Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-AWS Study Deck - SAA > More Test Questions - 3 > Flashcards

More Test Questions - 3 Flashcards

1
Q

A security officer requires that access to company financial reports is logged. The reports are stored in an Amazon S3 bucket. Additionally, any modifications to the log files must be detected. Which actions should a solutions architect take?

1: Use S3 server access logging on the bucket that houses the reports with the read and write data events and the log file validation options enabled
2: Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled
3: Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation
4: Use AWS CloudTrail to create a new trail. Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation

A

1: Use S3 server access logging on the bucket that houses the reports with the read and write data events and the log file validation options enabled
2: Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled

3: Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation

4: Use AWS CloudTrail to create a new trail. Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A company operates a production web application that uses an Amazon RDS MySQL database. The database has automated, non-encrypted daily backups. To increase the security of the data, it has been recommended that encryption should be enabled for backups. Unencrypted backups will be destroyed after the first encrypted backup has been completed. What should be done to enable encryption for future backups?

1: Enable default encryption for the Amazon S3 bucket where backups are stored
2: Modify the backup section of the database configuration to toggle the Enable encryption check box
3: Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot
4: Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance

A

1: Enable default encryption for the Amazon S3 bucket where backups are stored
2: Modify the backup section of the database configuration to toggle the Enable encryption check box

3: Create a snapshot of the database. Copy it to an encrypted snapshot. Restore the database from the encrypted snapshot

4: Enable an encrypted read replica on RDS for MySQL. Promote the encrypted read replica to primary. Remove the original database instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company has deployed an API in a VPC behind an internal Application Load Balancer (ALB). An application that consumes the API as a client is deployed in a second account in private subnets. Which architectural configurations will allow the API to be consumed without using the public Internet? (Select TWO)

1: Configure a VPC peering connection between the two VPCs. Access the API using the private address
2: Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address
3: Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address
4: Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address
5: Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address

A

1: Configure a VPC peering connection between the two VPCs. Access the API using the private address

2: Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address
3: Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address

4: Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address

5: Configure an AWS Resource Access Manager connection between the two accounts. Access the API using the private address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An application runs on Amazon EC2 Linux instances. The application generates log files which are written using standard API calls. A storage solution is required that can be used to store the files indefinitely and must allow concurrent access to all files. Which storage service meets these requirements and is the MOST cost-effective?

1: Amazon EBS
2: Amazon EFS
3: Amazon EC2 instance store
4: Amazon S3

A

1: Amazon EBS
2: Amazon EFS
3: Amazon EC2 instance store

4: Amazon S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A production application runs on an Amazon RDS MySQL DB instance. A solutions architect is building a new reporting tool that will access the same data. The reporting tool must be highly available and not impact the performance of the production application. How can this be achieved?

1: Create a cross-region Multi-AZ deployment and create a read replica in the second region
2: Create a Multi-AZ RDS Read Replica of the production RDS DB instance
3: Use Amazon Data Lifecycle Manager to automatically create and manage snapshots
4: Create a Single-AZ RDS Read Replica of the production RDS DB instance. Create a second Single-AZ RDS Read Replica from the replica

A

1: Create a cross-region Multi-AZ deployment and create a read replica in the second region

2: Create a Multi-AZ RDS Read Replica of the production RDS DB instance

3: Use Amazon Data Lifecycle Manager to automatically create and manage snapshots
4: Create a Single-AZ RDS Read Replica of the production RDS DB instance. Create a second Single-AZ RDS Read Replica from the replica

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

An online store uses an Amazon Aurora database. The database is deployed as a Multi-AZ deployment. Recently, metrics have shown that database read requests are high and causing performance issues which result in latency for write requests. What should the solutions architect do to separate the read requests from the write requests?

1: Enable read through caching on the Amazon Aurora database
2: Update the application to read from the Multi-AZ standby instance
3: Create a read replica and modify the application to use the appropriate endpoint
4: Create a second Amazon Aurora database and link it to the primary database as a read replica

A

1: Enable read through caching on the Amazon Aurora database

2: Update the application to read from the Multi-AZ standby instance

3: Create a read replica and modify the application to use the appropriate endpoint
4: Create a second Amazon Aurora database and link it to the primary database as a read replica

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An application is deployed on multiple AWS regions and accessed from around the world. The application exposes static public IP addresses. Some users are experiencing poor performance when accessing the application over the Internet. What should a solutions architect recommend to reduce internet latency?

1: Set up AWS Global Accelerator and add endpoints
2: Set up AWS Direct Connect locations in multiple Regions
3: Set up an Amazon CloudFront distribution to access an application
4: Set up an Amazon Route 53 geoproximity routing policy to route traffic

A

1: Set up AWS Global Accelerator and add endpoints

2: Set up AWS Direct Connect locations in multiple Regions
3: Set up an Amazon CloudFront distribution to access an application
4: Set up an Amazon Route 53 geoproximity routing policy to route traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A new application will be launched on an Amazon EC2 instance with an Elastic Block Store (EBS) volume. A solutions architect needs to determine the most cost-effective storage option. The application will have infrequent usage, with peaks of traffic for a couple of hours in the morning and evening. Disk I/O is variable with peaks of up to 3,000 IOPS. Which solution should the solutions architect recommend?

