AWS Certified Solutions Architect Professional Practice Questions Part 6

A company uses an application in which the user upload files from mobile devices
to directly S3, and they can be also able to download their uploaded files from S3. Now
they need to securely manage millions of user and also when new user register itself on
the application what server-side application did. How they meet the requirement?

An enterprise needs to use IPSec tunnel for connecting on-premises tunnel to AWS.
What are the benefits they get from this? (Choose any 2)

A company has instances in public subnet that downloads patches from the internet
in addition to serving clients on normal HTTP protocol. Now they need that only
serving protocol and URL’s listed are able to get patches from instances. Then how you
as solution architect provide a solution for this?

A company needs a reliable and durable logging solution for trace out the changes
made on AWS account. In this logging, the data integrity and confidentiality must be
important. Then how you as solution architect provide a solution for this?

A company has an application which has multiple web servers, but they need that
traffic should be evenly distributed then how they do this?

An enterprise has multiple components on a single application, and they are hosted
on EC2 instances, but because of some confidentiality reason, they want separate SSL
certificates for separate modules. How you as a solution architect meet the requirement
in a single instance?

A company has an application which is designed to connect to different aviation IT
department, hotels with their public Wi-Fi hotspots and anywhere on the internet but
you do not want to publish this application on the internet. How you as solution
architect professional meet the requirements?

The company has a website which will fetch and display sensitive information to
users. The amount of traffic the site will receive is known and not expected to fluctuate.
The site will leverage SSL to protect the communication between the clients and the
web servers. Due to the nature of the site you are very concerned about the security of
your SSL private key and want to ensure that the key cannot be accidentally or
intentionally moved outside your environment. Additionally, while the data the site will
display is stored on an encrypted EBS volume, you are also concerned that the web
servers’ logs might contain some sensitive information; therefore, the logs must be
stored so that they can only be decrypted by employees of your company. Which of
these architectures meets all of the requirements?

A company has an application in multiple AZ in a single region. In case of failure,
the RTO must be less than 2 hours and RPO is 15 minutes. The client now realize that
corruption of data occurred roughly 1.5 hr ago then how you as solution architect use
DR strategy to meet the RTO and RPO in kind of failure?

An enterprise uses Direct Connect between AWS and on-premises location.
Currently, the application is hosted on the on-premises location and experience a high
latency while using S3. How you as solution architect minimize latency to S3?

An entrprise has a legacy application that needs to migrate on AWS. It works on
TCP protocol. They need that application must have scalability and record Client IP
that are using application. How you achieve the given requirement?

A company needs to add instances in a placement group of instances, but they
receive an error of capacity then how they overcome this issue?

A company has an application which has files on which input stream is analyzing is
done and for each file, some data is written on an output stream. The number of the
input file is increasing daily and concentrated in a few hours of the day. An application
is hosted on EC2 instance with large EBS volume, but the result took 20 hours per day
for completion. How you as solution architect reduce that elaboration time and
improve availability?

An enterprise has an application on cloud, and they observed some SQL injection
attacks against application then how you as solution architect mitigate the attack in a
cost-effective and scalable way?

A graphic design company wants to move its system to AWS for more scalability.
250 registered customers of the company use several FTP servers to upload and
download large graphic files. This movement should be cost-effective and customer
privacy should be maintained. What would be your suggested AWS architecture?

A company that is running a 2-tier web application in its on-premises data center;
is experiencing infrastructure failures for the past several months. The failures have
caused significant financial losses. They have decided to move to the cloud. The key
requirement is disaster recovery. The Recovery Time Objective (RTO) should be four
hours and Recovery Point Objective (RPO) can be one hour or less. The implementation
time of the solution is two weeks with a 20 MBps internet connection and a database of
200 Gb. How would you do it with minimized cost?

Using the provider’s SDK, your mobile app authenticates users with IdP (Identity
Provider) in Amazon Cognito. Once the user is authenticated, Cognito receives 0Auth
or OpenID connect token. Now, which of the following is returned to the user providing
temporary, limited-privilege AWS credentials?

