• Home
  • Articles
  • Real AWS-Solutions-Architect-Professional Dumps - Amazon Correct Answers updated on 2021 [Q72-Q88]

Real AWS-Solutions-Architect-Professional Dumps - Amazon Correct Answers updated on 2021 [Q72-Q88]

Share

Use Real AWS-Solutions-Architect-Professional Dumps - Amazon Correct Answers updated on 2021

AWS Certified Solutions Architect AWS-Solutions-Architect-Professional Exam Practice Dumps

NEW QUESTION 72
You are designing an intrusion detection/prevention (IDS/IPS) solution for a customer web application in a single VPC.
You are considering the options for Implementing IDS/IPS protection for traffic coming from the Internet.
Which of the following options would you consider? Choose 2 answers

  • A. Implement IDS/IPS agents on each instance running in VPC.
  • B. Implement a reverse proxy layer in front of web servers, and configure IDS/IPS agents on each reverse proxy server.
  • C. Implement Elastic Load Balancing with SSL listeners in front of the web applications.
  • D. Configure an instance in each subnet to switch its network interface card to promiscuous mode and analyze network traffic.

Answer: A,B

Explanation:
EC2 does not allow promiscuous mode, and you cannot put something in between the ELB and the web server (like a listener or IDP)

 

NEW QUESTION 73
A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.
Which of the following actions should the Solutions Architect consider to improve performance?
(Choose two.)

  • A. Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage.
  • B. Increase the amount of CPU, and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal CPU and timeout configuration for the Lambda function.
  • C. Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster.
  • D. Increase the amount of memory and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal memory and timeout configuration for the Lambda function.
  • E. Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time.

Answer: A,D

Explanation:
https://lumigo.io/blog/aws-lambda-timeout-best-practices/
A: While this will improve the situation, it may not be enough.
B: Memory - The amount of memory available to the function during execution. Choose an amount between 128 MB and 3,008 MB in 64 MB increments. Lambda allocates CPU power linearly in proportion to the amount of memory configured. At 1,792 MB, a function has the equivalent of 1 full vCPU (one vCPU-second of credits per second).
All calls made to AWS Lambda must complete execution within 900 seconds. The default timeout is 3 seconds, but you can set the timeout to any value between 1 and 900 seconds.
C: The problem is not with the DB.
D: AWS API Gateway has a max timeout of 29 seconds for all integration types, which includes Lambda as well. It means that any API call coming through API Gateway cannot exceed 29 seconds. It makes sense for most of the APIs except for few high computational ones.
E: Increase the memory not CPU.

 

NEW QUESTION 74
A company Is serving files to its customers through an SFTP server that Is accessible over the internet The SFTP server Is running on a single Amazon EC2 instance with an Elastic IP address attached Customers connect to the SFTP server through its Elastic IP address and use SSH for authentication The EC2 instance also has an attached security group that allows access from all customer IP addresses.
A solutions architect must implement a solution to improve availability minimize the complexity ot infrastructure management and minimize the disruption to customers who access files. The solution must not change the way customers connect.
Which solution will meet these requirements?

  • A. Disassociate the Elastic IP address from the EC2 instance. Create an Amazon S3 bucket to be used for SFTP file hosting Create an AWS Transfer Family server. Configure the Transfer Family server with a VPC-hosted. internet-facing endpoint. Associate the SFTP Elastic IP address with the new endpoint.
    Attach the security group with customer IP addresses to the new endpoint. Point the Transfer Family server to the S3 bucket. Sync all files from the SFTP server to The S3 bucket
  • B. Disassociate the Elastic IP address from me EC2 instance Create an Amazon S3 bucket to be used for sftp file hosting Create an AWS Transfer Family server Configure the Transfer Family server with a publicly accessible endpoint. Associate the SFTP Elastic IP address with the new endpoint. Point the Transfer Family server to the S3 bucket Sync all files from the SFTP server to the S3 bucket.
  • C. Disassociate the Elastic IP address from the EC2 instance Create a multi-attach Amazon Elastic Block Store (Amazon EBS) volume to be used to SFTP file hosting Create a Network Load Balancer (NLB) with the Elastic IP address attached Create an Auto Scaling group with EC2 instances that run an SFTP server Define in the Auto Scaling group that instances that are launched should attach the new multi-attach EBS volume Configure the Auto Scaling group to automatically add instances behind the NLB Configure the Auto Scaling group to use the security group that allows customer IP addresses for the EC2 instances that the Auto Scaling group launches Sync all files from the SFTP server to the new multi-attach EBS volume
  • D. Disassociate the Elastic IP address from the EC2 instance. Create a new Amazon Elastic File System (Amazon EFS) file system to be used for SFTP file hosting. Create an AWS Fargate task definition to run an SFTP server. Specify the EFS file system as a mount in the task definition Create a Fargate service by using the task definition, and place a Network Load Balancer (NLB) front of the service When configuring the service, attach the security group with customer IP addresses to the tasks that run the SFTP server Associate the Elastic IP address with the Nl B Sync all files from the SFTP server to the S3 bucket

Answer: B

 

NEW QUESTION 75
A company is running a commercial Apache Hadoop cluster on Amazon EC2. This cluster is being used daily to query large files on Amazon S3. The data on Amazon S3 has been curated and does not require any additional transformations steps. The company is using a commercial business intelligence (BI) tool on Amazon EC2 to run queries against the Hadoop cluster and visualize the data.
The company wants to reduce or eliminate the overhead costs associated with managing the Hadoop cluster and the BI tool. The company would like to remove to a more cost-effective solution with minimal effort. The visualization is simple and requires performing some basic aggregation steps only.
Which option will meet the company's requirements?

  • A. Use a commercial extract, transform, load (ETL) tool that runs on Amazon EC2 to prepare the data for processing. Then switch to a faster and cheaper Bl tool that runs on Amazon EC2 to visualize the data from Amazon S3.
  • B. Develop a script that uses Amazon Athena to query and analyze the files on Amazon S3. Then use Amazon QuickSight to connect to Athena and perform the visualization.
  • C. Launch a transient Amazon EMR cluster daily and develop an Apache Hive script to analyze the files on Amazon S3. Shut down the Amazon EMR cluster when the job is complete. The use the Amazon QuickSight to connect to Amazon EMR and perform the visualization.
  • D. Develop a stored procedure invoked from a MySQL database running on Amazon EC2 to analyze EC2 to analyze the files in Amazon S3. Then use a fast in-memory BL tool running on Amazon EC2 to visualize the data.

Answer: C

 

NEW QUESTION 76
With respect to AWS Lambda permissions model, at the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the _____ role.

  • A. configuration
  • B. delegation
  • C. execution
  • D. dependency

Answer: C

Explanation:
Regardless of how your Lambda function is invoked, AWS Lambda always executes the function.
At the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the execution role.
http://docs.aws.amazon.com/lambda/latest/dg/lambda-dg.pdf

 

NEW QUESTION 77
A user is creating a PIOPS volume. What is the maximum ratio the user should configure between PIOPS and the volume size?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: D

Explanation:
Explanation
Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput. A provisioned IOPS volume can range in size from 10 GB to 1 TB and the user can provision up to 4000 IOPS per volume.
The ratio of IOPS provisioned to the volume size requested can be a maximum of 30; for example, a volume with 3000 IOPS must be at least 100 GB.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

 

NEW QUESTION 78
A large company has increased its utilization of AWS over time in an unmanaged way. As such, they have a large number of independent AWS accounts across different business units, projects, and environments. The company has created a Cloud Center of Excellence team, which is responsible for managing all aspects of the AWS Cloud, including their AWS accounts.
Which of the following should the Cloud Center of Excellence team do to BEST address their requirements in a centralized way? (Select two.)

