Pass AWS Certified Solutions Architect AWS-Solutions-Architect-Professional exam [Jan 15, 2022] Updated 216 Questions [Q34-Q53]

Pass AWS Certified Solutions Architect AWS-Solutions-Architect-Professional exam [Jan 15, 2022] Updated 216 Questions

Amazon AWS-Solutions-Architect-Professional Actual Questions and 100% Cover Real Exam Questions

NEW QUESTION 34
You must architect the migration of a web application to AWS. The application consists of Linux web servers running a custom web server. You are required to save the logs generated from the application to a durable location.
What options could you select to migrate the application to AWS? (Choose 2)

• A. Create Dockerfile for the application. Create an AWS OpsWorks stack consisting of a Docker layer that uses the Dockerfile. Create custom recipes to install and configure Amazon Kinesis to publish the logs into Amazon CloudWatch.
• B. Use VM import/Export to import a virtual machine image of the server into AWS as an AMI. Create an Amazon Elastic Compute Cloud (EC2) instance from AMI, and install and configure the Amazon CloudWatch Logs agent. Create a new AMI from the instance. Create an AWS Elastic Beanstalk application using the AMI platform and the new AMI.
• C. Create Dockerfile for the application. Create an AWS OpsWorks stack consisting of a custom layer.
  Create custom recipes to install Docker and to deploy your Docker container using the Dockerfile.
  Create customer recipes to install and configure the application to publish the logs to Amazon CloudWatch Logs.
• D. Create a Dockerfile for the application. Create an AWS Elastic Beanstalk application using the Docker platform and the Dockerfile. Enable logging the Docker configuration to automatically publish the application logs. Enable log file rotation to Amazon S3.
• E. Create an AWS Elastic Beanstalk application using the custom web server platform. Specify the web server executable and the application project and source files. Enable log file rotation to Amazon Simple Storage Service (S3).

Answer: D,E

 

NEW QUESTION 35
An organization has recently grown through acquisitions. Two of the purchased companies use the same IP CIDR range. There is a new short-term requirement to allow AnyCompany A (VPC- A) to communicate with a server that has the IP address 10.0.0.77 in AnyCompany B (VPC-B).
AnyCompany A must also communicate with all resources in AnyCompany C (VPC-C). The Network team has created the VPC peer links, but it is having issues with communications between VPC-A and VPC-B. After an investigation, the team believes that the routing tables in the VPCs are incorrect.

What configuration will allow AnyCompany A to communicate with AnyCompany C in addition to the database in AnyCompany B?

• A. On VPC-A, create network access control lists that block the IP address 10.0.0.77/32 on VPC peer pcx-AC.
  On VPC-A, create a static route for VPC-B CIDR (10.0.0.0/24) on pcx-AB and a static route for VPC-C CIDR (10.0.0.0/24) on pcx-AC.
  On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AB.
  On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
• B. On VPC-A, create a static route for the VPC-B CIDR (10.0.0.77/32) database across VPC peer pcx- AB.
  Create a static route for the VPC-C CIDR on VPC peer pcx-AC.
  On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) on peer pcx-AB.
  On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
• C. On VPC-A, create a static route for the VPC-B CIDR range (10.0.0.0/24) across VPC peer pcx-AB.
  Create a static route of 10.0.0.0/16 across VPC peer pcx-AC.
  On VPC-B, create a static route for VPC-A CIDR (172.16.0.0/24) on peer pcx-AB.
  On VPC-C, create a static route for VPC-A CIDR (172.16.0.0/24) across peer pcx-AC.
• D. On VPC-A, enable dynamic route propagation on pcx-AB and pcx-AC.
  On VPC-B, enable dynamic route propagation and use security groups to allow only the IP address
  10.0.0.77/32 on VPC peer pcx-AB.
  On VPC-C, enable dynamic route propagation with VPC-A on peer pcx-AC.

Answer: B

 

NEW QUESTION 36
How many cg1.4xlarge on-demand instances can a user run in one region without taking any limit increase approval from AWS?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: B

Explanation:
Generally AWS EC2 allows running 20 on-demand instances and 100 spot instances at a time.
This limit can be increased by requesting at https://aws.amazon.com/contact-us/ec2-request.
Excluding certain types of instances, the limit is lower than mentioned above. For cg1.4xlarge, the user can run only 2 on-demand instances at a time.
http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html#limits_ec2

 

NEW QUESTION 37
Which of the following is NOT a true statement about Auto Scaling?