To make sure that the traffic is evenly distributed to EC2 instances that are
registered with an ELB in multiple AZs, which of the following should be used?

An enterprise application consisting of several web and application servers and an
Oracle database of size 50 GB needs to be deployed on AWS. The information is stored
in both, database and file systems of several servers. The backup system must have the
ability of DB recovery, server and disk restore, and individual file restore. The recovery
time should not be more than two hours. For RDS Oracle database, which backup
architecture will meet these requirements?

An application is deployed on an EC2 instance. To allow the application to write
data to a DynamoDB table, which of the following items are required? (Choose 3)

You are required to create connectivity between your data center and AWS. The EC2
instances of your application must have the ability to connect to your backend
resources in the data center. The network traffic between the two will start small, but
will be increased to 10s of GBs/second in a few months. The application can only
succeed if it gets in the market quickly. What design option will meet the requirement?

You are running an application on AWS. The application needs to access your on
premise LDAP server. The on premise location and VPC are connected through an IPSec
VPN. To authenticate each user, which of the following are right options for the
application? (Choose 2)

Your organization is planning to setup a management network on AWS. They are
trying to secure the web server on a single VPC instance in a way that it allows the
internet traffic as well as the back-end management traffic. You are required to ensure
that the back-end management network interface can receive the SSH traffic only from
a selected IP range, while the internet facing web server will have the IP address that
can receive traffic from the internet. How will you achieve the requirement on a single
instance?

For AWS Data PipeLine, which of the following services can be used to define alarms
to trigger on a certain activity?

Within the same region, across multiple AZs, you have a cluster of EC2 instances
running. To make sure that all the instances communicate with AWS services without
any bandwidth restrictions and also perform with the highest network performance,
low latency and jitter? (Choose 3)

Your company wants to monitor the read and write metrics for their MySQL RDS
instance. How will you accomplish the task of sending real time alerts to the operations
team? (Choose 2)

An application that will support multiple device platforms needs to be hosted on
AWS behind an ELB. Each device platform will need separate SSL certificates assigned
to it. How will you fulfill this requirement?

You created a bucket named mybucket.com for static website hosting. You enabled
website hosting with an index document of index.html and left the error document as
blank. Clicking on the endpoint of your bucket, you received a 403 Forbidden error. You
then changed the CORS configuration on the bucket so that everyone has access, but
still, you keep receiving the same error. To make the endpoint accessible for everyone,
what additional steps need to be taken?

Amazon S3 encrypts your data at the object level as it writes it to disk in its data
centers and decrypts it when you access it. There are a few different options depending
on how you choose to manage the keys for encryption. One of these options is called
SSE-S3 (Server Side Encryption with S3 Keys); which of the following methods describes
the working of SSE-S3?

You deployed a website using Elastic BeanStalk with log rotation to S3 enabled. For
periodic analysis of the logs, an Elastic MapReduce job is in place to build a usage
dashboard that you share with your CIO. For performance improvement, you have
recently used CloudFront for dynamic content delivery and your website as origin. Now,
your dashboard is showing dropped traffic on your website. How will you fix your usage
dashboard?

Your video transcoding application is running on EC2. Before running the
transcoding process, each instance polls a queue to find out which video to be
transcoded. In case of interruption, the videos are transcoded by another instance based
on the queueing system. You have a large backlog of videos that need to be transcoded,
you are going to add more instances to reduce this backlog. These instances will only
be required until the backlog is reduced. To reduce the backlog, which type of EC2
instances you would choose to do this in the most cost effective way?

How can you pass a custom script to a new Amazon Linux instance that is created
in your auto scaling group?

How can data be secured on an EBS volume at rest?

Your company runs an ad-supported website for sharing photos. The photos are
served to customers using S3. You found out that other websites are linking to the
photos on your site. This is a loss to your business, what is the cost effective method to
mitigate this?

Your manager is annoyed about the fact that his SNS subscriptions are now
cluttering up his email inbox. How can he stop receiving the emails from SNS without
disturbing other users’ ability to receive notifications from SNS? (Choose 2)

A customer implemented AWS storage gateway with a gateway-cached volume at
his office. An event takes the link between the main and branch office offline. How can
you enable the branch office to access their data? (Choose 3)

You have a web application hosted on your on-premises location. There is an adcampaign in progress and chances are that the traffic on web will increase. The
company is not ready to move the website to AWS. Which of the following scenario will
provide full site functionality, while helping to improve the ability of your application
to take the influx of traffic in the short timeframe required?

You have hosted multiple applications in a VPC. During monitoring, you notice that
multiple port scans are coming in from a specific IP address range. The internal security
team has requested that all offending IP be denied for the next 24 hours. What would
you do to quickly and temporarily deny access from the specified IP address range?

Three S3 buckets “mycompany.com”, “downloads.mycompany.com”, and
www.mycompany.com are in your AWS account. You uploaded the files, enabled
website hosting, specified both of the documents for website hosting, and set the “Make
public” permission for the objects in each of the S3 buckets. You only need to create
Route 53 aliases for the buckets now. Your end users will test your website by browsing
http://mycompany.com/error.html, http://downloads.mycompany.com/index.html,
and http://www.mycompany.com. What do you think the testers will encounter?

To store data in your application, you use DynamoDB. For a table named “Users”,
you set “UserId” as its primary key. Sometimes, you need to query the table by
“UserName” which cannot be set as primary key. What changed are required on this
table so you can query using “UserName”?

For your six EC2 web application instances in uS-west-2, you have created an ELB
with duration based sticky sessions enabled. For high availability, there are three
instances in AZ1 and the other three are in AZ2. For load testing, you set up a tester
software in AZ2 to send traffic to the ELB. Also, there are several hundred users
browsing the ELB’s hostname. After a while, you notice that the user’s sessions are
evenly spread across the instances in both AZs, but the traffic from the tester software
is hitting only the instances in AZ2. What can you do to resolve this problem? (Choose
2)

Which section of the CloudFormation template would you modify to fire up
different instance sizes on the basis of environment type(Dev/Staging/Production)?

Your ELB is associated with an auto scaling group. You are noticing that the
instances that were launched via the auto scaling group are being marked unhealthy
due to an ELB health check but these unhealthy instances are not being terminated.
What would you do to ensure the termination and replacement of the instances that
are marked unhealthy by the ELB?

You work for media company that produces new video files every day with a total
size of 100 GB after compression. Each file has a size of 1-2 GB and need to be uploaded
to your S3 bucket every night in a fixed time window between 3 to 5 AM. Currently it
takes almost 3 hours to upload by using less than half of the bandwidth available. What
would you do to ensure that the file upload completes in the allotted time window?

You have two EC2 instances within a VPC in the same AZ but in different subnets.
One instance is running a database and the other instance is running an application
that interfaces with the database. You want to confirm the communication between
these instances to make your application work properly. What should be done in the
VPC settings to ensure the communication? (Choose 2)

What will happen to RDS multi-AZ deployment if the primary instance fails?

You need to manage an application inside a VPC that has hard-coded IP addresses
in its configuration. You are asked to design a mechanism that will allow the application
to failover to new instances without the need for configuration? (Choose 2)

A user is trying to save cost on the AWS services. Which of the following options are
not correct for cost saving?

The team is very excited to use AWS because now, they will have access to
programmable infrastructure. You are required to manage the AWS infrastructure in a
manner similar to the way you might manage your infrastructure code. You want the
ability to deploy exact copies of different versions of your infrastructure, stage changes
into different environments, revert back to previous versions, and identify what
versions are running at a particular time. Which of the below options meets this
requirement?

You have recently set up AWS infrastructure with large EC2 instances that are used
to create JPEG files and store them on an S3 bucket. These instances occasionally need
to perform high computational tasks. After close monitoring you see that the CPUs of
these instances remain idle most of the time. How will you ensure better utilization of
resources?