Solution Architect Associate 2021

Question 1

What are four key services for Compute?

Answer 1

EC2
Elastic Beanstalk
Lambda
Lightsail

Question 2

What are five key services for Storage?

Answer 2

S3
EBS
EFS
FSx
Storage Gateway

Question 3

What are three key services for Databases?

Answer 3

DynamoDB
Redshift
RDS

Question 4

What are five key services for Networking?

Answer 4

API Gateway
Direct Connect
Global Accelerator
Route 53
VPCs

Question 5

What’s a Region?

Answer 5

A physical location in the world that consists of two or more Availability Zones (AZs).

Question 6

What’s an Availability Zone?

Answer 6

One or more discrete data centers housed in separate facilities

Question 7

What’s an Edge Location?

Answer 7

Endpoints for caching content, usually CloudFront CDN.

Question 8

Name the three IAM Policy Statement options

Answer 8

Effect
Action
Resource

Question 9

How big can files in S3 be?

Answer 9

5 TB

Question 10

What does the S3 key-value pair represent?

Answer 10

Object name - object binary

Question 11

Name the six S3 storage classes

Answer 11

Standard
Standard Infrequently Accessed (IA)
One-Zone IA
Glacier
Glacier Deep Archive
Intelligent Tiering

Question 12

What is S3 Object Lock?

Answer 12

The ability to store objects with a write-once, read-many (WORM) model

Question 13

What are the two S3 Object Lock modes?

Answer 13

Governance mode where users can’t overwrite/delete object versions or alter lock settings without special permissions

Compliance mode where nobody can overwrite/delete objects, including the root user

Question 14

What is S3 Glacier Vault Lock?

Answer 14

A policy that locks an S3 Glacier vault’s compliance controls that can no longer be edited once set

Question 15

How many S3 object GET requests can there be per second per prefix (folder)?

Answer 15

5500

Question 16

What are the three S3 SSE-KMS requests/second limit quotas?

Answer 16

5500
10k
30k

Question 17

What files sizes should and must use multipart uploads to S3?

Answer 17

100+ MB

5+ GB

Question 18

What’s S3 Replication?

Answer 18

Automatic copying of objects from one bucket to another

Question 19

What are the four EC2 pricing options?

Answer 19

On-Demand
Spot
Reserved
Dedicated

Question 20

What are the three networking interface options for EC2?

Answer 20

Elastic Network Interface (ENI) for standard use

Enhanced for 10-100 Gbps throughput

Elastic Fiber Adapter (EFA) for HPC/ML

Question 21

What are the three types of EC2 Placement Groups?

Answer 21

Cluster within an AZ for low latency, high throughput

Spread across distinct hardware for critical uptime and high availability

Partition across distinct hardware for multiple logical partitions supporting HDFS (Hadoop), HBase, or Cassandra

Question 22

Which EC2 instance type is good for addressing special software licensing requirements?

Answer 22

Dedicated

Question 23

What is EBS?

Answer 23

Elastic Block Store for EC2 instances

Question 24

What’s the difference between EBS and Instance Store volumes for EC2?

Answer 24

Instance store volumes are ephemeral and data will be lost if the attached EC2 instance is stopped or terminated, while EBS volumes can persist if the attached EC2 instance is stopped or terminated.

Question 25

How long can EC2 On-Demand and Reserved instances be hibernated?

Answer 25

60 days

Question 26

What is EFS?

Answer 26

Elastic File System for shared storage across EC2 instances using the Network File System v4 (NFS) protocol

Question 27

How large can EFS scale up to?

Answer 27

Terabytes

Question 28

How many concurrent connections can EFS support?

Answer 28

Thousands

Question 29

Where is EFS data stored within a region?

Answer 29

Across multiple AZs

Question 30

What is the data consistency pattern for EFS?

Answer 30

Read-after-write

Question 31

What is FSx for Windows?

Answer 31

Centralized storage for Windows-based applications like SharePoint, SQL Server, etc.

Question 32

What is FSx for Lustre?

Answer 32

High-speed, high-capacity distributed storage for HPC, financial modeling, etc. and is stored on S3

Question 33

What is AWS Backup?

Answer 33

For consolidating backup policies and automations across services, organizations, and accounts

Question 34

What are the six RDS database types?

