot of EC2 instances but may need to add more when the average utilization of your Amazon EC2 fileet is high and conversely remove them when CPU utilization is low. Which AWS services would be best to use to accomplish this?

Auto Scaling, Amazon CIoudWatch and AWS Elastic Beanstalk

Auto Scaling, Amazon CIoudWatch and Elastic Load Balancing.

Amazon CIoudFront, Amazon CIoudWatch and Elastic Load Balancing.

AWS Elastic Beanstalk , Amazon CIoudWatch and Elastic Load Balancin

Question 13

You have set up an Elastic Load Balancer (ELB) with the usual default settings, which route each request independently to the application instance with the smallest load. However, someone has asked you to bind a user's session to a specific application instance so as to ensure that all requests coming from the user during the session will be sent to the same application instance. AWS has a feature to do this. What is it called?

Connection draining

Proxy protocol

Tagging

Sticky session

My answer: -

Reference answer: D

Reference analysis:

An Elastic Load BaIancer(ELB) by default, routes each request independently to the application instance
with the smallest load. However, you can use the sticky session feature (also known as session affinity), which enables the load balancer to bind a user's session to a specific application instance. This ensures that all requests coming from the user during the session will be sent to the same application instance. The key to managing the sticky session is determining how long your load balancer should consistently route the user's request to the same application instance. If your application has its own session cookie, then you can set Elastic Load Balancing to create the session cookie to follow the duration specified by the appIication's session cookie. If your application does not have its own session cookie, then you can set Elastic Load Balancing to create a session cookie by specifying your own stickiness duration. You can associate stickiness duration for only HTTP/HTTPS load balancer listeners.
An application instance must always receive and send two cookies: A cookie that defines the stickiness duration and a special Elastic Load Balancing cookie named AWSELB, that has the mapping to the application instance.
Reference: http://docs.aws.amazon.com/E|asticLoadBaIancing/latest/DeveIoperGuide/TerminoIogyandKeyConcepts. htmI#session-stickiness

Question 14

You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC) The previous architect has already deployed a 3-tier VPC, The configuration is as follows:
VPC: vpc-2f8bc447 IGW: igw-2d8bc445 NACL: ad-208bc448
5ubnets and Route Tables: Web sewers: subnet-258bc44d
Application servers: subnet-248bc44c Database sewers: subnet-9189c6f9 Route Tables:
rrb-218bc449 rtb-238bc44b Associations:
subnet-258bc44d : rtb-218bc449 subnet-248bc44c : rtb-238bc44b subnet-9189c6f9 : rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC Web servers must have direct access to the internet Application and database sewers cannot have direct access to the internet.
Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these sewers to retrieve updates from the Internet?

Create a bastion and NAT instance in subnet-258bc44d, and add a route from rtb- 238bc44b to the NAT instance.

Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within subnet-248bc44c.

Create a bastion and NAT instance in subnet-248bc44c, and add a route from rtb- 238bc44b to subneb258bc44d.

Create a bastion and NAT instance in subnet-258bc44d, add a route from rtb-238bc44b to Igw- 2d8bc445, and a new NACL that allows access between subnet-258bc44d and subnet -248bc44c.

Question 15

You are tasked with moving a legacy application from a virtual machine running Inside your datacenter to an Amazon VPC Unfortunately this app requires access to a number of on-premises services and no one who configured the app still works for your company. Even worse there's no documentation for it. What will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? {Choose 3 answers)

An AWS Direct Connect link between the VPC and the network housing the internal services.

An Internet Gateway to allow a VPN connection.

An Elastic IP address on the VPC instance

An IP address space that does not conflict with the one on-premises

Entries in Amazon Route 53 that allow the Instance to resolve its dependencies' IP addresses

A VM Import of the current virtual machine

My answer: -

Reference answer: ADF

Reference analysis:

AWS Direct Connect
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectMty between AWS you’re your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet based connections.
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon 53 using public IP address space, and private resources
such as Amazon EC2 instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs.
What is AWS Direct Connect?
AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard I gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cab Ie is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud (for example, to Amazon Elastic Compute Cloud {Amazon EC2) and Amazon Simple Storage Service (Amazon 53)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCIoud (US).
The following diagram shows how AWS Direct Connect interfaces with your network.
Requirements
To use AWS Direct Connect, your network must meet one of the following conditions:
Your network is colocated with an existing AWS Direct Connect location. For more information on available AWS Direct Connect locations, go to http://aws.amazon.com/directconnect/.
You are working with an AWS Direct Connect partner who is a member of the AWS Partner Network (APN). For a list of AWS Direct Connect partners who can help you connect, go to http://aws.amazon.com/directconnect
You are working with an independent service provider to connect to AWS Direct Connect. In addition, your network must meet the following conditions:
Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or 10GBASE-LR {1310nm) for 10 gigabit Ethernet. Auto Negotiation for the port must be disabled. You must support 802.1Q VLANs across these connections.
Your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication. Optionally,
you may configure Bidirectional Forwarding Detection (BFD).
To connect to Amazon Virtual Private Cloud (Amazon VPC), you must first do the following: Provide a private Autonomous System Number (ASN). Amazon allocates a private IP address in the
169.x.x.x range to you.
Create a virtual private gateway and attach it to your VPC. For more information about creating a virtual private gateway, see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide.
To connect to public AWS products such as Amazon EC2 and Amazon 53, you need to provide the following:
A public ASN that you own (preferred) or a private ASN.
Public IP addresses (/31) (that is, one for each end of the BGP session) for each BGP session. If you do not have public I P addresses to assign to this connection, log on to AWS and then open a ticket with AWS Support.
The public routes that you will advertise over BGP.

Question 16

A photo-sharing service stores pictures in Amazon Simple Storage Service (53) and allows application sign-in using an OpenID Connect-compatible identity provider. Which AWS Security Token Service approach to temporary access should you use for the Amazon 53 operations?

SANIL-based Identity Federation

Cross-Account Access

AWS Identity and Access Management roles

Web Identity Federation

Question 17

Can the string value of 'Key' be prefixed with :aws:"?

Only in GovC|oud

Only for 53 not EC2

Yes

Question 18

Groups can't _.

be nested more than 3 levels

be nested at all

be nested more than 4 levels

be nested more than 2 levels

Question 19

To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of _ _

special filters

functions