  • A. Control all AWS account root user credentials. Assign AWS IAM users in the account of each user who needs to access AWS resources. Follow the policy of least privilege in assigning permissions to each user.
  • B. Using a master AWS account, create IAM users within the master account. Define IAM roles in the other AWS accounts, which cover each of the required functions in the account. Follow the policy of least privilege in assigning permissions to each role, then enable the IAM users to assume the roles that they need to use.
  • C. Tag all AWS resources with details about the business unit, project, and environment. Send all AWS Cost and Usage reports to a central Amazon S3 bucket, and use tools such as Amazon Athena and Amazon QuickSight to collect billing details by business unit.
  • D. Set up AWS Organizations. Enable consolidated billing, and link all existing AWS accounts to a master billing account. Tag all AWS resources with details about the business unit, project and environment.
    Analyze Cost and Usage reports using tools such as Amazon Athena and Amazon QuickSight to collect billing details by business unit.
  • E. Use the AWS Marketplace to choose and deploy a Cost Management tool. Tag all AWS resources with details about the business unit, project, and environment. Send all AWS Cost and Usage reports for the AWS accounts to this tool for analysis.

Answer: B,D

 

NEW QUESTION 79
Which of the following should be followed before connecting to Amazon Virtual Private Cloud (Amazon VPC) using AWS Direct Connect?

  • A. Create a virtual private gateway and attach it to your Virtual Private Cloud (VPC).
  • B. Allocate a private IP address to your network in the 122.x.x.x range.
  • C. Provide a public IP address for each Border Gateway Protocol (BGP) session.
  • D. Provide a public Autonomous System Number (ASN) to identify your network on the Internet.

Answer: A

Explanation:
Explanation
To connect to Amazon Virtual Private Cloud (Amazon VPC) by using AWS Direct Connect, you must first do the following:
Provide a private Autonomous System Number (ASN) to identify your network on the Internet. Amazon then allocates a private IP address in the 169.x.x.x range to you. Create a virtual private gateway and attach it to your VPC.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html

 

NEW QUESTION 80
Identify a true statement about using an IAM role to grant permissions to applications running on Amazon EC2 instances.

  • A. When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.
  • B. When AWS credentials are rotated, you don't have to manage credentials and you don't have to worry about long-term security risks.
  • C. When AWS credentials are rotated, developers have to update only the root Amazon EC2 instance that uses their credentials.
  • D. When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.

Answer: B

Explanation:
Using IAM roles to grant permissions to applications that run on EC2 instances requires a bit of extra configuration. Because role credentials are temporary and rotated automatically, you don't have to manage credentials, and you don't have to worry about long-term security risks.
http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html

 

NEW QUESTION 81
In Amazon SNS, to send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following, except:

  • A. Registration ID
  • B. Client ID
  • C. Device token
  • D. Client secret

Answer: C

Explanation:
To send push notifications to mobile devices using Amazon SNS and ADM, you need to obtain the following: Registration ID and Client secret.
http://docs.aws.amazon.com/sns/latest/dg/SNSMobilePushPrereq.html

 

NEW QUESTION 82
A company's main intranet page has experienced degraded response times as its user base has increased although there are no reports of users seeing error pages. The application uses Amazon DynamoDB in read-only mode.
Amazon DynamoDB latency metrics for successful requests have been in a steady state even during times when users have reported degradation The Development team has correlated the issue to ProvisionedThrough put Exceeded exceptions in the application logs when doing Scan and read operations The team also identified an access pattern of steady spikes of read activity on a distributed set of individual data items The Chief Technology Officer wants to improve the user experience Which solutions will meet these requirements with the LEAST amount of changes to the application? (Select TWO )

  • A. Change the data model of the DynamoDB tables to ensure that all Scan and read operations meet DynamoDB best practices of uniform data access, reaching the full request throughput provisioned for the DynamoDB tables
  • B. Provision Amazon ElastiCache for Redis with cluster mode enabled The cluster should be provisioned with enough shards to spread the application load and provision at least one read replica node for each shard
  • C. Remove error retries and exponential backoffs in the application code to handle throttling errors
  • D. Implement the DynamoDB Accelerator (DAX) client and provision a DAX cluster with the appropriate node types to sustain the application load. Tune the item and query cache configuration for an optimal user experience
  • E. Enable DynamoDB auto scaling to manage the throughput capacity as table traffic increases Set the upper and lower limits to control costs and set a target utilization given the peak usage and how quickly the traffic changes.

Answer: D,E

 

NEW QUESTION 83
A large global financial services company has multiple business units. The company wants to allow Developers to try new services, but there are multiple compliance requirements for different workloads. The Security team is concerned about the access strategy for on-premises and AWS implementations. They would like to enforce governance for AWS services used by business team for regulatory workloads, including Payment Card Industry (PCI) requirements.
Which solution will address the Security team's concerns and allow the Developers to try new services?

  • A. Implement a multi-account strategy based on business units, environments, and specific regulatory requirements. Ensure that only PCI-compliant services are approved for use in the accounts. Build IAM policies to give access to only PCI-compliant services for governance.
  • B. Implement a strong identity and access management model that includes users, groups, and roles in various AWS accounts. Ensure that centralized AWS CloudTrail logging is enabled to detect anomalies.
    Build automation with AWS Lambda to tear down unapproved AWS resources for governance.
  • C. Build one AWS account for the company for the strong security controls. Ensure that all the service limits are raised to meet company scalability requirements. Implement SAML federation with an on-premises identity store, and ensure that only approved services are used in the account.
  • D. Build a multi-account strategy based on business units, environments, and specific regulatory requirements. Implement SAML-based federation across all AWS accounts with an on-premises identity store. Use AWS Organizations and build organizational units (OUs) structure based on regulations and service governance. Implement service control policies across OUs.

Answer: A

 

NEW QUESTION 84
A Solutions Architect is designing a system that will collect and store data from 2,000 internet-connected sensors. Each sensor produces 1 KB of data every second. The data must be available for analysis within a few seconds of it being sent to the system and stored for analysis indefinitely.
Which is the MOST cost-effective solution for collecting and storing the data?

  • A. Put each record into an object in Amazon S3 with a prefix what organizes the records by hour and hashes the record's key. Use S3 lifecycle management to transition objects to S3 infrequent access storage to reduce storage costs. Analyze recent and historical data by accessing the data in Amazon S3
  • B. Put each record in Amazon Kinesis Data Streams. Use an AWS Lambda function to write each record to an object in Amazon S3 with a prefix that organizes the records by hour and hashes the record's key.
    Analyze recent data from Kinesis Data Streams and historical data from Amazon S3.
  • C. Put each record into an Amazon DynamoDB table. Analyze the recent data by querying the table. Use an AWS Lambda function connected to a DynamoDB stream to group records together, write them into objects in Amazon S3, and then delete the record from the DynamoDB table. Analyze recent data from the DynamoDB table and historical data from Amazon S3
  • D. Put each record in Amazon Kinesis Data Streams. Set up Amazon Kinesis Data Firehouse to read records from the stream and group them into objects in Amazon S3. Analyze recent data from Kinesis Data Streams and historical data from Amazon S3.

Answer: C

 

NEW QUESTION 85
A company is running a data-intensive application on AWS. The application runs on a cluster of hundreds of Amazon EC2 instances. A shared file system also runs on several EC2 instances that store 200 TB of data. The application reads and modifies the data on the shared file system and generates a report. The job runs once monthly, reads a subset of the files from the shared file system, and takes about 72 hours to complete. The compute instances scale in an Auto Scaling group, but the instances that host the shared file system run continuously. The compute and storage instances are all in the same AWS Region.
A solutions architect needs to reduce costs by replacing the shared file system instances. The file system must provide high performance access to the needed data for the duration of the 72-hour run.
Which solution will provide the LARGEST overall cost reduction while meeting these requirements?

