• Home
  • Articles
  • [Dec 25, 2021] BraindumpsPass AWS-Solutions-Architect-Professional dumps & AWS Certified Solutions Architect sure practice dumps [Q20-Q42]

[Dec 25, 2021] BraindumpsPass AWS-Solutions-Architect-Professional dumps & AWS Certified Solutions Architect sure practice dumps [Q20-Q42]

Share

[Dec 25, 2021] BraindumpsPass AWS-Solutions-Architect-Professional dumps & AWS Certified Solutions Architect sure practice dumps

Amazon AWS-Solutions-Architect-Professional Actual Questions and Braindumps


Understanding functional and technical aspects of AWS Solutions Architect Professional Exam Design for Organizational Complexity

The following will be discussed in AWS SOLUTIONS ARCHITECT PROFESSIONAL dumps:

  • Determine cross-account authentication and access strategy for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements)
  • Determine how to design a multi-account AWS environment for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements)
  • Determine how to design networks for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements)

 

NEW QUESTION 20
A company has detected to move some workloads onto AWS to create a grid environment to run market analytics. The grid will consist of many similar instances, spun-up by a job-scheduling function. Each time a large analytics workload is completed, a new VPC is deployed along with job scheduler and grid nodes. Multiple grids could be running in parallel.
Key requirements are:
Grid instances must communicate with Amazon S3 retrieve data to be processed.
Grid instances must communicate with Amazon DynamoDB to track intermediate data, The job scheduler need only to communicate with the Amazon EC2 API to start new grid nodes.
A key requirement is that the environment has no access to the internet, either directly or via the on-premises proxy. However, the application needs to be able to seamlessly communicate to Amazon S3, Amazon DynamoDB, and Amazon EC2 API, without the need for reconfiguration for each new deployment.
Which of the following should the Solutions Architect do to achieve this target architecture?
(Choose three.)

  • A. Enable an interface VPC endpoint for EC2.
  • B. Populate the on-premises DNS server with the private IP addresses of the EC2 endpoint.
  • C. Configure Amazon S3 endpoint policy to permit access only from the grid nodes.
  • D. Configure the application on the grid instances to use the private DNS name of the Amazon S3 endpoint.
  • E. Disable Private DNS Name Support.
  • F. Enable VPC endpoints for Amazon S3 and DynamoDB.

Answer: A,D,F

Explanation:
https://docs.aws.amazon.com/vpc/latest/userguide/vpce-interface.html

 

NEW QUESTION 21
A company has a single AWS master billing account, which is the root of the AWS Organizations hierarchy.
The company has multiple AWS accounts within this hierarchy, all organized into organization units (OUs).
More OUS and AWS accounts will continue to be created as other parts of the business migrate applications to AWS. These business units may need to use different AWS services. The Security team is implementing the following requirements for all current and future AWS accounts.
* Control policies must be applied across all accounts to prohibit AWS servers.
* Exceptions to the control policies are allowed based on valid use cases.
Which solution will meet these requirements with minimal optional overhead?

  • A. Use an SCP in Organizations to implement a deny list of AWS servers. Apply this SCP at the level. For any specific exceptions for an OU, create a new SCP for that OU and add the required AWS services the allow list.
  • B. Use an SCP in Organizations to implement an allow list of AWS services. Apply this SCP at the root level. Remove the default AWS managed SCP from the root level and all OU levels. For any specific exceptions for an OU, modify the SCP attached to that OU, and add the required AWS services to the allow list.
  • C. Use an SCP In organizations to implement a deny list of AWS service. Apply this SCP at the root level and each OU. Remove the default AWS managed SCP from the root level and all OU levels. For any specific exceptions, modify the SCP attached to that OU, and add the required AWS required services to the allow list.
  • D. Use an SCP in Organization to implement a deny list of AWS service. Apply this SCP at each OU level
    . Leave the default AWS managed SCP at the root level For any specific executions for an OU, create a new SCP for that OU.

Answer: C

 

NEW QUESTION 22
A company stores sales transaction data in Amazon DynamoDB tables. To detect anomalous behaviors and respond quickly, all changes to the items stored in the DynamoDB tables must be logged within 30 minutes.
Which solution meets the requirements?

