.png){kind=logo}
PDF Download
AWS SOLUTIONS PRO PRACTICE QUESTIONS 1 EXAM
QUESTIONS
Actual Qs and Ans Expert-Verified Explanation
This Exam contains:
-Guarantee passing score -20 Questions and Answers -format set of multiple-choice -Expert-Verified Explanation Question 1: The DevOps team for a CRM SaaS company wants to implement a patching plan on AWS Cloud for a large mixed fleet of Windows and Linux servers. The patching plan has to be auditable and must be implemented securely to ensure compliance with the company's business requirements.As a Solutions Architect Professional, which of the following options would you recommend to address these requirements with MINIMAL effort? (Select two)
Answer:
- Set up Systems Manager Agent on all instances to manage patching. Test patches in pre-production
and then deploy as a maintenance window task with the appropriate approval
- Apply patch baselines using the AWS-RunPatchBaseline SSM document
Question 2: A health and beauty products company processes thousands of orders each day from 100 countries and its website is localized in 15 langages. The company's website faces continual security threats and challenges in the form of HTTP flood attacks, distributed denial of service (DDoS) attacks, rogue robots that flood its website with traffic, SQL-injection attacks designed to extract data and cross-site scripting attacks (XSS). Most of these attacks originate from certain countries. Therefore, the company wants to block access to its application from specific countries; however, the company wants to allow its remote development team (from one of the blocked countries) to have access to the application. The application is deployed on EC2 instances running under an Application Load Balancer (ALB) with AWS WAR As a Solutions Architect Professional, which of the following solutions would you suggest as
the BEST fit for the given use-case? (Select two)
Answer:
- Use WAF IP set statement that specifies the IP addresses that you want to allow through
- Use WAF geo match statement listing the countries that you want to block
Question 3: A multi-national digital media company wants to exit out of the business of owning and maintaining its own IT infrastructure so it can redeploy resources toward innovation in Artificial Intelligence and related areas to create a better customer experience. As part of this digital transformation, the media company wants to archive about 9 PB of data in its on-premises data center to durable long term storage.As a Solutions Architect Professional, what is your recommendation to migrate and store this data in the quickest and MOST cost-optimal way?
Answer:
Transfer the on-premises data into multiple Snowball Edge Storage Optimized devices. Copy the Snowball Edge data into Amazon S3 and create a lifecycle policy to transition the data into AWS Glacier Question 4: A Wall Street based trading firm is modernizing its message queuing system by migrating from self-managed message-oriented middleware systems to Amazon SQS. The firm is using SQS to migrate several trading applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the firm expects a peak rate of about 2,400 transactions per second to be processed via SQS. It is important that the messages are processed in the order they are received.Which of the following options can be used to implement this system in the most cost-effective way?
Answer:
Use Amazon SQS FIFO queue in batch mode of 8 transactions per operation to process the transactions at the peak rate Question 5: A multi-national retail company has built a hub-and-spoke network with AWS Transit Gateway. VPCs have been provisioned into multiple AWS accounts to facilitate network isolation and to enable delegated network administration. The organization is looking at a cost-effective, quick and secure way of maintaining this distributed architecture so that it provides access to services required by workloads in each of the VPCs.As a Solutions Architect Professional, which of the following options would you recommend for the given use-case?
Answer:
Use Centralized VPC Endpoints for connecting with multiple VPCs, also known as shared services VPC
Question 6: A web hosting company's CFO recently analyzed the company's monthly bill for the AWS account for the development environment and identified an opportunity to reduce the cost for AWS Elastic Beanstalk infrastructure in use. The CFO in consultation with the CTO has hired you as an AWS Certified Solutions Architect Professional to design a highly available solution that will provision an Elastic Beanstalk environment in the morning and terminate it at the end of the day. The solution should be designed with minimal operational overhead with a focus on minimizing costs. The solution should also facilitate the increased use of Elastic Beanstalk environments among different development teams and must provide a one-stop scheduler solution for all teams to keep the operational costs as low as possible.Which of the following solution designs will you suggest to address these requirements?
Answer:
Set up separate Lambda functions to provision and terminate the Elastic Beanstalk environment.Configure a Lambda execution role granting the required Elastic Beanstalk environment permissions and assign the role to the Lambda functions. Configure cron expression based Amazon CloudWatch Events rules to trigger the Lambda functions Question 7: A leading medical imaging equipment and diagnostic imaging solutions provider uses AWS Cloud to run its healthcare data flows through more than 500,000 medical imaging devices globally. The solutions provider stores close to one petabyte of medical imaging data on Amazon S3 to provide the durability and reliability needed for their critical data.A research assistant working with the radiology department is trying to upload a high-resolution image into S3 via the public internet. The image size is approximately 5GB. The research assistant is using S3 Transfer Acceleration (S3TA) for faster image upload.It turns out that S3TA did not result in an accelerated transfer.Given this scenario, which of the following is correct regarding the charges for this image transfer?
Answer:
The research assistant does not need to pay any transfer charges for the image upload.Question 8: The CTO at a multi-national retail company is pursuing an IT re-engineering effort to set up a hybrid network architecture that would facilitate the company's envisaged long-term data center migration from multiple on-premises data centers to the AWS Cloud. The current on-premises data centers are in different locations and are inter-linked via a private fiber. Due to the unique constraints of the existing legacy applications, using NAT is not an option. During the migration period, many critical applications will need access to other applications deployed in both the on-premises data centers and AWS Cloud.As a Solutions Architect Professional, which of the following options would you suggest to set up a hybrid network architecture that is highly available and supports high bandwidth for a multi-Region deployment post-migration?
Answer:
Set up a Direct Connect to each on-premises data center from different service providers and configure routing to failover to the other on-premises data center's Direct Connect in case one connection fails.
Make sure that no VPC CIDR blocks overlap one another or the on-premises network.Question 9: An Internet-of-Things (loT) company is using Kinesis Data Streams (KDS) to process loT data from field devices. Multiple consumer applications are using the incoming data streams and the engineers have noticed a performance lag for the data delivery speed between producers and consumers of the data streams.As a Solutions Architect Professional, which of the following would you recommend to improve the performance for the given use-case?
Answer:
Use Enhanced Fanout feature of Kinesis Data Streams to support the desired read throughput for the downstream applications Question 10: The engineering team at a retail company wants to establish a dedicated, encrypted, low latency, and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the operational overhead of establishing this connection.Which of the following options represents the MOST optimal solution with the LEAST infrastructure set up required for provisioning the end to end connection?
Answer:
Use AWS Direct Connect along with a site-to-site VPN to establish a connection between the data center and AWS Cloud Question 11: A web-hosting startup manages more than 500 public web applications on AWS Cloud which are deployed in a single AWS Region. The fully qualified domain names (FQDNs) of all of the applications are configCired to use HTTPS and are served via Application Load Balancers (ALBs). These ALBs are configured to use public SSL/TLS certificates. The startup has hired you as an AWS Certified Solutions Architect Professional to migrate the web applications to a multi-Region architecture.You must ensure that all HTTPS services continue to work without interruption.Which of the following solutions would you suggest to address these requirements?
Answer:
Generate a separate certificate for each FQDN in each AWS Region using AWS Certificate Manager.Associate the certificates with the corresponding ALBs the relevant AWS Region Question 12: A retail company recently saw a huge spike irfets monthly AWS spend. Upon further investigation, it was found that some developers had accidentally launched Amazon RDS instances in unexpected Regions. The company has hired you as an AWS Certified Solutions Architect Professional to establish best practices around least privileges for developers and control access to on-premises as well as AWS Cloud resources using Active Directory. The company has mandated you to institute a mechanism to control costs by restricting the level of access that developers have to the AWS Management Console without
.png)