Answer 34

Aurora
MariaDB
MySQL
Oracle
PostgreSQL
SQL Server

Question 35

How many database read replicas are allowed per database instance?

Answer 35

5

Question 36

What’s the difference between Multi-AZ and Read-Replica RDS configurations?

Answer 36

Multi-AZ is for disaster recovery of the primary instance while read replicas are for increased performance

Question 37

How many copies of data does RDS Aurora store?

Answer 37

2 per AZ across 3 AZs for 6 copies total

Question 38

What is the primary RDS Aurora Serverless use case?

Answer 38

Provides a relatively simple, cost-effective option for infrequent, intermittent, or unpredictable workloads

Question 39

Across how many geographically distinct data centers is DynamoDB data stored?

Answer 39

3

Question 40

What’s the difference between DynamoDB Eventually and Strongly consistent reads?

Answer 40

Eventually consistent reads can be reached within one second for better performance, while Strongly consistent reads occur when all writes have been completed

Question 41

What are DynamoDB Transactions?

Answer 41

All-or-nothing database operations good for financial transactions for fulfilling orders

Question 42

What are the three read consistency options in DynamoDB?

Answer 42

Eventual
Strong
Transactional

Question 43

How may items or how much data can a DynamoDB Transaction support?

Answer 43

Up to 25 items or 4 MB of data

Question 44

What does ACID stand for and to which AWS service does it apply?

Answer 44

Atomicity
Consistency
Isolation
Durability

Applies across one or more tables within a single DynamoDB account or region

Question 45

Which RDS service has On-Demand Backup and Restore?

Answer 45

DynamoDB

Question 46

What is the time range for the DynamoDB Point-In-Time-Recovery (PITR) function?

Answer 46

Between 5 minutes and 35 days

Question 47

What is the DynamoDB feature that can be combined with Lambda functions for stored procedure-like functionality?

Answer 47

DynamoDB Streams

Question 48

For how long can DynamoDB Streams data be stored?

Answer 48

24 hours

Question 49

How does DynamoDB Streams chunk its data?

Answer 49

With a time-ordered sequence of shards

Question 50

What is DynamoDB Global Tables?

Answer 50

Managed multi-master and multi-regional data replication for globally distributed applications

Question 51

What is DynamoDB Global Tables based on?

Answer 51

DynamoDB Streams

Question 52

What is the replication latency for DynamoDB Global Tables?

Answer 52

Under 1 second

Question 53

What five items do VPCs consist of?

Answer 53

Internet or Virtual Private Gateways
Route Tables
Access Control Lists (ACLs)
Subnets
Security Groups

Question 54

In how many AZs is a subnet located?

Answer 54

1

Question 55

What’s the throughput range of a NAT Gateway?

Answer 55

5 to 45 Gbps

Question 56

How do you make a NAT Gateway highly available across AZs?

Answer 56

Create a NAT Gateway in each AZ and configure routing to ensure resources use the gateway in their same AZ

Question 57

Are security groups stateful or stateless?

Answer 57

Stateful

Question 58

What networking function do you use to block IP addresses?

Answer 58

Network ACLs

Question 59

What does each subnet need to be associated with?

Answer 59

A Network ACL

Question 60

How are Network ACLs evaluated?

Answer 60

By a numbered list of rules starting with lowest number first

Question 61

Are Network ACLs stateful or stateless?

Answer 61

Stateless

Question 62

What does Direct Connect do?

Answer 62

Establishes a dedicated network connection between on-premise data center and AWS

Question 63

What is a VPC Endpoint?

Answer 63

When you want to connect AWS services without leaving the AWS internal network

Question 64

What are the two types of VPC Endpoints?

Answer 64

Interface

Gateway

Question 65

Which two AWS services do VPC Gateway Endpoints support?

Answer 65

DynamoDB

S3

Question 66

How do you connect VPCs with one another?

Answer 66

Via Peering that works in a star configuration (no transitive peering) and between regions

Question 67

What service do you use to peer VPCs among tens, hundreds, or thousands of customer VPCs?

Answer 67

PrivateLink

Question 68

What two things does PrivateLink require?

Answer 68

A network load balancer on the service VPC and an ENI on the customer VPC

Question 69

What is Transit Gateway?

Answer 69

A network transit hub that connects your VPCs and on-premises networks

Question 70

What are the two types of network connections that Transit Gateway works with?

Answer 70

Direct Connect

VPN

Question 71

What is the only networking service that supports IP multicast?

Answer 71

Transit Gateway

Question 72

What is VPN CloudHub?

Answer 72

Allows you to securely communicate from one physical site to another via Virtual Private Gateways and Customer Gateways

Question 73

In Route 53, which is preferred: Alias or CNAME?

Answer 73

Alias

Question 74

What are the four common DNS record types?

Answer 74

A
CNAME
NS
SOA

Question 75

What are the 7 routing policies available with Route 53?

Answer 75

Simple
Weighted
Latency-Based
Failover
Geolocation
Geoproximity
Multivalue Answer

Question 76

How many days can it take for a new domain name to register?

Answer 76

3

Question 77

How does Route 53 return the IP values to the user in a Simple Routing policy?

Answer 77

Randomly

Question 78

How does Route 53’s Weighted Routing policy direct user traffic?

Answer 78

By percentage amount of traffic to one IP address versus another in relation

Question 79

How does Route 53’s Latency Routing policy direct user traffic?

Answer 79

To the IP with the lowest latency with the user, usually in miliseconds

Question 80

How does Route 53’s Failover Routing policy direct user traffic?

Answer 80

In active/passive mode where traffic goes to the active IP until a failure is detected which then routes traffic to the passive IP

Question 81

How does Route 53’s Geolocation Routing policy direct user traffic?

Answer 81

By sending users to the AWS region physically closest to them

Question 82

How does Route 53’s Geoproximity Routing policy direct user traffic?

Answer 82

Similar to Geolocation Routing with users sent to the AWS region physically closest to them, but with an optional Bias setting to expand/shrink the size of a geographic region; and it must use Traffic Flow

Question 83

How does Route 53’s Multivalue Answer Routing policy direct user traffic?

Answer 83

By routing users to multiple resources that have associated health checks

Question 84

What are the 3 different types of Elastic Load Balancers and on what network layers do they apply?

Answer 84

Application (Layer 7)
Network (Layer 4)
Classic (Layer 4 and 7)

Question 85

What is the primary limitation of an Application Load Balancer?

Answer 85

It only supports HTTP and HTTPS

Question 86

When would you use a Network Load Balancer over an Application Load Balancer?

Answer 86

When you need extreme performance at Layer 4 and other use cases where you need protocols not supported by Application Load Balancers

Question 87

With Classic Load Balancers, what HTTP error code means the gateway has timed out?

Answer 87

504

Question 88

With Classic Load Balancers, what HTTP header do you need in order to find out the IPv4 address of the end user?

Answer 88

X-Forwarded-For

Question 89

What’s a Sticky Session?

Answer 89

Where users are directed to the same resource for the duration of a session

Question 90

What does a Deregistration Delay (aka Connection Draining) on an Elastic Load Balancer do?

Answer 90

Keeps existing connections open to an EC2 instance for a set period of time after it becomes unhealthy; disable if you want the load balancer to close connections immediately

Question 91

What is the main tool for anything alarm related?

Answer 91

CloudWatch

Question 92

What service is best to monitor AWS standards?

Answer 92

Config

Question 93

What are the standard and detailed monitoring delivery intervals for CloudWatch?

Answer 93

Standard = 5 minutes
Detailed = 1 minute

Question 94

What is the log monitoring tool that works for EC2, CloudTrail, and Route 53?

Answer 94

CloudWatch Logs

Question 95

What monitoring service allows for SQL queries?

Answer 95

CloudWatch Logs Insights

Question 96

What service is best for real-time logging?

Answer 96

Kinesis

Question 97

What’s the only service that can make use of Auto Scaling?

Answer 97

EC2

Question 98

What’s a better alternative to EC2 user data to help avoid long provisioning times during Auto Scaling?

Answer 98

Building custom AMIs

Question 99

What can you use in EC2 to allow for a situation where the failure of a legacy codebase or resource that can’t be scaled can automatically recover from failure?

Answer 99

Steady state groups

Question 100

Which database service has the most scaling options?

Answer 100

RDS

Question 101

What type of scaling is preferred for databases?

Answer 101

Horizontal

Question 102

What does DynamoDB scaling come down to?

Answer 102

Access patterns

Question 103

What two things should you check for when SQS is consistently showing duplicate messages?

Answer 103

A misconfigured visibility timeout

The developer is failing to delete the message via API call

Question 104

What do you need to set up for there to be bidirectional message queueing?

Answer 104

A second SQS queue

Question 105

For how long can SQS messages persist?

Answer 105

14 days

Question 106

What SQS setting do you need if message ordering is important?

Answer 106

First In First Out (FIFO)

Question 107

What is the default Visibility Timeout in SQS?

Answer 107

30 seconds

Question 108

What is the default Message Retention Period in SQS?

Answer 108

4 days

Question 109

What is the default Delivery Delay in SQS?

Answer 109

0 seconds

Question 110

What is the default maximum message size in SQS?

Answer 110

256 KB

Question 111

What is the default Receive Message Wait Time for a standard SQS queue?

Answer 111

0 seconds for short polling; any non-zero value sets long polling

Question 112

What is the default Enable Content-Based Deduplication setting for a FIFO SQS queue?

Answer 112

Disabled

Question 113

What is the best service for proactive notifications like email, text, or push-based?

Answer 113

Simple Notification Service (SNS)

Question 114

What service is best for getting notified of CloudWatch alarms?

Answer 114

Simple Notification Service (SNS)

Question 115

What service acts as a secure front door to external communications coming into an application environment?

Answer 115

API Gateway

Question 116

Is Redshift a suitable replacement for RDS in traditional applications?

Answer 116

No

Question 117

What kind of AZ deployments does Redshift support?

Answer 117

Single; you can create multiple clusters in different AZs, but they’re separate deployments and it’s not highly available by default

Question 118

What service does EMR reside on?

Answer 118

EC2

Question 119

What is the only service with a real-time response?

Answer 119

Kinesis

Question 120

How long can Kinesis store data when used as a queue?

Answer 120

Up to 1 year

Question 121

What service is good for serverless SQL or querying data that is stored in S3?

Answer 121

Athena

Question 122

What is Glue?

Answer 122

Serverless ETL that can help create a schema for your data when paired with Athena

Question 123

What service provides visualizing data in dashboards?

Answer 123

QuickSight

Question 124

What service when combined with Logstash and Kibana creates an ELK stack that is a common way to search over server logs?

Answer 124

Elasticsearch

Question 125

What’s the best way to enable credentials with Lamba functions?

Answer 125

Roles

Question 126

What are three common Lambda triggers?

Answer 126

S3
Kinesis
EventBridge (CloudWatch Events)

Question 127

How much RAM can a Lambda function consume?

Answer 127

Up to 10 GB

Question 128

For how long can a Lambda function run?

Answer 128

Up to 15 minutes

Question 129

What’s a better way to perform an automated action than scraping through CloudTrail logs?

Answer 129

EventBridge (CloudWatch Events) rules and Lambda functions

Question 130

What open source container management service can run in AWS and on-premises?

Answer 130

Elastic Kubernetes Service (EKS)

Question 131

What is Fargate?

Answer 131

A serverless compute engine that works with Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS) that removes the need to provision and manage servers

Question 132

Which is more favored on the exam: containers or EC2?

Answer 132

Containers

Question 133

What are the four steps to implement a container?

Answer 133

1. Create a Dockerfile
2. Build an image
3. Upload to a repository
4. Run it on a host

Question 134

What are the two types of Distributed Denial of Service (DDoS) attacks?

Answer 134

Layer 4 such as SYN floods or NTP amplification

Layer 7 such as GET/POST request floods

Question 135

What three things does logging API calls with CloudTrail allow?

Answer 135

After-the-fact incident investigation

Near real-time intrusion detection

Industry/regulatory compliance auditing

Question 136

Where does CloudTrail store its logs?

Answer 136

S3

Question 137

What is Shield?

Answer 137

It protects against DDoS network Layer 3 and 4 attacks

Question 138

How much does Shield Advanced cost and what does it provide extra?

Answer 138

$3000 per month with a dedicated DDoS response team

Question 139

What are the three things the Web Application Firewall (WAF) service allows you to do?

Answer 139

Allow all requests except the ones you specify

Block all requests except the ones you specify

Count the requests that match the properties you specify

Question 140

What service blocks network Layer 7 DDoS attacks, SQL injections, and cross-site scripting?

Answer 140

Web Application Firewall (WAF)

Question 141

What service can block access to specific countries or IP addresses?

Answer 141

Web Application Firewall (WAF)

Question 142

What is GuardDuty?

Answer 142

Alerts you of any abnormal or malicious behavior in your account using AI to learn what normal behavior looks like

Question 143

What does GuardDuty do with external feeds from third parties?

Answer 143

Updates a database of known malicious domains

Question 144

What three things does GuardDuty monitor?

Answer 144

CloudTrail logs
DNS logs
VPC Flow Logs

Question 145

How can you address threats that appear in GuardDuty?

Answer 145

With EventBridge (CloudWatch Events) that can trigger Lambda functions

Question 146

What does Macie do?

Answer 146

Helps identify sensitive PII, PHI, and financial data residing in S3 using AI

Question 147

How can Macie alerts be addressed?

Answer 147

Sent to EventBridge (CloudWatch Events) and remediate with Lambda or Step Functions

Question 148

What does Inspector do?

Answer 148

Performs host and network vulnerability scans on EC2 instances and VPCs that can be run once or weekly

Question 149

What is Key Management Service (KMS)?

Answer 149

Allows you to create and control the encryption keys used to encrypt your data

Question 150

What do you need in order to start using Key Management Service (KMS)?

Answer 150

By requesting the creation of a Customer Master Key (CMK)

Question 151

What are the three ways to generate a Customer Master Key (CMK) for KMS?

Answer 151

AWS creates the CMK for you on their Hardware Security Modules (HSM)

Have the key material generated and used in a CloudHSM cluster as part of the custom key store feature in KMS

Import your own key material from your own key management infrastructure and associate it with a CMK

Question 152

What are three ways to control encryption key permissions?

Answer 152

Use the key policy

Use IAM policies in combination with the key policy

Use grants in combination with the key policy

Question 153

What are the differences between KMS and CloudHSM?

Answer 153

KMS is on shared hardware with automatic key generation and rotation

CloudHSM is on dedicated hardware with full control of users, groups, keys, etc. but with no automatic key rotation

Question 154

What is Secrets Manager?

Answer 154

Allows you to securely store application secrets such as database credentials, API keys, SSH keys, passwords, etc.

Question 155

What are the application caveats to using Secrets Manager?

Answer 155

Make sure application instances are configured to use Secrets Manager before enabling credential rotation as they rotate easily but immediately

Question 156

When should you use Parameter Store over Secrets Manager and at what threshold?

Answer 156

To minimize cost with up to 10,000 parameters

Question 157

In what three scenarios should you use Secrets Manager over Parameter Store?

Answer 157

When you need:

More than 10,000 parameters
Key rotation
The ability to generate passwords using CloudFormation

Question 158

What service feature allows you to share private files in your S3 buckets?

Answer 158

Presigned URLs

Question 159

In IAM policies, not explicitly allowed means what?

Answer 159

Implicitly denied

Question 160

In IAM policies, what supersedes all else?

Answer 160

Explicit denies

Question 161

How are IAM policies put into effect?

Answer 161

By attachment

Question 162

How are multiple IAM policies applied to an object or resource?

Answer 162

By joins

Question 163

What are the two ways IAM policies can be managed?

Answer 163

By AWS or by customer

Question 164

What service allows you to manage SSL certificates?

Answer 164

Certificate Manager

Question 165

What services does Certificate Manager support?

Answer 165

API Gateway
CloudFront
Elastic Load Balancer

Question 166

What are the three main sections of a CloudFormation script?

Answer 166

Parameters
Mappings
Resources

Question 167

What is preferred: Stateless or stateful resource architecture?

Answer 167

Stateless

Question 168

What service works well with a CloudFormation’s Mappings section to make your templates more flexible and avoid breakage?

Answer 168

Parameter Store

Question 169

What service provides a simple solution to bundle and deploy applications over CloudFormation?

Answer 169

Elastic Beanstalk

Question 170

What type of object allows you to configure the internals of an EC2 instance?

Answer 170

Automation Documents

Question 171

What is Systems Manager?

Answer 171

A centralized user interface to track and resolve operational issues across your applications and resources

Question 172

What is the only service that can add HTTPS to a static website hosted in an S3 bucket?

Answer 172

CloudFront

Question 173

Between caching and cost, which one does the exam favor more?

Answer 173

Caching

Question 174

What service provides for IP caching to reduce issues with customers caching old IP addresses?

Answer 174

Global Accelerator

Question 175

What are two in-memory databases, and which one is preferred?

Answer 175

Redis and DynamoDB, with DynamoDB being preferred

Question 176

What service offers in-memory data stores?

Answer 176

ElastiCache

Question 177

What are the two in-memory data stores supported by ElastiCache?

Answer 177

Redis and Memcached

Question 178

Which ElastiCache service offers a persistent data store?

Answer 178

Redis

Question 179

What ElastiCache service supports backups?

Answer 179

Redis

Question 180

What two services are NOT a source of truth for your data?

Answer 180

ElastiCache for Memcached and DynamoDB Accelerator (DAX)

Question 181

What is DynamoDB Accelerator (DAX)?

Answer 181

An in-memory cache for DynamoDB

Question 182

What is the only way to restrict the root user account?

Answer 182

Service Control Policies (SCPs)

Question 183

Which is preferred: centralized or decentralized logs?

Answer 183

Centralized via CloudTrail

Question 184

What is the preferred way to add more layers of security and controls: centralized or isolated workloads?

Answer 184

Isolated into separate accounts

Question 185

What are the three benefits of using Config?

Answer 185

Standardization for compliance using rules

Automated remediation using Automation Documents

Historical changelog of the entire system architecture

Question 186

What tools do you use to manage internal and external users?

Answer 186

SSO for internal and Cognito for external

Question 187

What service supports Active Directory?

Answer 187

Directory Service using Managed Microsoft AD

Question 188

What service do you use for Active Directory on-premise?

Answer 188

Directory Service using AD Connector

Question 189

What is the best way to enable cross-account access?

Answer 189

Via roles, not unnecessary IAM credentials

Question 190

What are the three ways to track costs?

Answer 190

Budgets
Cost Explorer
Tags

Question 191

How do you be proactive with potential cost problems?

Answer 191

By implementing SNS alerts when costs reach a certain threshold

Question 192

What is preferred when a cost problem is encountered: automated or manual intervention?

Answer 192

Automated

Question 193

What is Trusted Advisor?

Answer 193

Provides recommendations that help you follow AWS best practices

Question 194

What do you need in order to get the most useful checks from Trusted Advisor?

Answer 194

A Business or Enterprise support plan

Question 195

What is Trusted Advisor’s biggest limitation?

Answer 195

That it’s strictly an auditing tool. It can’t remediate issues that are found.

Question 196

What’s the best way to resolve problems found in Trusted Advisor?

Answer 196

By using EventBridge to kick off a Lambda function

Question 197

How much data is Snowball good at migrating?

Answer 197

Terabytes

Question 198

What’s the difference between Snowcone and Snowmobile?

Answer 198

Snowcone is the smallest migration device

Snowmobile is a shipping container towed by a truck

Question 199

When is it best to use Snowball for data migration?

Answer 199

Where you have slow or no Internet

Question 200

What service is good at hybridizing with on-premise storage?

Answer 200

Storage Gateway

Question 201

Which Storage Gateway option is good for when local network-attached storage is full?

Answer 201

File Gateway

Question 202

What does Storage Gateway run on?

Answer 202

A local virtual machine (VM) on-premise

Question 203

What is DataSync?

Answer 203

An agent-based solution that is good for one-time migration of file shares into AWS

Question 204

What are two viable locations for DataSync to transfer data into?

Answer 204

EFS

FSx

Question 205

What service allows you to use legacy file transfer protocols to give older applications the ability to read/write in S3?

Answer 205

Transfer Family

Question 206

What is Migration Hub?

Answer 206

An organization tool that gives you a way to organize all your migration steps, but doesn’t actually perform the migration

Question 207

What is the Database Migration Service?

Answer 207

A tool for any sort of database migration. It works for on-premise-to-cloud or between internal RDS databases

Question 208

What is the Server Migration Service?

Answer 208

A tool for migrating server instances out of the data center and into AWS

Question 209

For what five database engines does RDS support read replicas?

Answer 209

MariaDB
MySQL
Oracle
PostgreSQL
SQL Server

Question 210

What are the two write consistency options in DynamoDB?

Answer 210

Standard

Transactional