• A. Auto Scaling can launch instances in different Azs.
• B. Auto Scaling can launch instances in different regions.
• C. Auto Scaling can work with CloudWatch.
• D. Auto Scaling can launch an instance at a specific time.

Answer: B

Explanation:
Auto Scaling provides an option to scale up and scale down based on certain conditions or triggers from Cloudwatch. A user can configure such that Auto Scaling launches instances across Azs, but it cannot span across regions.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-dg.pdf

 

NEW QUESTION 38
Which of the following statements is NOT correct when working with your AWS Direct Connect connection after it is set up completely?

• A. You cannot view the current connection ID and verify if it matches the connection ID on the Letter of Authorization (LOA).
• B. You can delete a connection as long as there are no virtual interfaces attached to it.
• C. You can accept a host connection by purchasing a hosted connection from the partner (APN).
• D. You can manage your AWS Direct Connect connections and view the connection details.

Answer: A

Explanation:
You can manage your AWS Direct Connect connections and view connection details, accept hosted connections, and delete connections. You can view the current status of your connection.
You can also view your connection ID, which looks similar to this example dxcon-xxxx, and verify that it matches the connection ID on the Letter of Authorization (LOA) that you received from Amazon.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/viewdetails.html

 

NEW QUESTION 39
A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a
public subnet. The web application uses a MySQL database in a private subnet. The database should be
accessible to database administrators.
Which of the following options should the Architect recommend? (Choose two.)

• A. Create a bastion host in a public subnet, and use the bastion host to connect to the database.
• B. Log in to the web servers in the public subnet to connect to the database.
• C. Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet.
• D. Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to
  connect to the database.
• E. Attach an Elastic IP address to the database.

Answer: B,D

 

NEW QUESTION 40
A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted on Amazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses a BASE (Basic Available, Soft state, Eventual consistency) rather than an ACID (Atomicity, Consistency, Isolation, Durability) consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume of writes.
How can you reduce the load on your on-premises database resources in the most cost-effective way?

• A. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.
• B. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises database and a Hadoop cluster on AWS.
• C. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using Data Pipeline.
• D. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premises database.

Answer: B

 

NEW QUESTION 41
A company is hosting a three-tier web application in an on-premises environment Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database. A solutions architect must design a scalable and highly available solution to meet the demand of
200,000 daily users.
Which steps should the solutions architect take to design an appropriate solution?

• A. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon ECS cluster of Spot Instances spanning three Availability Zones. The stack should launch an Amazon RDS MySQL DB instance with a Snapshot deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.
• B. Use AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance The environment should launch a Network Load Balancer (NLB) in front of an Amazon EC2 Auto Scaling group in multiple Availability Zones. Use an Amazon Route
  53 alias record to route traffic from the company's domain to the NLB.
• C. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zones. The stack should launch a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a Retain deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.
• D. Use AWS Elastic Beanstalk to create an automatically scaling web server environment that 6pans two separate Regions with an Application Load Balancer (ALB) in each Region. Create a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a cross-Region read replica. Use Amazon Route 53 with a geoproximrty routing policy to route traffic between the two Regions.

Answer: B

 

NEW QUESTION 42
A company uses multiple AWS accounts in a single AWS Region. A solution architect is designing a solution to consolidate logs generated by Elastic Load Balancers (ELBs)in the AppDev, AppTest and AppProd accounts. The logs should be stored in an existing Amazon S3 bucket named s3-eib-logs in the central AWS accounts. The central account is used for log consolidation only does not have ELBs deployed.
ELB logs must be encrypted at rest.
Which combination of steps should the solutions architect take to build the solution? (Select Two)

• A. Update the S3 bucket policy for s3-elb-logs bucket to allow the s3 PutObject and s3:DeleteObject actions for the AppDev, App Test and AppProd account IDs.
• B. Enable Amazon S3 default encryption using server-side encryption with s3 managed encryption keys (SSE-S3) for the s3-elb-logs s3 bucket.
• C. Enable access logging for the ELBs. Set the S3 location to the s3-elb-logs bucket.
• D. Update the S3 bucket policy for s3-elb-logs bucket to allow the s3 PutBucketLogging action for the central AWS account ID.
• E. Update the S3 bucket policy for the s3-elb-logs bucket to allow the s3:PutObject action for the AppDev, AppTest and AppProd account IDs.

Answer: C,E

 

NEW QUESTION 43
A company is running a .NET three-tier web application on AWS. The team currently uses XL storage optimized instances to store serve the website's image and video files on local instance storage. The company has encountered issues with data loss from replication and instance failures. The Solutions Architect has been asked to redesign this application to improve its reliability while keeping costs low.
Which solution will meet these requirements?

• A. Use AWS Elastic Beanstalk to deploy the .NET application. Move all images and video files to Amazon EFS. Create an Amazon CloudFront distribution that points to the EFS share. Reserve the m4.4xl instances needed to meet base performance requirements.
• B. Set up a new Amazon EFS share, move all image and video files to this share, and then attach this new drive as a mount point to all existing servers. Create an Elastic Load Balancer with Auto Scaling general purpose instances. Enable Amazon CloudFront to the Elastic Load Balancer. Enable Cost Explorer and use AWS Trusted advisor checks to continue monitoring the environment for future savings.
• C. Move the entire website to Amazon S3 using the S3 website hosting feature. Remove all the web servers and have Amazon S3 communicate directly with the application servers in Amazon VPC.
• D. Implement Auto Scaling with general purpose instance types and an Elastic Load Balancer. Enable an Amazon CloudFront distribution to Amazon S3 and move images and video files to Amazon S3. Reserve general purpose instances to meet base performance requirements. Use Cost Explorer and AWS Trusted Advisor checks to continue monitoring the environment for future savings.

Answer: D

 

NEW QUESTION 44
A company is running a commercial Apache Hadoop cluster on Amazon EC2. This cluster is being used daily to query large files on Amazon S3. The data on Amazon S3 has been curated and does not require any additional transformations steps. The company is using a commercial business intelligence (BI) tool on Amazon EC2 to run queries against the Hadoop cluster and visualize the data.
The company wants to reduce or eliminate the overhead costs associated with managing the Hadoop cluster and the BI tool. The company would like to remove to a more cost-effective solution with minimal effort. The visualization is simple and requires performing some basic aggregation steps only.
Which option will meet the company's requirements?

• A. Develop a stored procedure invoked from a MySQL database running on Amazon EC2 to analyze EC2 to analyze the files in Amazon S3. Then use a fast in-memory BL tool running on Amazon EC2 to visualize the data.
• B. Use a commercial extract, transform, load (ETL) tool that runs on Amazon EC2 to prepare the data for processing. Then switch to a faster and cheaper Bl tool that runs on Amazon EC2 to visualize the data from Amazon S3.
• C. Launch a transient Amazon EMR cluster daily and develop an Apache Hive script to analyze the files on Amazon S3. Shut down the Amazon EMR cluster when the job is complete. The use the Amazon QuickSight to connect to Amazon EMR and perform the visualization.
• D. Develop a script that uses Amazon Athena to query and analyze the files on Amazon S3. Then use Amazon QuickSight to connect to Athena and perform the visualization.

Answer: D

Explanation:
https://docs.aws.amazon.com/quicksight/latest/user/create-a-data-set-athena.html https://aws.amazon.com/athena/

 

NEW QUESTION 45
A company has an Amazon VPC that is divided into a public subnet and a private subnet A web application runs in Amazon VPC, and each subnet has its own NACL The public subnet has a CIDR of 10.0.0.0/24. An Application Load Balancer is deployed to the public subnet. The private subnet has a CIDR of 10.0.1.0/24.
Amazon EC2 instances that run a web server on port 80 are launched into the private subnet.
Only network traffic that is required for the Application Load Balancer to access the web application can be allowed to travel between the public and private subnets What collection of rules should be written to ensure that the private subnet's NACL meets the requirement?
(Select TWO.)

• A. An inbound rule for port 80 from source 0.0.0 0/0
• B. An outbound rule for ports 1024 through 65535 to destination 10.0.0.0/24
• C. An inbound rule for port 80 from source 10.0.0.0/24
• D. An outbound rule for port 80 to destination 10.0.0.0/24
• E. An outbound rule for port 80 to destination 0.0.0.0/0

Answer: B,C

 

NEW QUESTION 46
A media storage application uploads user photos to Amazon S3 for processing. End users are reporting that some uploaded photos are not being processed properly. The Application Developers trace the logs and find that AWS Lambda is experiencing execution issues when thousands of users are on the system simultaneously. Issues are caused by:
- Limits around concurrent executions.
- The performance of Amazon DynamoDB when saving data.
Which actions can be taken to increase the performance and reliability of the application?
(Choose two.)

• A. Use S3 Transfer Acceleration to provide lower-latency access to end users.
• B. Configure a dead letter queue that will reprocess failed or timed-out Lambda functions.
• C. Evaluate and adjust the read capacity units (RCUs) for the DynamoDB tables.
• D. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.
• E. Evaluate and adjust the write capacity units (WCUs) for the DynamoDB tables.

Answer: B,E

Explanation:
A\C: Read is not the problem here. (when saving data...)
B:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteC apacityMode.html#HowItWorks.requests D: https://aws.amazon.com/blogs/compute/robust-serverless-application-design-with-aws- lambda-dlq/c E: Does not solve the problem. Issue does not lies with ingestion, it lies with processing.

 

NEW QUESTION 47
A company hosts a popular web application. The web application connects to a database running in a
private VPC subnet. The web servers must be accessible only to customers on an SSL connection. The
RDS MySQL database server must be accessible only from the web servers.
How should the Architect design a solution to meet the requirements without impacting running
applications?

• A. Open the MySQL port on the security group for web servers and set the source to 0.0.0.0/0. Open the
  HTTPS port on the database security group and attach it to the MySQL instance. Set the source to
  Web Server Security Group.
• B. Create a network ACL on the web server's subnet, and allow HTTPS inbound, and specify the source
  as 0.0.0.0/0. Create a network ACL on a database subnet, allow MySQL port inbound for web servers,
  and deny all outbound traffic.
• C. Create a network ACL on the web server's subnet, and allow HTTPS inbound and MySQL outbound.
  Place both database and web servers on the same subnet.
• D. Open an HTTPS port on the security group for web servers and set the source to 0.0.0.0/0. Open the
  MySQL port on the database security group and attach it to the MySQL instance. Set the source to
  Web Server Security Group.

Answer: D

 

NEW QUESTION 48
A company is migrating its application to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of Developers who are responsible for the development and maintenance of all application. The company is expecting rapid growth in the number of users The company's Chief Technology Officer has the following requirement
* Developers must launch the AWS Infrastructure using AWS CloudFormation
* Developers must not be able to create resources outside of CloudFormation
* The solution must be able to scale to hundreds of AWS accounts
Which of the following would meet these requirements? (Select TWO)

• A. In a central account, create an IAM role that can be assumed by developers, and attach a policy that allows interaction with CloudFormation. Modify the Assume Role Policy Document action to allow the IAM role to be passed to CloudFormation.
• B. In a central AWS account create an 1AM role that can be assumed by CloudFormation that has permissions to create the resources the company requires Create a CloudFormation stack pokey that allows the 1AM role to manage resources Use CloudFormation StackSets to deploy the CloudFormation stack policy to each AWS account
• C. Using CloudFormation create an 1AM role that can be assumed by CloudFormation that has permission to create all the resources the company needs. Use Cloud Formation StackSets to deploy this template to each AWS account.
• D. Using CloudFormation create an 1AM role for each Developer and attach policies that allow interaction with CloudFormation Use CloudFormation StackSets to deploy this template to each AWS account
• E. Using CloudFormation, create an IAM role that can be assumed by Developers and attach polices that allow interaction with and passing a role to services. Use CloudFormation StackSets to deploy this template to each AWS account

Answer: B,E

 

NEW QUESTION 49
A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI The company's engineers rely heavily on SSH access to the instances for troubleshooting.
The company's existing architecture includes the following
* A VPC with private and public subnets, and a NAT gateway
* Site-to-Site VPN for connectivity with the on-premises environment
* EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers Which strategy should a solutions architect use''

• A. Install and configure EC2 Instance Connect on the fleet of EC2 instances Remove all security group rules attached to EC2 instances that allow Inbound TCP on port 22 Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI
• B. Create an 1AM role with the AmazonSSMManaged InstanceCore managed policy attached Attach the
  1AM role to all the EC2 instances Remove all security group rules attached to the EC2 instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin lor their devices and remotely access the instances by using the start-session API call from Systems Manager
• C. Update the EC2 security groups to only allow Inbound TCP on port 22 to the IP addresses of the engineer's devices Enable AWS Config for EC2 security group resource changes Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules
• D. Update the EC2 security groups to only allow Inbound TCP on port 22 to the IP addresses of the engineer's devices Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs

Answer: C

 

NEW QUESTION 50
A company is migrating from an on-premises infrastructure to the AWS Cloud. One of the company's applications stores files on a Windows file server farm that uses Distributed File System Replication (DFSR) to keep data in sync. A solutions architect needs to replace the file server farm.
Which service should the solutions architect use?

• A. Amazon FSx
• B. Amazon S3
• C. Amazon EFS
• D. AWS Storage Gateway

Answer: A

Explanation:
Explanation
Explanation:
Migrating Existing Files to Amazon FSx for Windows File Server Using AWS DataSync We recommend using AWS DataSync to transfer data between Amazon FSx for Windows File Server file systems. DataSync is a data transfer service that simplifies, automates, and accelerates moving and replicating data between on-premises storage systems and other AWS storage services over the internet or AWS Direct Connect. DataSync can transfer your file system data and metadata, such as ownership, time stamps, and access permissions.
Reference: https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html

 

NEW QUESTION 51
A solution architect is designing an AWS account structure for a company that consists of multiple tems. All the team will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total to and from the on-premises network.
Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO)

• A. Use AWS Site-to-Site VPN for connectivity to the on-premises network
• B. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises network. Share the transit gateway by using AWS Resource Access Manager
• C. Create an AWS CloudFormabon template that provisions a VPC and the required subnets. Deploy the template to a shared services account. Share the subnets by using AWS Resource Access Manager
• D. Use AWS Direct Connect for connectivity to the on-premises network.
• E. Create an AWS CloudFormation template that provisions a VPC and the required subnets. Deploy the template to each AWS account

Answer: A,C

 

NEW QUESTION 52
A company has a web application that allows users to upload short videos. The videos are stored on Amazon EBS volumes and analyzed by custom recognition software for categorization.
The website contains static content that has variable traffic with peaks in certain months. The architecture consists of Amazon EC2 instances running in an Auto Scaling group for the web application and EC2 instances running in an Auto Scaling group to process an Amazon SQS-queue. The company wants to re-architect the application to reduce operational overhead using AWS managed services where possible and remove dependencies on third-party software.
Which solution meets these requirements?

• A. Use AWS Elastic Beanstalk to launch EC2 instances in an Auto Scaling group for the application and launch a worker environment to process the SQS queue. Replace the custom software with Amazon Rekognition to categories the videos.
• B. Store the uploaded videos in Amazon EFS and mount the file system to the EC2 instances for the web application Process the SQS queue with an AWS lambda function that calls the Amazon Rekognition API to categorize the videos.
• C. Hosts the web application in Amazon S3. Store the uploaded videos in Amazon S3. Use S3 event notification to publish events to the SQS queue. Process the SQS queue with an AWS Lambda function that call the Amazon Rekognition API to categorize the videos.
• D. Use Amazon ECS containers for the web application and Spot instances for the Scaling group that processes the SQS queue. Replace the custom software with Amazon Rekognition to categorize the videos.

Answer: D

 

NEW QUESTION 53
......

For more info read reference:

Amazon Web Services Website

What is the duration, language, and format of AWS Solutions Architect Professional Exam

• No negative marking for wrong answers
• Number of Questions: 65
• Type of Questions: Multiple choice (MCQs), multiple answers

 

Amazon AWS-Solutions-Architect-Professional Real 2022 Braindumps Mock Exam Dumps: https://passleader.realexamfree.com/AWS-Solutions-Architect-Professional-real-exam-dumps.html