• Home
  • Articles
  • Best Quality AWS-Solutions-Architect-Professional Exam Questions Amazon Test To Gain Brilliante Result! [Q59-Q79]

Best Quality AWS-Solutions-Architect-Professional Exam Questions Amazon Test To Gain Brilliante Result! [Q59-Q79]

Share

Best Quality AWS-Solutions-Architect-Professional Exam Questions  Amazon Test To Gain Brilliante Result!

Preparations of AWS-Solutions-Architect-Professional Exam 2021 AWS Certified Solutions Architect Unlimited 216 Questions

NEW QUESTION 59
An organization has two Amazon EC2 instances:
* The first is running an ordering application and an inventory application.
* The second is running a queuing system.
During certain times of the year, several thousand orders are placed per second. Some orders were lost when the queuing system was down. Also, the organization's inventory application has the incorrect quantity of products because some orders were processed twice.
What should be done to ensure that the applications can handle the increasing number of orders?

  • A. Put the ordering and inventory applications into their own Amazon ECS containers and create an Auto Scaling group for each application. Then, deploy the message queuing server in multiple Availability Zones.
  • B. Put the ordering and inventory applications into their own AWS Lambda functions. Have the ordering application write the messages into an Amazon SQS FIFO queue.
  • C. Put the ordering and inventory applications into their own Amazon EC2 instances. Write the incoming orders to an Amazon Kinesis data stream Configure AWS Lambda to poll the stream and update the inventory application.
  • D. Put the ordering and inventory applications into their own Amazon EC2 instances, and create an Auto Scaling group for each application. Use Amazon SQS standard queues for the incoming orders, and implement idempotency in the inventory application.

Answer: D

Explanation:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/standard-queues.html

 

NEW QUESTION 60
A company has an application behind a load balancer with enough Amazon EC2 instances to satisfy peak demand. Scripts and third-party deployment solutions are used to configure EC2 instances when demand increases or an instance fails. The team must periodically evaluate the utilization of the instance types to ensure that the correct sizes are deployed.
How can this workload be optimized to meet these requirements?

  • A. Deploy the application as a Docker image by using Amazon ECS. Set up Amazon EC2 Auto Scaling and Amazon ECS scaling. Register for AWS Business Support and use Trusted Advisor checks to provide suggestions on cost savings.
  • B. Deploy the application by using AWS Elastic Beanstalk with default options. Register for an AWS Support Developer plan. Review the instance usage for the application by using Amazon CloudWatch, and identify less expensive instances that can handle the load. Hold monthly meetings to review new instance types and determine whether Reserved instances should be purchased.
  • C. Create an Auto Scaling group to scale the instances, and use AWS CodeDeploy to perform the configuration. Change from a load balancer to an Application Load Balancer. Purchase a third- party product that provides suggestions for cost savings on AWS resources.
  • D. Use CloudFormer` to create AWS CloudFormation stacks from the current resources. Deploy that stack by using AWS CloudFormation in the same region. Use Amazon CloudWatch alarms to send notifications about underutilized resources to provide cost-savings suggestions.

Answer: C

 

NEW QUESTION 61
A bucket owner has allowed another account's IAM users to upload or access objects in his bucket. The IAM user of Account A is trying to access an object created by the IAM user of account
B. What
will happen in this scenario?

  • A. It is not possible to give permission to multiple IAM users
  • B. It is not possible that the IAM user of one account accesses objects of the other IAM user
  • C. AWS S3 will verify proper rights given by the owner of Account A, the bucket owner as well as by the IAM user B to the object
  • D. The bucket policy may not be created as S3 will give error due to conflict of Access Rights

Answer: C

Explanation:
Explanation
If a IAM user is trying to perform some action on an object belonging to another AWS user's bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth-workflow-object-operation.html

 

NEW QUESTION 62
Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:

  • A. Amazon Device Messaging (ADM)
  • B. Apple Push Notification Service (APNS)
  • C. Google Cloud Messaging for Android (GCM)
  • D. Microsoft Windows Mobile Messaging (MWMM)

Answer: D

Explanation:
Explanation
In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices.
Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows Mobile Messaging (MWMM) doesn't exist and is not supported by Amazon SNS.
http://docs.aws.amazon.com/sns/latest/dg/SNSMobilePush.html

 

NEW QUESTION 63
A Solutions Architect must design a highly available, stateless, REST service. The service will require multiple persistent storage layers for service object meta information and the delivery of content. Each request needs to be authenticated and securely processed. There is a requirement to keep costs as low as possible?
How can these requirements be met?

  • A. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an ECS service that is fronted by a cross-zone ALB. Use an Amazon Cognito user pool to control access to the API.
    Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.
  • B. Use AWS Fargate to host a container that runs a self-contained REST service. Set up an Amazon ECS service that is fronted by an Application Load Balancer (ALB). Use a custom authenticator to control access to the API. Store request meta information in Amazon DynamoDB with Auto Scaling and static content in a secured S3 bucket. Make secure signed requests for Amazon S3 objects and proxy the data through the REST service interface.
  • C. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon API Gateway custom authorizer to control access to the API. Configure the methods to use AWS Lambda custom integrations, and process each resource with a unique Lambda function. Store request meta information in an Amazon ElastiCache Multi-AZ cluster and static content in a secured S3 bucket.
    Generate presigned URLs when returning references to content stored in Amazon S3.
  • D. Set up Amazon API Gateway and create the required API resources and methods. Use an Amazon Cognito user pool to control access to the API. Configure the methods to use AWS Lambda proxy integrations, and process each resource with a unique AWS Lambda function. Store request meta information in DynamoDB with Auto Scaling and static content in a secured S3 bucket. Generate presigned URLs when returning references to content stored in Amazon S3.

Answer: C

 

NEW QUESTION 64
You require the ability to analyze a large amount of data, which is stored on Amazon S3 using Amazon Elastic Map Reduce. You are using the cc2 8xlarge instance type, whose CPUs are mostly idle during processing.
Which of the below would be the most cost efficient way to reduce the runtime of the job?

  • A. Use smaller instances that have higher aggregate I/O performance.
  • B. Create fewer, larger files on Amazon S3.
  • C. Create more, smaller flies on Amazon S3.
  • D. Add additional cc2 8xlarge instances by introducing a task group.

Answer: A

 

NEW QUESTION 65
Which of the following is not included in the metrics sent from Billing to Amazon CloudWatch?

  • A. Recurring fees for AWS products and services
  • B. One-time charges and refunds
  • C. Usage charges for AWS products and services
  • D. Total AWS charges

Answer: B

Explanation:
Usage charges and recurring fees for AWS products and services are included in the metrics sent from Billing to Amazon CloudWatch.
You will have a metric for total AWS charges, as well as one additional metric for each AWS product or service that you use.
However, one-time charges and refunds are not included.
https://aws.amazon.com/blogs/aws/monitor-estimated-costs-using-amazon-cloudwatch-billing- metrics-and-alarms/

 

NEW QUESTION 66
You have been given the task to define multiple AWS Data Pipeline schedules for different activities in the same pipeline. Which of the following would successfully accomplish this task?

  • A. Defining multiple schedule objects in the schedule field
  • B. Defining multiple pipeline definitions in your schedule objects file and associating the desired schedule to the correct activity via its schedule field
  • C. Defining multiple schedule objects in your pipeline definition file and associating the desired schedule to the correct activity via its schedule field
  • D. Creating multiple pipeline definition files

Answer: C

Explanation:
To define multiple schedules for different activities in the same pipeline, in AWS Data Pipeline, you should define multiple schedule objects in your pipeline definition file and associate the desired schedule to the correct activity via its schedule field. As an example of this, it could allow you to define a pipeline in which log files are stored in Amazon S3 each hour to drive generation of an aggregate report once a day.
https://aws.amazon.com/datapipeline/faqs/

 

NEW QUESTION 67
An organization is planning to host a Wordpress blog as well a joomla CMS on a single instance launched with VPC. The organization wants to have separate domains for each application and assign them using Route
53. The organization may have about ten instances each with two applications as mentioned above. While launching the instance, the organization configured two separate network interfaces (primary + ENI) and wanted to have two elastic IPs for that instance. It was suggested to use a public IP from AWS instead of an elastic IP as the number of elastic IPs is restricted.
What action will you recommend to the organization?

  • A. I agree with the suggestion and it is recommended to use a public IP from AWS since the organization is going to use DNS with Route 53.
  • B. I do not agree as AWS VPC does not attach a public IP to an ENI; so the user has to use only an elastic IP only.
  • C. I do not agree as it is required to have only an elastic IP since an instance has more than one ENI and AWS does not assign a public IP to an instance with multiple ENIs.
  • D. I agree with the suggestion but will prefer that the organization should use separate subnets with each ENI for different public IPs.

Answer: C

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC. The user can attach up to two ENIs with a single instance. However, AWS cannot assign a public IP when there are two ENIs attached to a single instance. It is recommended to assign an elastic IP in this scenario. If the organization wants more than 5 EIPs they can request AWS to increase the number.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

 

NEW QUESTION 68
A company has many AWS accounts and uses AWS Organizations to manage all of them A solutions architect must implement a solution that the company can use to share a common network across multiple accounts The company's infrastructure team has a dedicated infrastructure account that has a VPC The infrastructure team must use this account to manage the network Individual accounts cannot have the ability to manage their own networks However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Select TWO)

  • A. Create a resource share in AWS Resource Access Manager In the infrastructure account Select the specific AWS Organizations OU that will use the shared network Select each subnet to associate with the resource share
  • B. Create a transit gateway in the infrastructure account
  • C. Enable resource sharing from the AWS Organizations management account
  • D. Create a resource share in AWS Resource Access Manager in the infrastructure account Select the specific AWS Organizations OU that will use the shared network Select each prefix list to associate with the resource share
  • E. Create VPCs in each AWS account within the organization in AWS Organizations Configure the VPCs to share the same CIDR range and subnets as the VPC in the infrastructure account Peer the VPCs in each individual account with the VPC in the infrastructure account

Answer: A,C

 

NEW QUESTION 69
A company wants to migrate an application to Amazon EC2 from VMware Infrastructure that runs in an on-premises data center. A solutions architect must preserve the software and configuration settings during the migration.
What should the solutions architect do to meet these requirements?

  • A. Configure the AWS DataSync agent to start replicating the data store to Amazon FSx for Windows File Server. Use the SMB share to host the VMware data store. Use VM Import/Export to move the VMs to Amazon EC2.
  • B. Use the VMware vSphere client to export the application as an image in Open Visualization Format (OVF) format. Create an Amazon S3 bucket to store the image in the destination AWS Region. Create and apply an 1AM role for VM Import. Use the AWS CLI to run the EC2 import command.
  • C. Configure AWS Storage Gateway for files service to export a Common Internet File System (CIFS) share. Create a backup copy to the shared folder. Sign in to the AWS Management Console and create an AMI from the backup copy. Launch an EC2 instance that is based on the AMI.
  • D. Create a managed-instance activation for a hybrid environment in AWS Systems Manager. Download and install Systems Manager Agent on the on-premises VM. Register the VM with Systems Manager to be a managed instance. Use AWS Backup to create a snapshot of the VM and create an AMI.
    Launch an EC2 instance that is based on the AMI.

Answer: A

 

NEW QUESTION 70
Your company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as needed. Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary.
You don't want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console.
Which option below will meet the needs for your NOC members?

  • A. Use OAuth 2.0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AWS Management Console.
  • B. Use Web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console.
  • C. Use your on-premises SAML 2.0-compliant identity provider (IdP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.
  • D. Use your on-premises SAML 2.0-compllant identity provider (IdP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.

Answer: C

Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html

 

NEW QUESTION 71
A web application must persist order data to Amazon S3 to support neat-real time processing. A solutions architect needs create an architecture that is both scalable and fault tolerant.
Which solutions meet these requirements? (Choose two.)

  • A. Write the order event to an Amazon Simple Notification Service (Amazon SNS) topic. Use the SNS topic to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
  • B. Write the order event to an Amazon Simple Queue Service (Amazon SQS) queue. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
  • C. Write the order event to an Amazon DynamoDB table. Use DynamoDB Streams to trigger an AWS Lambda function that parses the payload and writes the data to Amazon S3.
  • D. Write the order event to an Amazon Simple Queue Service (Amazon SQS) queue. Use the queue to trigger an AWSLambda function that parsers the payload and writes the data to Amazon S3.
  • E. Write the order event to an Amazon Simple Notification Service (Amazon SNS) topic. Use an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an AWS Lambda function that parses the payload andwrites the data to Amazon S3.

Answer: D,E

 

NEW QUESTION 72
The MySecureData company has five branches across the globe. They want to expand their data centers such that their web server will be in the AWS and each branch would have their own database in the local data center. Based on the user login, the company wants to connect to the data center.
How can MySecureData company implement this scenario with the AWS VPC?

  • A. Use the AWS CloudGateway to communicate with multiple VPN connections.
  • B. Create five VPCs with the public subnet for the app server and setup the VPN gateway for each VPN to connect them individually.
  • C. Use the AWS VPN CloudHub to communicate with multiple VPN connections.
  • D. It is not possible to connect different data centers from a single VPC.

Answer: C

Explanation:
Explanation
A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. If the user wants to connect VPC from his own data centre, he can setup a public and VPN only subnet which uses hardware VPN access to connect with his data centre. If the organization has multiple VPN connections, he can provide secure communication between sites using the AWS VPN CloudHub.
The VPN CloudHub operates on a simple hub-and-spoke model that the user can use with or without a VPC.
This design is suitable for customers with multiple branch offices and existing internet connections who would like to implement a convenient, potentially low-cost hub-and- spoke model for primary or backup connectivity between remote offices.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPN_CloudHub.html

 

NEW QUESTION 73
While debugging a backend application for an loT system that supports globally distributed devices a Solutions Architect notices that stale data is occasionally being sent to user devices. Devices often share data, and stale data does not cause issues in most cases However device operations are disrupted when a device reads the stale data after an update The global system has multiple identical application stacks deployed In different AWS Regions If a user device travels out of its home geographic region it will always connect to the geographically closest AWS Region to write or read data The same data is available in all supported AWS Regions using an Amazon DynamoDB global table What change should be made to avoid causing disruptions in device operations'?

  • A. Update the backend to use strongly consistent reads. Update the devices to always write to and read from their home AWS Region
  • B. Enable strong consistency globally on a DynamoDB global table Update the backend to use strongly consistent reads
  • C. Switch the backend data store to Amazon Aurora MySQL with cross-region replicas Update the backend to always write to the master endpoint
  • D. Select one AWS Region as a master and perform all writes in that AWS Region only Update the backend to use strongly consistent reads

Answer: B

 

NEW QUESTION 74
A user has configured an EC2 instance in the US-East-1a zone. The user has enabled detailed monitoring of the instance. The user is trying to get the data from CloudWatch using a CLI.
Which of the below mentioned CloudWatch endpoint URLs should the user use?

  • A. monitoring.us-east-1a.amazonaws.com
  • B. monitoring.us-east-1-a.amazonaws.com
  • C. monitoring.us-east-1.amazonaws.com
  • D. cloudwatch.us-east-1a.amazonaws.com

Answer: C

Explanation:
Explanation
The CloudWatch resources are always region specific and they will have the end point as region specific. If the user is trying to access the metric in the US-East-1 region, the endpoint URL will be:
monitoring.us-east-1.amazonaws.com
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/regions_endpoints.html

 

NEW QUESTION 75
A company has multiple AWS accounts and manages these accounts which AWS Organization. A developer was given IAM user credentials to access AWS resources. The developer should have read-only access to all Amazon S3 buckets in the account. However, when the developer tries to access the S3 buckets from the console, they receive an access denied error message with no bucket listed.
A solution architect reviews the permissions and finds that the developer's IAM user is listed as having read-only access to all S3 buckets in the account.
Which additional steps should the solutions architect take to troubleshoot the issue? (Select TWO.)

  • A. Check the bucket policies for all S3 buckets.
  • B. Check if an appropriate IAM role is attached to the IAM user.
  • C. Check for the permissions boundaries set for the IAM user.
  • D. Check the SCPs set at the organizational units (OUs).
  • E. Check the ACLs for all S3 buckets

Answer: A,D

 

NEW QUESTION 76
An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations. Which of the below mentioned statements is not a limitation of dedicated instances with VPC?

  • A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
  • B. The user cannot use Reserved Instances with a dedicated tenancy model.
  • C. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.
  • D. It does not support the AWS RDS with a dedicated tenancy VPC.

Answer: B

Explanation:
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. The client's dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts. All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However the user can save some cost as well as reserve some capacity by using a Reserved Instance model with dedicated tenancy.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

 

NEW QUESTION 77
A company is running an application on Amazon EC2 instances in three environments; development, testing, and production. The company uses AMIs to deploy the EC2 instances. The company builds the AMIs by using custom deployment scripts and infrastructure orchestration tools for each release in each environment.
The company is receiving errors in its deployment process. Errors appear during operating system package downloads and during application code installation from a third-party Git hosting service. The company needs deployments to become more reliable across all environments.
Which combination of steps will meet these requirements? (Select THREE).

  • A. Mirror the application code to an AWS CodeCommit Git repository. Use the repository to build EC2 AMIs.
  • B. Produce multiple EC2 AMIs. one for each environment, for each release.
  • C. Produce one EC2 AMI for each release for use across all environments.
  • D. Mirror the application code to a third-party Git repository that uses Amazon S3 storage. Use the repository for deployment.
  • E. Replace the custom scripts and tools with AWS CodeBuild. Update the infrastructure deployment process to use EC2 Image Builder.

Answer: A,C,E

 

NEW QUESTION 78
A company is hosting a three-tier web application in an on-premises environment Due to a recent surge in traffic that resulted in downtime and a significant financial impact, company management has ordered that the application be moved to AWS. The application is written in .NET and has a dependency on a MySQL database. A solutions architect must design a scalable and highly available solution to meet the demand of
200,000 daily users.
Which steps should the solutions architect take to design an appropriate solution?

  • A. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon EC2 Auto Scaling group spanning three Availability Zones. The stack should launch a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a Retain deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.
  • B. Use AWS Elastic Beanstalk to create a new application with a web server environment and an Amazon RDS MySQL Multi-AZ DB instance The environment should launch a Network Load Balancer (NLB) in front of an Amazon EC2 Auto Scaling group in multiple Availability Zones. Use an Amazon Route
    53 alias record to route traffic from the company's domain to the NLB.
  • C. Use AWS CloudFormation to launch a stack containing an Application Load Balancer (ALB) in front of an Amazon ECS cluster of Spot Instances spanning three Availability Zones. The stack should launch an Amazon RDS MySQL DB instance with a Snapshot deletion policy. Use an Amazon Route 53 alias record to route traffic from the company's domain to the ALB.
  • D. Use AWS Elastic Beanstalk to create an automatically scaling web server environment that 6pans two separate Regions with an Application Load Balancer (ALB) in each Region. Create a Multi-AZ deployment of an Amazon Aurora MySQL DB cluster with a cross-Region read replica. Use Amazon Route 53 with a geoproximrty routing policy to route traffic between the two Regions.

Answer: D

 

NEW QUESTION 79
......

Focus on AWS-Solutions-Architect-Professional All-in-One Exam Guide For Quick Preparation: https://www.2pass4sure.com/AWS-Certified-Solution-Architect/AWS-Solutions-Architect-Professional-actual-exam-braindumps.html

AWS-Solutions-Architect-Professional All-in-One Exam Guide For Quick Preparation: https://drive.google.com/open?id=1eWQOZRhFPdxyVU3P-GPOAofoW-fFVZYd

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam