Amazon AWS-Certified-Solutions-Architect-Professional Exam Questions and Answers 2021

NEW QUESTION 1
Regarding Amazon SNS, you can send notification messages to mobile devices through any of the following supported push notification services, EXCEPT:

• A. Microsoft Windows Mobile Messaging (MWMM)
• B. Google Cloud Messaging for Android (GCM)
• C. Amazon Device Messaging (ADM)
• D. Apple Push Notification Service (APNS)

Answer: A

Explanation: In Amazon SNS, you have the ability to send notification messages directly to apps on mobile devices. Notification messages sent to a mobile endpoint can appear in the mobile app as message alerts, badge updates, or even sound alerts. Microsoft Windows Mobile Messaging (MWMM) doesn’t exist and is not supported by Amazon SNS.
Reference: http://docs.aws.amazon.com/sns/Iatest/dg/SNSMobiIePush.htm|

NEW QUESTION 2
In Amazon EIastiCache, which of the following statements is correct?

• A. When you launch an EIastiCache cluster into an Amazon VPC private subnet, every cache node is assigned a public IP address within that subnet.
• B. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
• C. If your AWS account supports only the EC2-VPC platform, E|astiCache will never launch your cluster in a VPC.
• D. EIastiCache is not fully integrated with Amazon Virtual Private Cloud (VPC).

Answer: B

Explanation: The VPC must allow non-dedicated EC2 instances. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
Reference: http://docs.aws.amazon.com/AmazonE|astiCache/latest/UserGuide/AmazonVPC.EC.htmI

NEW QUESTION 3
A customer has a website which shows all the deals available across the market. The site experiences a load of 5 large EC2 instances generally. However, a week before ThanksgMng vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings. Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?

• A. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaIing schedule.
• B. Keep only 10 instances running and manually launch 10 instances every day during office hours.
• C. During the pre-vacation period setup 20 instances to run continuously.
• D. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.

Answer: D

Explanation: AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On-Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances before hand and then setups AutoScaIing with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization.
If the organization keeps all 10 additional instances as a part of the AutoScaIing policy sometimes during a sudden higher load it may take time to launch instances and may not give an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaIing policy for cost effectiveness.
Reference: http://media.amazonwebservices.com/AWS_Web_Hosting_Best_Practices.pdf

NEW QUESTION 4
What is the role of the PoIIForTask action when it is called by a task runner in AWS Data Pipeline?

• A. It is used to retrieve the pipeline definition.
• B. It is used to report the progress of the task runner to AWS Data Pipeline.
• C. It is used to receive a task to perform from AWS Data Pipeline.
• D. It is used to inform AWS Data Pipeline of the outcome when the task runner completes a tas

Answer: C

Explanation: Task runners call Po||ForTask to receive a task to perform from AWS Data Pipeline. If tasks are ready in the work queue, PoIIForTask returns a response immediately. If no tasks are available in the queue, PoIIForTask uses long-polling and holds on to a poll connection for up to 90 seconds, during which time any newly scheduled tasks are handed to the task agent. Your remote worker should not call PoIIForTask again on the same worker group until it receives a response, and this may take up to 90 seconds. Reference: http://docs.aws.amazon.com/datapipeline/latest/APIReference/AP|_Po||ForTask.htmI

NEW QUESTION 5
In Amazon Cognito, your mobile app authenticates with the Identity Provider (|dP) using the provider’s SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new for the user and a set
of temporary, limited-prMlege AWS credentials.

• A. Cognito Key Pair
• B. Cognito API
• C. Cognito ID
• D. Cognito SDK

Answer: C

Explanation: Your mobile app authenticates with the identity provider (IdP) using the provider’s SDK. Once the end user is authenticated with the IdP, the OAuth or OpenID Connect token returned from the IdP is passed by your app to Amazon Cognito, which returns a new Cognito ID for the user and a set of temporary,
limited-prMlege AWS credentials.
Reference: http://aws.amazon.com/cognito/faqs/

NEW QUESTION 6
You would like to create a mirror image of your production environment in another region for disaster recovery purposes. Which of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)

• A. Route 53 Record Sets
• B. IAM Roles
• C. Elastic IP Addresses (EIP)
• D. EC2 Key Pairs
• E. Launch configurations
• F. Security Groups

Answer: AC

NEW QUESTION 7
By default, what is the maximum number of Cache Nodes you can run in Amazon EIastiCache?

• A. 20
• B. 50
• C. 100
• D. 200

Answer: A

Explanation: In Amazon EIastiCache, you can run a maximum of 20 Cache Nodes. Reference: http://aws.amazon.com/e|asticache/faqs/

NEW QUESTION 8
Which is a valid Amazon Resource name (ARN) for IAM?

• A. aws:iam::123456789012:instance-profile/Nebserver
• B. arn:aws:iam::123456789012:instance-profile/Webserver
• C. 123456789012:aws:iam::instance-profi|e/Nebserver
• D. arn:aws:iam::123456789012::instance-profile/Nebserver

Answer: B

NEW QUESTION 9
In a VPC, can you modify a set of DHCP options after you create them?

• A. Yes, you can modify a set of DHCP options within 48 hours after creation and there are no VPCs associated with them.
• B. Yes, you can modify a set of DHCP options any time after you create them.
• C. No, you can't modify a set of DHCP options after you create them.
• D. Yes, you can modify a set of DHCP options within 24 hours after creatio

Answer: C

Explanation: After you create a set of DHCP options, you can't modify them. If you want your VPC to use a different set of DHCP options, you must create a new set and associate them with your VPC. You can also set up your VPC to use no DHCP options at all.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html

NEW QUESTION 10
An organization (account ID 123412341234) has configured the IAM policy to allow the user to modify his credentials. What will the below mentioned statement allow the user to perform?
{
"Version": "2012-10-I7",
"Statement": [{
"Effect": "A||ow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
]!
"Resource": "arn:aws:iam:: I23412341234:group/TestingGroup"
}I

• A. Allow the IAM user to update the membership of the group called TestingGroup
• B. The IAM policy will throw an error due to an invalid resource name
• C. The IAM policy will allow the user to subscribe to any IAM group
• D. Allow the IAM user to delete the TestingGroup

Answer: A

Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (account ID 123412341234) wants their users to manage their subscription to the groups, they should create a relevant policy for that. The below mentioned policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
"Version": "2012-10-I7",
"Statement": [{
"Effect": "A||ow", "Action": [ "iam:AddUserToGroup",
"iam:RemoveUserFromGroup", "iam:GetGroup"
]!
"Resource": "arn:aws:iam:: 123412341234:group/ TestingGroup "
}I
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/CredentiaIs-Permissions-examples.htm|#creds-po|ici es-credentials

NEW QUESTION 11
Which of the following is true of an instance profile when an IAM role is created using the console?

• A. The instance profile uses a different name.
• B. The console gives the instance profile the same name as the role it corresponds to.
• C. The instance profile should be created manually by a user.
• D. The console creates the role and instance profile as separate actions.

Answer: B

Explanation: Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roIes_use_switch-role-ec2_instance-profiles.html

NEW QUESTION 12
An organization is planning to use NoSQL DB for its scalable data needs. The organization wants to host an application securely in AWS VPC. What action can be recommended to the organization?

• A. The organization should setup their own NoSQL cluster on the AWS instance and configure route tables and subnets.
• B. The organization should only use a DynamoDB because by default it is always a part of the default subnet provided by AWS.
• C. The organization should use a DynamoDB while creating a table within the public subnet.
• D. The organization should use a DynamoDB while creating a table within a private subne

Answer: A

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Currently VPC does not support DynamoDB. Thus, if the user wants to implement VPC, he has to setup his own NoSQL DB within the VPC. Reference: http://docs.aws.amazon.com/AmazonVPC/Iatest/UserGuide/VPC_Introduction.htm|

NEW QUESTION 13
Which of the following cache engines does Amazon EIastiCache support?

• A. Amazon EIastiCache supports Memcached and Redis.
• B. Amazon EIastiCache supports Redis and WinCache.
• C. Amazon EIastiCache supports Memcached and Hazelcast.
• D. Amazon EIastiCache supports Memcached onl

Answer: A

Explanation: The cache engines supported by Amazon EIastiCache are Memcached and Redis.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/latest/UserGuide/SeIectEngine.html

NEW QUESTION 14
You have recently joined a startup company building sensors to measure street noise and air quality in urban areas. The company has been running a pilot deployment of around 100 sensors for 3 months each sensor uploads 1KB of sensor data every minute to a backend hosted on AWS.
During the pilot, you measured a peak or 10 IOPS on the database, and you stored an =average of 3GB of sensor data per month in the database.
The current deployment consists of a load-balanced auto scaled Ingestion layer using EC2 instances and a PostgreSQL RDS database with 500GB standard storage.
The pilot is considered a success and your CEO has managed to get the attention or some potential investors. The business plan requires a deployment of at least 100K sensors which needs to be supported by the backend. You also need to store sensor data for at least two years to be able to compare year over year Improvements.
To secure funding, you have to make sure that the platform meets these requirements and leaves room for further scaling. Which setup win meet the requirements?

• A. Add an SQS queue to the ingestion layer to buffer writes to the RDS instance
• B. Ingest data into a DynamoDB table and move old data to a Redshift cluster
• C. Replace the RDS instance with a 6 node Redshift cluster with 96TB of storage
• D. Keep the current architecture but upgrade RDS storage to 3TB and 10K provisioned IOPS

Answer: C

NEW QUESTION 15
Your team has a tomcat-based Java application you need to deploy into development, test and production environments. After some research, you opt to use Elastic Beanstalk due to its tight integration with your developer tools and RDS due to its ease of management. Your QA team lead points out that you need to roll a sanitized set of production data into your environment on a nightly basis.
Similarly, other software teams in your org want access to that same restored data via their EC2 instances in your VPC .The optimal setup for persistence and security that meets the above requirements would be the following.

• A. Create your RDS instance as part of your Elastic Beanstalk definition and alter its security group to allow access to it from hosts in your application subnets.
• B. Create your RDS instance separately and add its IP address to your appIication's DB connection strings in your code Alter its security group to allow access to it from hosts within your VPC's IP address block.
• C. Create your RDS instance separately and pass its DNS name to your app's DB connection string as an environment variabl
• D. Create a security group for client machines and add it as a valid source for DB traffic to the security group of the RDS instance itself.
• E. Create your RDS instance separately and pass its DNS name to your's DB connection string as an environment variable Alter its security group to allow access to It from hosts In your application subnets.

Answer: A

NEW QUESTION 16
An International company has deployed a multi-tier web application that relies on DynamoDB in a single region For regulatory reasons they need disaster recovery capability In a separate region with a Recovery Time Objective of 2 hours and a Recovery Point Objective of 24 hours. They should synchronize their data on a regular basis and be able to provision me web application rapidly using CIoudFormation.
The objective is to minimize changes to the existing web application, control the throughput of DynamoDB used for the synchronization of data and synchronize only the modified elements.
Which design would you choose to meet these requirements?

• A. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day, create a"Lastupdated" attribute in your DynamoDB table that would represent the timestamp of the last update and use it as a filter.
• B. Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation and push it to DynamoDB in the second region.
• C. Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then schedule another task immediately after it that will import data from S3 to DynamoDB in the other region.
• D. Send also each Ante into an SQS queue in me second region; use an auto-scaling group behind the SQS queue to replay the write in the second region.

Answer: A