AWS Certified Solutions Architect – Professional Practice Questions Part 2

A new mobile application that handles analytics workloads on large-scale datasets that are stored on Amazon redshift has just been developed. Consequently, the application wants to access Amazon Redshift tables. To access the tables, Which of the following methods would be the best, both security-wise practically and practically?

Your company has HQ in Edo and branch offices everywhere the planet and is employing a provisioning code with a multi-regional preparation on AWS in Japan, Europe and the USA. The logistics software has a 3-tier architecture and currently uses MySQL 5. 6 for information persistence. Own database is deployed by Each region. In the HQ region, you run associate degree hourly batch method reading information from each region to figure cross-regional reports that square measure sent by email to all or any offices. The batch process must be complete as fast as possible to optimize logistics quickly. How do you build the data style therefore on fulfill the wants?

The manufacturing based company is using SAP s/4 HANA as part of its digital transformation journey. They have deployed SAP s/4 HANA on AWS for better performance and to get the cost benefits. The On-prem network is connected with AWS via AWS Direct Connect with a 500 Mbps Connection. Currently, 600 employees access the SAP Application using SAP GUI on their local computers from various locations. They are facing latency issues in uploading and downloading the data using SAP GUISAP Admin is also facing challenges to maintain the same version of SAP GUI in all Systems. The company wants to overcome this issue very quickly. What must they do?

A company needs to configure a NAT instance for its internal AWS applications to be able to download patches and packages software. Currently, they are running a NAT instance that’s victimization the floating information processing scripting configuration to form fault tolerance for the NAT. The NAT instance must be designed with fault tolerance in mind. What is the best way to configure the NAT instance with fault tolerance?

Your company has received to contract to augment a legacy enterprise file sharing system for a large media house. As of now, the company is using an on-premises private file sharing solution that is integrated with its directory service and uses a web-based intranet application to share files. With growing remote workers, the corporate desires support for mobile devices so remote workers will work offline additionally. Please counsel a sound choice to creator the system with given needs.

You have a legacy application running that uses an m4 large instance size and cannot scale with autoscaling, but only has peak performance 5% of the time. This is a large waste of resources and cash thus, your senior Technical manager has set you the task of trying to reduce costs while still keeping the legacy application, having lesser memory requirements, running in the long-term as it should. Which of the following will best accomplish you?

Your company is running a microservice-based application. They are using DynamoDB to store the data and AWS API Gateway for managing the Rest APIs. They are also using Lambda non-proxy integration. The development team recently made a change to one Rest API method. After that, the API does not seem to work as expected. You have been asked to troubleshoot the matter. Which one is the correct statement?

You square measure a technologist and are making a brand new internet service in AWS. You have been asked to troubleshoot the service is concerning daily schedules wherever finish users square measure able to set up and fetch.. It contains an angular Js front end that deals with data in a DynamoDB table called “UserScheduleData” with read and write permissions. You plan to use API entryway and Lambda to handle the backend service. During development, you also need to do integration testing frequently using curl for the API endpoints. You have created a role “ScheduledRoleambda” for the lambda itself. What below options should you perform to make sure that the lambda contains the necessary permissions in the service role? (select 2)

Your company is running an e-commerce applications in On-prem. Your CIO has asked you to build a highly available, low-cost, and easy solution to quickly understand the user pattern. How are you going to design the solution on AWS?

You are building a mobile application game. The application desires permissions for every user to speak and store information in DynamoDB tables. What is the simplest technique for granting every mobile device that installs your application access to DynamoDB tables for storage once required?

In an attempt to cut your accounts manager has come to you and tells you that he thinks that if the company starts to use consolidated billing that it will save some money. He also wants the billing set up in such a way that it is relatively simple, and it gives insights into each of the VPC environments regarding the utilization of the corresponding VPC resources. Which of the following setups would satisfy your account manager’s needs?

Your company is developing a mobile application. It has been hosted in the AWS Mumbai region. Users can upload the images in the app from any part of the world. Images are getting stored in an S3 Bucket called “test”. Recently you have got enforced the S3 transfer Acceleration to boost the performance of image transfer. Which one of the following is NOT true about the S3 transfer Acceleration?

A startup company is coming up with an Associate in the Nursing application that must handle Associate in Nursing’s surprising quantity of load and allows site visitors to read data from a DynamoDB table, which contains the results of an online polling system. At any given time, as several as five,000 requests have to be compelled to be handled by the appliance. The company has a restricted budget. How can this application be developed most cost-effective?

You are migrating an existing application to the AWS cloud that would be communicating with EC2 instances in the VPC. You need to form this application extremely offered. The application currently relies on hard-coded hostnames for communication between the various tiers. You have migrated the application and configured multi-tier using the internal elastic load balancer for serving traffic. The load balancer hostname is “demo-app.us-east-1,elb.amazonaws.com”. The current hard coded hostname in your application for internal communication between your multi-tier application is “demolayer.example.com”. How can you architect a solution for high availability?

When it comes to KMS, which of the following best describes how the AWS key Management Service works? Choose the right answer from the choice below;

Your company is planning to move to an existing portal to AWS. Currently, it is running on-premises. It is a 5-year-old portal developed on Java and MySQL 5.6. Your company is looking to dockize the application and deploy it in a highly available environment in AWS. You also need a serverless compute engine for containers so that you do not need to provision and manage servers. Which of the subsequent strategies is that the most suitable?

You have acquired a new contract from a client to move all of their existing infrastructures onto AWS. You notice that they are running some of their applications using multicast, and they need to keep it running as such when it is migrated to AWS. You discover that multicast is not obtainable on AWS, as you can not manage multiple subnets on one interface on AWS, and a subnet will solely belong to 1 hardiness zone. Which of the subsequent would change you to deploy inheritance applications on AWS that need multicast? (Select 2 options)

A company has three accounts under consolidated billing. “Production” is the payer account, and “development” and “stagging” are linked accounts, and they have reserved instances sharing enabled between them. The development account has purchased 3 reserved instances with an instance variety of m4.large in availableness zone us-east-1a. However, no instance is running on the event account. However, it has five m4.large instances running in the stagging account the availability Zone 1a. Who can receive the benefit of the reserved instance pricing?

A Ruby on Rails content management platform is developed by a company. Currently, OpsWorks has several stacks for dev, staging, and production to deploy and manage the application. Now, the corporate needs to start out exploiting Python rather than Ruby. How should the company manage the new deployment so that it should revert back to the recent application with Ruby if the new preparation starts adversely impacting the present customers?

Your application has very high traffic. So you have enabled autoscaling in a multi-availability zone to suffice your application’s needs. But you observe that one in every of the provision zones is not receiving any traffic. What can be wrong here?

A company that has hired a third-party security auditor needs read-only access to the required AWS resources and logs of all VPC records and events that will occur on AWS. How can the company meet the auditor’s requirements without compromising the security in the AWS environment?

After configuring a whole site CDN on CloudFront, you receive the following error.
“This distribution is not designed to permit the HTTP request technique that was used for this request. The distribution supports only cachable requests”
What is causing the above error?

You are running a financial application on an EC2 instance. Data stored in the EBS volume is critical, and you want to make it fault-tolerant. Which of the following options provides the most fault-tolerant configuration?

A company is running a MySQL RDS instance within AWS. There is a new requirement for disaster recovery to export data from the AWS production RDS instance to an on-premises data center. What is the secure and cost-effective way of performing this replication?

You currently have 9 EC2 instances running in a Cluster placement group. All these 9 instances were at first launched at an equivalent time and perceived to be performing arts evidently. You decide that you just have to be compelled to add 2 new instances to the cluster. However, once you plan to try this, you receive a ‘capacity error’. Which of the following actions will most likely fix this problem?

A company has two batch processing applications that consume financial data about the day’s stock transactions. Each transaction needs to be stored durably, and the order of transactions needs to be warranted in order that the charge and audit methoding|execution|instruction execution} applications will process the info. The billing applications firstly process the transaction information, and after several hours, the audit application access to the same data. After the dealings info for the day is processed, the data must not be held on. What is the best way to architect this application so that the above requirements are achieved?

You are setting up a video streaming service with the main components of the setup being S3, CloudFront, and Transcode. Your video content square measure planning to continue AWS S3, and it have to be compelled to entirely be viewed by the subscribers’ World Health Organization have noninheritable the service. Your first job is to upload 10 videos to S3 and ensure that they are secure before you even begin to start thinking of streaming the videos. The 10 videos have simply finished uploading to S3, therefore you currently have to be compelled to secure them with coding at rest. Which of the following would be the best way to do this?

A company is considering integrating its on-premises resources with AWS in a hybrid architecture without any security threats posed by the internet. Their goal is to run the customer-facing data collection processes in AWS. They have to transfer a huge volume of data from their on-premises environment to the EC2 instances running in an AWS VPC (with the data being stored in the volumes of the EC2 instances) daily using a high bandwidth connection which may save costs too. How can this be accomplished?

A multi-tier application is being hosted on a single EC2 instance in a VPC without an ELB. You have been instructed to set it up with separate SSL certificates for each tier. Which of the following would be the best method to achieve this while leaving the application running on a single EC2 instance?

You are operating as an authority for an organization planning a brand new hybrid design to manage part of their application infrastructure. They require a low latency and high consistency traffic to AWS. The company is looking to keep costs as low as possible and is willing to accept slow traffic in the event of primary failure. Given these requirements, how would you design a hybrid architecture?

You have a massive social networking application that is already deployed on the N. Virginia region (with newly created key pairs) with around 100 EC2 instances. You want to deploy you application to multiple regions for higher availableness. You do not want to handle multiple key pairs and reuse existing key pairs for the N. Virginia region. How will you accomplish this?

To review security processes and configurations for all of a company’s AWS accounts, A third-party auditor is being brought in. Currently, the company does not use any on-premises identity provider. Instead, they rely on IAM accounts in each of their AWS accounts to all AWS resources for each AWS account. The auditor has an IAM user in his AWS account. Given the requirements, what is the most secure and easiest method for architecting access for the security auditor?

An auditor desires access to logs that record all the API events on AWS. The auditor only needs read-only access to each AWS account. The company has multiple AWS accounts, and also the auditor desires access to all or any of the logs for all the accounts. What is the best way to configure access for the auditor to view events logs from all accounts?

A worker unwittingly keeps terminating EC2 instances on the assembly atmosphere. You want to restrict the user from terminating the production instances or add an extra layer of defense before he tries to do that next time. Which of the subsequent choices area unit suitable? (Select 2).

A company is managing a customer’s application that presently includes a three-tier application configuration. The first tier manages the web instances and is configured in a public subnet in an AWS VPC. the second layer is the application layer. As a part of the applying code, the applying instances transfer massive amounts of information to Amazon S3. Currently, the private subnets that the application instances are running on have a route to a single t2.micro NAT instance. The application, throughout peak hundreds, becomes slow, and client uploads from the applying to S3 aren’t finishing and taking an extended time. Which steps might you take to solve the issue using the most cost-effective method?

A company has employees who need to run internal applications that access the company’s AWS resources. These employees already have user credentials in the company’s current identity authentication system, based on their roles, supported by SAML.2.0. How should the SSO setup be designed? (Select 2)

You have designed a mobile application that serves information hold on in the associate Amazon DynamoDB table. Your primary concern is the scalability of the application and the ability to handle millions of visitors and data requests. As an area of your application, the consumer needs access to the data set among the DynamoDB table. Given the appliance needs. What would be the best method to design the application?

Singapore-based college is closed due to covid 19. College wants to continue online classes. They are also looking for a solution to offer college0based applications/software/labs to students easily. What device-agnostic solution for all college students will you suggest?

A client has established an associate AWS direct Connect affiliation to AWS. The link is up, and the routes area unit is being publicized from the customer’s finish. However, the customer cannot connect from EC2 instances inside its VPC to servers residing in its data center. How can this be resolved? ( select 2)

You are setting up a website for a small company. This website serves up pictures and is extremely resource-intensive. You have determined to serve the photograph’s victimization CloudFront. There is a demand tho’ the content domain and will work with https. What can you do to ensure their requirements are fulfilled? (Select 2)

Your company is developing a Serverless application with Lambda Proxy integration in API Gateway. Coaching is also used for the Rest APIs. Your company is worried about the security of the APIs. Which of the following security considerations should you NOT recommend for your application? (Select 2)

The japan-based fintech company is running applications in AWS. This is mission-critical applications, and they want to analyze the application logs using Amazon Redshift. The applications forward the logs to a Kinesis Data Firehose. What do you suggest to send the records from Kinesis Data Firehose to Redshift?

Your superior tells you of a client who needs a two-tier web application that is publicly accessible and configured on AWS. The most important requirement is that MySQL must be used as the database, and it must be configured at the client’s location in the most secure fashion. Which of the following solutions would be the best to ensure that the client’s requirements are met?

Regarding encryption on data stored on your database, namely Amazon RDS, which of the following statements is true?

Your company has built a workload management solution for a deepwater drilling company. The application sends the workload detail before each shift starts. Due to the recent change in the regulations, there has to be a working file that needs to be sent to each shift manager at the time of shift start. As per the requirements, the file can only be accessed by the target user, and it should only be allowed to access within a given shift timeline and needs to be password protected as well. Because there’s a concise point in time, the management has tasked you to return up with a reliable, secure, and efficient resolution.

Your security officer has told you that you just got to tighten the work of all events that occur on your AWS account. He needs to be able to access all events that occur on the account across all regions quickly and within the simplest doable manner. He also wants to make sure that he is the only person who can access these events in the most secure way possible. Which of the following would be the best solution to assure his requirements are met?

You have created a short-lived application that accepts image uploads stores them in S3, and records data regarding the image in RDS. After building this design and acceptive pictures for the period needed, it’s time to delete the CloudFormation example. However, your manager has informed you that the RDS data needs to be stored, and the S3 bucket with the images needs to remain for archival reasons. Your manager has also instructed you to ensure that the application can be restored by a CloudFormation template and run year during the same period.

Knowing that once a CloudFormation example is deleted, it’ll take away the resources it created. What is the best method to achieve the desired goals?

BCJC is running Oracle DB workloads on AWS. Currently, they are running the Oracle RAC (Real Application Cluster) configuration on the AWS public cloud. Are you being tasked with configuring snapshots to become backups eventually?

You have multiple EC2 instances in three availability zones (AZs), with a load balancer, however, the team members have little experience with Lambda. Which of the below options can NOT help the team?

You are launching your first Elastic cache Cluster and start using Memcached. Which of your following requirement is NOT supported by Memcached?

A new client may use your company to move some of their existing datacenter applications and infrastructure to AWS. You need to supply the initial associate scope to the present attainable one shopper. One of the things you notice concerning the existing infrastructure is that it has a few legacy applications that you are almost certain will not work on AWS. Which of the following would be the best strategy to employ regarding the migration of these legacy applications?

A very big company has provided financial consulting services to end-users. It uses the traditional MySQL database inside EC2 t2.medium instances that primarily alter inheritance services. As a business grows, read contention is becoming more and more frequent for the database. The AWS architect suggests using Aurora to scale up and ease the read contention issue? (Select 3)

You have been given the task of designing a backup strategy for your organization’s on-premises storage, with the only caveat being that you must use the AWS storage gateway. There is no requirement for the file protocol. Which of the following is the correct/appropriate statement surrounding the most cost-effective storage strategy?

Your company has an e-commerce platform that is expanding all over the globe. You have EC2 instances deployed in multiple regions. You want to monitor the performance of all these EC2 instances. How will you set up CloudWatch to monitor EC2 instances in multiple regions?

What will the below custom IAM policy achieve?

{
“version”:”2012-10-17”,
“statement”:[
{
“Sid”:”VisualEditor0”,
“Effect”:”Allow”,
“Action”:[
“ec2:Terminateinstances”.
“ec2:Startinstances”.
“ec2:Runinstances”.
“ec2:Stopinstances”.
]
“Resource”:”arn:aws::ec2:*:*:instance/*”
},
{
“Sid”:”VisualEditor1”,
“Effect”:”Allow”,
“Action”:“ec2:Describeinstances”.
“Resource”:”*”
}
]