  • A. Use AWS CloudTrail to capture all the APIs that change the DynamoDB tables. Send SNS notifications when anomalous behaviors are detected using CloudTrail event filtering.
  • B. Use Amazon DynamoDB Streams to capture and send updates to AWS Lambda. Create a Lambda function to output records to Amazon Kinesis Data Streams. Analyze any anomalies with Amazon Kinesis Data Analytics. Send SNS notifications when anomalous behaviors are detected.
  • C. Use event patterns in Amazon CloudWatch Events to capture DynamoDB API call events with an AWS Lambda function as a target to analyze behavior. Send SNS notifications when anomalous behaviors are detected.
  • D. Copy the DynamoDB tables into Apache Hive tables on Amazon EMR every hour and analyze them for anomalous behaviors. Send Amazon SNS notifications when anomalous behaviors are detected.

Answer: C

 

NEW QUESTION 23
What is the average queue length recommended by AWS to achieve a lower latency for the 200 PIOPS EBS volume?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: B

Explanation:
The queue length is the number of pending I/O requests for a device. The optimal average queue length will vary for every customer workload, and this value depends on a particular application's sensitivity to IOPS and latency. If the workload is not delivering enough I/O requests to maintain the optimal average queue length, then the EBS volume might not consistently deliver the IOPS that have been provisioned. However, if the workload maintains an average queue length that is higher than the optimal value, then the per-request I/O latency will increase; in this case, the user should provision more IOPS for his volume. AWS recommends that the user should target an optimal average queue length of 1 for every 200 provisioned IOPS and tune that value based on his application requirements.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-workload-demand.html

 

NEW QUESTION 24
A web company is looking to implement an external payment service into their highly available application deployed in a VPC Their application EC2 instances are behind a public facing ELB. Auto scaling is used to add additional instances as traffic increases under normal load the application runs 2 instances in the Auto Scaling group but at peak it can scale 3x in size. The application instances need to communicate with the payment service over the Internet which requires whitelisting of all public IP addresses used to communicate with it. A maximum of 4 whitelisting IP addresses are allowed at a time and can be added through an API.
How should they architect their solution?

  • A. Automatically assign public IP addresses to the application instances in the Auto Scaling group and run a script on boot that adds each instances public IP address to the payment validation whitelist API.
  • B. Whitelist the ELB IP addresses and route payment requests from the Application servers through the ELB.
  • C. Whitelist the VPC Internet Gateway Public IP and route payment requests through the Internet Gateway.
  • D. Route payment requests through two NAT instances setup for High Availability and whitelist the Elastic IP addresses attached to the MAT instances.

Answer: D

 

NEW QUESTION 25
A company runs a popular public-facing ecommerce website. Its user base is growing quickly from a local market to a national market. The website is hosted in an on-premises data center with web servers and a MySQL database. The company wants to migrate its workload to AWS. A solutions architect needs to create a solution to:
* Improve security
* Improve reliability
* Improve availability
* Reduce latency
* Reduce maintenance
Which combination of steps should the solutions architect take to meet these requirements? (Select THREE.)

  • A. Migrate the database to a Multi-AZ Amazon Aurora MySQL DB cluster.
  • B. Use Amazon EC2 instances in two Availability Zones to host a highly available MySQL database cluster.
  • C. Migrate the database to a single-AZ Amazon RDS for MySQL DB instance
  • D. Use Amazon EC2 instances in two Availability Zones for the web servers in an Auto Scaling group behind an Application Load Balancer.
  • E. Host static website content in Amazon S3. Use S3 Transfer Acceleration to reduce latency while serving webpages. Use AWS WAF to improve website security.
  • F. Host static website content in Amazon S3. Use Amazon CloudFront to reduce latency while serving webpages. Use AWS WAF to improve website security.

Answer: A,D,F

 

NEW QUESTION 26
A mobile App developer just made an App in both IOS and Android that has a feature to count step numbers. He has used AWS Cognito to authorize users with a user pool and identity pool to provide access to AWS DynamoDB table. The App uses the DynamoDB table to store user subscriber data and number of steps. Now the developer also needs Cognito to integrate with Google to provide federated authentication for the mobile application users so that user does not need to remember extra login access. What should the developer do to make this happen for the IOS and Android App?

  • A. Amazon Cognito Identity pools (federated identities) support user authentication through federated identity providers-including Amazon, Facebook, Google, and SAML identity providers. The developer just needs to set up the federated identities for Google access
  • B. Amazon Cognito User pools support user authentication through federated identity providers- including Amazon, Facebook, Google, and SAML identity providers. The developer just needs to set up the federated identities for Google access in Cognito User pool.
  • C. Only Android works for federated identities if Google access is required for AWS Cognito.
    This can be done by configuring Cognito identity pools with a Google Client ID.
  • D. Only IOS (Objective-C and Swift) works for federated identities if Google access is required for AWS Cognito. This can be done by configuration Cognito identity pools with a Google Client ID. Google federated access does not work for android app.

Answer: A

 

NEW QUESTION 27
A large global financial services company has multiple business units. The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads. The Security team is concerned about the access strategy for on-premises and AWS implementations. They would like to enforce governance for AWS services used by business team for regulatory workloads, including Payment Card Industry (PCI) requirements.
Which solution will address the Security team's concerns and allow the Developers to try new services?

  • A. Build a multi-account strategy based on business units, environments, and specific regulatory requirements. Implement SAML-based federation across all AWS accounts with an on-premises identity store. Use AWS Organizations and build organizational units (OUs) structure based on regulations and service governance. Implement service control policies across OUs.
  • B. Implement a multi-account strategy based on business units, environments, and specific regulatory requirements. Ensure that only PCI-compliant services are approved for use in the accounts. Build IAM policies to give access to only PCI-compliant services for governance.
  • C. Build one AWS account for the company for the strong security controls. Ensure that all the service limits are raised to meet company scalability requirements. Implement SAML federation with an on-premises identity store, and ensure that only approved services are used in the account.
  • D. Implement a strong identity and access management model that includes users, groups, and roles in various AWS accounts. Ensure that centralized AWS CloudTrail logging is enabled to detect anomalies. Build automation with AWS Lambda to tear down unapproved AWS resources for governance.

Answer: A

Explanation:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html

 

NEW QUESTION 28
A company receives clickstream data files to Amazon S3 every five minutes. A Python script runs as a cron job once a day on an Amazon EC2 instance to process each file and load it into a database hosted on Amazon RDS. The cron job takes 15 to 30 minutes to process 24 hours of data. The data consumers ask for the data be available as soon as possible.
Which solution would accomplish the desired outcome?

  • A. Create an AWS Lambda function that runs when a file is delivered to Amazon S3 using S3 event notifications.
  • B. Convert the cron job to an AWS Lambda function and schedule it to run once an hour using Amazon CloudWatch events.
  • C. Increase the size of the instance to speed up processing and update the schedule to run once an hour.
  • D. Convert the cron job to an AWS Lambda function and trigger this new function using a cron job on an EC2 instance.

Answer: A

 

NEW QUESTION 29
A company is using Amazon DynamoDB with provisioned throughput for the database tier of its ecommerce website. During flash sales, customers experience periods of time when the database cannot handle the high number of transactions taking place. This causes the company to lose transactions. During normal periods, the database performs appropriately.
Which solution solves the performance problem the company faces?

  • A. Implement DynamoDB Accelerator for fast in memory performance.
  • B. Use Amazon Simple Queue Service (Amazon SQS) to queue transactions to DynamoDB.
  • C. Switch DynamoDB to on-demand mode during flash sales.
  • D. Use Amazon Kinesis to queue transactions for processing to DynamoDB.

Answer: C

Explanation:
Explanation

 

NEW QUESTION 30
Mike is appointed as Cloud Consultant in Test.com. Test has the following VPCs set- up in the US East Region:
A VPC with CIDR block 10.10.0.0/16, a subnet in that VPC with CIDR block 10.10.1.0/24 A VPC with CIDR block 10.40.0.0/16, a subnet in that VPC with CIDR block 10.40.1.0/24 Test.com is trying to establish network connection between two subnets, a subnet with CIDR block
10.10.1.0/24 and another subnet with CIDR block 10.40.1.0/24. Which one of the following solutions should Mike recommend to Test.com?

  • A. Create one EC2 instance in each subnet, assign Elastic IPs to both instances, and configure a set up Site-to-Site VPN connection between both EC2 instances.
  • B. Create a VPC Peering connection between both VPCs.
  • C. Create 2 Virtual Private Gateways and configure one with each VPC.
  • D. Create 2 Internet Gateways, and attach one to each VPC.

Answer: B

Explanation:
A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. EC2 instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region. AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html

 

NEW QUESTION 31
A company wants to allow its marketing team to perform SQL queries on customer records to identify market segments. The data is spread across hundreds of files. The records must be encrypted in transit and at rest. The team manager must have the ability to manage users and groups but no team members should have access to services or resources not required for the SQL queries Additionally, administrators need to audit the queries made and receive notifications when a query violates rules defined by the security team.
AWS Organizations has been used to create a new account and an AWS 1AM user with administrator permissions for the team manager Which design meets these requirements'?

  • A. Apply a service control policy (SCP) that allows access to 1AM Amazon Athena; Amazon S3, and AWS CloudTrail Store customer records as files in Amazon S3 and train users to leverage the Amazon S3 Select feature and run queries using the AWS CLI Enable S3 object-level logging and analyze CloudTrail events to audit and alarm on queries against personal data
  • B. Apply a service control policy (SCP) that denies access to all services except 1AM Amazon Athena Amazon S3 and AWS CloudTrail Store customer record files in Amazon S3 and tram users to run queries using the CLI via Athena Analyze CloudTrail events to audit and alarm on queries against personal data
  • C. Apply a service control policy (SCP) that denies access to all services except 1AM Amazon DynamoDB. and AWS CloudTrail Store customer records in DynamoDB and train users to run queries using the AWS CLI Enable DynamoDB streams to track the queries that are issued and use an AWS Lambda function for real-time monitoring and alerting
  • D. Apply a service control policy (SCP) that allows access to 1AM Amazon RDS. and AWS CloudTrail Load customer records in Amazon RDS MySQL and train users to run queries using the AWS CLI.
    Stream the query logs to Amazon CloudWatch Logs from the RDS database instance Use a subscription filter with AWS Lambda functions to audit and alarm on queries against personal data

Answer: B

 

NEW QUESTION 32
One of your AWS Data Pipeline activities has failed consequently and has entered a hard failure state
after retrying thrice. You want to try it again. Is it possible to increase the number of automatic retries to
more than thrice?

  • A. Yes, you can increase the number of automatic retries to 10.
  • B. No, you cannot increase the number of automatic retries.
  • C. Yes, you can increase the number of automatic retries to 6.
  • D. Yes, you can increase the number of automatic retries to indefinite number.

Answer: A

Explanation:
In AWS Data Pipeline, an activity fails if all of its activity attempts return with a failed state. By default, an
activity retries three times before entering a hard failure state. You can increase the number of automatic
retries to 10. However, the system does not allow indefinite retries.
Reference: https://aws.amazon.com/datapipeline/faqs/

 

NEW QUESTION 33
What is a circular dependency in AWS CloudFormation?

  • A. When a Template references a region, which references the original Template.
  • B. When Nested Stacks depend on each other.
  • C. When Resources form a DependOn loop.
  • D. When a Template references an earlier version of itself.

Answer: C

Explanation:
To resolve a dependency error, add a DependsOn attribute to resources that depend on other resources in your template. In some cases, you must explicitly declare dependencies so that AWS CloudFormation can create or delete resources in the correct order. For example, if you create an Elastic IP and a VPC with an Internet gateway in the same stack, the Elastic IP must depend on the Internet gateway attachment. For additional information, see DependsOn Attribute.
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#trouble shooting-errors-dependency-error

 

NEW QUESTION 34

Refer to the architecture diagram above of a batch processing solution using Simple Queue Service (SQS) to set up a message queue between EC2 instances which are used as batch processors Cloud Watch monitors the number of Job requests (queued messages) and an Auto Scaling group adds or deletes batch servers automatically based on parameters set in Cloud Watch alarms.
You can use this architecture to implement which of the following features in a cost effective and efficient manner?

  • A. Reduce the overall lime for executing jobs through parallel processing by allowing a busy EC2 instance that receives a message to pass it to the next instance in a daisy-chain setup.
  • B. Implement message passing between EC2 instances within a batch by exchanging messages through SQS.
  • C. Coordinate number of EC2 instances with number of job requests automatically thus Improving cost effectiveness.
  • D. Implement fault tolerance against EC2 instance failure since messages would remain in SQS and worn can continue with recovery of EC2 instances implement fault tolerance against SQS failure by backing up messages to S3.
  • E. Handle high priority jobs before lower priority jobs by assigning a priority metadata field to SQS messages.

Answer: C

Explanation:
Explanation
There are cases where a large number of batch jobs may need processing, and where the jobs may need to be re-prioritized.
For example, one such case is one where there are differences between different levels of services for unpaid users versus subscriber users (such as the time until publication) in services enabling, for example, presentation files to be uploaded for publication from a web browser. When the user uploads a presentation file, the conversion processes, for example, for publication are performed as batch processes on the system side, and the file is published after the conversion. Is it then necessary to be able to assign the level of priority to the batch processes for each type of subscriber?
Explanation of the Cloud Solution/Pattern
A queue is used in controlling batch jobs. The queue need only be provided with priority numbers. Job requests are controlled by the queue, and the job requests in the queue are processed by a batch server. In Cloud computing, a highly reliable queue is provided as a service, which you can use to structure a highly reliable batch system with ease. You may prepare multiple queues depending on priority levels, with job requests put into the queues depending on their priority levels, to apply prioritization to batch processes. The performance (number) of batch servers corresponding to a queue must be in accordance with the priority level thereof.
Implementation
In AWS, the queue service is the Simple Queue Service (SQS). Multiple SQS queues may be prepared to prepare queues for individual priority levels (with a priority queue and a secondary queue). Moreover, you may also use the message Delayed Send function to delay process execution.
Use SQS to prepare multiple queues for the individual priority levels.
Place those processes to be executed immediately (job requests) in the high priority queue.
Prepare numbers of batch servers, for processing the job requests of the queues, depending on the priority levels.
Queues have a message "Delayed Send" function. You can use this to delay the time for starting a process.
Configuration

Benefits
You can increase or decrease the number of servers for processing jobs to change automatically the processing speeds of the priority queues and secondary queues.
You can handle performance and service requirements through merely increasing or decreasing the number of EC2 instances used in job processing.
Even if an EC2 were to fail, the messages (jobs) would remain in the queue service, enabling processing to be continued immediately upon recovery of the EC2 instance, producing a system that is robust to failure.
Cautions
Depending on the balance between the number of EC2 instances for performing the processes and the number of messages that are queued, there may be cases where processing in the secondary queue may be completed first, so you need to monitor the processing speeds in the primary queue and the secondary queue.

 

NEW QUESTION 35
A company runs a dynamic mission-critical web application that has an SLA of 99.99%. Global application users access the application 24/7. The application is currently hosted on premises and routinely fails to meet its SLA, especially when millions of users access the application concurrently. Remote users complain of latency.
How should this application be redesigned to be scalable and allow for automatic failover at the lowest cost?

  • A. Use Amazon Route 53 geolocation-based routing. Host the website on automatically scaled AWS Fargate containers behind a Network Load Balancer with an additional Network Load Balancer and Fargate containers for the application layer in each region. Use Amazon Aurora Multi-Master for Aurora MySQL as the data layer.
  • B. Use Amazon Route 53 failover routing with geolocation-based routing. Host the website on automatically scaled Amazon EC2 instances behind an Application Load Balancer with an additional Application Load Balancer and EC2 instances for the application layer in each region. Use a Multi-AZ deployment with MySQL as the data layer.
  • C. Use Amazon Route 53 round robin routing to distribute the load evenly to several regions with health checks. Host the website on automatically scaled Amazon ECS with AWS Fargate technology containers behind a Network Load Balancer, with an additional Network Load Balancer and Fargate containers for the application layer in each region. Use Amazon Aurora replicas for the data layer.
  • D. Use Amazon Route 53 latency-based routing to route to the nearest region with health checks. Host the website in Amazon S3 in each region and use Amazon API Gateway with AWS Lambda for the application layer. Use Amazon DynamoDB global tables as the data layer with Amazon DynamoDB Accelerator (DAX) for caching.

Answer: D

Explanation:
Explanation
https://aws.amazon.com/getting-started/projects/build-serverless-web-app-lambda-apigateway-s3-dynamodb-co

 

NEW QUESTION 36
An organization is planning to host a Wordpress blog as well a joomla CMS on a single instance launched with VPC. The organization wants to have separate domains for each application and assign them using Route
53. The organization may have about ten instances each with two applications as mentioned above. While launching the instance, the organization configured two separate network interfaces (primary + ENI) and wanted to have two elastic IPs for that instance. It was suggested to use a public IP from AWS instead of an elastic IP as the number of elastic IPs is restricted.
What action will you recommend to the organization?

  • A. I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is going to use DNS with Route 53.
  • B. I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.
  • C. I do not agree as it is required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.
  • D. I do not agree as AWS VPC does not attach a public IP to an ENI; so the user has to use only an elastic IP only.

Answer: C

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. The user can attach up to two ENIs with a single instance. However, AWS cannot assign a public IP when there are two ENIs attached to a single instance. It is recommended to assign an elastic IP in this scenario. If the organization wants more than 5 EIPs they can request AWS to increase the number.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

 

NEW QUESTION 37
An organization has 4 people in the IT operations team who are responsible to manage the AWS
infrastructure. The organization wants to setup that each user will have access to launch and manage an
instance in a zone which the other user cannot modify. Which of the below mentioned options is the best
solution to set this up?

  • A. Create four IAM users and four VPCs and allow each IAM user to have access to separate VPCs.
  • B. Create a VPC with four subnets and allow access to each subnet for the individual IAM user.
  • C. Create four AWS accounts and give each user access to a separate account.
  • D. Create an IAM user and allow them permission to launch an instance of a different sizes only.

Answer: B

Explanation:
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can
create subnets as per the requirement within a VPC. The VPC also work with IAM and the organization
can create IAM users who have access to various VPC services. The organization can setup access for
the IAM user who can modify the security groups of the VPC. The sample policy is given below:
{
"Version": "2012-10-17",
"Statement":
[{ "Effect": "Allow",
"Action": "ec2:RunInstances",
"Resource":
[ "arn:aws:ec2:region::image/ami-*",
"arn:aws:ec2:region:account:subnet/subnet-1a2b3c4d",
"arn:aws:ec2:region:account:network-interface/*",
"arn:aws:ec2:region:account:volume/*",
"arn:aws:ec2:region:account:key-pair/*",
"arn:aws:ec2:region:account:security-group/sg-123abc123" ]
}]
}
With this policy the user can create four subnets in separate zones and provide IAM user access to each
subnet.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_IAM.html

 

NEW QUESTION 38
A company is migrating an application to AWS. It wants to use fully managed services as much as possible during the migration. The company needs to store large, important documents within the application with the following requirements:
- The data must be highly durable and available.
- The data must always be encrypted at rest and in transit.
- The encryption key must be managed by the company and rotated
periodically.
Which of the following solutions should the Solutions Architect recommend?

  • A. Deploy instances with Amazon EBS volumes attached to store this data. Use EBS volume encryption using an AWS KMS key to encrypt the data.
  • B. Use Amazon DynamoDB with SSL to connect to DynamoDB. Use an AWS KMS key to encrypt DynamoDB objects at rest.
  • C. Deploy the storage gateway to AWS in file gateway mode. Use Amazon EBS volume encryption using an AWS KMS key to encrypt the storage gateway volumes.
  • D. Use Amazon S3 with a bucket policy to enforce HTTPS for connections to the bucket and to enforce server-side encryption and AWS KMS for object encryption.

Answer: D

Explanation:
https://aws.amazon.com/blogs/security/how-to-use-bucket-policies-and-apply-defense-in-depth- to-help-secure-your-amazon-s3-data//

 

NEW QUESTION 39
You have set up a huge amount of network infrastructure in AWS and you now need to think about monitoring all of this. You decide CloudWatch will best fit your needs but you are unsure of the pricing structure and the limitations of CloudWatch. Which of the following statements is TRUE in relation to the limitations of CloudWatch?

  • A. You get 10 CloudWatch metrics, 10 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.
  • B. You get 10 CloudWatch metrics, 10 alarms, 1,000 API requests, and 100 Amazon SNS email notifications per customer per month for free.
  • C. You get 100 CloudWatch metrics, 100 alarms, 10,000,000 API requests, and 10,000 Amazon SNS email notifications per customer per month for free.
  • D. You get 100 CloudWatch metrics, 100 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.

Answer: A

Explanation:
Amazon CloudWatch monitors your Amazon Web Services (AWS) resources and the applications you run on AWS in real-time. You can use CloudWatch to collect and track metrics, which are the variables you want to measure for your resources and applications.
CloudWatch has the following limits:
You get 10 CloudWatch metrics, 10 alarms, 1,000,000 API requests, and 1,000 Amazon SNS email notifications per customer per month for free.
You can assign up to 10 dimensions per metric.
You can create up to 5000 alarms per AWS account.
Metric data is kept for 2 weeks.
The size of a PutMetricData request is limited to 8KB for HTTP GET requests and 40KB for HTTP POST requests.
You can include a maximum of 20 MetricDatum items in one PutMetricData request. A MetricDatum can contain a single value or a StatisticSet representing many values.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_limits.html

 

NEW QUESTION 40
A customer has a website which shows all the deals available across the market. The site experiences a load of 5 large EC2 instances generally.
However, a week before Thanksgiving vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings.
Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?

  • A. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.
  • B. Keep only 10 instances running and manually launch 10 instances every day during office hours.
  • C. During the pre-vacation period setup 20 instances to run continuously.
  • D. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.

Answer: A

Explanation:
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances before hand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization. If the organization keeps all 10 additional instances as a part of the AutoScaling policy sometimes during a sudden higher load it may take time to launch instances and may not give an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaling policy for cost effectiveness.

 

NEW QUESTION 41
A user is trying to create a vault in AWS Glacier. The user wants to enable notifications.
In which of the below mentioned options can the user enable the notifications from the AWS console?

  • A. Vault Upload Job Complete
  • B. Vault Inventory Retrieval Job Complete
  • C. Archival Upload Complete
  • D. Glacier does not support the AWS console

Answer: B

Explanation:
From AWS console the user can configure to have notifications sent to Amazon Simple Notifications Service (SNS). The user can select specific jobs that, on completion, will trigger the notifications such as Vault Inventory Retrieval Job Complete and Archive Retrieval Job Complete.
http://docs.aws.amazon.com/amazonglacier/latest/dev/configuring-notifications-console.html

 

NEW QUESTION 42
......


Difficulty in Writing AWS Solutions Architect Professional Exam

As everybody knows, this examination can not be quickly completed because the AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps requires to pass the examinations these dumps requires a lot of time and accurate and up to date content to pass the exam effectively. Many applicants are doubted about the type of questions posed in the exam and the complexity of questions and the time taken to complete the questions before writing a credential AWS Accredited Developer Professional certification. The best way to pass the Professional Test is to question and prepare with AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps. AWS Accredited Developer Candidates are evaluating their education and finding places for change in the real review style. The best approach is to practice the Professional Credential Review with an AWS Certified Developer, as the examination is a key factor of the AWS Certified Developer.

Partner Professional Exam Research Plan that helps applicants to explore their strengths and faults to develop their time management skills and to get an understanding of the score they should receive. AWS Accredited Developer Professional review is the new issue to the review, that applicants without difficulties should understand. Professional AWS SOLUTIONS ARCHITECT PROFESSIONAL exam tests research material from AWS Solutions Architect Professional Exam is ideally suited to busy practitioners who have no money to spare on training and want to do so within one week. Following a thorough review of AWS certified solutions, architect-professional practice evaluation has been properly prepared by the expert team. We periodically update our content. The aim is to keep candidates up-to-date and we shall automatically amend the material when and when the Offensive Protection reports any changes in the AWS SOLUTIONS ARCHITECT PROFESSIONAL dumps.


The benefit of obtaining the AWS Solutions Architect Professional Exam Certification

The IT practitioners accredited by Amazon are known amongst the competitors. At the time of appointment of applicants for a work interview employers, AWS accredited production partners will easily give them the advantage to inform anything that differentiates the employee from each other.

Amazon Certified IT professionals have networks that are more useful and important to help them set themselves career goals. AWS Accredited Developer gives you the correct career advice that you normally can not receive without a degree. Amazon Accredited IT professionals are confident and distinct from other professionals since they have more expertise than uncertified professionals. Like most uncertified professionals do not know, AMAZON Certified IT professionals use the resources to do the job quickly and cost-effectively.

The qualification as AWS Certified Developer enables candidates to become experts in all facets as their expertise. Instead of waiting years and completing, AWS accredited development certifications provide a way to find a place in which you are involved without experience.

 

Latest AWS-Solutions-Architect-Professional Pass Guaranteed Exam Dumps with Accurate & Updated Questions: https://www.braindumpspass.com/Amazon/AWS-Solutions-Architect-Professional-practice-exam-dumps.html

Pass AWS-Solutions-Architect-Professional Exam with Updated AWS-Solutions-Architect-Professional Exam Dumps PDF 2021: https://drive.google.com/open?id=11oDHnC6oNs0syDKI-xYlouLJg72uD5C2

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam