More Test Questions - 5 Flashcards
A Solutions Architect has deployed an API using Amazon API Gateway and created usage plans and API keys for several customers. Requests from one particular customer have been excessive and the solutions architect needs to limit the rate of requests. Other customers should not be affected. How should the solutions architect proceed?
1: Configure a server-side throttling limit
2: Configure the per-method throttling limits
3: Configure per-client throttling limits
4: Configure the account-level throttling limits
1: Configure a server-side throttling limit
2: Configure the per-method throttling limits
3: Configure per-client throttling limits
4: Configure the account-level throttling limits
A Solutions Architect is deploying a high performance computing (HPC) application on Amazon EC2 instances. The application requires extremely low inter-instance latency. How should the instances be deployed for BEST performance?
1: Use an instance with enhanced networking and deploy the instances in a partition placement group
2: Use an Elastic Fabric Adapter (EFA) and deploy instances in a cluster placement group
3: Add multiple Elastic Network Adapters (ENAs) to each instance and create a NIC team
4: Use an EBS-optimized instance with 10 Gigabit networking and deploy to a single subnet
1: Use an instance with enhanced networking and deploy the instances in a partition placement group
2: Use an Elastic Fabric Adapter (EFA) and deploy instances in a cluster placement group
3: Add multiple Elastic Network Adapters (ENAs) to each instance and create a NIC team
4: Use an EBS-optimized instance with 10 Gigabit networking and deploy to a single subnet
A company has deployed an API using Amazon API Gateway. There are many repeat requests and a solutions architect has been asked to implement measures to reduce request latency and the number of calls to the Amazon EC2 endpoint. How can this be most easily achieved?
1: Create a cache for a stage and configure a TTL
2: Create a cache for a method and configure a TTL
3: Configure an edge-optimized endpoint with CloudFront
4: Configure a private endpoint place ElastiCache in front
1: Create a cache for a stage and configure a TTL
2: Create a cache for a method and configure a TTL
3: Configure an edge-optimized endpoint with CloudFront
4: Configure a private endpoint place ElastiCache in front
A Solutions Architect is designing a migration strategy for a company moving to the AWS Cloud. The company use a shared Microsoft filesystem that uses Distributed File System Namespaces (DFSN). What will be the MOST suitable migration strategy for the filesystem?
1: Use the AWS Server Migration Service to migrate to an Amazon S3 bucket
2: Use the AWS Server Migration Service to migrate to Amazon FSx for Lustre
3: Use AWS DataSync to migrate to an Amazon EFS filesystem
4: Use AWS DataSync to migrate to Amazon FSx for Windows File Server
1: Use the AWS Server Migration Service to migrate to an Amazon S3 bucket
2: Use the AWS Server Migration Service to migrate to Amazon FSx for Lustre
3: Use AWS DataSync to migrate to an Amazon EFS filesystem
4: Use AWS DataSync to migrate to Amazon FSx for Windows File Server
An Amazon ElastiCache for Redis cluster runs across multiple Availability Zones. A solutions architect is concerned about the security of sensitive data as it is replicated between nodes. How can the solutions architect protect the sensitive data?
1: Issue a Redis AUTH command
2: Enable in-transit encryption
3: Enable at-rest encryption
4: Set up MFA and API logging
1: Issue a Redis AUTH command
2: Enable in-transit encryption
3: Enable at-rest encryption
4: Set up MFA and API logging
A company runs an application on-premises that must consume a REST API running on Amazon API Gateway. The company has an AWS Direct Connect connection to their Amazon VPC. The solutions architect wants all API calls to use private addressing only and avoid the internet. How can this be achieved?
1: Use a transit virtual interface and an AWS VPN to create a secure tunnel to Amazon API Gateway
2: Use a private virtual interface and create a VPC Endpoint for Amazon API Gateway
3: Use a hosted virtual interface and create a VPC Endpoint for Amazon API Gateway
4: Use a public virtual interface and an AWS VPN to create a secure tunnel to Amazon API Gateway
1: Use a transit virtual interface and an AWS VPN to create a secure tunnel to Amazon API Gateway
2: Use a private virtual interface and create a VPC Endpoint for Amazon API Gateway
3: Use a hosted virtual interface and create a VPC Endpoint for Amazon API Gateway
4: Use a public virtual interface and an AWS VPN to create a secure tunnel to Amazon API Gateway
A company has an eCommerce application that runs from multiple AWS Regions. Each region has a separate database running on Amazon EC2 instances. The company plans to consolidate the data to a columnar database and run analytics queries. Which approach should the company take?
1: Run an AWS Batch job to copy and process the data into a columnar Amazon RDS database. Use Amazon Athena to analyze the data
2: Use the COPY command to load data into an Amazon RedShift data warehouse and run the analytics queries there
3: Launch Amazon Kinesis Data Streams producers to load data into a Kinesis Data stream. Use Kinesis Data Analytics to analyze the data
4: Create an AWS Lambda function that copies the data onto Amazon S3. Use Amazon S3 Select to query the data
1: Run an AWS Batch job to copy and process the data into a columnar Amazon RDS database. Use Amazon Athena to analyze the data
2: Use the COPY command to load data into an Amazon RedShift data warehouse and run the analytics queries there
3: Launch Amazon Kinesis Data Streams producers to load data into a Kinesis Data stream. Use Kinesis Data Analytics to analyze the data
4: Create an AWS Lambda function that copies the data onto Amazon S3. Use Amazon S3 Select to query the data
There has been an increase in traffic to an application that writes data to an Amazon DynamoDB database. Thousands of random tables reads occur per second and low-latency is required. What can a Solutions Architect do to improve performance for the reads without negatively impacting the rest of the application?
1: Increase the number of Amazon DynamoDB write capacity units
2: Add an Amazon SQS queue to decouple the requests
3: Use Amazon DynamoDB Accelerator to cache the reads
4: Use an Amazon Kinesis Data Stream to decouple requests
1: Increase the number of Amazon DynamoDB write capacity units
2: Add an Amazon SQS queue to decouple the requests
3: Use Amazon DynamoDB Accelerator to cache the reads
4: Use an Amazon Kinesis Data Stream to decouple requests
A Solutions Architect must enable an application to download software updates from the internet. The application runs on a series of EC2 instances in an Auto Scaling group running in a private subnet. The solution must involve minimal ongoing systems management effort. How should the Solutions Architect proceed?
1: Implement a NAT gateway
2: Launch a NAT instance
3: Create a Virtual Private Gateway
4: Attach Elastic IP addresses
1: Implement a NAT gateway
2: Launch a NAT instance
3: Create a Virtual Private Gateway
4: Attach Elastic IP addresses
A Solutions Architect manages multiple Amazon RDS MySQL databases. To improve security, the Solutions Architect wants to enable secure user access with short-lived credentials. How can these requirements be met?
1: Configure the MySQL databases to use the AWS Security Token Service (STS)
2: Configure the application to use the AUTH command to send a unique password
3: Create the MySQL user accounts to use the AWSAuthenticationPlugin with IAM
4: Configure the MySQL databases to use AWS KMS data encryption keys
1: Configure the MySQL databases to use the AWS Security Token Service (STS)
2: Configure the application to use the AUTH command to send a unique password
3: Create the MySQL user accounts to use the AWSAuthenticationPlugin with IAM
4: Configure the MySQL databases to use AWS KMS data encryption keys
An application running a private subnet of an Amazon VPC must have outbound internet access for downloading updates. The Solutions Architect does not want the application exposed to inbound connection attempts. Which steps should be taken?
1: Create a NAT gateway but do not create attach an internet gateway to the VPC
2: Attach an internet gateway to the private subnet and create a NAT gateway
3: Attach an internet gateway to the VPC but do not create a NAT gateway
4: Create a NAT gateway and attach an internet gateway to the VPC
1: Create a NAT gateway but do not create attach an internet gateway to the VPC
2: Attach an internet gateway to the private subnet and create a NAT gateway
3: Attach an internet gateway to the VPC but do not create a NAT gateway
4: Create a NAT gateway and attach an internet gateway to the VPC
An application has been migrated from on-premises to an Amazon EC2 instance. The migration has failed to an unknown dependency that the application must communicate with an on-premises server using private IP addresses. Which action should a solutions architect take to quickly provision the necessary connectivity?
1: Setup an AWS Direct Connect connection
2: Configure a Virtual Private Gateway
3: Create an Amazon CloudFront distribution
4: Create an AWS Transit Gateway
1: Setup an AWS Direct Connect connection
2: Configure a Virtual Private Gateway
3: Create an Amazon CloudFront distribution
4: Create an AWS Transit Gateway
A company runs an API on a Linux server in their on-premises data center. The company are planning to migrate the API to the AWS cloud. The company require a highly available, scalable and cost-effective solution. What should a Solutions Architect recommend?
1: Migrate the API to Amazon API Gateway and migrate the backend to Amazon EC2
2: Migrate the API server to Amazon EC2 instances in an Auto Scaling group and attach an Application Load Balancer
3: Migrate the API to Amazon API Gateway and use AWS Lambda as the backend
4: Migrate the API to Amazon CloudFront and use AWS Lambda as the origin
1: Migrate the API to Amazon API Gateway and migrate the backend to Amazon EC2
2: Migrate the API server to Amazon EC2 instances in an Auto Scaling group and attach an Application Load Balancer
3: Migrate the API to Amazon API Gateway and use AWS Lambda as the backend
4: Migrate the API to Amazon CloudFront and use AWS Lambda as the origin
An application that is being installed on an Amazon EC2 instance requires a persistent block storage volume. The data must be encrypted at rest and regular volume-level backups must be automated. Which solution options should be used?
1: Use an encrypted Amazon EBS volume and use Data Lifecycle Manager to automate snapshots
2: Use an encrypted Amazon EFS filesystem and use an Amazon CloudWatch Events rule to start a backup copy of data using AWS Lambda
3: Use server-side encryption on an Amazon S3 bucket and use Cross-Region-Replication to backup on a schedule
4: Use an encrypted Amazon EC2 instance store and copy the data to another EC2 instance using a cron job and a batch script
1: Use an encrypted Amazon EBS volume and use Data Lifecycle Manager to automate snapshots
2: Use an encrypted Amazon EFS filesystem and use an Amazon CloudWatch Events rule to start a backup copy of data using AWS Lambda
3: Use server-side encryption on an Amazon S3 bucket and use Cross-Region-Replication to backup on a schedule
4: Use an encrypted Amazon EC2 instance store and copy the data to another EC2 instance using a cron job and a batch script
A company has several AWS accounts each with multiple Amazon VPCs. The company must establish routing between all private subnets. The architecture should be simple and allow transitive routing to occur. How should the network connectivity be configured?
1: Create a transitive VPC peering connection between each Amazon VPC and configure route tables
2: Create an AWS Transit Gateway and share it with each account using AWS Resource Access Manager
3: Create an AWS Managed VPN between each Amazon VPC and configure route tables
4: Create a hub-and-spoke topology with AWS App Mesh and use AWS Resource Access Manager to share route tables
1: Create a transitive VPC peering connection between each Amazon VPC and configure route tables
2: Create an AWS Transit Gateway and share it with each account using AWS Resource Access Manager
3: Create an AWS Managed VPN between each Amazon VPC and configure route tables
4: Create a hub-and-spoke topology with AWS App Mesh and use AWS Resource Access Manager to share route tables
An organization is planning their disaster recovery solution. They would like to keep their core business critical systems running in the cloud. Other services can be replicated but switched off. Which DR strategy should a Solutions Architect recommend?
1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site
1: Backup and restore
2: Pilot light
3: Warm standby
4: Multi-site
An application analyzes images of people that are uploaded to an Amazon S3 bucket. The application determines demographic data which is then saved to a .CSV file in another S3 bucket. The data must be encrypted at rest and then queried using SQL. The solution should be fully serverless. Which actions should a Solutions Architect take to encrypt and query the data?
1: Use Amazon S3 server-side encryption and use Amazon RedShift Spectrum to query the data
2: Use AWS KMS encryption keys for the S3 bucket and use Amazon Athena to query the data
3: Use AWS KMS encryption keys for the S3 bucket and use Amazon Kinesis Data Analytics to query the data
4: Use Amazon S3 server-side encryption and Amazon QuickSight to query the data
1: Use Amazon S3 server-side encryption and use Amazon RedShift Spectrum to query the data
2: Use AWS KMS encryption keys for the S3 bucket and use Amazon Athena to query the data
3: Use AWS KMS encryption keys for the S3 bucket and use Amazon Kinesis Data Analytics to query the data
4: Use Amazon S3 server-side encryption and Amazon QuickSight to query the data
A large quantity of data is stored on a NAS device on-premises and accessed using the SMB protocol. The company require a managed service for hosting the filesystem and a tool to automate the migration. Which actions should a Solutions Architect take?
1: Migrate the data to Amazon EFS using the AWS Server Migration Service (SMS)
2: Migrate the data to Amazon FSx for Lustre using AWS DataSync
3: Migrate the data to Amazon FSx for Windows File Server using AWS DataSync
4: Migrate the data to Amazon S3 using and AWS Snowball Edge device
1: Migrate the data to Amazon EFS using the AWS Server Migration Service (SMS)
2: Migrate the data to Amazon FSx for Lustre using AWS DataSync
3: Migrate the data to Amazon FSx for Windows File Server using AWS DataSync
4: Migrate the data to Amazon S3 using and AWS Snowball Edge device
The database layer of an on-premises web application is being migrated to AWS. The database uses a multi-threaded, in-memory caching layer to improve performance for repeated queries. Which service would be the most suitable replacement for the database cache?
1: Amazon ElastiCache Redis
2: Amazon DynamoDB DAX
3: Amazon ElastiCache Memcached
4: Amazon RDS MySQL
1: Amazon ElastiCache Redis
2: Amazon DynamoDB DAX
3: Amazon ElastiCache Memcached
4: Amazon RDS MySQL
A Solutions Architect is designing an application for processing and extracting data from log files. The log files are generated by an application and the number and frequency of updates varies. The files are up to 1 GB in size and processing will take around 40 seconds for each file. Which solution is the most cost-effective?
1: Write the log files to an Amazon EC2 instance with an attached EBS volume. After processing, save the files to an Amazon S3 bucket
2: Write the log files to an Amazon SQS queue. Use AWS Lambda to process the files from the queue and save to an Amazon S3 bucket
3: Write the log files to an Amazon S3 bucket. Create an event notification to invoke an Amazon ECS task to process the files and save to an Amazon S3 bucket
4: Write the log files to an Amazon S3 bucket. Create an event notification to invoke an AWS Lambda function that will process the files
1: Write the log files to an Amazon EC2 instance with an attached EBS volume. After processing, save the files to an Amazon S3 bucket
2: Write the log files to an Amazon SQS queue. Use AWS Lambda to process the files from the queue and save to an Amazon S3 bucket
3: Write the log files to an Amazon S3 bucket. Create an event notification to invoke an Amazon ECS task to process the files and save to an Amazon S3 bucket
4: Write the log files to an Amazon S3 bucket. Create an event notification to invoke an AWS Lambda function that will process the files
A large multinational retail company has a presence in AWS in multiple regions. The company has established a new office and needs to implement a high-bandwidth, low-latency connection to multiple VPCs in multiple regions within the same account. The VPCs each have unique CIDR ranges. What would be the optimum solution design using AWS technology? (Select TWO)
1: Configure AWS VPN CloudHub
2: Create a Direct Connect gateway, and create private VIFs to each region
3: Provision an MPLS network
4: Implement Direct Connect connections to each AWS region
5: Implement a Direct Connect connection to the closest AWS region
1: Configure AWS VPN CloudHub
2: Create a Direct Connect gateway, and create private VIFs to each region
3: Provision an MPLS network
4: Implement Direct Connect connections to each AWS region
5: Implement a Direct Connect connection to the closest AWS region
A Solutions Architect is creating a design for a two-tier application with a MySQL RDS back-end. The performance requirements of the database tier are hard to quantify until the application is running and the Architect is concerned about right-sizing the database. What methods of scaling are possible after the MySQL RDS database is deployed? (Select TWO)
1: Vertical scaling for read and write by choosing a larger instance size
2: Horizontal scaling for write capacity by enabling Multi-AZ
3: Vertical scaling for read and write by using Transfer Acceleration
4: Horizontal scaling for read and write by enabling Multi-Master RDS DB
5: Horizontal scaling for read capacity by creating a read-replica
1: Vertical scaling for read and write by choosing a larger instance size
2: Horizontal scaling for write capacity by enabling Multi-AZ
3: Vertical scaling for read and write by using Transfer Acceleration
4: Horizontal scaling for read and write by enabling Multi-Master RDS DB
5: Horizontal scaling for read capacity by creating a read-replica
An application is running on EC2 instances in a private subnet of an Amazon VPC. A Solutions Architect would like to connect the application to Amazon API Gateway. For security reasons, it is necessary to ensure that no traffic traverses the Internet and to ensure all traffic uses private IP addresses only. How can this be achieved?
1: Create a NAT gateway
2: Create a public VIF on a Direct Connect connection
3: Create a private API using an interface VPC endpoint
4: Add the API gateway to the subnet the EC2 instances are located in
1: Create a NAT gateway
2: Create a public VIF on a Direct Connect connection
3: Create a private API using an interface VPC endpoint
4: Add the API gateway to the subnet the EC2 instances are located in
An application stack is being created which needs a message bus to decouple the application components from each other. The application will generate up to 300 messages per second without using batching. A Solutions Architect needs to ensure that a message is delivered only once and duplicates are not introduced into the queue. It is not necessary to maintain the order of the messages. Which SQS queue type should be used?
1: Standard queues
2: Long polling queues
3: FIFO queues
4: Auto Scaling queues
1: Standard queues
2: Long polling queues
3: FIFO queues
4: Auto Scaling queues
A Solutions Architect is attempting to clean up unused EBS volumes and snapshots to save some space and cost. How many of the most recent snapshots of an EBS volume need to be maintained to guarantee that you can recreate the full EBS volume from the snapshot?
1: You must retain all snapshots as the process is incremental and therefore data is required from each snapshot
2: Two snapshots, the oldest and most recent snapshots
3: The oldest snapshot, as this references data in all other snapshots
4: Only the most recent snapshot. Snapshots are incremental, but the deletion process will ensure that no data is lost
1: You must retain all snapshots as the process is incremental and therefore data is required from each snapshot
2: Two snapshots, the oldest and most recent snapshots
3: The oldest snapshot, as this references data in all other snapshots
4: Only the most recent snapshot. Snapshots are incremental, but the deletion process will ensure that no data is lost
A Python application is currently running on Amazon ECS containers using the Fargate launch type. An ALB has been created with a Target Group that routes incoming connections to the ECS-based application. The application will be used by consumers who will authenticate using federated OIDC compliant Identity Providers such as Google and Facebook. The users must be securely authenticated on the front-end before they access the secured portions of the application. How can this be configured using an ALB?
1: The only option is to use SAML with Amazon Cognito on the ALB
2: This can be done on the ALB by creating an authentication action on a listener rule that configures an Amazon Cognito user pool with the social IdP
3: This cannot be done on an ALB; you’ll need to authenticate users on the back-end with AWS Single Sign-On (SSO) integration
4: This cannot be done on an ALB; you’ll need to use another layer in front of the ALB
1: The only option is to use SAML with Amazon Cognito on the ALB
2: This can be done on the ALB by creating an authentication action on a listener rule that configures an Amazon Cognito user pool with the social IdP
3: This cannot be done on an ALB; you’ll need to authenticate users on the back-end with AWS Single Sign-On (SSO) integration
4: This cannot be done on an ALB; you’ll need to use another layer in front of the ALB
