AWS-Certified-Solutions-Architect-Professional Exam - AWS-Certified-Solutions-Architect-Professional

NEW QUESTION 1
By default, what is the maximum number of Cache Nodes you can run in Amazon EIastiCache?

• A. 20
• B. 50
• C. 100
• D. 200

Answer: A

Explanation: In Amazon EIastiCache, you can run a maximum of 20 Cache Nodes. Reference: http://aws.amazon.com/e|asticache/faqs/

NEW QUESTION 2
A user is hosting a public website on AWS. The user wants to have the database and the app server on the AWS VPC. The user wants to setup a database that can connect to the Internet for any patch upgrade but cannot receive any request from the internet. How can the user set this up?

• A. Setup DB in a private subnet with the security group allowing only outbound traffic.
• B. Setup DB in a public subnet with the security group allowing only inbound data.
• C. Setup DB in a local data center and use a private gateway to connect the application with DB.
• D. Setup DB in a private subnet which is connected to the internet via NAT for outbound.

Answer: D

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. AWS provides two features that the user can use to increase security in VPC: security groups and network ACLs. When the user wants to setup both the DB and App on VPC, the user should make one public and one private subnet. The DB should be hosted in a private subnet and instances in that subnet cannot reach the internet. The user can allow an instance in his VPC to initiate outbound connections to the internet but prevent unsolicited inbound connections from the internet by using a Network Address Translation (NAT) instance.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html

NEW QUESTION 3
In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

• A. Device token
• B. Client ID
• C. Registration ID
• D. Client secret

Answer: A

Explanation: To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following: Registration ID and Client secret.
Reference: http://docs.aws.amazon.com/sns/latest/dg/SNSMobi|ePushPrereq.htmI

NEW QUESTION 4
The user has provisioned the PIOPS volume with an EBS optimized instance. Generally speaking, in which I/O chunk should the bandwidth experienced by the user be measured by AWS?

• A. 128 KB
• B. 256 KB
• C. 64 KB
• D. 32 KB

Answer: B

Explanation: IOPS are input/output operations per second. Amazon EBS measures each I/O operation per second (that is 256 KB or smaller) as one IOPS.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 5
To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (Rls) evenly spread across two availability zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity As a result, your company purchases two C3.2xIarge medium utilization Ris You register the two c3 2xIarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xIarge instances have significant capacity that's
unused Which option is the most cost effective and uses EC2 capacity most effectively?

• A. Configure Autoscaling group and Launch Configuration with ELB to add up to 10 more on-demand m1 .|arge instances when triggered by Cloudwatc
• B. Shut off c3.2x|arge instances.
• C. Configure ELB with two c3.2xIarge instances and use on-demand Autoscaling group for up to two additional c3.2x|arge instance
• D. Shut off m1 .Iarge instances.
• E. Route traffic to EC2 m1 .Iarge and c3.2xIarge instances directly using Route 53 latency based routing and health check
• F. Shut off ELB.
• G. Use a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin.

Answer: B

NEW QUESTION 6
An administrator is using Amazon CIoudFormation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for storage when creating the CIoudFormation template which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

• A. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and associate the Role to the application instances by referencing an instance profile.
• B. Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required DynamoDB table.
• C. Create an Identity and Access Management Role that has the required permissions to read and write from the required DynamoDB table and reference the Role in the instance profile property of the application instance.
• D. Create an identity and Access Management user in the CIoudFormation template that has permissions to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and secret keys and pass them to the application instance through user-data.

Answer: C

NEW QUESTION 7
An organization is creating a VPC for their application hosting. The organization has created two private subnets in the same AZ and created one subnet in a separate zone. The organization wants to make a
HA system with the internal ELB. Which of these statements is true with respect to an internal ELB in this scenario?

• A. ELB can support only one subnet in each availability zone.
• B. ELB does not allow subnet selection; instead it will automatically select all the available subnets of the VPC.
• C. If the user is creating an internal ELB, he should use only private subnets.
• D. ELB can support all the subnets irrespective of their zone

Answer: A

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Within this virtual private cloud, the user can launch AWS resources, such as an ELB, and EC2 instances.
There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers, such as App sewers the organization can create an internal load balancer in their VPC and then place back-end application instances behind the internal load balancer. The internal load balancer will route requests to the back-end application instances, which are also using private IP addresses and only accept requests from the internal load balancer.
The Internal ELB supports only one subnet in each AZ and asks the user to select a subnet while configuring internal ELB.
Reference: http://docs.aws.amazon.com/EIasticLoadBaIancing/latest/DeveIoperGuide/USVPC_creating_basic_Ib.html

NEW QUESTION 8
A user is thinking to use EBS PIOPS volume. Which of the below mentioned options is a right use case for the PIOPS EBS volume?

• A. Analytics
• B. System boot volume
• C. Nlongo DB
• D. Log processing

Answer: C

Explanation: Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput. Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency in random access I/O throughput business applications, database workloads, such as NoSQL DB, RDBMS, etc. Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htm|

NEW QUESTION 9
Who is responsible for modifying the routing tables and networking ACLs in a VPC to ensure that a DB instance is reachable from other instances in the VPC?

• A. AWS administrators
• B. The owner of the AWS account
• C. Amazon
• D. The DB engine vendor

Answer: B

Explanation: You are in charge of configuring the routing tables of your VPC as well as the network ACLs rules needed to make your DB instances accessible from all the instances of your VPC that need to communicate with it.
Reference: http://aws.amazon.com/rds/faqs/

NEW QUESTION 10
You are the new IT architect in a company that operates a mobile sleep tracking application.
When activated at night, the mobile app is sending collected data points of 1 kilobyte every 5 minutes to your backend.
The backend takes care of authenticating the user and writing the data points into an Amazon DynamoDB table.
Every morning, you scan the table to extract and aggregate last night's data on a per user basis, and store the results in Amazon S3. Users are notified via Amazon SNS mobile push notifications that new data is available, which is parsed and visualized by the mobile app.
Currently you have around 100k users who are mostly based out of North America. You have been tasked to optimize the architecture of the backend system to lower cost. What would you recommend? Choose 2 answers

• A. Have the mobile app access Amazon DynamoDB directly Instead of JSON files stored on Amazon S3.
• B. Write data directly into an Amazon Redshift cluster replacing both Amazon DynamoDB and Amazon S3.
• C. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB table and reduce provisioned write throughput.
• D. Introduce Amazon Elasticache to cache reads from the Amazon DynamoDB table and reduce provisioned read throughput.
• E. Create a new Amazon DynamoDB table each day and drop the one for the previous day after its data is on Amazon S3.

Answer: AD

NEW QUESTION 11
A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?

• A. EBS bandwidth of dedicated instance exceeding the PIOPS
• B. EBS volume size
• C. EC2 bandwidth
• D. Instance type is not EBS optimized

Answer: B

Explanation: If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectMty) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 12
A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum.
What AWS architecture would you recommend?

• A. ASK their customers to use an S3 client instead of an FTP clien
• B. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the 'username' Policy variable.
• C. Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.
• D. Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshol
• E. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.
• F. Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.

Answer: A

NEW QUESTION 13
You have deployed a three-tier web application in a VPC with a CIDR block of 10.0.0.0/28 You initially deploy two web servers, two application sewers, two database sewers and one NAT instance tor a total of seven EC2 instances The web. Application and database sewers are deployed across two availability zones (AZs). You also deploy an ELB in front of the two web servers, and use Route53 for DNS Web (raffile gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch.
Which of the following could be the root caused? (Choose 2 answers)

• A. AWS reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
• B. The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
• C. The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
• D. AWS reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances
• E. AWS reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances

Answer: CE

NEW QUESTION 14
An organization is making software for the CIA in US

• A. CIA agreed to host the application on AWS but ina secure environmen
• B. The organization is thinking of hosting the application on the AWS GovC|oud regio
• C. Which of the below mentioned difference is not correct when the organization is hosting on the AWS GovCIoud in comparison with the AWS standard region?
• D. The billing for the AWS GovCLoud will be in a different account than the Standard AWS account.
• E. GovCIoud region authentication is isolated from Amazon.com.
• F. Physical and logical administrative access only to U.
• G. persons.
• H. It is physically isolated and has logical network isolation from all the other region

Answer: A

Explanation: AWS GovCIoud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCIoud (US) Region adheres to the U.S. International Traffic in
Arms Regulations (ITAR) requirements. It has added advantages, such as: Restricting physical and logical administrative access to U.S. persons only
There will be a separate AWS GovCIoud (US) credentials, such as access key and secret access key than the standard AWS account
The user signs in with the IAM user name and password
The AWS GovCIoud (US) Region authentication is completely isolated from Amazon.com
If the organization is planning to host on EC2 in AWS GovCIoud then it will be billed to standard AWS account of organization since AWS GovCIoud billing is linked with the standard AWS account and is not be billed separately
Reference: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/whatis.htmI

NEW QUESTION 15
Identify a true statement about the statement ID (Sid) in IAM.

• A. You cannot expose the Sid in the IAM API.
• B. You cannot use a Sid value as a sub-ID for a policy document's ID for services provided by SQS and SNS.
• C. You can expose the Sid in the IAM API.
• D. You cannot assign a Sid value to each statement in a statement arra

Answer: A

Explanation: The Sid(statement ID) is an optional identifier that you provide for the policy statement. You can assign a Sid a value to each statement in a statement array. In IAM, the Sid is not exposed in the IAM API. You can't retrieve a particular statement based on this ID.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_poIicies_eIements.htmI#Sid

NEW QUESTION 16
A company is running a batch analysis every hour on their main transactional DB, running on an RDS MySQL instance, to populate their central Data Warehouse running on Redshift. During the execution of the batch, their transactional applications are very slow. When the batch completes they need to update the top management dashboard with the new data. The dashboard is produced by another system running on-premises that is currently started when a manually-sent email notifies that an update is required. The on-premises system cannot be modified because is managed by another team.
How would you optimize this scenario to solve performance issues and automate the process as much as possible?

• A. Replace RDS with Redshift for the batch analysis and SNS to notify the on-premises system to update the dashboard
• B. Replace RDS with Redshift for the oaten analysis and SQS to send a message to the on-premises system to update the dashboard
• C. Create an RDS Read Replica for the batch analysis and SNS to notify me on-premises system to update the dashboard
• D. Create an RDS Read Replica for the batch analysis and SQS to send a message to the on-premises system to update the dashboard.

Answer: A

NEW QUESTION 17
Your company plans to host a large donation website on Amazon Web Sewices (AWS). You anticipate a large and undetermined amount of traffic that will create many database writes. To be certain that you do not drop any writes to a database hosted on AWS. Which sewice should you use?

• A. Amazon RDS with provisioned IOPS up to the anticipated peak write throughput.
• B. Amazon Simple Queue Service (SQS) for capturing the writes and draining the queue to write to the database.
• C. Amazon EIastiCache to store the writes until the writes are committed to the database.
• D. Amazon DynamoDB with provisioned write throughput up to the anticipated peak write throughpu

Answer: B

NEW QUESTION 18
A customer has established an AWS Direct Connect connection to AWS. The link is up and routes are being advertised from the customer's end, however the customer is unable to connect from EC2 instances inside its VPC to servers residing in its datacenter.
Which of the following options provide a viable solution to remedy this situation? (Choose 2 answers)

• A. Add a route to the route table with an IPsec VPN connection as the target.
• B. Enable route propagation to the virtual pinnate gateway (VGW).
• C. Enable route propagation to the customer gateway (CGW).
• D. Modify the route table of all Instances using the 'route' command.
• E. Modify the Instances VPC subnet route table by adding a route back to the customer's on-premises environment.

Answer: AC

NEW QUESTION 19
To get started using AWS Direct Connect, in which of the following steps do you configure Border Gateway Protocol (BGP)?

• A. Complete the Cross Connect
• B. Configure Redundant Connections with AWS Direct Connect
• C. Create a Virtual Interface
• D. Download Router Configuration

Answer: C

Explanation: In AWS Direct Connect, your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication, and you need to provide a private Autonomous System Number (ASN) for that to connect to Amazon Virtual Private Cloud (VPC). To connect to public AWS products such as Amazon EC2 and Amazon S3, you will also need to provide a public ASN that you own (preferred) or a private ASN. You have to configure BGP in the Create a Virtual Interface step.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/getstarted.htmI#createvirtualinterface

NEW QUESTION 20
A user is configuring MySQL RDS with PIOPS. What should be the minimum PIOPS that the user should provision?

• A. 1000
• B. 200
• C. 2000
• D. 500

Answer: A

Explanation: If a user is trying to enable PIOPS with MySQL RDS, the minimum size of storage should be 100 GB and the minimum PIOPS should be 1000.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html