Free Assessment: Aws Certified Solutions Architect Professional Quiz Part 2

Your organization is a big company. Your responsibility is to manage their AWS
account. They have 1000+ employees and it is required to provide access to various
services to most of the employees. What would you possibly do?

You work for a marketing research company. They have developed a tracking system that collects user behavior during web marketing campaigns on behalf of the customers all over the world. The system consists of an auto-scaled group of EC2 instances behind an ELB. And the collected data is stored in DynamoDB. After the campaign ends, the tracking system is torn down and the data is moved to Amazon RedShift, where it is used to generate detailed reports. Now, the ability is required to instantiate new tracking system in any region without any manual intervention, therefore you adopted CloudFormation. What needs to be done to make the AWS CloudFormation template work in any AWS region? (Choose 2)

You are implementing a customer’s on-demand video streaming platform on AWS. It
requires the ability to support multiple devices such as Android, iOS, and Windows as
clients using a standard client player. Key requirements for the architecture are
scalability and cost effectiveness. Which of the following architectures meets the
requirements?

You need to design security in your VPC. Consideration is to establish separate security
zones, and enforce network traffic rules across different zones to limit which instances
can communicate. How can this be done? (Choose 2)

You have a large EBS-backed EC2 instance in us-east-1a. For disaster recovery, you want
to create another instance in EU. How can you achieve DR?

Your junior is trying to launch an EC2 instance using CloudFormation and is planning
to configure an application on the launched instance. He wants the stack creation of
ELB and Auto-scaling to wait until the EC2 instance is launched and configured
properly. How can it be configured?

You have created a VPC with public and private subnets using the VPC wizard. CIDR is
20.0.0.0/16 for the VPC. Public subnet is using 20.0.1.0/24 CIDR. You have a plan of
hosting a web server in the public subnet with port 80 and a DB server in the private
subnet on port 3306. Which entries are required in the private subnet’s security group?

Your organization is planning to use AWS for their production roll out. They want to
implement automation for deployment in a way that it will automatically create a LAMP
stack, download the latest PHP installable from S3 and setup the ELB. Which of the
below mentioned AWS services meets the requirement for making an orderly
deployment of the software?

You work for a document storage company. They want you to deploy their application
to AWS and to change their business model to support both Free Tier and Premium
Tier users. The premium Tier users will be allowed to store up to 200GB of data and
Free Tier customers will be allowed to store only 5GB. It is expected that billions of files
will be stored. All users need to be alerted when approaching 75 percent quota
utilization and again at 90 percent quota use. How can you build this solution?

sing the VPC wizard, you created a VPC with CIDR 20.0.0.0/16. You created a public
subnet with CIDR 20.0.0.0/24 and a VPN only subnet with CIDR 20.0.1.0/24 along with
the VPN gateway – vgw-12345 to connect to your data center. The data center has CIDR
172.28.0.0/12. You also created a NAT instance (i-12345) to allow to allow traffic from the
internet for the VPN subnet. Considering this scenario, which of the following is not a
valid entry for the main route table?

Your organization is running an application in the US-West region and you are required
to set up DR failover to Singapore. The key requirement for your RDS multi-AZ DB
instance is low RPO. Which of the following is best suited for the requirement?

One of your customer enterprises needs to start migration to the cloud to achieve agility. They want to make their internal MS AD available to any applications running on AWS so that the users would only have to remember one set of credentials; and also, it will act as a central point of user control for leavers and joiners. How do you think they can make their AD secure, and highly available, with minimal infrastructure changes, and in the most time and cost effective way?

You work for a gaming company that has adopted AWS CloudFormation to automate
the load testing of their games. You have created a CloudFormation template for each
gaming environment that includes one for the load testing stack. The load testing stack
creates an RDS Postgre database and two EC2 web servers that send HTTP requests,
measure response time, and write the results into the database. Once the tests are
completed, the CloudFormation stacks are deleted immediately. For analysis, the
results in the RDS must remain accessible. How can you allow access to the test results
when the stack is deleted? (Choose 2)

You are required to move an E-commerce web app from a data center into a VPC. Faulttolerance and high scalability are must. Also, service interruptions should not affect the
user experience. When you were launching, you noticed that the application uses multicast to share session states between web servers. Which of the following would
you choose to handle session states within the VPC?

You have been hired for a public archives organization which is about to move a pilot
application running on AWS into production. You are required to analyze the
application architecture and give recommendations for cost-saving. The application
displays scanned historical documents. Each document is split into individual image
tiles at different zoom levels to improve responsiveness and ease of use for the end
users. At maximum zoom level, the average document will be 8000 x 6000 pixels in size,
split into multiple 40px x 40px image tiles. These tiles are batch processed by EC2
instances and saved into an S3 bucket. A browser-based JS viewer fetches tiles from the
bucket and displays them to users as they zoom each document. The average storage
size for all zoom levels of a document is approximately 30 Mb of JPEG tiles. Originals of
each document are archived in Amazon Glacier. The company expects to process and
host over 500,000 documents in the first year. What would you recommend? (Choose
3)

You need to deploy a web application that is composed of a front end running on EC2
and an S3 bucket to store confidential data. Your security policy requires that the allaccess operations to your sensitive data must be authenticated and authorized by a
centralized access management system which is operated by a security team. Also, the
web app team that owns and administers the EC2 instances is prohibited from having
the ability to access the data by bypassing the access management system. From the
following configurations, which one do you think will support these requirements?

You work for a large company that is ready to adopt CloudFormation for the automation
of administrative tasks and wants to implement the security principle of least privilege
and separation of duties. The following roles and tasks are identified in the
organization.
Network Admins: Create, modify, and delete VPCs, subnets, NACLs, route tables, and
security groups
Application operators: Deploy complete supplication stacks (ELB, ASG, RDS) whereas
all resources must be deployed in a VPC that is managed by the Network admins
Both groups must maintain their CloudFormation templates and should be able to
create, update, and delete only their own CloudFormation stacks. The company has
followed your advice of creating two IAM groups, one for apps and the other for
network. Both groups are attached IAM policies granting permissions to perform the
necessary tasks of each group as well as the creation, update, and deletion of the
CloudFormation stacks.
Which of the following statements represent valid design considerations for the given
setup and requirement? (Choose 2)

Your organization is migrating to AWS. A large number of developers and
administrators will need to control the infrastructure using the AWS management
console. The identity management team has planned to create a new directory for IAM
users of all employees. The employees are not comfortable to commit a new password
in memory. How will you satisfy both of the stakeholders?

Your organization runs a complex customer system that is made up of ten different
software components that are backed up by RDS. For simplification of management and
deployment, you adopted OpsWorks and created stack and layers for each component.
Your security policy requires that all the instances should run on the latest AMI and the
instances must be replaced within a month after the latest AMI has been released.
When AMI replacement is in progress, there should not be any capacity problems or
application downtime. You decided to write a script to run as soon as the AMI releases.
Which of the following options can fulfill your requirements? (Choose 2)

A user has created a mobile application that makes calls to DynamoDB to fetch data.
The application uses DynamoDB SDK and root account access and secret access keys to
connect to DynamoDB from mobile. What are the security best practices recommended
for such scenarios?

You are working as a solutions architect for a firm which has a multi-AZ infrastructure
running in a VPC. There is a plan of implementing a centralized custom dashboard on
the on-premises data center. The dashboard will be interacting with the multi-AZ
infrastructure. The data from multi-AZ will be pushed to the data center. You are
required to ensure less latency and good performance. How will you achieve this?

You are maintaining an application that is spread across multiple servers and incoming
traffic is balanced by an ELB. Through your application, users upload pictures.
Currently, each web server stores the image and the data between servers is
synchronized by a background task. You are noticing that the background task is unable
to keep up with the number of images uploaded. What change can you make so that all
the web servers have a place to store and read images at the same time?

You have launched an instance which is backed by instance-store in the us-east-1a zone.
You created the AMI # 1 and copied it to the eu-west-1 region. After all this, you made a
few changes in the us-east-1a zone. After the changes, you created AMI # 2. If you launch
a new instance I Europe from the AMI # 1 copy, which statement from the following is
true?

You are the architect of a new sharing mobile application. Users from anywhere in the
world, can see the news on the topics that they choose. Users can post pictures and
videos form within the application. Since the application is being used on mobile
phones, there should be stable connection for uploading content and the delivery
should be quick. Content is accessed a lot in the first minutes after it is posted but is
quickly replaced by new content before disappearing. The local nature of the news
means that 90% of the content is then read locally. What solution do you think will
optimize the user experience when users upload and view content?

YZ company has created an e-commerce site using DynamoDB and is designing a table
named Products that includes items purchased and the users who bought them. When creating a primary key for this table, which of the following can be selected as the best
attribute for a primary key?

Your application is using an ELB in front of ASG of web/application servers deployed
across two AZs and a multi-AZ RDS instance for data persistence. The CPU of the
database is often above 80% of usage and 90% of I/O operations are reads. For
performance improvement, you added a single node Memcached cluster to cache
frequent DB query results. In the coming weeks, the overall workload is expected to
grow by 30%. Do you need to change anything in the architecture to maintain high
availability, or the application with the expected load and why?

You need to write a CloudFormation template and want to assign values to the
properties that won’t be available until runtime. You can use intrinsic functions to do
this but you are not sure that in which part of the template these can be used. Which
of the following describes the use of intrinsic functions on CloudFormation template?

You have created an ELB and enabled duration-based sticky sessions and placed it in
front of your six EC2 web instances in us-west-2. There are 3 instances in AZ1 and 3 in
AZ2 for high availability. You set up a load tester software in AZ2 to send traffic to the
ELB and also let several hundred users to access the ELB’s hostname. After some time,
you noticed that the user’s sessions are spread evenly across both AZs, but the software’s
traffic is hitting only the instances in AZ2. What steps you should take to resolve this?
(Choose 2)

Your corporate web application is deployed within a VPC which is connected to your
data center through an IPSec VPN. The app must authenticate against the on premise
LDAP server. Once authenticated, the logged in users can access an S3 key space specific
to the user. (Choose 2)

If an organization and its competitor both host their EC2 instances on the same physical
host, now the organization is concern about that its competitor that they easily hacked their data. How as a professional solution architect you make organization relax about
that?

Consider if the organization has a heritage application attached to a single MAC
address. When EC2 instance fails and new instance launch as a replacement it will
assign with new MAC address. How as a professional Solution Architect you can provide
a solution so it will maintain a single MAC address for EC2 instance?

If a company use batch processing mechanism and use SQS for setup of message queue
between EC2 instances, here, EC2 instances are the batch processor. In this mechanism,
it uses CloudWatch for monitoring of messages in the queue and auto-scaling group for
addition, and deletion of batch processor means EC2 instances on the basis of
CloudWatch alarms set as a parameter. How as a professional solution architect you
can implement this from given features in cost effective and efficient way?

If you developed Ruby application and currently multiple stacks on OpsWorks are used
to deploy and manage the application. Now you want to use Python instead of Ruby.
Then how you will be able to manage the application in such a way that if you want to
shift back to the old application with Ruby in case of negative impact on existing
customer because of the new deployment.

A company has an application with multiple components, and it is hosted in a single
EC2 instance in VPC with no ELB. Now there is a need to create two SSL’s for each
component then how they achieve this by using a single EC2 instance?

A company lost its file on EC2 instance, and now they need to restore files, and for that
purpose, they hire you as a solution architect now your task is to create file level restore
on EC2 instance. They give you access of all frequent snapshots of EBS volume. Now
you need to restore file on EC2 instance within 10 minutes after the loss of information
is reported. The recovery point objective for that purpose is several hours then how you
achieve this?

An organization wants to download patches and package software, and for that
purpose, they need to configure NAT instance in its internal application. Currently, the
NAT instance with the configuration of floating IP scripting is used to build fault
tolerance for NAT. Then how as a professional solution architect you can configure NAT
instance for its demand with fault tolerance?

A company uses WAF to remove DDoD attacks which are mostly the application layer
to target web applications that are with low traffic volume. WAF is used as
infrastructure part, to check out all HTTP request you put WAFs parallel with
application traffic. Now the WAFs become the hurdle, and now you want to run
multiple WAFs depending upon the specific traffic spikes, and for that purpose, you can
use WAS sandwich. Then from given option which on is the best answer to define WAF
sandwich?

A company uses CloudFront for distributing content, and they configured whole site
CDN, but they are receiving this error: “This distribution is not configured to allow the
HTTP request method that was used for this request. The distribution supports only
cachable requests”. What was the reason of this error?

An organization needs to review the security process and configurations of all its AWS
account. Currently, they are not using on-premises identity provider. They use IAM
accounts on each of its AWS accounts. For reviewing purpose, they hire a person and to whom they only want to give read access on all resources of each AWS account.
Which is the best option to achieve this?

An organization needs to use Microsoft active directory for its newly deployed AWS
services. For this purpose, they require to set up an active directory service. As a solution
architect professional you have three options to set up active directory service, and for
this purpose, you want organization more information. As per organization, they serve
1000 users on its AD service and also want to use existing on-premises directory with
AWS. How you achieve this?

A company has its inherited application that runs on the m4.large instance, and it
cannot be able to scale via auto-scaling. The peak performance of the application is 5%
of the time so because of not a very large use of resources the resources are wasted so
how as a professional solution architect you solve this problem?

A company needs to use AWS KMS service for encryption and decryption of data along
with key protection. Which definition define KMS in the best way?

A company needs something for video streaming and for that purpose they use S3,
Transcoder, and CloudFront. Now they need to store 8 videos to S3 that is only visible
to that client who paid for this service. Once they finished uploading of files, they need
to secure these files at rest with encryption. How you achieve this as professional
solution architect?

A client has three-tier application in its first tier there is web instance which is in public
subnet, the second tier is the application layer. As a part of application code application
instances upload heavy amount of data to S3. The application instances which are in
private subnets have a route to single NAT t2.micro instance. In the case of peak load,
the application becomes slower, and uploading of images to S3 is not even completed
and took a long time. How as a solution architect you solve this problem in cost effective
way?

An organization wants to create a mobile application. Application work with
DynamoDB as backend and JavaScript as frontend. When you use the application, you
observe some hits in DynamoDB area. How you as solution architect solve this in a costeffective and scalable way?

A company has a mobile application that is used to handle analytics workloads on largescale datasets. These data sets are stored in Redshift. As per needs, the application wants
to access Redshift tables. How you provide a solution to the company to access the
Redshift table insecure way?

A company has a mobile application that is used to handle analytics workloads on largescale datasets. These data sets are stored in Redshift. As per needs, the application wants
to access Redshift tables. How you provide a solution to the company to access the
Redshift table insecure way?

You assigned a task as the third party to check the company AWS assets. The
infrastructure of the company is on AWS in the separate region while you are in another
region. Then how you check all VPC assets like security group and NACLs through
login. What are the things that are needed by the company to do so you can check
these?

An educational institution has the infrastructure of application that uses multicast to
run the application. Now they need to shift the application to AWS but in AWS
multicast facility is not provided than how you as professional solution architect deploy
that legacy application that needs multicast to manage multiple subnets on the single
interface on AWS. Also, subnet belongs to single AZ.

Your organization use audit and billing batch processing applications which takes
financial data about daily stock transactions. The record should be stored in such a
durable way so that it will be guaranteed delivered to both batch processing application
for processing. Both applications are several hours apart from each other and want
access to information in serial order. When the information is reviewed daily, then it is
will be deleted on a daily basis. How you provide a solution to solve this?

An institution research department wants to develop children collar that takes
biometric information of families and inform them about healthy lifestyles for children
— each collar pushes 30KB of biometric information in JSON format every sec to
collection platform. Then collection platform analyzes and process the data. Then
provide the health trending data to parents via a web portal. Now for this collection
platform need to be created that perform following functions like real-time analytics of
incoming data, processing of data in a highly durable, parallel and elastic way, the
resulting data after processing should be preserved for data mining. How do they meet
these requirements?