  • A. Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Intelligent-Tiering storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using lazy loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.
  • B. Migrate the data from the existing shared file system to a large Amazon Elastic Block Store (Amazon EBS) volume with Multi-Attach enabled. Attach the EBS volume to each of the instances by using a user data script in the Auto Scaling group launch template. Use the EBS volume as the shared storage for the duration of the job. Detach the EBS volume when the job is complete.
  • C. Migrate the data from the existing shared file system to an Amazon S3 bucket. Before the job runs each month, use AWS Storage Gateway to create a file gateway with the data from Amazon S3. Use the file gateway as the shared storage for the job. Delete the file gateway when the job is complete.
  • D. Migrate the data from the existing shared file system to an Amazon S3 bucket that uses the S3 Standard storage class. Before the job runs each month, use Amazon FSx for Lustre to create a new file system with the data from Amazon S3 by using batch loading. Use the new file system as the shared storage for the duration of the job. Delete the file system when the job is complete.

Answer: B

 

NEW QUESTION 86
A company is creating an account strategy so that they can begin using AWS. The Security team will provide each team with the permissions they need to follow the principle or least privileged access. Teams would like to keep their resources isolated from other groups, and the Finance team would like each team's resource usage separated for billing purposes.
Which account creation process meets these requirements and allows for changes?

  • A. Create a new AWS account, and use AWS Service Catalog to provide teams with the required resources.
    Implement a third-party billing to provide the Finance team with the resource use for each team based on tagging. Isolate resources using IAM to avoid account sprawl. Security will control and monitor logs and permissions.
  • B. Create a master account for billing using Organizations, and create each team's account from that master account. Create a security account for logs and cross-account access. Apply service control policies on each account, and grant the Security team cross-account access to all accounts. Security will create IAM policies for each account to maintain least privilege access.
  • C. Create individual accounts for each team. Assign the security as the master account, and enable consolidated billing for all other accounts. Create a cross-account role for security to manage accounts, and send logs to a bucket in the security account.
  • D. Create a new AWS Organizations account. Create groups in Active Directory and assign them to roles in AWS to grant federated access. Require each team to tag their resources, and separate bills based on tags. Control access to resources through IAM granting the minimally required privilege.

Answer: C

Explanation:
Explanation
By creating individual IAM users for people accessing your account, you can give each IAM user a unique set of security credentials. You can also grant different permissions to each IAM user. If necessary, you can change or revoke an IAM user's permissions anytime. (If you give out your root user credentials, it can be difficult to revoke them, and it is impossible to restrict their permissions.) References:

 

NEW QUESTION 87
An organization is creating a VPC for their application hosting. The organization has created two private
subnets in the same AZ and created one subnet in a separate zone. The organization wants to make a
HA system with the internal ELB. Which of these statements is true with respect to an internal ELB in this
scenario?

  • A. ELB can support only one subnet in each availability zone.
  • B. ELB can support all the subnets irrespective of their zones.
  • C. ELB does not allow subnet selection; instead it will automatically select all the available subnets of the
    VPC.
  • D. If the user is creating an internal ELB, he should use only private subnets.

Answer: A

Explanation:
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking
environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has
complete control over the virtual networking environment. Within this virtual private cloud, the user can
launch AWS resources, such as an ELB, and EC2 instances.
There are two ELBs available with VPC: internet facing and internal (private) ELB. For internal servers,
such as App servers the organization can create an internal load balancer in their VPC and then place
back-end application instances behind the internal load balancer. The internal load balancer will route
requests to the back-end application instances, which are also using private IP addresses and only accept
requests from the internal load balancer.
The Internal ELB supports only one subnet in each AZ and asks the user to select a subnet while
configuring internal ELB.
Reference:
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/USVPC_creating_basic_lb.ht
ml

 

NEW QUESTION 88
......

Get ready to pass the AWS-Solutions-Architect-Professional Exam right now using our AWS Certified Solutions Architect  Exam Package: https://www.actual4dump.com/Amazon/AWS-Solutions-Architect-Professional-actualtests-dumps.html

AWS-Solutions-Architect-Professional Premium Files Test pdf - Free Dumps Collection: https://drive.google.com/open?id=1VCJTS5qPviCY0OuDsJXrq74I2-tLJwPU

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam