• Home
  • Articles
  • Real AWS-Solutions-Architect-Professional dumps Accurate Questions and Answers with Free and Fast Updates [Q124-Q146]

Real AWS-Solutions-Architect-Professional dumps Accurate Questions and Answers with Free and Fast Updates [Q124-Q146]

Share

Real AWS-Solutions-Architect-Professional dumps Accurate Questions and Answers with Free and Fast Updates

Real AWS-Solutions-Architect-Professional Quesions Pass Certification Exams Easily


Understanding functional and technical aspects of AWS Solutions Architect Professional Exam Design for New Solutions

The following will be discussed in AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps:

  • Determine security requirements and controls when designing and implementing a solution
  • Determine a solution design to ensure business continuity
  • Determine a solution design to meet performance objectives
  • Determine a deployment strategy to meet business requirements when designing and implementing a solution
  • Determine a solution design and implementation strategy to meet reliability requirements

How to Prepare For AWS Solutions Architect Professional Exam

Preparation Guide for AWS Solutions Architect Professional Exam

Introduction for AWS Solutions Architect Professional Exam

Amazon Web Services (AWS) is a subsidiary of Amazon providing on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. AWS certification is a level of Amazon Web Services cloud expertise that an IT professional obtains after passing one or more exams offered by AWS.

IT pros gain AWS certifications to demonstrate and validate technical cloud knowledge and skills. AWS provides different certification exams for cloud engineers, administrators, and architects. AWS certification lasts for two years, and IT pros can recertify their specific certification after it expires. There are hundreds of testing centers around the world in which to take the AWS SOLUTIONS ARCHITECT PROFESSIONAL practice exams.

AWS Certification validates cloud expertise to help professionals highlight in-demand skills and organizations build effective, innovative teams for cloud initiatives using AWS. Whether you're a cloud expert or transitioning from on-premise solutions, this certification gives you a firm base to build your cloud computing knowledge and prepare you to delve into more technical aspects of AWS.

This guide provides a detailed overview of the AWS Solutions Architect Professional certification including all sorts of prerequisites for the exam, the exam format, topics covered, exam difficulty and preparation methods, and the target audience profile. Therefore, we design various AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps pdf of AWS Accredited Developer professional questions while we understand student specifications. Our items, like the study guide, help students complete examinations.

As businesses shift jobs rapidly into the public cloud, cloud computing has developed from an enticing capacity to a profound business. AWS is considered an industry pioneer and the most experienced provider in the cloud business as a pioneer in ideas and a benchmark among all of its rivals. This transition involves a variety of features to develop, implement, and maintain cloud infrastructure systems. Get accredited AWS systems with all of the qualifications (plus the best performers) that are better tested by one of the most popular cloud computing firms. Across an organization, certification reflects a mutual definition of a network, agreed terminology, and a basic level of cloud expertise that can speed up cloud work evaluation. The following guide includes the AWS Architect-Professional Qualification test, the Professional qualification salary of AWS Solutions Architect Professional, and all facts of the Test such as information about AWS SOLUTIONS ARCHITECT PROFESSIONAL practice exams.


AWS Solutions Architect Professional Exam Certified Professional salary

The estimated average salary of AWS Solutions Architect Professional Exam is listed below:

  • Europe: 97,000 EURO
  • United States: 114,000 USD
  • England: 87,200 POUND
  • India: 8,580,000 INR

 

NEW QUESTION 124
MapMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS
RDS instead of using its own DB instance for HA and DR requirements.
The organization also wants to secure RDS access. How should the web application be setup with RDS?

  • A. Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and
    connect them with VPC peering.
  • B. Create a VPC with one public and one private subnet. Launch an application instance in the public
    subnet while RDS is launched in the private subnet.
  • C. Create a network interface and attach two subnets to it. Attach that network interface with RDS while
    launching a DB instance.
  • D. Setup a public and two private subnets in different AZs within a VPC and create a subnet group.
    Launch RDS with that subnet group.

Answer: D

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the
user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are
segments of a VPC's IP address range that the user can designate to a group of VPC resources based on
the security and operational needs.
A DB subnet group is a collection of subnets (generally private) that a user can create in a VPC and
assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when
creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones
in a given region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

 

NEW QUESTION 125
A solutions architect is designing a solution to connect a company's on-premises network with all the company's current and future VPCs on AWS The company is running VPCs in five different AWS Regions and has at least 15 VPCs in each Region.
The company's AWS usage is constantly increasing and will continue to grow Additionally, all the VPCs throughout all five Regions must be able to communicate with each other The solution must maximize scalability and ease of management Which solution meets these requirements'?

  • A. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network Deploy the CloudFormation template for each VPC Set up VPC peering between all the VPCs for VPC-to-VPC communication
  • B. Set up a transit gateway in each Region Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and the transit gateway in the Region that is closest to the on-premises network Peer all the transit gateways with each other Connect all the VPCs to the transit gateway in their Region
  • C. Create an AWS CloudFormation template for a redundant AWS Site-to-Site VPN tunnel to the on-premises network Deploy the CloudFormation template for each VPC Route traffic between the different Regions through the company's on-premises firewalls
  • D. Set up a transit gateway in each Region Establish a redundant AWS Site-to-Site VPN connection between the on-premises firewalls and each transit gateway Route traffic between the different Regions through the company's on-premises firewalls Connect all the VPCs to the transit gateway in their Region

Answer: B

 

NEW QUESTION 126
A company provides an online service for posting video content and transcoding it for use by any mobile platform. The application architecture uses Amazon Elastic File System (Amazon EFS) Standard to collect and store the videos so that multiple Amazon EC2 Linux instances can access the video content for processing. As the popularity of the service has grown over time, the storage costs have become too expensive.
Which storage solution is MOST cost-effective?

  • A. Use Amazon S3 for storing the video content. Move the files temporarily over to an Amazon ElasticBlock Store (Amazon EBS) volume attached to the server for processing.
  • B. Use AWS Storage Gateway for files to store and process the video content.
  • C. Use AWS Storage Gateway for volumes to store and process the video content.
  • D. Use Amazon EFS for storing the video content. Once processing is complete, transfer the files to Amazon Elastic Block Store (Amazon EBS).

Answer: B

 

NEW QUESTION 127
A financial services company logs personality identifiable information to its application logs stored in Amazon S3. Due to regulatory compliance requirements, the log files must be encrypted at rest. The Security team has mandated that the company's on-premises hardware security modules (HSMs) be used to generate the CMK material.
Which steps should the Solution Architected take to meet these requirements?

  • A. Create a CMK in AWS KMS with no key material and an origin of EXTERNAL. Import the key material generated from the on-premises HSMs into the CMK using the public key and import token provided by AWS. Configure a bucket policy on the logging bucket that disallows uploads of non-encrypted data and requires that the encryption source be AWS KMS.
  • B. Create a new CMK in AWS KMS with AWS-provided key material and an origin of AWS-KMS. Disable this CMK, and overwrite the key material with the material from the on-premises HSM using the public key and import token provided by AWS Re-enable the CMK. Enable automatic, key rotation on the CMK with a duration of 1 year. Configure a bucket policy on the logging bucket that disallows uploads of non-encrypted data and requires that the encryption source be AWS KMS.
  • C. Provision AN AWS Direct Connect connection, ensuring there is no overlap of the RFC 1918 address space between on-premises hardware and the VPC. Configure an AWS bucket policy on the logging bucket requires all objects to be key material, and create a unique CMK for each logging event.
  • D. Create an AWS CloudHSM cluster. Create a new CMK in AWS KMS using AWS_CloudHSM as the source for the key material and an origin of AWS-CLOUDHSM. Enable automatic key rotation on the CMK with a duration of 1 year. Configure a bucket policy on the logging bucket the disallow uploads of unencrypted data and requires that the encryption source be AWS KMS.

Answer: D

 

NEW QUESTION 128
A company has a single AWS master billing account, which is the root of the AWS Organizations hierarchy. The company has multiple AWS accounts within this hierarchy, all organized into organization units (OUs). More OUS and AWS accounts will continue to be created as other parts of the business migrate applications to AWS. These business units may need to use different AWS services. The Security team is implementing the following requirements for all current and future AWS accounts.
- Control policies must be applied across all accounts to prohibit AWS
servers.
- Exceptions to the control policies are allowed based on valid use
cases.
Which solution will meet these requirements with minimal optional overhead?

  • A. Use an SCP in Organizations to implement a deny list of AWS servers. Apply this SCP at the level.
    For any specific exceptions for an OU, create a new SCP for that OU and add the required AWS services the allow list.
  • B. Use an SCP in Organizations to implement an allow list of AWS services. Apply this SCP at the root level. Remove the default AWS managed SCP from the root level and all OU levels. For any specific exceptions for an OU, modify the SCP attached to that OU, and add the required AWS services to the allow list.
  • C. Use an SCP in Organization to implement a deny list of AWS service. Apply this SCP at each OU level . Leave the default AWS managed SCP at the root level For any specific executions for an OU, create a new SCP for that OU.
  • D. Use an SCP In organizations to implement a deny list of AWS service. Apply this SCP at the root level and each OU. Remove the default AWS managed SCP from the root level and all OU levels.
    For any specific exceptions, modify the SCP attached to that OU, and add the required AWS required services to the allow list.

Answer: D

 

NEW QUESTION 129
A team collects and routes behavioral data for an entire company The company runs a Multi-AZ VPC environment with public subnets, private subnets, and in internet gateway Each public subnet also contains a NAT gateway Most of the company's applications read from and write to Amazon Kinesis Data Streams. Most of the workloads am in private subnets.
A solutions architect must review the infrastructure The solutions architect needs to reduce costs and maintain the function of the applications The solutions architect uses Cost Explorer and notices that the cost in the EC2-Other category is consistently high A further review shows that NatGateway-Bytes charges are increasing the cost in the EC2-Other category.
What should the solutions architect do to meet these requirements?

  • A. Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that applications have the correct IAM permissions to use the interface VPC endpoint.
  • B. Add an interface VPC endpoint for Kinesis Data Streams to the VPC. Ensure that the VPC endpoint policy allows traffic from the applications.
  • C. Enable VPC Flow Logs and Amazon Detective Review Detective findings for traffic that is not related to Kinesis Data Streams Configure security groups to block that traffic
  • D. Enable VPC Flow Logs. Use Amazon Athena to analyze the logs for traffic that can be removed. Ensure that security groups are Mocking traffic that is responsible for high costs.

Answer: B

Explanation:
Explanation
https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-access.html
https://aws.amazon.com/premiumsupport/knowledge-center/vpc-reduce-nat-gateway-transfer-costs/ VPC endpoint policies enable you to control access by either attaching a policy to a VPC endpoint or by using additional fields in a policy that is attached to an IAM user, group, or role to restrict access to only occur via the specified VPC endpoint

 

NEW QUESTION 130
A solutions architect is helping a developer design a new ecommerce shopping cart application using AWS services. The developer is unsure of the current database schema and expects to make changes as the ecommerce site grows. The solution needs to be highly resilient and capable of automatically scaling read and write capacity.
Which database solution meets these requirements?

  • A. Amazon DynamoDB with DynamoDB Streams enabled
  • B. Amazon SQS and Amazon Aurora PostgreSQL
  • C. Amazon DynamoDB with on-demand enabled
  • D. Amazon Aurora PostgreSQL

Answer: C

 

NEW QUESTION 131
A company needs to cost-effectively persist small data records (up to 1 KiB) for up to 30 days.
The data is read rarely. When reading the data, a 5-minute delay is acceptable.
Which of the following solutions achieve this goal? (Choose two.)

  • A. Write the records to Amazon DynamoDB configured with a Time To Live (TTL) of 30 days. Read data using the GetItem or BatchGetItem call.
  • B. Use an AWS Lambda function invoked via Amazon API Gateway to collect data for 5 minutes.
    Write data to Amazon S3 just before the Lambda execution stops.
  • C. Write the records to Amazon Kinesis Data Firehose and configure Kinesis Data Firehose to deliver the data to Amazon S3 after 5 minutes. Set an expiration action at 30 days on the S3 bucket.
  • D. Use Amazon S3 to collect multiple records in one S3 object. Use a lifecycle configuration to move data to Amazon Glacier immediately after write. Use expedited retrievals when reading the data.
  • E. Write the records to an Amazon ElastiCache for Redis. Configure the Redis append-only file (AOF) persistence logs to write to Amazon S3. Recover from the log if the ElastiCache instance has failed.

Answer: A,C

Explanation:
A: After 30 days the data should be deleted instead of storing it.
B: When an object reaches the end of its lifetime, Amazon S3 queues it for removal and removes it asynchronously. There may be a delay between the expiration date and the date at which Amazon S3 removes an object. You are not charged for storage time associated with an object that has expired.
C: Does not address the 30 days deletion.
D: https://aws.amazon.com/blogs/aws/new-manage-dynamodb-items-using-time-to-live-ttl/ E: This is for cache and not suitable for this use case.
https://docs.aws.amazon.com/AmazonS3/latest/dev/lifecycle-expire-general-considerations.html

 

NEW QUESTION 132
A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput.
Which of the following could not be factor affecting I/O performance of that EBS volume?

  • A. EC2 bandwidth
  • B. EBS bandwidth of dedicated instance exceeding the PIOPS
  • C. Instance type is not EBS optimized
  • D. EBS volume size

Answer: D

Explanation:
Explanation
If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectivity) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

 

NEW QUESTION 133
A media storage application uploads user photos to Amazon S3 for processing. End users are reporting that some uploaded photos are not being processed properly. The Application Developers trace the logs and find that AWS Lambda is experiencing execution issues when thousands of users are on the system simultaneously.
Issues are caused by:

Limits around concurrent executions.

The performance of Amazon DynamoDB when saving data.
Which actions can be taken to increase the performance and reliability of the application? (Choose two.)

  • A. Evaluate and adjust the write capacity units (WCUs) for the DynamoDB tables.
  • B. Use S3 Transfer Acceleration to provide lower-latency access to end users.
  • C. Configure a dead letter queue that will reprocess failed or timed-out Lambda functions.
  • D. Evaluate and adjust the read capacity units (RCUs) for the DynamoDB tables.
  • E. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.

Answer: A,C

Explanation:
Explanation
B:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.ht D: https://aws.amazon.com/blogs/compute/robust-serverless-application-design-with-aws-lambda-dlq/c

 

NEW QUESTION 134
Which of the following are characteristics of Amazon VPC subnets? (Choose 2)

  • A. Each subnet spans at least 2 Availability Zones to provide a high-availability environment.
  • B. By default, all subnets can route between each other, whether they are private or public.
  • C. Instances in a private subnet can communicate with the Internet only if they have an Elastic IP.
  • D. Each subnet maps to a single Availability Zone.
  • E. CIDR block mask of /25 is the smallest range supported.

Answer: B,D

 

NEW QUESTION 135
Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in
high resolution MP4 format. Your workforce is distributed globally often on the move and using
company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your
company has no video transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising high availability and
quality of video delivery'?

  • A. Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. S3 to host videos with
    Lifecycle Management to archive original files to Glacier after a few days. CloudFront to serve HLS
    transcoded videos from S3.
  • B. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust
    the number of nodes depending on the length of the queue. EBS volumes to host videos and EBS
    snapshots to incrementally backup original files after a few days. CloudFront to serve HLS transcoded
    videos from EC2.
  • C. Elastic Transcoder to transcode original high-resolution MP4 videos to HLS. EBS volumes to host
    videos and EBS snapshots to incrementally backup original files after a few days. CloudFront to serve
    HLS transcoded videos from EC2.
  • D. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust
    the number of nodes depending on the length of the queue. S3 to host videos with Lifecycle Management
    to archive all files to Glacier after a few days. CloudFront to serve HLS transcoded videos from Glacier.

Answer: A

 

NEW QUESTION 136
You are developing a new mobile application and are considering storing user preferences in AWS.2w This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be 50KB in size Additionally 5 million customers are expected to use the application on a regular basis.
The solution needs to be cost-effective, highly available, scalable and secure, how would you design a solution to meet the above requirements?

  • A. Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preferences. The mobile application will query the user preferences directly from the DynamoDB table.
    Utilize STS. Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
  • B. Store the user preference data in S3 Setup a DynamoDB table with an item for each user and an item attribute pointing to the user' S3 object. The mobile application will retrieve the S3 URL from DynamoDB and then access the S3 object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate and authorize access.
  • C. Setup an RDS MySQL instance with multiple read replicas in 2 availability zones to store the user preference data .The mobile application will query the user preferences from the read replicas. Leverage the MySQL user management and access privilege system to manage security and access credentials.
  • D. Setup an RDS MySQL instance in 2 availability zones to store the user preference data. Deploy a public facing application on a server in front of the database to manage security and access credentials

Answer: A

Explanation:
Explanation
https://aws.amazon.com/blogs/aws/fine-grained-access-control-for-amazon-dynamodb/ Here are some of the things that you can build using fine-grained access control:
A mobile app that displays information for nearby airports, based on the user's location. The app can access and display attributes such airline names, arrival times, and flight numbers. However, it cannot access or display pilot names or passenger counts.
A mobile game which stores high scores for all users in a single table. Each user can update their own scores, but has no access to the other ones.

 

NEW QUESTION 137
An enterprise runs 103 line-of-business applications on virtual machines in an on-premises data center. Many of the applications are simple PHP, Java, or Ruby web applications, are no longer actively developed, and serve little traffic.
Which approach should be used to migrate these applications to AWS with the LOWEST infrastructure costs ?

  • A. Deploy the applications to single-instance AWS Elastic Beanstalk environments without a load balancer.
  • B. Convert each application to a Docker image and deploy to a small Amazon ECS cluster behind an Application Load Balancer.
  • C. Use VM Import/Export to create AMIs for each virtual machine and run them in single-instance AWS Elastic Beanstalk environments by configuring a custom image.
  • D. Use AWS SMS to create AMIs for each virtual machine and run them in Amazon EC2.

Answer: B

Explanation:
Explanation
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features-managing-env-types.html

 

NEW QUESTION 138
A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company's information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.
To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs tor each application.
Which combination of steps should the solutions architect take to implement this solution? (Select TWO.)

  • A. Create a gateway endpoint for Amazon S3 in the data lake's VPC. Attach an endpoint policy to allow access to the S3 bucket. Specify the route table that is used to access the bucket.
  • B. Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucket. Configure each access point to be accessible only from the application's VPC. Update the bucket policy to require access from an access point.
  • C. Create an S3 access point for each application in the AWS account that owns the S3 bucket. Configure each access point to be accessible only from the application's VPC. Update the bucket policy to require access from an access point.
  • D. Create a gateway endpoint lor Amazon S3 in each application's VPC. Configure the endpoint policy to allow access to an S3 access point. Specify the route table that is used to access the access point.
  • E. Create an interface endpoint for Amazon S3 in each application's VPC. Configure the endpoint policy to allow access to an S3 access point. Create a VPC gateway attachment for the S3 endpoint.

Answer: C,D

Explanation:
Explanation
https://joe.blog.freemansoft.com/2020/04/protect-data-in-cloud-with-s3-access.html
https://aws.amazon.com/s3/features/access-points/
https://aws.amazon.com/s3/features/access-points/
&
https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/

 

NEW QUESTION 139
An organization has 4 people in the IT operations team who are responsible to manage the AWS infrastructure. The organization wants to setup that each user will have access to launch and manage an instance in a zone which the other user cannot modify. Which of the below mentioned options is the best solution to set this up?

  • A. Create an IAM user and allow them permission to launch an instance of a different sizes only.
  • B. Create four AWS accounts and give each user access to a separate account.
  • C. Create a VPC with four subnets and allow access to each subnet for the individual IAM user.
  • D. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.

Answer: C

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization can create IAM users who have access to various VPC services. The organization can setup access for the IAM user who can modify the security groups of the VPC. The sample policy is given below:
{
"Version": "2012-10-17",
"Statement":
[{ "Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource":
[ "arn:aws:ec2:region::image/ami-*",
"arn:aws:ec2:region:account:subnet/subnet-1a2b3c4d",
"arn:aws:ec2:region:account:network-interface/*",
"arn:aws:ec2:region:account:volume/*",
"arn:aws:ec2:region:account:key-pair/*",
"arn:aws:ec2:region:account:security-group/sg-123abc123" ] }]
}
With this policy the user can create four subnets in separate zones and provide IAM user access to each subnet.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html

 

NEW QUESTION 140
A user is planning to host a web server as well as an app server on a single EC2 instance which is a part of the public subnet of a VPC. How can the user setup to have two separate public IPs and separate security groups for both the application as well as the web server?

  • A. Launch a VPC instance with two network interfaces. Assign a separate security group and elastic IP to them.
  • B. Launch a VPC instance with two network interfaces. Assign a separate security group to each and AWS will assign a separate public IP to them.
  • C. Launch a VPC with ELB such that it redirects requests to separate VPC instances of the public subnet.
  • D. Launch VPC with two separate subnets and make the instance a part of both the subnets.

Answer: A

Explanation:
If you need to host multiple websites(with different IPs) on a single EC2 instance, the following is the suggested method from AWS.
Launch a VPC instance with two network interfaces
Assign elastic IPs from VPC EIP pool to those interfaces (Because, when the user has attached more than one network interface with an instance, AWS cannot assign public IPs to them.) Assign separate Security Groups if separate Security Groups are needed This scenario also helps for operating network appliances, such as firewalls or load balancers that have multiple private IP addresses for each network interface.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html

 

NEW QUESTION 141
A company is currently in the design phase of an application that will need an RPO of less than 5 minutes and an RTO of less than 10 minutes The solutions architecture team is forecasting that the database will store approximately 10 TB of data As part of the design they are looking for a database solution that will provide the company with the ability to fail over to a secondary Region Which solution will meet these business requirements at the LOWEST cost?

  • A. Deploy an Amazon RDS instance with a read replica m the same Region In the event of a failure promote the read replica to become the primary
  • B. Deploy an Amazon Aurora DB cluster in the primary Region and another in a secondary Region Use AWS DMS to keep the secondary Region in sync
  • C. Deploy an Amazon RDS instance with a cross-Region read replica m a secondary Region In the event of a failure promote the read replica to become the primary
  • D. Deploy an Amazon Aurora DB cluster and take snapshots of the cluster every 5 minutes Once a snapshot is complete copy the snapshot to a secondary Region to serve as a backup in the event of a failure

Answer: D

 

NEW QUESTION 142
You are developing a new mobile application and are considering storing user preferences in AWS. This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be 50KB in size. Additionally, 5 million customers are expected to use the application on a regular basis.
The solution needs to be cost- effective, highly-available, scalable and secure.
How would you design a solution to meet the above requirements?

  • A. Setup an RDS MySQL instance with multiple read replicas in 2 availability zones to store the user preference data.
    The mobile application will query the user preferences from the read replicas. Leverage the MySQL user management and access privilege system to manage security and access credentials.
  • B. Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preferences.
    The mobile application will query the user preferences directly from the DynamoDB table.
    Utilize STS, Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
  • C. Setup an RDS MySQL instance in 2 availability zones to store the user preference data.
    Deploy a public facing application on a server in front of the database to manage security and access credentials.
  • D. Store the user preference data in S3. Setup a DynamoDB table with an item for each user and an item attribute pointing to the user's S3 object.
    The mobile application will retrieve the S3 URL from DynamoDB and then access the S3 object directly.
    Utilize STS, Web Identity Federation, and S3 ACLs to authenticate and authorize access.

Answer: B

Explanation:
https://aws.amazon.com/blogs/aws/fine-grained-access-control-for-amazon-dynamodb/ Here are some of the things that you can build using fine-grained access control:
A mobile app that displays information for nearby airports, based on the user's location. The app can access and display attributes such airline names, arrival times, and flight numbers. However, it cannot access or display pilot names or passenger counts.
A mobile game which stores high scores for all users in a single table. Each user can update their own scores, but has no access to the other ones.

 

NEW QUESTION 143
A company has developed a custom tool used in its workflow that runs within a Docker container The company must perform manual steps each time the container code is updated to make the container image available to new workflow executions The company wants to automate this process to eliminate manual effort and ensure a new container image is generated every time the tool code is updated Which combination of actions should a solutions architect take to meet these requirements? (Select THREE.)

  • A. Configure an AWS CodePipeline pipeline that sources the tool code from the AWS CodeCommit repository and initiates an AWS CodeBuild build
  • B. Configure an AWS CodeDeptoy application that triggers an application version update that pulls the latest tool container image from Amazon ECR, updates the container with code from the AWS CodeCommrt repository, and pushes the updated container image to Amazon ECR.
  • C. Configure an Amazon ECR repository for the tool Configure an AWS CodeCommit repository containing code for the tool being deployed to the container image in Amazon ECR
  • D. Configure an AWS CodePipeline pipeline that sources the tool code from the AWS CodeCommit repository and initiates an AWS CodeDeptoy application update
  • E. Configure an AWS CodeBuild project that pulls the latest tool container image from Amazon ECR, updates the container with code from the source AWS CodeCommit repository, and pushes the updated container image to Amazon ECR
  • F. Configure an Amazon EventBridge rule that triggers on commits to the AWS CodeCommrt repository for the tool Configure the event to trigger an update to the tool container image in Amazon ECR Push the updated container image to Amazon ECR

Answer: A,D,E

 

NEW QUESTION 144
A company deployed a three-tier web application in two regions: us-east-1 and eu-west-1. The application must be active in both regions at the same time. The database tier of the application uses a single Amazon RDS Aurora database globally, with a master in us-east-1 and a read replica in eu-west-1. Both regions are connected by a VPN.
The company wants to ensure that the application remains available even in the event of a region-level failure of all of the application's components. It is acceptable for the application to be in read-only mode for up to 1 hour. The company plans to configure two Amazon Route 53 record sets, one for each of the regions.
How should the company complete the configuration to meet its requirements while providing the lowest latency for the application end-users? (Choose two.)

  • A. Configure an Amazon CloudWatch alarm for the health checks in us-east-1, and have it invoke an AWS Lambda function that promotes the read replica in eu-west-1.
  • B. Configure an Amazon RDS event notifications to react to the failure of the database in us-east-1 by invoking an AWS Lambda function that promotes the read replica in eu-west-1.
  • C. Use latency-based routing for both record sets. Configure a health check for each region and attach it to the record set for that region.
  • D. Use weighted routing and configure each record set with a weight of 50. Configure an HTTP health check for each region, and attach it to the record set for that region.
  • E. Use failover routing and configure the us-east-1 record set as primary and the eu-west-1 record set as secondary. Configure an HTTP health check for the web application in us-east-1, and associate it to the us-east-1 record set.

Answer: A,C

Explanation:
Explanation
https://docs.aws.amazon.com/lambda/latest/dg/services-rds.html

 

NEW QUESTION 145
One of your AWS Data Pipeline activities has failed consequently and has entered a hard failure state after retrying thrice.
You want to try it again. Is it possible to increase the number of automatic retries to more than thrice?

  • A. No, you cannot increase the number of automatic retries.
  • B. Yes, you can increase the number of automatic retries to 10.
  • C. Yes, you can increase the number of automatic retries to 6.
  • D. Yes, you can increase the number of automatic retries to indefinite number.

Answer: B

Explanation:
Explanation
In AWS Data Pipeline, an activity fails if all of its activity attempts return with a failed state. By default, an activity retries three times before entering a hard failure state. You can increase the number of automatic retries to 10. However, the system does not allow indefinite retries.
https://aws.amazon.com/datapipeline/faqs/

 

NEW QUESTION 146
......

AWS-Solutions-Architect-Professional Dumps are Available for Instant Access: https://www.pass4sures.top/AWS-Certified-Solution-Architect/AWS-Solutions-Architect-Professional-testking-braindumps.html

Practice with these AWS-Solutions-Architect-Professional dumps Certification Sample Questions: https://drive.google.com/open?id=1BtPgs5OJarlkQX0GRv12hqr6CtIkc_WV

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam