AWS Certified Solutions Architect Professional Practice Questions Part 1

You deployed an application in a single region in multiple AZs. In case of failure, the
RTO must be less than 3 hours, and the RPO should be 15 minutes. What would be your
DR strategy to achieve this RTO and RPO?

Which of the following AWS service would you choose for analysis of the clickstreams
from a web application in real time?

Your company has started using a custom SaaS-based solution that is hosted on AWS.
The SaaS solution requires access to AWS resources. You are required to enable the
SaaS solution to work with AWS resources securely. Which of the following option
would you choose to achieve this?

To avoid SQL injections against your infrastructure in AWS, which of the following is
the best option?

Your application on an EC2 instance allows users to use pre-signed URLs to download
files from a private S3 bucket. Before generating the URL, the existence of the file in the
bucket should be verified by the application. How can the application use AWS
credentials to access the bucket in a secure way?

Choose from the following, the best techniques to avoid DDoS attacks for your AWS
infrastructure. (Choose 3)

Which of the below options is the most feasible to deliver private content to users from
an S3 bucket?

You are required to analyze the clickstreams of your organization’s web application in
real-time. Which AWS service can be used for this?

You run a customer-facing event registration site which is built with a 3-tier
architecture with web and app servers, and a MySQL database. The website requires 6
web and 6 app servers to operate normally, but can run on a minimum of 65% server
capacity and a single MySQL database. Which architecture will provide high availability
when deploying this application in a region with three AZs?

One of your customers needs to deploy an SSL enabled web application on AWS and
would like to implement separation of roles. The roles are EC2 service administrators
that are entitled to login to instances as well as making API calls and the security officers
who will maintain and have exclusive access to the application’s X.509 certificate that
contains the private key. Which of the following configuration option would satisfy the
requirements?

Your organization’s content management system has an application tier hosted on IIS
and the database tier is MySQL. This is regularly backed up on Amazon S3 using a
custom utility for backup. The static content is stored on a gateway-cached volume
which is attached to the application server via the iSCSI interface. Which DR strategy
will give you the best RTO?

To track changes in your AWS resources, which of the following is a reliable and durable
logging solution?

Your application that is running on an EC2 instance needs access to an SQS queue using
AWS credentials, how can it be done?

To add burst capacity when required, your organization has extended its data center on
AWS. To administer the EC2 instances, your operations team need to be able to access
AWS management console. You do not want to create new IAM user for each member
because you do not want them to sign in again to the AWS management console. Which
of the following options will meet your requirement?

. You are receiving a series of attacks by a determined set of IP ranges. Which of the
following options is the best method to stop this?

Which of the following are lifecycle events of OpsWorks? (Choose 3)

You were given a task of creating a mobile app through which users can post sightings
of good deeds (acts of kindness). These posts can be as long as 80-characters. You have
decided to write this application in JavaScript because it runs on the broadest range of
phones, browsers, and tablets. You are going to use DynamoDB to store the users’ input.
Testing of the prototype showing that there aren’t large spikes in usage. Which of the
following would be the most cost-effective and scalable architecture for this
application?

Your engineering organization’s legacy application is hosted on-premises. The
application has 900 GB of data that is shared via a central file server. The data consists
of thousands of files that are ranging in size from Megabytes to multiple Gigabytes. The
engineers modify 5-10% of the files per day. You are required to migrate this application
to AWS, but only of the application can be migrated over the weekend to minimize user
downtime. Your calculations show that it will take 48 hours to migrate 900 GB data
using the company’s 45 mbps connection. After replicating the app’s infrastructure on
AWS, which of the following option will allow you to move the data without any loss
and within the given timeframe?

Your company hosts a web application which is designed for business travelers. The
users of your application must be able to connect to it from anywhere on the internet
but the application server should not be exposed to the internet. Which of the following
options can fulfill this requirement?

To use Amazon Kinesis, which of the following is the best example?

You have a set of web servers on AWS and an ELB on front of it. It is required to secure
the SSL key that encrypts the data. Also, the logs of the ELB should only be decryptable by a subset of users. Which architecture from the following meets these
requirements?

Your application is composed of multiple components that are all hosted on a single
EC2 instance. For security reason, your organization wants you to implement 2 separate
SSL for separate modules. How can this be achieved on a single instance?

Your trainee has created a VPC with CIDR 20.0.0.0/16, he has also created a subnet with
CIDR 20.0.0.0/16 in this VPC. Now, he is trying to create another subnet within the
same VPC for CIDR 20.0.0.1/24. What will happen?

You tried to integrate two systems (front-end & back-end) with an HTTP interface to
one large system. These subsystems do not store any state inside. All of the state
information is stored in DynamoDB. You have launched each of the subsystems with
separate AMIs. After testing, these servers stopped running and started issuing
malformed requests that are not compliant with the HTTP specifications of the client.
Your team fixed the issue and deployed the fix to the subsystems ASAP without any
service disruption. What are the most effective options to deploy these fixes and ensure
that the healthy instances are redeployed? (Choose 3)

You have an on-premises application that is dependent on multi-cast. You are required
to move this application to AWS. Which of the following steps would you carry out on
the OS that is hosting that app so that the app can be moved to AWS?

You work as an architect in an organization that operates a sleep tracking mobile
application. When activated at night, the application sends collected data points of 1
KB every 5 minutes to your backend which authenticates the user and write the data
points in an Amazon DynamoDB table. Every morning, you scan the table to extract
and aggregate the data on per user basis, and store the results in S3. Users are notified
about the new data via SNS mobile push notifications. The data is parsed and via the
mobile app. Currently, you have around 100k users who are mostly based out of North
America. You are asked to optimize the architecture for lower cost. What would you
do? (Choose 2)

To store the analyzed data, your company uses Amazon RedShift. They started with the
base configuration, what will they get when they initially start using RedShift?

The auditor needs read-only access to the event history of your AWS account activity,
including actions taken through the AWS management console, AWS SDKs, Command
Line tools, and other AWS services. Which of the following is the best way of giving this
kind of access?

You have developed a mobile application for a client that stores data in a DynamoDB
table. The application needs scalability to handle millions of views. Your customer
needs access to the data in the DynamoDB. How would you do this?

You need to replicate an on premise RDS instance to AWS. Which of the following is
the most recommended approach to do it in the most secure way?

For temporary use, you created an application that accepts image uploads, stores the
images in S3, and records information about the images in RDS. You built the
architecture and accepted the images for the required duration. Now, it is time to delete
the CloudFormation template. Your manager has informed you that for archival
reasons, the RDS needs to be stored in S3 with the images. He also told you to ensure
that the application can be restored from the template to use in next year during the
same time period. You know that if CloudFormation template is deleted, all the
resources it created will be removed. How will you fulfill the requirement?

You are migrating an application from your on premise location to AWS cloud. The
application will be primarily using EC2 instances and needs to be built on a highly
available architecture. The application currently uses hardcoded hostnames for intercommunication between the three tiers. You have migrated the application and
configured the multi-tiers using the internal ELBs to serve the traffic. The hostname of
your ELB is demo-app.us-east-1.elb.amazonaws.com. The hardcoded hostname in your
application is demolayer.company.com. What would be the best method to build this
solution with as much high availability as possible?

An Oracle RAC configuration is hosted on the AWS public cloud. How can you
configure backups for it?

Your organization extensively uses S3 with a strict security policy. It is required that all
the artifacts are stored securely in S3. Which of the following request headers will cause
and object to be SSE, when specified in an API call?

You are required to set up an S3 bucket for document and image storage. The objects
in the bucket should not be accessible via the S3 URL, and should also not be accessible
from the pages on your website so that only the paying customers could see them. How
can this be implemented?

You need to perform the following tasks in the same order as given on an S3 bucket
named as “mybucket”:
Upload a file named file 1 to the bucket
Enable versioning
Upload file 2
Upload file 3
Upload another file called file 2
Which of the following is true for “mybucket”?

You are required to host a website from Amazon S3. Your static JavaScript code
attempts to include resources from another S3 bucket but permission is denied. How
will you solve this problem?

The application that your organization uses is hosted on an EC2 instance. The code is
written in .NET and connects to a MySQL RDS database. If the instance where you are
executing .NET code is assigned an IAM role, which of the following options is correct?

You need to move your existing traditional system to AWS. During migration, you
noticed that your master server is the single point of failure. When examined the
implementation of master server, you realized that there is not enough time during
migration to reengineer the server to make it highly available. You also found out that
it is storing its states in local MySQL database. To reduce downtime, you select RDS to
replace the local database and configure the master to use it. Which of the following
steps would allow you build a self-healing architecture?

Your organization wants you to establish a low latency dedicated connection to an S3
endpoint. What can you do to do the task over a DirectConnect connection?

A client runs a website and you are hired to migrate this web to the AWS cloud. On the
website, registered users rate local restaurants. Updated ratings are displayed on the
homepage and ratings are updated in real time. Right now, the website is not very
popular but your client is hopeful that it will grow over the next few weeks. The client
wants high availability for his website. Currently, the architecture consists of a single
Windows server 2008 R2 web server and a MySQL database on Linux. Both reside inside
an on premise hypervisor. What would you do to transfer the application to AWS,
ensuring high availability and performance?

Your organization’s infrastructure is on AWS. You are facing trouble in maintaining
session states on some of your applications that are behind an ELB. You are noticing
that the distribution of your sessions across ELB is not even. What is the
recommendation of AWS to rectify the issue that you are facing?

One of your team members configured a VPC with two public subnets in separate AZs
and two private subnets in separate AZs. Each public subnet AZ has a matching private
subnet AZ. The VPC and subnets are configured properly. You notice that there are
multiple webserver instances in the private subnet, and you have been charged with
setting up a public-facing ELB which will accept requests from the clients and distribute
those to instances. How will you set this up without making any significant changes in
architecture?

You are deploying an EC2 instance for the first time using the AWS management
console. You have chosen your AMI and your instance type and now have come to the
screen where you configure your instance details. You need to decide whether you want
auto-assign public IP or not. You know that you can assign an Elastic IP address to the
instance later. Why would you prefer an EIP over a public IP address?

You are required to design a storage layer for an application with a disk performance
requirement of at least 100,000 IOPS. Also, the storage layer must be able to survive the
loss of an individual disk, EC2 instance, or an AZ without any loss of data. The volume
must be having a capacity of 3 TB. Which of the following designs will best meet the
requirements?

You have an EBS root device on /dev/sda1 on one of your EC2 instances. That very
instance is causing trouble and you want to Stop/Start, Reboot, or Terminate this
instance but you do not want to lose any data that is stored on /dev/sda1. How would
each change of instance state effect the data?

You are required to leverage VPC, EC2, and SQS to implement an application that
submits and receives millions of messages per second to a message queue. Ensure that
your application has bandwidth between your EC2 instances and SQS. Which of the
below options will provide the most scalable solution for communication between your
app and SQS?

You have hosted multiple applications in a VPC. During monitoring, you notice that
multiple port scans are coming in from a specific IP address range. The internal security
team has requested that all offending IP be denied for the next 24 hours. What would
you do to quickly and temporarily deny access from the specified IP address range?

In your organization infrastructure, two EC2 instances are inside a VPC in the same AZ
but in different subnets. One instance is running an application and on the other, a
database that the application communicates with. To make the application work
properly, you need to ensure that both the instances talk to each other. Form the
following, which two things need to be confirmed in the VPC settings so that both the
instances can communicate inside the VPC?

You deployed an application for a client on AWS through which users access RDS. The
multi-AZ feature is enabled with MS SQL RDS DB. During a planned outage, how do
you think AWS will ensure that switching from DB to a standby replica will not affect
access to the application?