Download AWS-Certified-Solutions-Architect-Professional Dumps 2021

NEW QUESTION 1
How does AWS Data Pipeline execute actMties on on-premise resources or AWS resources that you manage?

• A. By supplying a Task Runner package that can be installed on your on-premise hosts
• B. None of these
• C. By supplying a Task Runner file that the resources can access for execution
• D. By supplying a Task Runnerjson script that can be installed on your on-premise hosts

Answer: A

Explanation: To enable running actMties using on-premise resources, AWS Data Pipeline does the following: It supply a Task Runner package that can be installed on your on-premise hosts.
This package continuously polls the AWS Data Pipeline service for work to perform.
When it’s time to run a particular actMty on your on-premise resources, it will issue the appropriate command to the Task Runner.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 2
How can a user list the IAM Role configured as a part of the launch config?

• A. as-describe-Iaunch-configs --iam-profiIe
• B. as-describe-Iaunch-configs --show-Iong
• C. as-describe-Iaunch-configs —iam-role
• D. as-describe-Iaunch-configs —roIe

Answer: B

Explanation: As-describe-launch-configs describes all the launch config parameters created by the AWS account in the specified region. Generally it returns values, such as Launch Config name, Instance Type and AMI ID. If the user wants additional parameters, such as the IAM Profile used in the config , he has to run command: as-describe-Iaunch-configs --show-Iong

NEW QUESTION 3
How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?

• A. You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field.
• B. You can use multiple compute resources on the same pipeline by defining multiple cluster definition files.
• C. You can use multiple compute resources on the same pipeline by defining multiple clusters for your actMty.
• D. You cannot use multiple compute resources on the same pipelin

Answer: A

Explanation: MuItipIe compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field, which allows pipelines to combine AWS and on-premise resources, or to use a mix of instance types for their actMties.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 4
In Amazon Redshift, how many slices does a dw2.8xIarge node have?

• A. 16
• B. 8
• C. 32
• D. 2

Answer: C

Explanation: The disk storage for a compute node in Amazon Redshift is dMded into a number of slices, equal to the number of processor cores on the node. For example, each DW1.XL compute node has two slices, and each DW2.8XL compute node has 32 slices.
Reference: http://docs.aws.amazon.com/redshift/latest/dg/t_Distributing_data.htmI

NEW QUESTION 5
A web company is looking to implement an intrusion detection and prevention system into their deployed VPC. This platform should have the ability to scale to thousands of instances running inside of the VPC. How should they architect their solution to achieve these goals?

• A. Configure an instance with monitoring software and the elastic network interface (ENI) set to promiscuous mode packet sniffing to see an traffic across the VPC.
• B. Create a second VPC and route all traffic from the primary application VPC through the second VPC where the scalable virtualized IDS/IPS platform resides.
• C. Configure sewers running in the VPC using the host-based 'route' commands to send all traffic through the platform to a scalable virtualized IDS/IPS.
• D. Configure each host with an agent that collects all network traffic and sends that traffic to the IDS/IPS platform for inspection.

Answer: C

NEW QUESTION 6
Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B would like to directly save player data and scoring information from the mobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to the Game state S3 bucket. What is the best approach for storing data to DynamoDB and S3?

• A. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
• B. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
• C. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
• D. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.

Answer: B

NEW QUESTION 7
Your website is serving on-demand training videos to your workforce. Videos are uploaded monthly in high resolution MP4 format. Your workforce is distributed globally often on the move and using company-provided tablets that require the HTTP Live Streaming (HLS) protocol to watch a video. Your company has no video transcoding expertise and it required you may need to pay for a consultant.
How do you implement the most cost-efficient architecture without compromising high availability and
quality of video delivery'?

• A. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queu
• B. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few day
• C. CIoudFront to serve HLS transcoded videos from EC2.
• D. Elastic Transcoder to transcode original high-resolution MP4 videos to HL
• E. EBS volumes to host videos and EBS snapshots to incrementally backup original files after a few day
• F. CIoudFront to serve HLS transcoded videos from EC2.
• G. Elastic Transcoder to transcode original high-resolution MP4 videos to HL
• H. S3 to host videos with Lifecycle Management to archive original files to Glacier after a few day
• I. C|oudFront to serve HLS transcoded videos from S3.
• J. A video transcoding pipeline running on EC2 using SQS to distribute tasks and Auto Scaling to adjust the number of nodes depending on the length of the queu
• K. S3 to host videos with Lifecycle Management to archive all files to Glacier after a few day
• L. CIoudFront to serve HLS transcoded videos from Glacier.

Answer: C

NEW QUESTION 8
An organization is setting up their website on AWS. The organization is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechanisms will not help the organization to avoid future data leaks and identify security weaknesses?

• A. Run penetration testing on AWS with prior approval from Amazon.
• B. Perform SQL injection for application testing.
• C. Perform a Code Check for any memory leaks.
• D. Perform a hardening test on the AWS instanc

Answer: C

Explanation: AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the organization wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 9
Your startup wants to implement an order fulfillment process for selling a personalized gadget that needs an average of 3-4 days to produce with some orders taking up to 6 months you expect 10 orders per day on your first day. 1000 orders per day after 6 months and 10,000 orders after 12 months.
Orders coming in are checked for consistency men dispatched to your manufacturing plant for production quality control packaging shipment and payment processing If the product does not meet the quality standards at any stage of the process employees may force the process to repeat a step Customers are notified via email about order status and any critical issues with their orders such as payment failure.
Your case architecture includes AWS Elastic Beanstalk for your website with an RDS MySQL instance for customer data and orders.
How can you implement the order fulfillment process while making sure that the emails are delivered reliably?

• A. Add a business process management application to your Elastic Beanstalk app sewers and re-use the ROS database for tracking order status use one of the Elastic Beanstalk instances to send emails to customers.
• B. Use SWF with an Auto Scaling group of actMty workers and a decider instance in another Auto Scaling group with min/max=1 Use the decider instance to send emails to customers.
• C. Use SWF with an Auto Scaling group of actMty workers and a decider instance in another Auto Scaling group with min/max=1 use SES to send emails to customers.
• D. Use an SQS queue to manage all process tasks Use an Auto Scaling group of EC2 Instances that poll the tasks and execute the
• E. Use SES to send emails to customers.

Answer: C

NEW QUESTION 10
A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?

• A. EBS bandwidth of dedicated instance exceeding the PIOPS
• B. EBS volume size
• C. EC2 bandwidth
• D. Instance type is not EBS optimized

Answer: B

Explanation: If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectMty) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 11
True or False: The Amazon EIastiCache clusters are not available for use in VPC at this time.

• A. TRUE
• B. True, but they are available only in the GovCIoud.
• C. True, but they are available only on request.
• D. FALSE

Answer: D

Explanation: Amazon Elasticache clusters can be run in an Amazon VPC. With Amazon VPC, you can define a virtual network topology and customize the network configuration to closely resemble a traditional network that you might operate in your own datacenter. You can now take advantage of the manageability, availability and scalability benefits of Amazon EIastiCache Clusters in your own isolated network. The same functionality of Amazon EIastiCache, including automatic failure detection, recovery, scaling, auto discovery, Amazon CIoudWatch metrics, and software patching, are now available in Amazon VPC. Reference:
http://aws.amazon.com/about-aws/whats-new/2012/12/20/amazon-elasticache-announces-support-for-a mazon-vpc/

NEW QUESTION 12
You currently operate a web application In the AWS US-East region The application runs on an
auto-scaled layer of EC2 instances and an RDS Multi-AZ database Your IT security compliance officer has tasked you to develop a reliable and durable logging solution to track changes made to your EC2.IAM And RDS resources. The solution must ensure the integrity and confidentiality of your log data. Which of these solutions would you recommend?

• A. Create a new C|oudTrai| trail with one new S3 bucket to store the logs and with the global services option selected Use IAM roles S3 bucket policies and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
• B. Create a new CIoudTraiI with one new S3 bucket to store the logs Configure SNS to send log file delivery notifications to your management system Use IAM roles and S3 bucket policies on the S3 bucket mat stores your logs.
• C. Create a new CIoudTraiI trail with an existing S3 bucket to store the logs and with the global services option selected Use S3 ACLs and Multi Factor Authentication (MFA) Delete on the S3 bucket that stores your logs.
• D. Create three new CIoudTraiI trails with three new S3 buckets to store the logs one for the AWS Management console, one for AWS SDKs and one for command line tools Use IAM roles and S3 bucket policies on the S3 buckets that store your logs.

Answer: A

NEW QUESTION 13
lV|apMySite is setting up a web application in the AWS VPC. The organization has decided to use an AWS RDS instead of using its own DB instance for HA and DR requirements.
The organization also wants to secure RDS access. How should the web application be setup with RDS?

• A. Create a VPC with one public and one private subne
• B. Launch an application instance in the public subnet while RDS is launched in the private subnet.
• C. Setup a public and two private subnets in different AZs within a VPC and create a subnet grou
• D. Launch RDS with that subnet group.
• E. Create a network interface and attach two subnets to i
• F. Attach that network interface with RDS while launching a DB instance.
• G. Create two separate VPCs and launch a Web app in one VPC and RDS in a separate VPC and connect them with VPC peering.

Answer: B

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on the security and operational needs.
A DB subnet group is a collection of subnets (generally private) that a user can create in a VPC and assign to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating the DB instances. Each DB subnet group should have subnets in at least two Availability Zones in a given region.
Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

NEW QUESTION 14
You are migrating a legacy client-server application to AWS. The application responds to a specific DNS domain (e.g. www.examp|e.com) and has a 2-tier architecture, with multiple application sewers and a database sewer. Remote clients use TCP to connect to the application servers. The application servers need to know the IP address of the clients in order to function properly and are currently taking that information from the TCP socket. A MuIti-AZ RDS MySQL instance will be used for the database. During the migration you can change the application code, but you have to file a change request.
How would you implement the architecture on AWS in order to maximize scalability and high availability?

• A. File a change request to implement Alias Resource support in the applicatio
• B. Use Route 53 Alias Resource Record to distribute load on two application servers in different Azs.
• C. File a change request to implement Latency Based Routing support in the applicatio
• D. Use Route 53 with Latency Based Routing enabled to distribute load on two application servers in different Azs.
• E. File a change request to implement Cross-Zone support in the applicatio
• F. Use an ELB with a TCP Listener and Cross-Zone Load Balancing enabled, two application servers in different AZs.
• G. File a change request to implement Proxy Protocol support in the applicatio
• H. Use an ELB with a TCP Listener and Proxy Protocol enabled to distribute load on two application servers in different Azs.

Answer: D

NEW QUESTION 15
You are designing a photo-sharing mobile app. The application will store all pictures in a single Amazon S3 bucket. Users will upload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own pictures directly from Amazon S3.
You want to configure security to handle potentially millions of users in the most secure manner possible. What should your server-side application do when a new user registers on the photo-sharing mobile application?

• A. Create an IAM use
• B. Update the bucket policy with appropriate permissions for the IAM use
• C. Generate an access key and secret key for the IAM user, store them in the mobile app and use these credentials to access Amazon S3.
• D. Create an IAM use
• E. Assign appropriate permissions to the IAM use
• F. Generate an access key and secret key for the IAM user, store them in the mobile app and use these credentials to access Amazon S3.
• G. Create a set of long-term credentials using AWS Security Token Service with appropriate permission
• H. Store these credentials in the mobile app and use them to access Amazon S3.
• I. Record the user's information in Amazon RDS and create a role in IAM with appropriate permission
• J. When the user uses their mobile app, create temporary credentials using the AWS Security Token Service "AssumeRoIe" functio
• K. Store these credentials in the mobile app’s memory and use them to access Amazon S3. Generate new credentials the next time the user runs the mobile app.
• L. Record the user's information in Amazon DynamoD
• M. When the user uses their mobile app, create temporary credentials using AWS Security Token Service with appropriate permission
• N. Store these credentials in the mobile app's memory and use them to access Amazon S3. Generate new credentials the next time the user runs the mobile app.

Answer: D

NEW QUESTION 16
AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access Nlanagement (IAM) policy. With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?

• A. You can leave the resource name field blank.
• B. You can choose the name of the AWS Direct Connection as the resource.
• C. You can use an asterisk (*) as the resource.
• D. You can create a name for the resourc

Answer: C

Explanation: AWS Direct Connect itself has no specific resources for you to control access to. Therefore, there are no AWS Direct Connect ARNs for you to use in an IAM policy. You use an asterisk (*) as the resource when writing a policy to control access to AWS Direct Connect actions.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.htmI