Question #61
A Solutions Architect is designing a web application that is running on an Amazon EC2 instance. The application stores data in DynamoDB. The Architect needs to secure access to the DynamoDB table.
What combination of steps does AWS recommend to achieve secure authorization? (Select two.)
- A. Store an access key on the Amazon EC2 instance with rights to the Dynamo DB table.
- B. Attach an IAM user to the Amazon EC2 instance.
- C. Create an IAM role with permissions to write to the DynamoDB table.
- D. Attach an IAM role to the Amazon EC2 instance.
- E. Attach an IAM policy to the Amazon EC2 instance.
Correct Answer:CD
Question #62
A Solutions Architect is about to deploy an API on multiple EC2 instances in an Auto Scaling group behind an ELB. The support team has the following operational requirements:
1 They get an alert when the requests per second go over 50,000
2 They get an alert when latency goes over 5 seconds
3 They can validate how many times a day users call the API requesting highly-sensitive data
Which combination of steps does the Architect need to take to satisfy these operational requirements? (Select two.)
- A. Ensure that CloudTrail is enabled.
- B. Create a custom CloudWatch metric to monitor the API for data access.
- C. Configure CloudWatch alarms for any metrics the support team requires.
- D. Ensure that detailed monitoring for the EC2 instances is enabled.
- E. Create an application to export and save CloudWatch metrics for longer term trending analysis.
Correct Answer:BD
Question #63
A Solutions Architect is designing a highly-available website that is served by multiple web servers hosted outside of AWS. If an instance becomes unresponsive, the Architect needs to remove it from the rotation.
What is the MOST efficient way to fulfill this requirement?
- A. Use Amazon CloudWatch to monitor utilization.
- B. Use Amazon API Gateway to monitor availability.
- C. Use an Amazon Elastic Load Balancer.
- D. Use Amazon Route 53 health checks.
Correct Answer:C
Question #64
A company hosts a popular web application. The web application connects to a database running in a private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The RDS MySQL database server must be accessible only from the web servers.
How should the Architect design a solution to meet the requirements without impacting running applications?
- A. Create a network ACL on the web server’s subnet, and allow HTTPS inbound and MySQL outbound. Place both database and web servers on the same subnet.
- B. Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the MySQL port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
- C. Create a network ACL on the web server’s subnet, and allow HTTPS inbound, and specify the source as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers, and deny all outbound traffic.
- D. Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the HTTPS port on the database security group and attach it to the MySQL instance. Set the source to Web Server Security Group.
Correct Answer:B
Question #65
Which service should an organization use if it requires an easily managed and scalable platform to host its web application running on Nginx?
- A. AWS Lambda
- B. Auto Scaling
- C. AWS Elastic Beanstalk
- D. Elastic Load Balancing
Correct Answer:C
Question #66
An Administrator is hosting an application on a single Amazon EC2 instance, which users can access by the public hostname. The administrator is adding a second instance, but does not want users to have to decide between many public hostnames.
Which AWS service will decouple the users from specific Amazon EC2 instances?
- A. Amazon SQS
- B. Auto Scaling group
- C. Amazon EC2 security group
- D. Amazon ELB
Correct Answer:B
Question #67
A Solutions Architect is designing a microservices-based application using Amazon ECS. The application includes a WebSocket component, and the traffic needs to be distributed between microservices based on the URL.
Which service should the Architect choose to distribute the workload?
- A. ELB Classic Load Balancer
- B. Amazon Route 53 DNS
- C. ELB Application Load Balancer
- D. Amazon CloudFront
Correct Answer:C
Reference –
https://docs.aws.amazon.com/aws-technical-content/latest/microservices-on-aws/microservices-on-aws.pdf?icmpid=link_from_whitepapers_page
Question #68
A Solutions Architect is designing the storage layer for a production relational database. The database will run on Amazon EC2. The database is accessed by an application that performs intensive reads and writes, so the database requires the LOWEST random I/O latency.
Which data storage method fulfills the above requirements?
- A. Store data in a filesystem backed by Amazon Elastic File System (EFS).
- B. Store data in Amazon S3 and use a third-party solution to expose Amazon S3 as a filesystem to the database server.
- C. Store data in Amazon Dynamo DB and emulate relational database semantics.
- D. Stripe data across multiple Amazon EBS volumes using RAID 0.
Correct Answer:D
Question #69
A Solutions Architect is designing a VPC. Instances in a private subnet must be able to establish IPv6 traffic to the Internet. The design must scale automatically and not incur any additional cost.
This can be accomplished with:
- A. an egress-only internet gateway
- B. a NAT gateway
- C. a custom NAT instance
- D. a VPC endpoint
Correct Answer:A
Reference –
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html
Question #70
A web application stores all data in an Amazon RDS Aurora database instance. A Solutions Architect wants to provide access to the data for a detailed report for the Marketing team, but is concerned that the additional load on the database will affect the performance of the web application.
How can the report be created without affecting the performance of the application?
- A. Create a read replica of the database.
- B. Provision a new RDS instance as a secondary master.
- C. Configure the database to be in multiple regions.
- D. Increase the number of provisioned storage IOPS.
Correct Answer: A
Question #71
A company has an application that stores sensitive data. The company is required by government regulations to store multiple copies of its data.
What would be the MOST resilient and cost-effective option to meet this requirement?
- A. Amazon EFS
- B. Amazon RDS
- C. AWS Storage Gateway
- D. Amazon S3
Correct Answer:D
Reference –
https://aws.amazon.com/s3/storage-classes/
Question #72
A company is using AWS Key Management Service (AWS KMS) to secure their Amazon RDS databases. An auditor has recommended that the company log all use of their AWS KMS keys.
What is the SIMPLEST solution?
- A. Associate AWS KMS metrics with Amazon CloudWatch.
- B. Use AWS CloudTrail to log AWS KMS key usage.
- C. Deploy a monitoring agent on the RDS instances.
- D. Poll AWS KMS periodically with a scheduled job.
Correct Answer:B
Reference –
https://aws.amazon.com/kms/
Question #73
A Solutions Architect is designing a stateful web application that will run for one year (24/7) and then be decommissioned. Load on this platform will be constant, using a number of r4.8xlarge instances. Key drivers for this system include high availability, but elasticity is not required.
What is the MOST cost-effective way to purchase compute for this platform?
- A. Scheduled Reserved Instances
- B. Convertible Reserved Instances
- C. Standard Reserved Instances
- D. Spot Instances
Correct Answer:C
Question #74
A media company asked a Solutions Architect to design a highly available storage solution to serve as a centralized document store for their Amazon EC2 instances. The storage solution needs to be POSIX-compliant, scale dynamically, and be able to serve up to 100 concurrent EC2 instances.
Which solution meets these requirements?
- A. Create an Amazon S3 bucket and store all of the documents in this bucket.
- B. Create an Amazon EBS volume and allow multiple users to mount that volume to their EC2 instance(s).
- C. Use Amazon Glacier to store all of the documents.
- D. Create an Amazon Elastic File System (Amazon EFS) to store and share the documents.
Correct Answer:D
Reference –
https://aws.amazon.com/efs/enterprise-applications/
Question #75
A Solution Architect has a two-tier application with a single Amazon EC2 instance web server and Amazon RDS MySQL Multi-AZ DB instances. The Architect is re-architecting the application for high availability by adding instances in a second Availability Zone.
Which additional services will improve the availability of the application? (Choose two.)
- A. Auto Scaling group
- B. AWS CloudTrail
- C. ELB Classic Load Balancer
- D. Amazon DynamoDB
- E. Amazon ElastiCache
Correct Answer:AC
Question #76
A company is migrating its data center to AWS. As part of this migration, there is a three-tier web application that has strict data-at-rest encryption requirements.
The customer deploys this application on Amazon EC2 using Amazon EBS, and now must provide encryption at-rest.
How can this requirement be met without changing the application?
- A. Use AWS Key Management Service and move the encrypted data to Amazon S3.
- B. Use an application-specific encryption API with AWS server-side encryption.
- C. Use encrypted EBS storage volumes with AWS-managed keys.
- D. Use third-party tools to encrypt the EBS data volumes with Key Management Service Bring Your Own Keys.
Correct Answer:C
Question #77
A Solutions Architect is developing software on AWS that requires access to multiple AWS services, including an Amazon EC2 instance. This is a security-sensitive application, and AWS credentials such as Access Key ID and Secret Access Key need to be protected and cannot be exposed anywhere in the system.
What security measure would satisfy these requirements?
- A. Store the AWS Access Key ID/Secret Access Key combination in software comments.
- B. Assign an IAM user to the Amazon EC2 instance.
- C. Assign an IAM role to the Amazon EC2 instance.
- D. Enable multi-factor authentication for the AWS root account.
Correct Answer: C
Reference –
https://aws.amazon.com/premiumsupport/knowledge-center/potential-account-compromise/
Question #78
An AWS workload in a VPC is running a legacy database on an Amazon EC2 instance. Data is stored on a 200GB Amazon EBS (gp2) volume. At peak load times, logs show excessive wait time.
What solution should be implemented to improve database performance using persistent storage?
- A. Migrate the data on the Amazon EBS volume to an SSD-backed volume.
- B. Change the EC2 instance type to one with EC2 instance store volumes.
- C. Migrate the data on the EBS volume to provisioned IOPS SSD (io1).
- D. Change the EC2 instance type to one with burstable performance.
Correct Answer: C
Reference –
https://docs.aws.amazon.com/aws-technical-content/latest/oracle-database-aws-best-practices/architecting-for-security-and-performance.html
Question #79
A company’s website receives 50,000 requests each second, and the company wants to use multiple applications to analyze the navigation patterns of the users on their website so that the experience can be personalized.
What can a Solutions Architect use to collect page clicks for the website and process them sequentially for each user?
- A. Amazon Kinesis Stream
- B. Amazon SQS standard queue
- C. Amazon SQS FIFO queue
- D. AWS CloudTrail trail
Correct Answer:A
Reference –
https://aws.amazon.com/blogs/aws/amazon-kinesis-real-time-processing-of-streamed-data/
Question #80
A company wants to migrate a highly transactional database to AWS. Requirements state that the database has more than 6 TB of data and will grow exponentially.
Which solution should a Solutions Architect recommend?
- A. Amazon Aurora
- B. Amazon Redshift
- C. Amazon DynamoDB
- D. Amazon RDS MySQL
Correct Answer:A
Reference –
https://aws.amazon.com/dms/