Free Assessment: AWS Certified Solutions Architect Practice Questions – Part 1 Copy

A solutions architect peered two VPCs (VPC A & VPC B); A as requester and B as accepter. Both the VPCs can communicate with each other. Now, it is required that the resources in both the VPCs can connect to the internet but, anyone on the internet should not be able to reach resources that are inside the VPC. What should be done?

An organization has a VPC (10.10.0.0/16) with two private and one public (10.10.1.0/24) subnets. Private subnet 1 (ps1 – 10.10.2.0/24) and private subnet 2 (ps2 – 10.10.3.0/24). Public subnet has the main route table, and the two private subnets have their route tables. The sysops team reported a problem which stated that the EC2 instance in ps1 is unable to communicate with the RDS MySQL database that is in ps2. Select all possible reasons for this problem.

As a solutions architect, for an organization, you have setup a VPC with CIDR range 10.10.0.0/16. Created an IGW and new route table, and added a new route with IGW as target and 0.0.0.0/0 as a destination. Also, you have created two subnets, one for public and the other for private and launched a Linux instance on a public subnet with Auto-assign public IP option enabled. After all this effort, when you tried to SSH the new machine, the connection got failed. What could be the reason?

Your company wants to upload files to S3 bucket privately through VPC. In your existing VPC, you already have a subnet and route table that contains a route to the NAT gateway. To fulfil the new requirement, you created VPC Endpoint for S3 and added same route table. Unfortunately, in the S3 server logs, you found out that the requests to S3 from an EC2 instance within the subnet that you have associated with the
mentioned route table are going to the internet through the NAT gateway. What is the possible reason?

An organization has a VPC with S3 VPC Endpoint that serves some S3 buckets. You were asked to create a new S3 bucket and reuse the existing VPC Endpoint to route requests to the new bucket. You performed the task, and then you found that the requests are failing with an “Access Denied” error. Select 2 reasons for this problem.

You want to download patches on an EC2 instance which resides in a private subnet inside a custom VPC. You created a NAT gateway and added a route to the route table. However, the connection getting timed-out when you are trying to download patches on the EC2 instance. Select 2 reasons for this issue.

You have been assigned with a task to build a solution for a web application that contains a web server and an RDS instance. The existing environment has a VPC with a private subnet and public subnet which has a route to the internet through an IGW. Provide the best and cost-efficient solution.

You are asked to build a group of EC2 Linux instances in your AWS environment to handle scheduled heavy workloads and write the data into AWS RedShift. All the stakeholders need to login to these instances to develop, fix and deploy workloads only within the organization’s network. Provide a secure and cost-effective solution.

You have a Bastion-host EC2 instance on a VPC public subnet. Assuming that the route  table is setup with internet gateway, what would be the minimal configuration that is required to for SSH request to work?

As an architect, your task is to transfer the data to S3 without going to the internet to comply with the security policies. Your network is connected to VPC through VPN, and the VPC contains S3 VPC gateway endpoint to access S3 through AWS internal network. The data to be transferred is on the organization’s network. Suggest the best possible method to get the required task done.

You have a VPC in your nearest AWS region, you have created VPC endpoint for S3 and added it to the main route table. You also upgraded your EC2 instance that is inside a subnet which is associated to the main route table. When requests generated to S3 from the upgraded instance, the connection got failed. The S3 bucket is in the same region. Select all possible regions for this issue

You have created three VPCs (A, B & C) and peered these three; A to B and B to C. You created a NAT gateway in VPC B and tried to use the same NAT gateway for resources that are inside VPCs A and C. You found out that, resources within A & C cannot communicate to internet through the NAT gateway, but resources inside B are communicating. Select the possible reason.

You have launched EC2 instances in two VPCs that are peered and tried to communicate through peering connection. From the given options, select the reason for request getting timed out

A trainee architect complained that he created a VPC with CIDR range 10.10.0.0/16 and a subnet with CIDR range 10.10.1.0/24. When he went to the VPC console subnets and looked at the newly created subnet, he could only find 251 IP addresses although /24 CIDR comes with 256 addresses. He hasn’t launched any resources in the VPC. What could be the reason behind this?

You are asked to setup a VPC and a private subnet, also a VPN connection with your company to communicate with the resources within the VPC. Your organization may require DNS names for some on-premise apps to communicate with VPC. You launched a new EC2 instance with the auto-assign public as disable but when the instance got ready, you notice that Public DNS name is missing, what will you do?

You are asked to build a new application that requires a combination of 20 EC2 instances. These instances should be kept inside a private VPC in a manner that the instances could communicate with each other, and receive requests from all other EC2 instances within the VPC, without receiving any traffic from the internet. The existing VPC is created with 10.10.0.0/24 CIDR range (256 IP addresses). All of these 256 addresses are consumed by eight subnets with /27 CIDR ranges. How would the newly required architecture be built?

You have setup two VPCs A and B with 10.10.0.0/16 and 10.11.0.0/16 respectively with a VPC peering connection. Select the correct route table configuration from the given options to make VPC peering work.

You have joined an organization, and you are facing this, a VPC setup with 40 routes
for different purposes such as VPC peering, VPN connections, NAT gateways with
different IP ranges. The IP range for the VPC is 10.10.0.0/16, and a number of teams are
working on the VPC to create subnets for their applications that need to have custom
route tables. The application custom route tables are associated with the main route table which also has an Internet gateway to act for the public subnet. For all that, at many times, teams forget to explicitly associate the custom route table to the subnets. This will implicitly associate with main route table that has the IGW which causes security concerns. When connections do not work as expected, it takes a lot of time to troubleshoot. You are asked to resolve this issue, select the solution from the following

As a solutions architect, how will you solve this issue?
An application team in your organization came to you and stated that requests from
an EC2 instance to an RDS in the same VPC are successful but getting timed out
when sent to another subnet. Claiming that the connections were working before.

You setup a VPC for your company with CIDR range 10.10.0.0/16. Multiple application teams use different subnets, and there are a total of 100 subnets being actively used. One of these teams who is using 50 EC2 instances in subnet 10.10.55.0/24 complains that they are facing network connection failures for almost 30 EC2 instances in any given period. What will you do to overcome this issue with minimal configuration and minimal logs written?

An S3 bucket is created in the region, us-east-1. The default “configure options” and “permissions” were not changed. Select the options that are not included in the default settings?

Which of the following are S3 bucket properties?

You created an S3 bucket in sa-east-1(Sao Paolo) while you are in the Asia Pacific. You kept the default settings for the bucket and deleted some objects by using AWS CLI. Still, when you tried to list the objects in the bucket, you still see the objects that you have deleted. You are even able to download those objects. What could be the reason for this?

You are asked to upload a large number of files to the cloud. These files should be immediately available across different geographical locations right after the upload is done. What will you do?

You are building an on-premise application and want the storage on AWS. Data must only be accessed via the application because there are relational logics in the application. Administrators should be able to access the data directly from AWS S3 console, bypassing the application. Select the best solution

You have created an S3 bucket in us-east-1 region with default configuration. You have uploaded some documents and wanted to share it with a group of users in your organization. What will you do?

Which of the following are valid statements for Amazon S3? Choose multiple options

You are asked to design a web application which stores static assets in a S3 bucket. The expected number of requests that could include Get Put and Delete is 6000. What will you do to make sure that the performance remains optimal?

You have an application running on EC2; when it tried to upload a 7 GB file to S3, the operation got failed. Select the reason and solution for this problem

You have launched an EC2 instance with a role that has GetObject permissions on the S3 bucket defined in its policy. An application is running on EC2 that stores the files in an S3 bucket. Authenticated users get pre-signed URLs for the files in the S3 bucket using EC2 role temporary credentials. After all that, users report that they get an error when accessing pre-signed URLs. What could be the reason? Select 2

Your organization stores confidential information in an S3 bucket, access is granted to some programmatic IAM users. These IAM users are restricted to generate requests inside your organization’s IP address range. In spite of that, it is noticed that there are requests from other IP addresses to download objects from S3 buckets. How will you find out the requester IP address?

An idea of web and mobile application is presented to you, these apps can upload 100,000 images into S3, and a sudden increase in volume is expected. As an architect, you are asked for a cost-effective solution. Is S3 suitable for this requirement? What information do you need to gather to make a decision? Choose 2

Which of the following are system metadata for objects in S3? (Choose 3)

Your organization is going through an audit, and it needs to log all the requests sent to
a group of 10 buckets. The data stored in the bucket is confidential, and it is required to meet compliance. The logs will also be used to check if any requests are coming outside the organization’s IP address range. Your application team enabled S3 server access logging for all the buckets into a common logging bucket named s3-server-logging. After a few hours, they are noticing that no logs have been written to the logging bucket. What could be the reason?

You build a web application for your organization where authenticated users can upload videos. These videos were to be stored in an S3 bucket. When you tested the application, you come to know that the requests to S3 are being blocked. What will you do to make the upload work?

You uploaded a file with content ‘name’ to your S3 bucket. Then you overwrite the file with content ‘phone’. You generate a GetObject request right after overwrite. What output are you expecting?

You created a bucket named “mybucket” in US west region. What are the valid URLs for accessing the bucket? (Choose multiple)

Select the minimum and maximum file sizes that can be stored to Amazon S3

Lots of application logs are written on an S3 bucket regularly. These are the only copies and are not replicated anywhere. The log files range between 10MB to 500MB in size and are not required frequently. To troubleshoot application issues, logs are required, and this happens once in a while. You are asked to make 60 days log available immediately when required, the record older than 60 days should be kept but is required only for reference, not on a regular basis. What solution do you have to keep the billing cost minimum?

You created a bucket 25 days ago, on the day you created this bucket; you uploaded a 1GB file. On day 15, you uploaded 5GB data to the same bucket. You also enabled versioning on this bucket. How will billing be applied to this scenario?

You have one versioning enabled S3 bucket. You accidentally deleted an object that has three versions. What will you do to restore the deleted object?

Your application writes its logs to a version-enabled S3 bucket. Each object has multiple versions. The app deletes the objects from the bucket through Delete API after 60 days. After all this, in the next month’s bill, you are charged for S3 usage. Why?

You have an application on EC2 which is uploading objects of sizes 10-20 GB by using multi-part upload to an S3 bucket. You want to notify a group of people that the upload is completed, but these people do not have IAM accounts. How will you notify them? (Choose 2)

An S3 bucket in us-east-1 is used to store video files for a video sharing website that is running on EC2 inside the US. The owners have decided to expand the website all over the world. After the expansion, customers from outside the US region started complaining that the upload, download and overall access to the web are very slow. You are hired to resolve this issue; what solution do you have?

Is it necessary to enable versioning for cross-region replication?

For a newly created security group, to allow SSH to connect to instances and communication between EC2 and EFS. Which of the following statements is correct?

Which of the following are characteristics of EFS? (Choose 2)

On an EC2 instance, you mounted EFS with default settings. Now, you are asked to  encrypt data during transit to comply with regulatory policies. How can encryption be enabled during transit?

Due to regulatory policies, your organization has asked you to encrypt the data that is stored on EFS, which is mounted on an EC2 instance with default settings. How will you enable encryption?

Khawar’s organization is planning on moving to the AWS Cloud. One of the applications will be launched on a set of EC2 Instances. He wants to confirm that the architecture is fault tolerant and highly available.
Which of the following would be considered during the design process.
Select any 2 from the following