AWS Certified Solutions Architect – Associate Flashcards

1
Q

1.A company maintains about 300 TB in Amazon S3 Standard storage month after month. The S3 objects are each typically around 50 GB in size and are frequently replaced with multipart uploads by their global application. The number and size of S3 objects remain constant but the company’s S3 storage costs are increasing each month
How should a solutions architect reduce costs in this situation?

A. Switch from multipart uploads to Amazon S3 Transfer Acceleration
B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads
C. Configure S3 inventory to prevent objects from being archived too quickly
D. Configure Amazon CloudFront to reduce the number of objects stored in Amazon S3

A

B. Enable an S3 Lifecycle policy that deletes incomplete multipart uploads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2.A company is developing a mobile game that streams score updates to a backend processor and then posts results on a leaderboard A solutions architect needs to design a solution that can handle large traffic spikes process the mobile game updates in order of receipt and store the processed updates in a highly available database. The company also wants to minimize the management overhead required to maintain the solution
What should the solutions architect do to meet these requirements?

A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB
B. Push score updates to Amazon Kinesis Data Streams Process the updates with a fleet of Amazon EC2 instances set up for Auto Scaling Store the processed updates in Amazon Redshifi
C. Push score updates to an Amazon Simple Notification Service (Amazon SNS) topic Subscribe an AWS Lambda function to the SNS topic to process the updates Store the processed updates in a SQL database running on Amazon EC2
D. Push score updates to an Amazon Simple Queue Service (Amazon SQS) queue Use a fleet of Amazon EC2 instances with Auto Scaling to process the updates in the SQS queue Store the processed updates in an Amazon RDS Multi-AZ DB instance

A

A. Push score updates to Amazon Kinesis Data Streams Process the updates in Kinesis Data Streams with AWS Lambda Store the processed updates in Amazon DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3.A company is launching a new application deployed on an Amazon Elastic Container Service (Amazon ECS) cluster and is using the Fargate launch type tor ECS tasks. The company is monitoring CPU and memory usage because it is expecting high traffic to the application upon its launch However the company wants to reduce costs when utilization decreases
What should a solutions architect recommend?

A. Use Amazon EC2 Auto Scaling to scale at certain periods based on previous traffic patterns
B. Use an AWS Lambda function to scale Amazon ECS based on metric breaches that trigger an Amazon CloudWatch alarm
C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm
D. Use AWS Application Auto Scaling with target tracking policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm

A

C. Use Amazon EC2 Auto Scaling with simple scaling policies to scale when ECS metric breaches trigger an Amazon CloudWatch alarm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4.A company receives inconsistent service from its data center provider because the company is headquartered in an area affected by natural disasters. The company is not ready to fully migrate to the AWS Cloud but it wants a failure environment on AWS in case the on-premises data center fails
The company runs web servers that connect to external vendors. The data available on AWS and on premises must be uniform.
Which solution should a solutions architect recommend that has the LEAST amount of downtime’’

A. Configure an Amazon Route 53 failover record Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3.
B. Configure an Amazon Route 53 failover record Execute an AWS CloudFormation template from a script to create Amazon EC2 instances behind an Application Load Balancer Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3
C. Configure an Amazon Route 53 failover record Set up an AWS Direct Connect connection between a VPC and the data center Run application servers on Amazon EC2 in an Auto Scaling group Run an AWS Lambda function to execute an AWS CloudFormation template to create an Application Load Balancer
D. Configure an Amazon Route 53 failover record Run an AWS Lambda function to execute an AWS CloudFormation template to launch two Amazon EC2 instances Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3 Set up an AWS Direct Connect connection between a VPC and the data center

A

A. Configure an Amazon Route 53 failover record Run application servers on Amazon EC2 instances behind an Application Load Balancer in an Auto Scaling group Set up AWS Storage Gateway with stored volumes to back up data to Amazon S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5.A computer is reviewing a recent migration of a three-tier application to a VPC. The security team discover that the principle of lest privilege is not being applied to Amazon EC2 security group ingress and egress rules between the application tiers.
What should a solution architect do to connect issue?

A. Create security group rules using the instance ID as the source destination.
B. Create security group rules using the security ID as the source or destination.
C. Create security group rules using the VPC CDR blocks as the source or destination
D. Create security group rules using the subnet CDR blocks as the source or destination

A

A. Create security group rules using the instance ID as the source destination.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

6.An administrator of a large company wants to monitor for and prevent any cryptocurrency-related attacks on the company’s AWS accounts.
Which AWS service can the administrator use to protect the company against attacks?

A. Amazon Cognito
B. Amazon Guard Duty
C. Amazon Inspector
D. Amazon Macie

A

B. Amazon Guard Duty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A company collects 10 GB of telemetry data dairy from various machines. The company stores the data in an Amazon S3 bucket in a source data account.
The company has hired several consuming agencies to use this data for analysis. Each agency needs read access to the data for its analysis. The company must share the data from tie source data account by choosing a solution that maximizes security and operational efficiency.
Which solution will meet these requirements?

A. Configure S3 global tables to replicate data tor each agency
B. Make the S3 bucket public for a limited time Inform only the agencies
C. Configure cross-account access for the S3 bucket to the accounts that the agencies own.
D. Set up an IAM user for each analyst In the source data account Grant each user access to the S3 bucket

A

A. Configure S3 global tables to replicate data tor each agency

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

8.A company serves content to its subscribers across the world using an application running on AWS. The application has several Amazon EC2 instances in a private subnet behind an Application Load Balancer (ALB) Due to a recent change in copyright restrictions, the chief information officer (CiO) wants to block access for certain countries.
Which action will meet these requirements?

A. Modify the ALB security group to deny incoming traffic from blocked countries
B. Modify the security group for EC2 instances to deny incoming traffic from blocked countries
C. Use Amazon CloudFront to serve the application and deny access to blocked countries
D. Use ALB listener rules to return access dented responses to incoming traffic from blocked countries

A

C. Use Amazon CloudFront to serve the application and deny access to blocked countries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

9.A company is building a new furniture inventory application. The company has deployed the application on a fleet of Amazon EC2 instances across multiple Availability Zones. The EC2 instances run behind an Application Load Balancer (ALB) in their VPC
A solutions architect has observed that incoming traffic seems to favor one EC2 instance resulting in latency for some requests
What should the solutions architect do to resolve this issue?

A. Disable session affinity (sticky sessions) on the ALB
B. Replace the ALB with a Network Load Balancer
C. increase the number of EC2 instances in each Availability Zone
D. Adjust the frequency of the health checks on the ALB’s target group

A

B. Replace the ALB with a Network Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

10.An ecommerce company is creating an application that requires a connection to a third-party payment service to process payments. The payment service needs to explicitly allow the public IP address of the server that is making the payment request. However, the company’s security policies do not allow any server to be exposed directly to the public internet.
Which solution will meet these requirements?

A. Provision an Elastic IP address. Host the application servers on Amazon EC2 instances in a private subnet. Assign the public IP address to the application servers.
B. Create a NAT gateway in a public subnet. Host the application servers on Amazon EC2 instances in a private subnet Route payment requests through the NAT gateway.
C. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB.
D. Set up an AWS Client VPN connection to the payment service Host the application servers on Amazon EC2 instances in a private subnet Route the payment requests through the VPN.

A

C. Deploy an Application Load Balancer (ALB). Host the application servers on Amazon EC2 instances in a private subnet. Route the payment requests through the ALB.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

11.A recent analysis of a company’s IT expenses highlights the need to reduce backup costs. The company s chief information officer wants to simplify the on-premises backup infrastructure and reduce costs by eliminating the use ol physical backup tapes. The company must preserve the existing investment in the on-premises backup applications and workflows
What should a solutions architect recommend’’
A. Set up AWS Storage Gateway to conned with the backup applications using the NFS interface
B. Set up an Amazon EFS file system that connects wtth the backup applications using the NFS interface C. Set up an Amazon EFS file system that connects with the backup applications using the iSCSl interface
D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

A

D. Set up AWS Storage Gateway to connect with the backup applications using the iSCSi-virtual tape library (VTL) interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

12.A company wants lo build an immutable infrastructure for its software applications. The company wants to test the software applications before sending traffic to them. The company seeks an efficient solution that limits the effects of application bugs
Which combination of steps should a solutions architect recommend? {Select TWO)

A. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails
B. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass
C. Apply Amazon Route 53 failover routing to test the staging environment and fail over to the production environment if the tests pass
D. Use AWS Cloud Formation with a parameter set to the staging value in a separate environment other than the production environment
E. Use AWS Cloud Formation to deploy the staging environment with a snapshot deletion policy and reuse the resources in the production environment if the tests pass

A

A. Use AWS Cloud Formation to update the production infrastructure and roll back the stack if the update fails

B. Apply Amazon Route 53 weighted routing to test the staging environment and gradually increase the traffic as the tests pass

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

13.A company currently has 250 TB of backup files stored in Amazon S3 in a vendor’s proprietary format. Using a Linux-based software application provided by the vendor, the company wants to retrieve files from Amazon S3, transform the files to an industry-standard format, and re-upload them to Amazon S3. The company wants to minimize the data transfer charges associated with this conversion
What should a solutions architect do to accomplish this?

A. Install the conversion software as an Amazon S3 batch operation so the data is transformed without leaving Amazon S3
B. Install the conversion software onto an on-premises virtual machine. Perform the transformation and re-upload the files to Amazon S3 from the virtual machine.
C. Use AWS Snowball Edge devices to export the data and install the conversion software onto the devices. Perform the data transformation and re-upload the files to Amazon S3 from the Snowball Edge devices
D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.

A

D. Launch an Amazon EC2 instance in the same Region as Amazon S3 and install the conversion software onto the instance. Perform the transformation and re-upload the files to Amazon S3 from the EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

14.A company is running a mission-critical application on Amazon EC2 instances henna an Application Load Balancer. The instances run in an Auto Scaling group in a single AWS Region. The application is using a database in Ama2on Aurora as the data tier. A recent audit revealed that the current deployment of Aurora is not highly available.
What should a solutions architect do to improve the availability of the database

A. Configure an Aurora Replica
B. Configure storage replication.
C. Configure storage auto scaling.
D. Configure cross-Region replication

A

B. Configure storage replication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

15.A company is managing health records on-peruses. The company must keep these records Indefinitely, disable any modifications to the records once they are stored, and granularly audit access at all levels. The chief technology officer (CTO) is concerned because there are already millions of record not being used by any application, and the current infrastructure is running out of space. The CTO has requested solutions architect design a solution to move easting data and support future records.
Which services can the solutions architect recommend to meet these requirements?

A. Use AWS DataSync to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with data events
B. Use AWS Storage Gateway to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with management events
C. Use AWS DataSync to move exiting data to AWS Use Amazon S3 to store existing and new data. Enable Amazon S3 object lock and enable AWS CloudTrail with management events.
D. Use AWS Storage Gateway to move existing data to AWS Use Amazon Elastic Block Stores (Amazon EBS) to store existing and new data. Enable Amazon S3 object lock and enable Amazon S3 server access logging

A

A. Use AWS DataSync to move existing data to AWS Use Amazon S3 to store existing and new data Enable Amazon S3 object lock and enable AWS CloudTrail with data events

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

16.A company is hosting 60 TB of production-level data in an Amazon S3 bucket A solutions architect needs to bring that data on premises for quarterly audit requirements This export of data must be encrypted while in transit. The company has low network bandwidth in place between AWS and its on-premises data center.
What should the solutions architect do to meet these requirements?
A. Deploy AWS Migration Hub with 90-day replication windows for data transfer
B. Deploy an AWS Storage Gateway volume gateway on AWS Enable a 90-day replication window to transfer the data
C. Deploy Amazon Elastic File System (Amazon EFS). with Iifecycle policies enabled, on AWS Use it to transfer the data
D. Deploy an AWS Snowball device in the on-premises data center after completing an export Job request In the AWS Snowball console

A

D. Deploy an AWS Snowball device in the on-premises data center after completing an export Job request In the AWS Snowball console

17
Q

17.A company has deployed a business-critical application in the AWS Good. The application uses Amazon EC2 instances that run in the us-east-1 Region. The application uses Amazon S3 for storage of all critical data
To meet compliance requirements the company must create a disaster recovery (DR) plan that provides the capability of a full failover to another AWS Region
What should a solutions architect recommend for this DR plan?

A. Deploy the application to multiple Availability Zones in us-east-1 Create a resource group in AWS Resource Groups Turn on automatic failover for the application to use a predefined recovery Region
B. Perform a virtual machine (VM) export by using AWS Import/Export on the existing EC2 instances Copy the exported instances to the destination Region in the event of a disaster provision new EC2 instances from the exported EC2 instances
C. Create snapshots of all Amazon Elastic Block Store (Amazon EBS) volumes that are attached to the EC2 instances in us-east-t Copy the snapshots to the destination Region In the event of a disaster provision new EC2 instances from the EBS snapshots
D. Use S3 Cross-Region Replication for the data that is stored in Amazon S3 Create an AWS CloudFormation template for the application with an S3 bucket parameter In the event of a disaster deploy the template to the destination Region and specify the local S3 bucket as the parameter

A

D. Use S3 Cross-Region Replication for the data that is stored in Amazon S3 Create an AWS CloudFormation template for the application with an S3 bucket parameter In the event of a disaster deploy the template to the destination Region and specify the local S3 bucket as the parameter

18
Q

18.A solutions architect must transfer 750 TB of data from an on-premises network-attached file system to Amazon S3 Glacier. The migration must not saturate the on-premises 10 Mbps internet connection. Which solution will meet these requirements?

A. Create an AWS Site-to-Site VPN tunnel to an S3 bucket Transfer the files directly by using the AWS CLI.
B. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 Glacier vault as the destination.
C. Mount the network-attached file system to an S3 bucket, and copy the files directly.
Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.
D. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 bucket as the destination. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.

A

D. Order 10 AWS Snowball Edge Storage Optimized devices, and select an S3 bucket as the destination. Create an S3 Lifecycle policy to transition the S3 objects to S3 Glacier.