Question #21
A Solution Architect is designing an application that uses Amazon EBS volumes. The volumes must be backed up to a different region.
How should the Architect meet this requirement?
- A. Create EBS snapshots directly from one region to another.
- B. Move the data to an Amazon S3 bucket and enable cross-region replication.
- C. Create EBS snapshots and then copy them to the desired region.
- D. Use a script to copy data from the current Amazon EBS volume to the destination Amazon EBS volume.
Correct Answer:Â C
Question #22
A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.
What can a Solutions Architect do to address these issues?
- A. Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.
- B. Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.
- C. Replicate the bucket in eu-west-1 and use an Amazon Route 53 failover routing policy to determine which bucket it should serve the request to.
- D. Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute the GET request between CloudFront and the Amazon S3 bucket directly.
Correct Answer:Â D
Question #23
A Solutions Architect is designing a solution that includes a managed VPN connection.
To monitor whether the VPN connection is up or down, the Architect should use:
- A. an external service to ping the VPN endpoint from outside the VPC.
- B. AWS CloudTrail to monitor the endpoint.
- C. the CloudWatch TunnelState Metric.
- D. an AWS Lambda function that parses the VPN connection logs.
Correct Answer:Â C
Reference –
https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/monitoring-cloudwatch-vpn.html
Question #24
A social networking portal experiences latency and throughput issues due to an increased number of users. Application servers use very large datasets from an
Amazon RDS database, which creates a performance bottleneck on the database.
Which AWS service should be used to improve performance?
- A. Auto Scaling
- B. Amazon SQS
- C. Amazon ElastiCache
- D. ELB Application Load Balancer
Correct Answer:Â C
Question #25
A Solutions Architect is designing network architecture for an application that has compliance requirements. The application will be hosted on Amazon EC2 instances in a private subnet and will be using Amazon S3 for storing data. The compliance requirements mandate that the data cannot traverse the public
Internet.
What is the MOST secure way to satisfy this requirement?
- A. Use a NAT Instance.
- B. Use a NAT Gateway.
- C. Use a VPC endpoint.
- D. Use a Virtual Private Gateway.
Correct Answer:Â C
Reference –
https://aws.amazon.com/blogs/aws/new-vpc-endpoint-for-amazon-s3/
Question #26
Developers are creating a new online transaction processing (OLTP) application for a small database that is very read-write intensive. A single table in the database is updated continuously throughout the day, and the developers want to ensure that the database performance is consistent.
Which Amazon EBS storage option will achieve the MOST consistent performance to help maintain application performance?
- A. Provisioned IOPS SSD
- B. General Purpose SSD
- C. Cold HDD
- D. Throughput Optimized HDD
Correct Answer:Â A
Question #27
A Solutions Architect is designing a log-processing solution that requires storage that supports up to 500 MB/s throughputs. The data is sequentially accessed by an Amazon EC2 instance.
Which Amazon storage type satisfies these requirements?
- A. EBS Provisioned IOPS SSD (io1)
- B. EBS General Purpose SSD (gp2)
- C. EBS Throughput Optimized HDD (st1)
- D. EBS Cold HDD (sc1)
Correct Answer:Â C
Reference –
https://aws.amazon.com/ebs/faqs/
Question #28
A company’s development team plans to create an Amazon S3 bucket that contains millions of images. The team wants to maximize the read performance of
Amazon S3.
Which naming scheme should the company use?
- A. Add a date as the prefix.
- B. Add a sequential id as the suffix.
- C. Add a hexadecimal hash as the suffix.
- D. Add a hexadecimal hash as the prefix.
Correct Answer:Â D
Reference –
https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-performance-improve/
Question #29
A Solutions Architect needs to design a solution that will enable a security team to detect, review, and perform root cause analysis of security incidents that occur in a cloud environment. The Architect must provide a centralized view of all API events for current and future AWS regions.
How should the Architect accomplish this task?
- A. Enable AWS CloudTrail logging in each individual region. Repeat this for all future regions.
- B. Enable Amazon CloudWatch logs for all AWS services across all regions and aggregate them in a single Amazon S3 bucket.
- C. Enable AWS Trusted Advisor security checks and report all security incidents for all regions.
- D. Enable AWS CloudTrail by creating a new trail and apply the trail to all regions.
Correct Answer:Â D
Question #30
A company has a legacy application using a proprietary file system and plans to migrate the application to AWS.
Which storage service should the company use?
- A. Amazon DynamoDB
- B. Amazon S3
- C. Amazon EBS
- D. Amazon EFS
Correct Answer:Â C
Question #31
A company plans to use AWS for all new batch processing workloads. The company’s developers use Docker containers for the new batch processing. The system design must accommodate critical and non-critical batch processing workloads 24/7.
How should a Solutions Architect design this architecture in a cost-efficient manner?
- A. Purchase Reserved Instances to run all containers. Use Auto Scaling groups to schedule jobs.
- B. Host a container management service on Spot Instances. Use Reserved Instances to run Docker containers.
- C. Use Amazon ECS orchestration and Auto Scaling groups: one with Reserve Instances, one with Spot Instances.
- D. Use Amazon ECS to manage container orchestration. Purchase Reserved Instances to run all batch workloads at the same time.
Correct Answer:Â C
Question #32
A company is evaluating Amazon S3 as a data storage solution for their daily analyst reports. The company has implemented stringent requirements concerning the security of the data at rest. Specifically, the CISO asked for the use of envelope encryption with separate permissions for the use of an envelope key, automated rotation of the encryption keys, and visibility into when an encryption key was used and by whom.
Which steps should a Solutions Architect take to satisfy the security requirements requested by the CISO?
- A. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Customer-Provided Keys (SSE-C).
- B. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
- C. Create an Amazon S3 bucket to store the reports and use Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS).
- D. Create an Amazon S3 bucket to store the reports and use Amazon s3 versioning with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Correct Answer:Â C
Question #33
A customer has a production application that frequently overwrites and deletes data, the application requires the most up-to-date version of the data every time it is requested.
Which storage should a Solutions Architect recommend to bet accommodate this use case?
- A. Amazon S3
- B. Amazon RDS
- C. Amazon RedShift
- D. AWS Storage Gateway
Correct Answer:Â A
Question #34
A Solutions Architect is designing a photo application on AWS. Every time a user uploads a photo to Amazon S3, the Architect must insert a new item to a
DynamoDB table.
Which AWS-managed service is the BEST fit to insert the item?
- A. Lambda@Edge
- B. AWS Lambda
- C. Amazon API Gateway
- D. Amazon EC2 instances
Correct Answer:Â B
Reference –
https://aws.amazon.com/blogs/machine-learning/build-your-own-face-recognition-service-using-amazon-rekognition/
Question #35
An application relies on messages being sent and received in order. The volume will never exceed more than 300 transactions each second.
Which service should be used?
- A. Amazon SQS
- B. Amazon SNS
- C. Amazon ECS
- D. AWS STS
Correct Answer:Â A
Question #36
A Solutions Architect is designing an application on AWS that uses persistent block storage. Data must be encrypted at rest.
Which solution meets the requirement?
- A. Enable SSL on Amazon EC2 instances.
- B. Encrypt Amazon EBS volumes on Amazon EC2 instances.
- C. Enable server-side encryption on Amazon S3.
- D. Encrypt Amazon EC2 Instance Storage.
Correct Answer:Â B
Reference –
https://aws.amazon.com/blogs/aws/protect-your-data-with-new-ebs-encryption/
Question #37
A company is launching a static website using the zone apex (mycompany.com). The company wants to use Amazon Route 53 for DNS.
Which steps should the company perform to implement a scalable and cost-effective solution? (Choose two.)
- A. Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 alias record to the ELB endpoint.
- B. Host the website using AWS Elastic Beanstalk, and map a Route 53 alias record to the Beanstalk stack.
- C. Host the website on an Amazon EC2 instance, and map a Route 53 alias record to the public IP address of the Amazon EC2 instance.
- D. Serve the website from an Amazon S3 bucket, and map a Route 53 alias record to the website endpoint.
- E. Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers.
Correct Answer:Â CD
Question #38
A manufacturing company captures data from machines running at customer sites. Currently, thousands of machines send data every 5 minutes, and this is expected to grow to hundreds of thousands of machines in the near future. The data is logged with the intent to be analyzed in the future as needed.
What is the SIMPLEST method to store this streaming data at scale?
- A. Create an Amazon Kinesis Firehouse delivery stream to store the data in Amazon S3.
- B. Create an Auto Scaling group of Amazon EC2 servers behind ELBs to write the data into Amazon RDS.
- C. Create an Amazon SQS queue, and have the machines write to the queue.
- D. Create an Amazon EC2 server farm behind an ELB to store the data in Amazon EBS Cold HDD volumes.
Correct Answer:Â B
Question #39
A bank is writing new software that is heavily dependent upon the database transactions for write consistency. The application will also occasionally generate reports on data in the database, and will do joins across multiple tables. The database must automatically scale as the amount of data grows.
Which AWS service should be used to run the database?
- A. Amazon S3
- B. Amazon Aurora
- C. Amazon DynamoDB
- D. Amazon Redshift
Correct Answer:Â B
Question #40
A Solutions Architect is designing a new application that needs to access data in a different AWS account located within the same region. The data must not be accessed over the Internet.
Which solution will meet these requirements with the LOWEST cost?
- A. Add rules to the security groups in each account.
- B. Establish a VPC Peering connection between accounts.
- C. Configure Direct Connect in each account.
- D. Add a NAT Gateway to the data account.
Correct Answer:B