AWS Solution Architect Associate Exam DumpsBy itexambyte.com / 10 February 2024 0% AWS Solution Architecture Exam Dumps Total Questions – 65Passing Score is 70%DomainWeigthage%Design Resilient Architecture26%Design High Performance Architecture24%Design Secure Architecture30%Design Cost Optimized Architecture20% 1 / 65 1. A junior architecture engineer wants to change the default configuration for EBS volume termination. By default, the root volume of an EC2 instance for an EBS-backed AMI is deleted when the instance terminates.Which option below helps change this default behavior to ensure that the volume persists even after the instance terminates? Set the DeleteOnTermination attribute to false Set the TerminateOnDelete attribute to true Set the TerminateOnDelete attribute to false Set the DeleteOnTermination attribute to true 2 / 65 2. An Africa-based healthcare firm is building an interactive diagnostic tool for HIV related assessments. The users would be required to capture their personal health records via this tool. As this is sensitive health information, the backup of the user data must be kept encrypted in S3. The startup does not want to provide its own encryption keys but still wants to maintain an audit trail of when an encryption key was used and by whom.Which of the following is the BEST solution for this use-case? Use SSE-S3 to encrypt the user data on S3 Use SSE-C to encrypt the user data on S3 Use client-side encryption with client provided keys and then upload the encrypted user data to S3 Use SSE-KMS to encrypt the user data on S3 3 / 65 3. An IT consultant is helping the owner of a small-sized business set up an AWS account. What are the security recommendations he must follow while creating the AWS account root user? (Select two) Encrypt the access keys and save them on Amazon S3 Create a strong password for the AWS account root user Enable Multi Factor Authentication (MFA) for the AWS account root user account Create AWS account root user access keys and share those keys only with the business owner Send an email to the business owner with details of the login username and password for the AWS root user. 4 / 65 4. Which service would you choose to develop a solution with minimal effort if an IT company, utilizing a fleet of EC2 instances for its proprietary application, needs to notify the infrastructure maintenance group via email when CPU utilization exceeds a specified threshold? Cloudwatch & Lambda Cloudwatch & SNS Step Functions & SNS SQS & Lambda 5 / 65 5. The IT company employs SQS queues to decouple the different components of its application architecture. To accommodate consuming components that require more time to process SQS messages, the company intends to delay the delivery of new messages to the queue by a few seconds.As a solutions architect, which of the following solutions would you suggest to the company? Use delay queues to postpone the delivery of new messages to the queue for a few seconds Use FIFO queues to postpone the delivery of new messages to the queue for a few seconds Use Amazon SQS for data ingestion and configure Lambda to trigger logic for downstream processing Use Amazon API Gateway with the existing REST-based interface to create a high performing architecture 6 / 65 6. What does this IAM policy do? It allows starting EC2 instances only when they have a Public IP within the 34.50.31.0/24 CIDR block It allows starting EC2 instances only when the IP where the call originates is within the 34.50.31.0/24 CIDR block It allows starting EC2 instances only when they have an Elastic IP within the 34.50.31.0/24 CIDR block It allows starting EC2 instances only when they have a Private IP within the 34.50.31.0/24 CIDR block 7 / 65 7. A company operates a microservices architecture and wants to deploy multiple Kubernetes clusters across different AWS regions for high availability and fault tolerance. Which feature of Amazon EKS allows them to achieve this? Multi-node groups Multi-AZ deployment Multi-region clusters Multi-container orchestration 8 / 65 8. Within a single AWS Region managed by AWS Organizations, you possess multiple AWS accounts and seek to guarantee private communication among all EC2 instances across these accounts. Among the options presented, which solution offers this capability at the LOWEST cost? Create a Private Link between all the EC2 instances Create a VPC in an account and share one or more of its subnets with the other accounts using Resource Access Manager Create a VPC peering connection between all VPCs Create a Transit Gateway and link all the VPC in all the accounts together 9 / 65 9. A Big Data analytics company wants to set up an AWS cloud architecture that throttles requests in case of sudden traffic spikes. The company is looking for AWS services that can be used for buffering or throttling to handle such traffic variations.Which of the following services can be used to support this requirement? Elastic Load Balancer, Amazon SQS, AWS Lambda Amazon API Gateway, Amazon SQS and Amazon Kinesis Amazon SQS, Amazon SNS and AWS Lambda Amazon Gateway Endpoints, Amazon SQS and Amazon Kinesis 10 / 65 10. An E-commerce company has moved its IT infrastructure to AWS Cloud and they have been using Amazon EC2 Auto Scaling for their web servers. This has helped them deal with traffic spikes effectively. But, their MySQL relational database has now become a bottleneck and they urgently need a fully managed auto scaling solution for their relational database to address any unpredictable changes in the traffic.Can you identify the AWS service that is best suited for this use-case? ElastiCache DynamoDB Aurora Aurora Serverless 11 / 65 11. A logistics company operates a fleet management system and needs to track the real-time location of vehicles. They want to expose APIs to retrieve vehicle location data and update vehicle status. Additionally, they want to ensure that the APIs can handle a high volume of requests from mobile and web applications. Which AWS service should they use to build and manage the APIs? Amazon CloudFront AWS Lambda Amazon API Gateway Amazon S3 12 / 65 12. A company has hired you as an AWS Certified Solutions Architect to help with redesigning a real-time data processor. The company wants to build custom applications that process and analyze the streaming data for its specialized needs.Which aws solution will you recommend to address this use-case? Use SNS to process the data streams as well as decouple the producers and consumers for the real-time data processor Use Kinesis Data Streams to process the data streams as well as decouple the producers and consumers for the real-time data processor Use SQS to process the data streams as well as decouple the producers and consumers for the real-time data processor Use Kinesis Data Firehose to process the data streams as well as decouple the producers and consumers for the real-time data processor 13 / 65 13. As a solutions architect, you've been assigned the task of enhancing the resilience of a multi-tier gaming application, operating on EC2 instances behind an Application Load Balancer, with instances in an EC2 Auto Scaling group across multiple Availability Zones and an Amazon Aurora database. What would be your recommendations to make the application more robust against periodic spikes in request rates? (Select two) Use Aurora Replica Use AWS Global Accelerator Use CloudFront distribution in front of the Application Load Balancer Use AWS Direct Connect Use AWS Shield 14 / 65 14. You terminated an instance in the us-west-1a availability zone, and the attached EBS volume is now available for attachment to other instances. An intern launches a new Linux EC2 instance in the us-west-1b availability zone and attempts to attach the EBS volume. The intern informs you that it is not possible and seeks your assistance.Which of the following explanations would you provide to them? EBS volumes are region locked The required IAM permissions are missing The EBS volume is encrypted EBS volumes are AZ locked 15 / 65 15. A US startup uses AWS Cloud to manage its IT infrastructure. The DevOps team at the startup wants to perform weekly database rollovers for a MSSQL database server using a serverless cron job that typically takes about 5 minutes to execute the database rollover script written in Node.js. The database rollover will archive the past week’s data from the production database to keep the database small while still keeping its data accessible.As a solutions architect, which of the following would you recommend as the MOST cost-efficient and reliable solution? Provision an EC2 spot instance to run the database rollover job triggered via an OS-based weekly cron expression Schedule a weekly EventBridge event cron expression to invoke a Lambda function that runs the database rollover job Create a time-based schedule option within an AWS Glue job to invoke itself every week and run the database rollover script Provision an EC2 scheduled reserved instance to run the database rollover script to be run via an OS-based weekly cron expression 16 / 65 16. Consider the following policy associated with an IAM group containing several users: Users belonging to the IAM group can terminate an EC2 instance in the us-west-1 region when the EC2 instance's IP address is 10.200.200.200 Users belonging to the IAM group can terminate an EC2 instance in the us-west-1 region when the user's source IP is 10.200.200.200 Users belonging to the IAM group cannot terminate an EC2 instance in the us-west-1 region when the user's source IP is 10.200.200.200 Users belonging to the IAM group can terminate an EC2 instance belonging to any region except the us-west-1 region when the user's source IP is 10.200.200.200 17 / 65 17. A gaming analytics organization has been acquired by a leading graphic company. The analytics organization has 15 independent gaming applications with an on-premises data footprint of about 90TB for each application. The CTO of the graphic company has set a timeline of 15 days to carry out the data migration from on-premises data center to AWS Cloud and establish connectivity.Which of the following are the MOST cost-effective options for establishing connectivity? Setup Site-to-Site VPN to establish on-going connectivity between the on-premises data center and AWS Cloud Setup AWS direct connect to establish connectivity between the on-premises data center and AWS Cloud Setup AWS transit to establish connectivity between the on-premises data center and AWS Cloud Setup AWS VPC endpoint to establish connectivity between the on-premises data center and AWS Cloud 18 / 65 18. A Banking services firm has initiated a program to enhance the security of its AWS resources, implementing AWS Shield Advanced across numerous AWS accounts owned by the company. However, upon evaluation, the company discovers that the incurred costs significantly exceed initial expectations.What could be identified as the root cause for the unexpectedly high costs associated with the AWS Shield Advanced service? AWS Shield Advanced is being used for custom servers, that are not part of AWS Cloud, thereby resulting in increased costs AWS Shield Advanced also covers AWS Shield Standard plan, thereby resulting in increased costs Savings Plans has not been enabled for the AWS Shield Advanced service across all the AWS accounts Consolidated billing has not been enabled. All the AWS accounts should fall under a single consolidated billing for the monthly fee to be charged only once 19 / 65 19. An E-commerce company wants to review its security best-practices after an incident was reported where a new intern on the team was assigned full access toS3. The intern accidentally deleted a couple of files from the production environment while building out a new feature.Which is the MOST effective way to address this issue so that such incidents do not recur? Use permissions boundary to control the maximum permissions employees can grant to the IAM principals Remove full S3 access for all IAM users in the organization The CTO should review the permissions for each new intern IAM user so that such incidents don't recur Only root user should have full S3 access in the organization 20 / 65 20. An Indian startup's cloud infrastructure consists of a few Amazon EC2 instances, Amazon RDS instances and Amazon S3 storage. A year into their business operations, the startup is incurring costs that seem too high for their business requirements.Which of the following options represents a valid cost-optimization solution? Use AWS Cost Explorer Resource Optimization to get a report of EC2 instances that are either idle or have low utilization and use AWS Compute Optimizer to look at instance type recommendations Use Amazon S3 Storage class analysis to get recommendations for transitions of objects to S3 Glacier storage classes to reduce storage costs. You can also automate moving these objects into lower-cost storage tier using Lifecycle Policies Use AWS Trusted Advisor checks on Amazon EC2 Reserved Instances to automatically renew Reserved Instances. Trusted advisor also suggests Amazon RDS idle DB instances Use AWS Compute Optimizer recommendations to help you choose the optimal Amazon EC2 purchasing options and help reserve your instance capacities at reduced costs 21 / 65 21. As a solutions architect, which of the following approaches would you recommend for addressing message processing failures observed by the engineering team for some customer orders within an e-commerce company using Amazon SQS queues to decouple their application architecture? Use a dead-letter queue to handle message processing failures Use a temporary queue to handle message processing failures Use short polling to handle message processing failures Use long polling to handle message processing failures 22 / 65 22. As a Solutions Architect, you have been hired to work with the engineering team at a tech company to create a REST API using the serverless architecture.Which of the following solutions will you recommend to move the company to the serverless architecture? Route 53 with EC2 as backend API Gateway exposing Lambda Functionality Fargate with Lambda at the front Public-facing ALB with ECS on Amazon EC2 23 / 65 23. The engineering team at a weather tracking company wants to enhance the performance of its relation database and is looking for a caching solution that is simple in design.As a solutions architect, which of the following solutions will you suggest? Redis DAX Memcached Redshift 24 / 65 24. An Unix systems administrator at an IT company wants to set up a highly available architecture for a bastion host solution.As a solutions architect, which of the following options would you recommend as the solution? Create an Elastic IP and assign it to all EC2 instances that are bastion hosts managed by an ASG - Create a VPC Endpoint for a fleet of EC2 instances that are bastion hosts managed by an ASG Create a public Application Load Balancer that links to EC2 instances that are bastion hosts managed by an ASG Create a public Network Load Balancer that links to EC2 instances that are bastion hosts managed by an ASG 25 / 65 25. The DevOps team at an IT company is provisioning a two-tier application in a VPC with a public subnet and a private subnet. The team wants to use either a NAT instance or a NAT gateway in the public subnet to enable instances in the private subnet to initiate outbound IPv4 traffic to the internet but needs some technical assistance in terms of the configuration options available for the NAT instance and the NAT gateway.As a solutions architect, which of the following options would you identify as CORRECT? (Select three) NAT instance can be used as a bastion server Security Groups can be associated with a NAT gateway Security Groups can be associated with a NAT instance NAT gateway supports port forwarding NAT instance supports port forwarding 26 / 65 26. Which of the following options MOST accurately outlines the capabilities of Amazon S3 relevant to the scenario where a financial services firm, operating a high-frequency trading system, intends to write log files to Amazon S3 and read them in parallel on a near real-time basis while mitigating potential data discrepancies caused by overwriting and subsequent reading of existing log files? A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 might return the new data A process replaces an existing object and immediately tries to read it. Amazon S3 always returns the latest version of the object A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 might return the previous data A process replaces an existing object and immediately tries to read it. Until the change is fully propagated, Amazon S3 does not return any data 27 / 65 27. A systems administrator has created a private hosted zone and associated it with a Virtual Private Cloud (VPC). However, the DNS queries for the private hosted zone remain unresolved.As a Solutions Architect, can you identify the Amazon VPC options to be configured in order to get the private hosted zone to work? Remove any overlapping namespaces for the private and public hosted zones Fix the Name server (NS) record and Start Of Authority (SOA) records that may have been created with wrong configurations Enable DNS hostnames and DNS resolution for private hosted zones Fix conflicts between your private hosted zone and any Resolver rule that routes traffic to your network for the same domain name, as it results in ambiguity over the route to be taken 28 / 65 28. The DevOps has set up inbound traffic rules for the relevant ports in both the Security Group of the EC2 instance and the Network Access Control List (NACL) of the subnet. Despite this configuration, the DevOps is unable to establish a connection to the service running on the Amazon EC2 instance. Network ACLs are stateful, so allowing inbound traffic to the necessary ports enables the connection. Security Groups are stateless, so you must allow both inbound and outbound traffic Security Groups are stateful, so allowing inbound traffic to the necessary ports enables the connection. Network ACLs are stateless, so you must allow both inbound and outbound traffic IAM Role defined in the Security Group is different from the IAM Role that is given access in the Network ACLs Rules associated with Network ACLs should never be modified from command line. An attempt to modify rules from command line blocks the rule and results in an erratic behavior 29 / 65 29. The engineering team at an E-commerce company wants to create a daily big data analysis job leveraging Spark for analyzing online/offline sales and customer loyalty data to create customized reports on a client-by-client basis. The big data analysis job needs to read the data from Amazon S3 and output it back to S3.Which technology do you recommend to run the Big Data analysis job? (Select two) Redshift EC2 GLUE Quicksight EMR 30 / 65 30. A data analytics company oversees an application storing user data in a DynamoDB table. Occasionally, the development team notices corrupted data being written into the DynamoDB table. Upon detecting the issue, the team urgently needs to remove the corrupted data.What course of action do you recommend? Use DynamoDB on-demand backup to restore the table to the state just before corrupted data was written Configure the DynamoDB table as a global table and point the application to use the table from another AWS region that has no corrupted data Use DynamoDB point in time recovery to restore the table to the state just before corrupted data was written Use DynamoDB Streams to restore the table to the state just before corrupted data was written 31 / 65 31. Which AWS service provides the necessary capabilities for re-engineering the caching layer of the current architecture for the relational database of an online home rental marketplace, with requirements for replication and archival support? ElastiCache for Redis Memcached DynamoDB Accelerator DocumentDB 32 / 65 32. How can you migrate an AWS account from AWS Organization A to AWS Organization B? What steps should be taken to accomplish this task? Send an invite to the new organization. Accept the invite to the new organization from the member account. Remove the member account from the old organization Send an invite to the new organization. Remove the member account from the old organization. Accept the invite to the new organization from the member account Remove the member account from the old organization. Send an invite to the member account from the new Organization. Accept the invite to the new organization from the member account Open an AWS Support ticket to ask them to migrate the account 33 / 65 33. Your application is hosted by a provider on sample.provider.com. You would like to have your users access your application using www.my-application.com, which you own and manage under Route 53.What Route 53 record should you create? AAAA record PTR record CNAME record Alias record 34 / 65 34. You have an S3 bucket that contains files in two different folders - s3://sample-bucket/videos and s3://sample-bucket/photos. When a video is first uploaded and new, it is viewed several times. But after 45 days, analytics prove that videos files are on average rarely requested, but the photos still are. After 180 days, you would like to archive the videos files and the photos. Overall you would like the solution to remain highly available to prevent disasters happening against a whole AZ.How can you implement an efficient cost strategy for your S3 bucket? (Select two) Create a Lifecycle Policy to transition all objects to S3 Standard IA after 45 day Create a Lifecycle Policy to transition objects to Glacier using a prefix after 180 days Create a Lifecycle Policy to transition all objects to Glacier after 180 days Create a Lifecycle Policy to transition objects to S3 Standard IA using a prefix after 45 days Create a Lifecycle Policy to transition objects to S3 One Zone IA using a prefix after 45 days 35 / 65 35. A systems administrator is crafting IAM policies and linking them to IAM identities. Having completed the requisite identity-based policies, the administrator is now drafting resource-based policies.What is the only resource-based policy supported by the IAM service? ACL SCP Permissions boundary Trust policy 36 / 65 36. A social photo-sharing company utilizes Amazon S3 to store images uploaded by users. These images are encrypted in S3 using AWS Key Management Service (KMS), with the company managing its own Customer Master Key (CMK) for encryption purposes. Unfortunately, a member of the DevOps team inadvertently deleted the CMK a day ago, leading to the loss of user photo data. The company has reached out to seek consultation on potential solutions to this crisis. Contact AWS support to retrieve the CMK from their backup As the CMK was deleted a day ago, it must be in the 'pending deletion' status and hence you can just cancel the CMK deletion and recover the key The CMK can be recovered by the AWS root account user The company should issue a notification on its web application informing the users about the loss of their data 37 / 65 37. A startup has created a data warehouse using Redshift that is used to analyze data from Amazon S3. From the usage pattern, you have observed that after 30 days, the data is rarely queried in Redshift and it's not "hot data" anymore. You would like to preserve the SQL querying capability on your data and get the queries started immediately. Also, you want to adopt a pricing model that allows you to save the maximum amount of cost on Redshift.What do you recommend? (Select two) Move the data to S3 Standard IA after 30 days Analyze the cold data with Athena Migrate the Redshift underlying storage to S3 IA Create a smaller Redshift Cluster with the cold data Move the data to S3 Glacier after 30 days 38 / 65 38. A newly onboarded DevOps engineer within a development team seeks to grasp the replication functionalities of RDS Multi-AZ and RDS Read-replicas. Which of the following accurately outlines these capabilities for the specified database? Multi-AZ follows asynchronous replication and spans one Availability Zone within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow synchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region Multi-AZ follows synchronous replication and spans at least two Availability Zones within a single region. Read replicas follow asynchronous replication and can be within an Availability Zone, Cross-AZ, or Cross-Region 39 / 65 39. A company has many VPC in various accounts, that need to be connected in a star network with one another and connected with on-premises networks through Direct Connect.What do you recommend? VPC Peering VPN Gateway Private Link Transit Gateway 40 / 65 40. A prominent video streaming provider is transitioning to AWS Cloud infrastructure to distribute its content to users globally. The company aims to ensure that the solution can handle a minimum of one million requests per second for its EC2 server farm.As a solutions architect, which type of Elastic Load Balancer would you recommend as part of the solution stack? Application Load Balancer Classic Load Balancer Network Load Balancer Infrastructure Load Balancer 41 / 65 41. A health care startup has created a new web application for users to complete a risk assessment survey for AIDS symptoms via a self-administered questionnaire. The startup has purchased the domain aids-assessment.com using Route 53. The web development team would like to create a Route 53 record so that all traffic for aids-assessment.com is routed to www.aids-assessment.comAs a solutions architect, which of the following is the MOST cost-effective solution that you would recommend to the web development team? Create an MX record for aids-assessment.com that routes traffic to www.aids-assessment.com Create a CNAME record for aids-assessment.com that routes traffic to www.aids-assessment.com Create an NS record for aids-assessment.com that routes traffic to www.aids-assessment.com Create an alias record for aids-assessment.com that routes traffic to www.aids-assessment.com 42 / 65 42. Which of the following represents the appropriate placement group configuration for a Big Data consulting company aiming to migrate large distributed and replicated workloads from an on-premises data center to Amazon EC2 instances, while leveraging the placement groups feature to minimize correlated hardware failures? Partition placement groups Cluster placement groups Spread placement groups Multi-AZ placement groups 43 / 65 43. As a Solutions Architect, you've designed an application deployed with an Elastic Load Balancer and an Auto Scaling Group. You've set up CloudWatch alarms with aggressive configurations, causing your Auto Scaling Group (ASG) to rapidly scale in and out, refreshing your Amazon EC2 instance fleet daily. A production bug emerged two days ago, yet the team cannot SSH into the instance to troubleshoot because the instance was terminated by the ASG. The log files are stored on the EC2 instance.How will you resolve the issue and make sure it doesn't happen again? Disable the Termination from the ASG any time a user reports an issue Make a snapshot of the EC2 instance just before it gets terminated Install a CloudWatch Logs agents on the EC2 instances to send logs to CloudWatch Use AWS Lambda to regularly SSH into the EC2 instances and copy the log files to S3 44 / 65 44. Which AWS service offers a highly available and fault-tolerant solution for capturing clickstream events from the source and concurrently providing a data stream to downstream applications? AWS Kinesis Data Analytics AWS Kinesis Data Firehose AWS Kinesis Data Streams Amazon SQS 45 / 65 45. A company hires experienced specialists to analyze the customer service calls attended by its call center representatives. Now, the company wants to move to AWS Cloud and is looking at an automated solution to analyze customer service calls for sentiment analysis via ad-hoc SQL queries.As a Solutions Architect, which of the following solutions would you recommend? Use Kinesis Data Streams to read the audio files and machine learning (ML) algorithms to convert the audio files into text and run customer sentiment analysis Use Kinesis Data Streams to read the audio files and Amazon Alexa to convert them into text. Kinesis Data Analytics can be used to analyze these files and Amazon Quicksight Use Amazon Transcribe to convert audio files to text and Amazon Quicksight to run analysis on these text files to understand the underlying patterns. Visualize and display them onto user Dashboards for human analysis Use Amazon Transcribe to convert audio files to text and Amazon Athena to understand the underlying customer sentiments 46 / 65 46. Your e-commerce application currently utilizes an RDS PostgreSQL database, which also hosts an analytics workload. However, running the analytics workload adversely impacts the performance of your e-commerce application, leading to reduced sales.What is the MOST cost-optimal solution to address this issue? Enable Multi-AZ for the RDS database and run the analytics workload on the standby database Migrate the analytics application to AWS Lambda Create a Read Replica in another Region as the Master database and point the analytics workload there Create a Read Replica in the same Region as the Master database and point the analytics workload there 47 / 65 47. A DevOps engineer at an IT company just upgraded an EC2 instance type from t2.nano (0.5G of RAM, 1 vCPU) to u-12tb1.metal (12.3 TB of RAM, 448 vCPUs). How would you categorize this upgrade? This is a scale-up example of horizontal scalability This is a scale-out example of vertical scalability This is an example of high availability This is a scale-up example of vertical scalability 48 / 65 48. The engineering team at an online firm is assessing the best block storage volume type for the EC2 instances hosting its primary application. They require a storage volume with very low latency but do not need to retain the data when the instance terminates. As a solutions architect, you've recommended utilizing Instance Store volumes to fulfill these criteria.Which of the following would you identify as the key characteristics of the Instance Store volumes? (Select two) Instance store is reset when you stop or terminate an instance. Instance store data is preserved during hibernation You can't detach an instance store volume from one instance and attach it to a different instance You can specify instance store volumes for an instance when you launch or restart it If you create an AMI from an instance, the data on its instance store volumes isn't preserved An instance store is a network storage type 49 / 65 49. A gaming company wants to run their applications on single-tenant hardware to meet regulatory guidelines.Which of the following is the MOST cost-effective way of isolating their Amazon EC2 instances to a single tenant? Dedicated Instances Dedicated Hosts Spot Instances On-Demand Instances 50 / 65 50. The engineering manager overseeing a content management application seeks to establish RDS read replicas to enhance performance and read scalability. The manager aims to comprehend the data transfer charges associated with configuring RDS read replicas.Which of the following statements accurately describes the data transfer charges for RDS read replicas? There are data transfer charges for replicating data within the same AWS Region There are no data transfer charges for replicating data across AWS Regions There are data transfer charges for replicating data within the same Availability Zone There are data transfer charges for replicating data across AWS Regions 51 / 65 51. You would like to store a database password in a secure place, and enable automatic rotation of that password every 90 days. What do you recommend? KMS CloudHSM Secrets Manager SSM Parameter Store 52 / 65 52. As a solutions architect, what recommendations would you propose to address compliance and regulatory guidelines, including safeguarding against accidental deletion of objects, for a healthcare startup storing data in Amazon S3? (Select two) Create an event trigger on deleting any S3 object. Enable versioning on the bucket Establish a process to get managerial approval for deleting S3 objects Enable MFA delete on the bucket Change the configuration on AWS S3 console so that the user needs to provide additional confirmation while deleting any S3 object 53 / 65 53. An organization needs to process incoming HTTP requests and invoke AWS Lambda functions based on the request path. Which feature of Amazon API Gateway facilitates this requirement? API Gateway Integration Types API Gateway Custom Domains API Gateway Usage Plans API Gateway Resource Policies 54 / 65 54. You have a team of developers in your company, and you aim to facilitate their experimentation with AWS Managed Policies by allowing them to attach these policies to their accounts. However, you also want to prevent them from granting themselves the AdministratorAccess managed policy to avoid privilege escalation. How should you proceed to achieve this? Create a Service Control Policy (SCP) on your AWS account that restricts developers from attaching themselves the AdministratorAccess policy Attach an IAM policy to your developers, that prevents them from attaching the AdministratorAccess policy For each developer, define an IAM permission boundary that will restrict the managed policies they can attach to themselves Put the developers into an IAM group, and then define an IAM permission boundary on the group that will restrict the managed policies they can attach to themselves 55 / 65 55. As a Solutions Architect, what solution would you recommend for an e-commerce company seeking high availability as it prepares to migrate its flagship application to a fleet of Amazon EC2 instances, with a requirement for content-based routing in its architecture? Use an Application Load Balancer for distributing traffic to the EC2 instances spread across different Availability Zones. Configure Auto Scaling group to mask any failure of an instance Use a Network Load Balancer for distributing traffic to the EC2 instances spread across different Availability Zones. Configure a Private IP address to mask any failure of an instance Use an Auto Scaling group for distributing traffic to the EC2 instances spread across different Availability Zones. Configure an Elastic IP address to mask any failure of an instance Use an Auto Scaling group for distributing traffic to the EC2 instances spread across different Availability Zones. Configure a Public IP address to mask any failure of an instance 56 / 65 56. As a Solutions Architect, what suggestions would you propose to troubleshoot the issue where the Auto Scaling group (ASG) fails to terminate an unhealthy Amazon EC2 instance? (Select two) The health check grace period for the instance has not expired The EC2 instance could be a spot instance type, which cannot be terminated by ASG A user might have updated the configuration of ASG and increased the minimum number of instances forcing ASG to keep all instances alive The instance has failed the ELB health check status A custom health check might have failed. ASG does not terminate instances that are set unhealthy by custom checks 57 / 65 57. What does this CloudFormation snippet do? (Select two)SecurityGroupIngress: - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 192.168.1.1/32 It configures an NACL's inbound rules It allows any IP to pass through on the HTTP port It only allows the IP 0.0.0.0 to reach HTTP It configures a security group's inbound rules It configures a security group's outbound rules 58 / 65 58. As a solutions architect, what steps would you recommend for an organization looking to delegate access to a group of users from the development environment so they can access resources in the production environment, which is managed under another AWS account? Both IAM roles and IAM users can be used interchangeably for cross-account access Create a new IAM role with the required permissions to access the resources in the production environment. The users can then assume this IAM role while accessing the resources from the production environment Create new IAM user credentials for the production environment and share these credentials with the set of users from the development environment It is not possible to access cross-account resources 59 / 65 59. Your firm has implemented a multi-tiered networking structure within the VPC - with two public and two private subnets. The public subnets are used to deploy the Application Load Balancers, while the two private subnets are used to deploy the application on Amazon EC2 instances. The development team wants the EC2 instances to have access to the internet. The solution has to be fully managed by AWS and needs to work over IPv4.What will you recommend? NAT Instances deployed in your public subnet Internet Gateways deployed in your private subnet Egress-Only Internet Gateways deployed in your private subnet NAT Gateways deployed in your public subnet 60 / 65 60. As a Solutions Architect, you've configured a database on a single EC2 instance with a gp2 EBS volume totaling 300GB. The EC2 instance is an m5.large type. Lately, the database performance has deteriorated, and upon reviewing CloudWatch, you notice that the IOPS on the EBS volume are reaching maximum capacity. Given the licensing constraints, the database's disk size cannot be altered.How would you troubleshoot this issue? Increase the IOPS on the gp2 volume Convert the EC2 instance to an i3.4xlarge Convert the gp2 volume to gp3 Convert the gp2 volume to an io1 61 / 65 61. During performance analysis of an e-commerce application, the engineering team observed that database reads are resulting in elevated I/O and introducing latency to the write requests against the Amazon Aurora Multi-AZ deployment database.As an AWS Certified Solutions Architect Associate, what would you recommend to separate the read requests from the write requests? Provision another Amazon Aurora database and link it to the primary database as a read replica Activate read-through caching on the Amazon Aurora database Set up a read replica and modify the application to use the appropriate endpoint Configure the application to read from the Multi-AZ standby instance 62 / 65 62. A Delhi based financial company has a two-tier architecture using EC2 instances for its flagship application. The web servers (listening on port 443), which have been assigned security group A, are in public subnets across two Availability Zones and the MS-SQL based database instances (listening on port 1433), which have been assigned security group B, are in two private subnets across two Availability Zones. The Security team wants to review the security configurations of the application architecture. For security group A: Add an inbound rule that allows traffic from all sources on port 443. Add an outbound rule with the destination as security group B on port 1433 For security group B: Add an inbound rule that allows traffic only from security group A on port 1433 For security group B: Add an inbound rule that allows traffic only from all sources on port 1433 For security group A: Add an inbound rule that allows traffic from all sources on port 443. Add an outbound rule with the destination as security group B on port 443 For security group B: Add an inbound rule that allows traffic only from security group A on port 443 63 / 65 63. A company is looking for a technology that allows its mobile app users to connect through a Google login and have the capability to turn on MFA (Multi-Factor Authentication) to have maximum security. Ideally, the solution should be fully managed by AWS.Which technology do you recommend for managing the users' accounts? Write a Lambda function with Auth0 3rd party integration Amazon Cognito AWS Identity and Access Management (IAM) AWS Identity and Access Management (IAM) 64 / 65 64. In a bid to enhance the application's performance and security, the engineering team at a company has established a CloudFront distribution with an Application Load Balancer as the custom origin. Additionally, the team has implemented a Web Application Firewall (WAF) alongside the CloudFront distribution. However, the security team at the company has detected an increase in malicious attacks originating from a specific IP address aimed at stealing sensitive data stored on the EC2 instances.As a solutions architect, which of the following actions would you recommend to stop the attacks? Create a deny rule for the malicious IP in the NACL associated with each of the instances Create a deny rule for the malicious IP in the Security Groups associated with each of the instances Create a ticket with AWS support to take action against the malicious IP Create an IP match condition in the WAF to block the malicious IP address 65 / 65 65. A movie production studio is looking at transferring their existing digital media assets of around 25PB to AWS Cloud in the shortest possible timeframe.Which of the following is an optimal solution for this requirement, given that the studio's data centers are located at a remote location? Direct Connect Snowball Snowmobile Snowcone Your score is The average score is 3% LinkedIn Facebook Twitter 0% Restart quiz Exit