1: Amazon EBS Cold HDD (sc1)
2: Amazon EBS General Purpose SSD (gp2)
3: Amazon EBS Provisioned IOPS SSD (io1)
4: Amazon EBS Throughput Optimized HDD (st1)

A

1: Amazon EBS Cold HDD (sc1)

2: Amazon EBS General Purpose SSD (gp2)

3: Amazon EBS Provisioned IOPS SSD (io1)
4: Amazon EBS Throughput Optimized HDD (st1)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A security team wants to limit access to specific services or actions in all of the team’s AWS accounts. All accounts belong to a large organization in AWS Organizations. The solution must be scalable and there must be a single point where permissions can be maintained. What should a solutions architect do to accomplish this?

1: Configure an Amazon CloudFront distribution in front of the ALB
2: Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
3: Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule
4: Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

A

1: Configure an Amazon CloudFront distribution in front of the ALB
2: Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
3: Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule

4: Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A company is planning to use Amazon S3 to store documents uploaded by its customers. The images must be encrypted at rest in Amazon S3. The company does not want to spend time managing and rotating the keys, but it does want to control who can access those keys. What should a solutions architect use to accomplish this?

1: Server-Side Encryption with keys stored in an S3 bucket
2: Server-Side Encryption with Customer-Provided Keys (SSE-C)
3: Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
4: Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

A

1: Server-Side Encryption with keys stored in an S3 bucket
2: Server-Side Encryption with Customer-Provided Keys (SSE-C)
3: Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)

4: Server-Side Encryption with AWS KMS-Managed Keys (SSE-KMS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A company has some statistical data stored in an Amazon RDS database. The company want to allow users to access this information using an API. A solutions architect must create a solution that allows sporadic access to the data, ranging from no requests to large bursts of traffic. Which solution should the solutions architect suggest?

1: Set up an Amazon API Gateway and use Amazon ECS
2: Set up an Amazon API Gateway and use AWS Elastic Beanstalk
3: Set up an Amazon API Gateway and use AWS Lambda functions
4: Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling

A

1: Set up an Amazon API Gateway and use Amazon ECS
2: Set up an Amazon API Gateway and use AWS Elastic Beanstalk

3: Set up an Amazon API Gateway and use AWS Lambda functions

4: Set up an Amazon API Gateway and use Amazon EC2 with Auto Scaling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company runs a financial application using an Amazon EC2 Auto Scaling group behind an Application Load Balancer (ALB). When running month-end reports on a specific day and time each month the application becomes unacceptably slow. Amazon CloudWatch metrics show the CPU utilization hitting 100%. What should a solutions architect recommend to ensure the application is able to handle the workload and avoid downtime?

1: Configure an Amazon CloudFront distribution in front of the ALB
2: Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization
3: Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule
4: Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

A

1: Configure an Amazon CloudFront distribution in front of the ALB
2: Configure an EC2 Auto Scaling simple scaling policy based on CPU utilization

3: Configure an EC2 Auto Scaling scheduled scaling policy based on the monthly schedule

4: Configure Amazon ElastiCache to remove some of the workload from the EC2 instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A solutions architect is designing a high performance computing (HPC) application using Amazon EC2 Linux instances. All EC2 instances need to communicate to each other with low latency and high throughput network performance. Which EC2 solution BEST meets these requirements?

1: Launch the EC2 instances in a cluster placement group in one Availability Zone
2: Launch the EC2 instances in a spread placement group in one Availability Zone
3: Launch the EC2 instances in an Auto Scaling group in two Regions. Place a Network Load Balancer in front of the instances
4: Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

A

1: Launch the EC2 instances in a cluster placement group in one Availability Zone

2: Launch the EC2 instances in a spread placement group in one Availability Zone
3: Launch the EC2 instances in an Auto Scaling group in two Regions. Place a Network Load Balancer in front of the instances
4: Launch the EC2 instances in an Auto Scaling group spanning multiple Availability Zones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A web application in a three-tier architecture runs on a fleet of Amazon EC2 instances. Performance issues have been reported and investigations point to insufficient swap space. The operations team requires monitoring to determine if this is correct. What should a solutions architect recommend?

1: Configure an Amazon CloudWatch SwapUsage metric dimension. Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch
2: Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom metrics. Monitor SwapUsage metrics in CloudWatch
3: Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch
4: Enable detailed monitoring in the EC2 console. Create an Amazon CloudWatch SwapUtilization custom metric. Monitor SwapUtilization metrics in CloudWatch

A

1: Configure an Amazon CloudWatch SwapUsage metric dimension. Monitor the SwapUsage dimension in the EC2 metrics in CloudWatch
2: Use EC2 metadata to collect information, then publish it to Amazon CloudWatch custom metrics. Monitor SwapUsage metrics in CloudWatch

3: Install an Amazon CloudWatch agent on the instances. Run an appropriate script on a set schedule. Monitor SwapUtilization metrics in CloudWatch

4: Enable detailed monitoring in the EC2 console. Create an Amazon CloudWatch SwapUtilization custom metric. Monitor SwapUtilization metrics in CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A gaming company collects real-time data and stores it in an on-premises database system. The company are migrating to AWS and need better performance for the database. A solutions architect has been asked to recommend an in-memory database that supports data replication. Which database should a solutions architect recommend?

1: Amazon RDS for MySQL
2: Amazon RDS for PostgreSQL
3: Amazon ElastiCache for Redis
4: Amazon ElastiCache for Memcached

A

1: Amazon RDS for MySQL
2: Amazon RDS for PostgreSQL

3: Amazon ElastiCache for Redis

4: Amazon ElastiCache for Memcached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A company has experienced malicious traffic from some suspicious IP addresses. The security team discovered the requests are from different IP addresses under the same CIDR range. What should a solutions architect recommend to the team?

1: Add a rule in the inbound table of the security group to deny the traffic from that CIDR range
2: Add a rule in the outbound table of the security group to deny the traffic from that CIDR range
3: Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules
4: Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules

A

1: Add a rule in the inbound table of the security group to deny the traffic from that CIDR range
2: Add a rule in the outbound table of the security group to deny the traffic from that CIDR range

3: Add a deny rule in the inbound table of the network ACL with a lower rule number than other rules

4: Add a deny rule in the outbound table of the network ACL with a lower rule number than other rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

A solutions architect is designing a microservices architecture. AWS Lambda will store data in an Amazon DynamoDB table named Orders.

The solutions architect needs to apply an IAM policy to the Lambda function’s execution role to allow it to put, update, and delete items in the Orders table. No other actions should be allowed. Which of the following code snippets should be included in the IAM policy to fulfill this requirement whilst providing the LEAST privileged access?

1: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: [“dynamodb:PutItem”, “dynamodb:UpdateItem”, “dynamodb:DeleteItem”], “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”
2: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: [“dynamodb:PutItem”, “dynamodb:UpdateItem”, “dynamodb:DeleteItem”], “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/*”
3: ​ “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: “dynamodb:* “, “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”
4: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Deny”, “Action”: “dynamodb:* “, “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”

A

1: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: [“dynamodb:PutItem”, “dynamodb:UpdateItem”, “dynamodb:DeleteItem”], “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”

2: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: [“dynamodb:PutItem”, “dynamodb:UpdateItem”, “dynamodb:DeleteItem”], “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/*”
3: ​ “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Allow”, “Action”: “dynamodb:* “, “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”
4: “Sid”: “PutUpdateDeleteOnOrders”, “Effect”: “Deny”, “Action”: “dynamodb:* “, “Resource”: “arn:aws:dynamodb:us-east-1:227392126428:table/Orders”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A company has created a duplicate of its environment in another AWS Region. The application is running in warm standby mode. There is an Application Load Balancer (ALB) in front of the application. Currently, failover is manual and requires updating a DNS alias record to point to the secondary ALB. How can a solutions architect automate the failover process?

1: Enable an ALB health check
2: Enable an Amazon Route 53 health check
3: Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint
4: Create a latency based routing policy on Amazon Route 53

A

1: Enable an ALB health check

2: Enable an Amazon Route 53 health check

3: Create a CNAME record on Amazon Route 53 pointing to the ALB endpoint
4: Create a latency based routing policy on Amazon Route 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

An application allows users to upload and download files. Files older than 2 years will be accessed less frequently. A solutions architect needs to ensure that the application can scale to any number of files while maintaining high availability and durability. Which scalable solutions should the solutions architect recommend?

1: Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard Infrequent Access (S3 Standard-IA)
2: Store the files on Amazon Elastic File System (EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA)
3: Store the files in Amazon Elastic Block Store (EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years
4: Store the files in Amazon Elastic Block Store (EBS) volumes. Create a lifecycle policy to move files older than 2 years to Amazon S3 Glacier

A

1: Store the files on Amazon S3 with a lifecycle policy that moves objects older than 2 years to S3 Standard Infrequent Access (S3 Standard-IA)

2: Store the files on Amazon Elastic File System (EFS) with a lifecycle policy that moves objects older than 2 years to EFS Infrequent Access (EFS IA)
3: Store the files in Amazon Elastic Block Store (EBS) volumes. Schedule snapshots of the volumes. Use the snapshots to archive data older than 2 years
4: Store the files in Amazon Elastic Block Store (EBS) volumes. Create a lifecycle policy to move files older than 2 years to Amazon S3 Glacier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A company is planning to migrate a large quantity of important data to Amazon S3. The data will be uploaded to a versioning enabled bucket in the us-west-1 Region. The solution needs to include replication of the data to another Region for disaster recovery purposes. How should a solutions architect configure the replication?

1: Create an additional S3 bucket in another Region and configure cross-Region replication
2: Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS)
3: Create an additional S3 bucket with versioning in another Region and configure cross-Region replication
4: Create an additional S3 bucket with versioning in another Region and configure cross-origin resource sharing (CORS)

A

1: Create an additional S3 bucket in another Region and configure cross-Region replication
2: Create an additional S3 bucket in another Region and configure cross-origin resource sharing (CORS)

3: Create an additional S3 bucket with versioning in another Region and configure cross-Region replication

4: Create an additional S3 bucket with versioning in another Region and configure cross-origin resource sharing (CORS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

An application runs on Amazon EC2 instances across multiple Availability Zones. The instances run in an Amazon EC2 Auto Scaling group behind an Application Load Balancer. The application performs best when the CPU utilization of the EC2 instances is at or near 40%. What should a solutions architect do to maintain the desired performance across all instances in the group?

1: Use a simple scaling policy to dynamically scale the Auto Scaling group
2: Use a target tracking policy to dynamically scale the Auto Scaling group
3: Use an AWS Lambda function to update the desired Auto Scaling group capacity
4: Use scheduled scaling actions to scale up and scale down the Auto Scaling group

A

1: Use a simple scaling policy to dynamically scale the Auto Scaling group

2: Use a target tracking policy to dynamically scale the Auto Scaling group

3: Use an AWS Lambda function to update the desired Auto Scaling group capacity
4: Use scheduled scaling actions to scale up and scale down the Auto Scaling group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

A High Performance Computing (HPC) application needs storage that can provide 135,000 IOPS. The storage layer is replicated across all instances in a cluster. What is the optimal storage solution that provides the required performance and is cost-effective?

1: Use Amazon EBS Provisioned IOPS volume with 135,000 IOPS
2: Use Amazon Instance Store
3: Use Amazon S3 with byte-range fetch
4: Use Amazon EC2 Enhanced Networking with an EBS HDD Throughput Optimized volume

A

1: Use Amazon EBS Provisioned IOPS volume with 135,000 IOPS

2: Use Amazon Instance Store

3: Use Amazon S3 with byte-range fetch
4: Use Amazon EC2 Enhanced Networking with an EBS HDD Throughput Optimized volume

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A high-performance file system is required for a financial modelling application. The data set will be stored on Amazon S3 and the storage solution must have seamless integration so objects can be accessed as files. Which storage solution should be used?

1: Amazon FSx for Windows File Server
2: Amazon FSx for Lustre
3: Amazon Elastic File System (EFS)
4: Amazon Elastic Block Store (EBS)

A

1: Amazon FSx for Windows File Server

2: Amazon FSx for Lustre

3: Amazon Elastic File System (EFS)
4: Amazon Elastic Block Store (EBS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

An application requires a MySQL database which will only be used several times a week for short periods. The database needs to provide automatic instantiation and scaling. Which database service is most suitable?

1: Amazon RDS MySQL
2: Amazon EC2 instance with MySQL database installed
3: Amazon Aurora
4: Amazon Aurora Serverless

A

1: Amazon RDS MySQL
2: Amazon EC2 instance with MySQL database installed
3: Amazon Aurora

4: Amazon Aurora Serverless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An Architect needs to find a way to automatically and repeatably create many member accounts within an AWS Organization. The accounts also need to be moved into an OU and have VPCs and subnets created. What is the best way to achieve this?

1: Use the AWS Organizations API
2: Use CloudFormation with scripts
3: Use the AWS Management Console
4: Use the AWS CLI

A

1: Use the AWS Organizations API

2: Use CloudFormation with scripts

3: Use the AWS Management Console
4: Use the AWS CLI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

An organization is extending a secure development environment into AWS. They have already secured the VPC including removing the Internet Gateway and setting up a Direct Connect connection. What else needs to be done to add encryption?

1: Setup a Virtual Private Gateway (VPG)
2: Enable IPSec encryption on the Direct Connect connection
3: Setup the Border Gateway Protocol (BGP) with encryption
4: Configure an AWS Direct Connect Gateway

A

1: Setup a Virtual Private Gateway (VPG)

2: Enable IPSec encryption on the Direct Connect connection
3: Setup the Border Gateway Protocol (BGP) with encryption
4: Configure an AWS Direct Connect Gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A shared services VPC is being setup for use by several AWS accounts. An application needs to be securely shared from the shared services VPC. The solution should not allow consumers to connect to other instances in the VPC. How can this be setup with the least administrative effort? (Select TWO)

1: Create a Network Load Balancer (NLB)
2: Use AWS PrivateLink to expose the application as an endpoint service
3: Use AWS ClassicLink to expose the application as an endpoint service
4: Setup VPC peering between each AWS VPC 5: Configure security groups to restrict access

A

1: Create a Network Load Balancer (NLB)

2: Use AWS PrivateLink to expose the application as an endpoint service

3: Use AWS ClassicLink to expose the application as an endpoint service
4: Setup VPC peering between each AWS VPC 5: Configure security groups to restrict access

28
Q

A web app allows users to upload images for viewing online. The compute layer that processes the images is behind an Auto Scaling group. The processing layer should be decoupled from the front end and the ASG needs to dynamically adjust based on the number of images being uploaded. How can this be achieved?

1: Create an Amazon SNS Topic to generate a notification each time a message is uploaded. Have the ASG scale based on the number of SNS messages
2: Create a target tracking policy that keeps the ASG at 70% CPU utilization
3: Create an Amazon SQS queue and custom CloudWatch metric to measure the number of messages in the queue. Configure the ASG to scale based on the number of messages in the queue
4: Create a scheduled policy that scales the ASG at times of expected peak load

A

1: Create an Amazon SNS Topic to generate a notification each time a message is uploaded. Have the ASG scale based on the number of SNS messages
2: Create a target tracking policy that keeps the ASG at 70% CPU utilization

3: Create an Amazon SQS queue and custom CloudWatch metric to measure the number of messages in the queue. Configure the ASG to scale based on the number of messages in the queue

4: Create a scheduled policy that scales the ASG at times of expected peak load

29
Q

A web application is running on a fleet of Amazon EC2 instances using an Auto Scaling Group. It is desired that the CPU usage in the fleet is kept at 40%. How should scaling be configured?

1: Use a simple scaling policy that launches instances when the average CPU hits 40%
2: Use a target tracking policy that keeps the average aggregate CPU utilization at 40%
3: Use a step scaling policy that uses the PercentChangeInCapacity value to adjust the group size as required
4: Use a custom CloudWatch alarm to monitor CPU usage and notify the ASG using Amazon SNS

A

1: Use a simple scaling policy that launches instances when the average CPU hits 40%

2: Use a target tracking policy that keeps the average aggregate CPU utilization at 40%

3: Use a step scaling policy that uses the PercentChangeInCapacity value to adjust the group size as required
4: Use a custom CloudWatch alarm to monitor CPU usage and notify the ASG using Amazon SNS

30
Q

Health related data in Amazon S3 needs to be frequently accessed for up to 90 days. After that time the data must be retained for compliance reasons for seven years and is rarely accessed. Which storage classes should be used?

1: Store data in STANDARD for 90 days then transition the data to DEEP_ARCHIVE
2: Store data in INTELLIGENT_TIERING for 90 days then transition to STANDARD_IA
3: Store data in STANDARD for 90 days then expire the data
4: Store data in STANDARD for 90 days then transition to REDUCED_REDUNDANCY

A

1: Store data in STANDARD for 90 days then transition the data to DEEP_ARCHIVE

2: Store data in INTELLIGENT_TIERING for 90 days then transition to STANDARD_IA
3: Store data in STANDARD for 90 days then expire the data
4: Store data in STANDARD for 90 days then transition to REDUCED_REDUNDANCY

31
Q

An e-commerce web application needs a highly scalable key-value database. Which AWS database service should be used?

1: Amazon RDS
2: Amazon RedShift
3: Amazon DynamoDB
4: Amazon ElastiCache

A

1: Amazon RDS
2: Amazon RedShift

3: Amazon DynamoDB

4: Amazon ElastiCache

32
Q

You work for Digital Cloud Training and have just created a number of IAM users in your AWS account. You need to ensure that the users are able to make API calls to AWS services. What else needs to be done?

1: Enable Multi-Factor Authentication for the users
2: Create a set of Access Keys for the users
3: Set a password for each user
4: Create a group and add the users to it

A

1: Enable Multi-Factor Authentication for the users

2: Create a set of Access Keys for the users

3: Set a password for each user
4: Create a group and add the users to it

33
Q

A Solutions Architect is migrating a small relational database into AWS. The database will run on an EC2 instance and the DB size is around 500 GB. The database is infrequently used with small amounts of requests spread across the day. The DB is a low priority and the Architect needs to lower the cost of the solution. What is the MOST cost-effective storage type?

1: Amazon EBS Provisioned IOPS SSD
2: Amazon EFS
3: Amazon EBS Throughput Optimized HDD
4: Amazon EBS General Purpose SSD

A

1: Amazon EBS Provisioned IOPS SSD
2: Amazon EFS

3: Amazon EBS Throughput Optimized HDD

4: Amazon EBS General

34
Q

A Solutions Architect is designing a solution for a financial application that will receive trading data in large volumes. What is the best solution for ingesting and processing a very large number of data streams in near real time?

1: Amazon Redshift
2: Amazon Kinesis Firehose
3: Amazon EMR
4: Amazon Kinesis Data Streams

A

1: Amazon Redshift
2: Amazon Kinesis Firehose
3: Amazon EMR

4: Amazon Kinesis Data Streams

35
Q

You have created an application in a VPC that uses a Network Load Balancer (NLB). The application will be offered in a service provider model for AWS principals in other accounts within the region to consume. Based on this model, what AWS service will be used to offer the service for consumption?

1: IAM Role Based Access Control
2: Route 53
3: VPC Endpoint Services using AWS PrivateLink
4: API Gateway

A

1: IAM Role Based Access Control
2: Route 53

3: VPC Endpoint Services using AWS PrivateLink

4: API Gateway

36
Q

A company is migrating an on-premises 10 TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replicate lag must be kept under 100 milliseconds. Which Amazon RDS engine meets these requirements?

1: Amazon Aurora
2: Oracle
3: Microsoft SQL Server
4: MySQL

A

1: Amazon Aurora

2: Oracle
3: Microsoft SQL Server
4: MySQL

37
Q

A Solutions Architect is determining the best method for provisioning Internet connectivity for a data-processing application that will pull large amounts of data from an object storage system via the Internet. The solution must be redundant and have no constraints on bandwidth. Which option satisfies these requirements?

1: Deploy NAT Instances in a public subnet
2: Use a NAT Gateway
3: Create a VPC endpoint
4: Attach an Internet Gateway

A

1: Deploy NAT Instances in a public subnet
2: Use a NAT Gateway
3: Create a VPC endpoint

4: Attach an Internet Gateway

38
Q

You need a service that can provide you with control over which traffic to allow or block to your web applications by defining customizable web security rules. You need to block common attack patterns, such as SQL injection and cross-site scripting, as well as creating custom rules for your own applications. Which AWS service fits these requirements?

1: Security Groups
2: AWS WAF
3: CloudFront
4: Route 53

A

1: Security Groups

2: AWS WAF

3: CloudFront
4: Route 53

39
Q

A Solutions Architect is designing a mobile application that will capture receipt images to track expenses. The Architect wants to store the images on Amazon S3. However, uploading the images through the web server will create too much traffic. What is the MOST efficient method to store images from a mobile application on Amazon S3?

1: Expand the web server fleet with Spot instances to provide the resources to handle the images
2: Upload to a second bucket, and have a Lambda event copy the image to the primary bucket
3: Upload to a separate Auto Scaling Group of server behind an ELB Classic Load Balancer, and have the server instances write to the Amazon S3 bucket
4: Upload directly to S3 using a pre-signed URL

A

1: Expand the web server fleet with Spot instances to provide the resources to handle the images
2: Upload to a second bucket, and have a Lambda event copy the image to the primary bucket
3: Upload to a separate Auto Scaling Group of server behind an ELB Classic Load Balancer, and have the server instances write to the Amazon S3 bucket

4: Upload directly to S3 using a pre-signed URL

40
Q

An EC2 status check on an EBS volume is showing as insufficient-data. What is the most likely explanation?

1: The checks have failed on the volume
2: The checks may still be in progress on the volume
3: The volume does not have enough data on it to check properly
4: The checks require more information to be manually entered

A

1: The checks have failed on the volume

2: The checks may still be in progress on the volume

3: The volume does not have enough data on it to check properly
4: The checks require more information to be manually entered

41
Q

A Kinesis consumer application is reading at a slower rate than expected. It has been identified that multiple consumer applications have total reads exceeding the per-shard limits. How can this situation be resolved?

1: Increase the number of shards in the Kinesis data stream
2: Implement API throttling to restrict the number of requests per-shard
3: Increase the number of read transactions per shard
4: Implement read throttling for the Kinesis data stream

A

1: Increase the number of shards in the Kinesis data stream

2: Implement API throttling to restrict the number of requests per-shard
3: Increase the number of read transactions per shard
4: Implement read throttling for the Kinesis data stream

42
Q

A Solutions Architect is designing a workload that requires a high performance object-based storage system that must be shared with multiple Amazon EC2 instances. Which AWS service delivers these requirements?

1: Amazon S3
2: Amazon ElastiCache
3: Amazon EFS
4: Amazon EBS

A

1: Amazon S3

2: Amazon ElastiCache
3: Amazon EFS
4: Amazon EBS

43
Q

You have been asked to deploy a new High-Performance Computing (HPC) cluster. You need to create a design for the EC2 instances that ensures close proximity, low latency and high network throughput. Which AWS features will help you to achieve this requirement whilst considering cost? (Select TWO)

1: Use Provisioned IOPS EBS volumes
2: Launch I/O Optimized EC2 instances in one private subnet in an AZ
3: Use EC2 instances with Enhanced Networking
4: Use dedicated hosts
5: Use Placement groups

A

1: Use Provisioned IOPS EBS volumes
2: Launch I/O Optimized EC2 instances in one private subnet in an AZ

3: Use EC2 instances with Enhanced Networking

4: Use dedicated hosts

5: Use Placement groups

44
Q

An issue has been reported whereby Amazon EC2 instances are not being terminated from an Auto Scaling Group behind an ELB when traffic volumes are low. How can this be fixed?

1: Modify the upper threshold settings on the ASG
2: Modify the lower threshold settings on the ASG
3: Modify the scale down increment
4: Modify the scaling settings on the ELB

A

1: Modify the upper threshold settings on the ASG

2: Modify the lower threshold settings on the ASG

3: Modify the scale down increment
4: Modify the scaling settings on the ELB

45
Q

Your Business Intelligence team use SQL tools to analyze data. What would be the best solution for performing queries on structured data that is being received at a high velocity?

1: EMR using Hive
2: Kinesis Firehose with RDS
3: EMR running Apache Spark
4: Kinesis Firehose with RedShift

A

1: EMR using Hive
2: Kinesis Firehose with RDS
3: EMR running Apache Spark

4: Kinesis Firehose with RedShift

46
Q

A new security mandate requires that all personnel data held in the cloud is encrypted at rest. Which two methods allow you to encrypt data stored in S3 buckets at rest cost-efficiently? (Select TWO)

1: Make use of AWS S3 bucket policies to control access to the data at rest
2: Use AWS S3 server-side encryption with Key Management Service keys or Customer-provided keys
3: Use CloudHSM
4: Encrypt the data at the source using the client’s CMK keys before transferring it to S3
5: Use Multipart upload with SSL

A

1: Make use of AWS S3 bucket policies to control access to the data at rest

2: Use AWS S3 server-side encryption with Key Management Service keys or Customer-provided keys

3: Use CloudHSM

4: Encrypt the data at the source using the client’s CMK keys before transferring it to S3

5: Use Multipart upload with SSL

47
Q

An application stack includes an Elastic Load Balancer in a public subnet, a fleet of Amazon EC2 instances in an Auto Scaling Group, and an Amazon RDS MySQL cluster. Users connect to the application from the Internet. The application servers and database must be secure. What is the most appropriate architecture for the application stack?

1: Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster
2: Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster
3: Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster
4: Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster

A

1: Create a public subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster
2: Create a public subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster

3: Create a private subnet for the Amazon EC2 instances and a private subnet for the Amazon RDS cluster

4: Create a private subnet for the Amazon EC2 instances and a public subnet for the Amazon RDS cluster

48
Q

An application currently stores all data on Amazon EBS volumes. All EBS volumes must be backed up durably across multiple Availability Zones. What is the MOST resilient way to back up volumes?

1: Take regular EBS snapshots
2: Enable EBS volume encryption
3: Mirror data across two EBS volumes
4: Create a script to copy data to an EC2 instance store

A

1: Take regular EBS snapshots

2: Enable EBS volume encryption
3: Mirror data across two EBS volumes
4: Create a script to copy data to an EC2 instance store

49
Q

You have implemented API Gateway and enabled a cache for a specific stage. How can you control the cache to enhance performance and reduce load on back-end services?

1: Configure the throttling feature
2: Enable bursting
3: Using time-to-live (TTL) settings
4: Using CloudFront controls

A

1: Configure the throttling feature
2: Enable bursting

3: Using time-to-live (TTL) settings

4: Using CloudFront controls

50
Q

The development team at your company have created a new mobile application that will be used by users to access confidential data. The developers have used Amazon Cognito for authentication, authorization, and user management. Due to the sensitivity of the data, there is a requirement to add another method of authentication in addition to a username and password. You have been asked to recommend the best solution. What is your recommendation?

1: Use multi-factor authentication (MFA) with a Cognito user pool
2: Integrate a third-party identity provider (IdP)
3: Enable multi-factor authentication (MFA) in IAM
4: Integrate IAM with a user pool in Cognito

A

1: Use multi-factor authentication (MFA) with a Cognito user pool

2: Integrate a third-party identity provider (IdP)
3: Enable multi-factor authentication (MFA) in IAM
4: Integrate IAM with a user pool in Cognito

51
Q

A company is serving videos to their customers from us-east-1 from an Amazon S3 bucket. The company’s customers are located around the world and there is high demand during peak hours. Customers in Asia complain about slow download speeds during peak hours and customers in all locations have reported experiencing HTTP 500 errors. How can a Solutions Architect address the issues?

A company is serving videos to their customers from us-east-1 from an Amazon S3 bucket. The company’s customers are located around the world and there is high demand during peak hours. Customers in Asia complain about slow download speeds during peak hours and customers in all locations have reported experiencing HTTP 500 errors. How can a Solutions Architect address the issues?

1: Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute GET requests between CloudFront and the S3 bucket
2: Replicate the bucket in us-east-1 and use Amazon Route 53 failover routing to determine which bucket to serve the content from
3: Cache the web content using Amazon CloudFront and use all Edge locations for content delivery
4: Place an Amazon ElastiCache cluster in front of the S3 bucket

A

1: Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute GET requests between CloudFront and the S3 bucket
2: Replicate the bucket in us-east-1 and use Amazon Route 53 failover routing to determine which bucket to serve the content from

3: Cache the web content using Amazon CloudFront and use all Edge locations for content delivery

4: Place an Amazon ElastiCache cluster in front of the S3 bucket

52
Q

There is expected to be a large increase in write intensive traffic to a website you manage that registers users onto an online learning program. You are concerned about writes to the database being dropped and need to come up with a solution to ensure this does not happen. Which of the solution options below would be the best approach to take?

1: Update the application to write data to an SQS queue and provision additional EC2 instances to process the data and write it to the database
2: Use RDS in a multi-AZ configuration to distribute writes across AZs
3: Use CloudFront to cache the writes and configure the database as a custom origin
4: Update the application to write data to an S3 bucket and provision additional EC2 instances to process the data and write it to the database

A

1: Update the application to write data to an SQS queue and provision additional EC2 instances to process the data and write it to the database

2: Use RDS in a multi-AZ configuration to distribute writes across AZs
3: Use CloudFront to cache the writes and configure the database as a custom origin
4: Update the application to write data to an S3 bucket and provision additional EC2 instances to process the data and write it to the database

53
Q

You are designing a solution on AWS that requires a file storage layer that can be shared between multiple EC2 instances. The storage should be highly-available and should scale easily. Which AWS service can be used for this design?

1: Amazon S3
2: Amazon EC2 instance store
3: Amazon EFS
4: Amazon EBS

A

1: Amazon S3
2: Amazon EC2 instance store

3: Amazon EFS

4: Amazon EBS

54
Q

A company is generating large datasets with millions of rows that must be summarized by column. Existing business intelligence tools will be used to build daily reports. Which storage service meets the requirements?

1: Amazon DynamoDB
2: Amazon RDS
3: Amazon RedShift
4: Amazon ElastiCache

A

1: Amazon DynamoDB
2: Amazon RDS

3: Amazon RedShift

4: Amazon ElastiCache

55
Q

You need to scale read operations for your Amazon Aurora DB within a region. To increase availability you also need to be able to failover if the primary instance fails. What should you implement?

1: Aurora Replicas
2: A DB cluster
3: An Aurora Cluster Volume
4: Aurora Global Database

A

1: Aurora Replicas

2: A DB cluster
3: An Aurora Cluster Volume
4: Aurora Global Database

56
Q

An Architect is designing a serverless application that will accept images uploaded by users from around the world. The application will make API calls to back-end services and save the session state data of the user to a database. Which combination of services would provide a solution that is cost-effective while delivering the least latency?

1: Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, DynamoDB
2: Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, Amazon RDS
3: Amazon S3, API Gateway, AWS Lambda, Amazon RDS
4: API Gateway, Amazon S3, AWS Lambda, DynamoDB

A

1: Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, DynamoDB

2: Amazon CloudFront, API Gateway, Amazon S3, AWS Lambda, Amazon RDS
3: Amazon S3, API Gateway, AWS Lambda, Amazon RDS
4: API Gateway, Amazon S3, AWS Lambda, DynamoDB

57
Q

You are developing an application that uses Lambda functions. You need to store some sensitive data that includes credentials for accessing the database tier. You are planning to store this data as environment variables within Lambda. How can you ensure this sensitive information is properly secured?

1: This cannot be done, only the environment variables that relate to the Lambda function itself can be encrypted
2: Use encryption helpers that leverage AWS Key Management Service to store the sensitive information as Ciphertext
3: There is no need to make any changes as all environment variables are encrypted by default with AWS Lambda
4: Store the environment variables in an encrypted DynamoDB table and configure Lambda to retrieve them as required

A

1: This cannot be done, only the environment variables that relate to the Lambda function itself can be encrypted

2: Use encryption helpers that leverage AWS Key Management Service to store the sensitive information as Ciphertext

3: There is no need to make any changes as all environment variables are encrypted by default with AWS Lambda
4: Store the environment variables in an encrypted DynamoDB table and configure Lambda to retrieve them as required

58
Q

You are deploying an application on Amazon EC2 that must call AWS APIs. Which method of securely passing credentials to the application should you use?

1: Store the API credentials on the instance using instance metadata
2: Store API credentials as an object in Amazon S3
3: Embed the API credentials into your application files
4: Assign IAM roles to the EC2 instances

A

1: Store the API credentials on the instance using instance metadata
2: Store API credentials as an object in Amazon S3
3: Embed the API credentials into your application files

4: Assign IAM roles to the EC2 instances

59
Q
  1. Question A Solutions Architect needs to monitor application logs and receive a notification whenever a specific number of occurrences of certain HTTP status code errors occur. Which tool should the Architect use?
    1: CloudWatch Metrics
    2: CloudWatch Events
    3: CloudTrail Trails
    4: CloudWatch Logs
A

1: CloudWatch Metrics
2: CloudWatch Events
3: CloudTrail Trails

4: CloudWatch Logs

60
Q

A Solutions Architect is designing a static website that will use the zone apex of a DNS domain (e.g. example.com). The Architect wants to use the Amazon Route 53 service. Which steps should the Architect take to implement a scalable and cost-effective solution? (Select TWO)

1: Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers
2: Serve the website from an Amazon S3 bucket, and map a Route 53 Alias record to the website endpoint
3: Host the website on an Amazon EC2 instance, and map a Route 53 Alias record to the public IP address of the EC2 instance
4: Host the website using AWS Elastic Beanstalk, and map a Route 53 Alias record to the Beanstalk stack
5: Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 Alias record to the ELB endpoint

A

1: Create a Route 53 hosted zone, and set the NS records of the domain to use Route 53 name servers

2: Serve the website from an Amazon S3 bucket, and map a Route 53 Alias record to the website endpoint

3: Host the website on an Amazon EC2 instance, and map a Route 53 Alias record to the public IP address of the EC2 instance
4: Host the website using AWS Elastic Beanstalk, and map a Route 53 Alias record to the Beanstalk stack
5: Host the website on an Amazon EC2 instance with ELB and Auto Scaling, and map a Route 53 Alias record to the ELB endpoint

61
Q

A Solutions Architect is designing a web page for event registrations and needs a managed service to send a text message to users every time users sign up for an event. Which AWS service should the Architect use to achieve this?

1: Amazon STS
2: Amazon SQS
3: AWS Lambda
4: Amazon SNS

A

1: Amazon STS
2: Amazon SQS
3: AWS Lambda

4: Amazon SNS

62
Q

A company runs a service on AWS to provide offsite backups for images on laptops and phones. The solution must support millions of customers, with thousands of images per customer. Images will be retrieved infrequently but must be available for retrieval immediately. Which is the MOST cost-effective storage option that meets these requirements?

1: Amazon Glacier with expedited retrievals
2: Amazon S3 Standard-Infrequent Access
3: Amazon EFS
4: Amazon S3 Standard

A

1: Amazon Glacier with expedited retrievals

2: Amazon S3 Standard-Infrequent Access

3: Amazon EFS
4: Amazon S3 Standard

63
Q

A Solutions Architect is designing a solution to store and archive corporate documents, and has determined that Amazon Glacier is the right solution. Data must be delivered within 10 minutes of a retrieval request. Which features in Amazon Glacier can help meet this requirement?

1: Standard retrieval
2: Bulk retrieval
3: Expedited retrieval
4: Vault Lock

A

1: Standard retrieval
2: Bulk retrieval

3: Expedited retrieval

4: Vault Lock

64
Q

You are planning to deploy a number of EC2 instances in your VPC. The EC2 instances will be deployed across several subnets and multiple AZs. What AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?

1: AWS WAF
2: Security group
3: Route table
4: Network ACL

A

1: AWS WAF

2: Security group

3: Route table
4: Network ACL

65
Q

A critical database runs in your VPC for which availability is a concern. Which RDS DB instance events may force the DB to be taken offline during a maintenance window?

1: Selecting the Multi-AZ feature
2: Security patching
3: Promoting a Read Replica
4: Updating DB parameter groups

A

1: Selecting the Multi-AZ feature

2: Security patching

3: Promoting a Read Replica
4: Updating DB parameter groups

ag-AWS Study Deck - SAA (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions