Amazon AWS-Certified-Solutions-Architect-Professional Study Guides 2019

Want to know aws certified solutions architect professional dumps features? Want to lear more about aws certified solutions architect professional salary experience? Study aws certified solutions architect professional dumps. Gat a success with an absolute guarantee to pass Amazon AWS-Certified-Solutions-Architect-Professional (AWS-Certified-Solutions-Architect-Professional) test on your first attempt.

Online AWS-Certified-Solutions-Architect-Professional free questions and answers of New Version:

NEW QUESTION 1
Refer to the architecture diagram above of a batch processing solution using Simple Queue Service (SQS) to set up a message queue between EC2 instances which are used as batch processors Cloud Watch monitors the number of Job requests (queued messages) and an Auto Scaling group adds or deletes batch sewers automatically based on parameters set in Cloud Watch alarms. You can use this architecture to implement which of the following features in a cost effective and efficient manner?

  • A. Reduce the overall lime for executing jobs through parallel processing by allowing a busy EC2 instance that receives a message to pass it to the next instance in a daisy-chain setup.
  • B. Implement fault tolerance against EC2 instance failure since messages would remain in SQS and worn can continue with recovery of EC2 instances implement fault tolerance against SQS failure by backing up messages to S3.
  • C. Implement message passing between EC2 instances within a batch by exchanging messages throughSQS.
  • D. Coordinate number of EC2 instances with number of job requests automatically thus Improving cost effectiveness.
  • E. Handle high priority jobs before lower priority jobs by assigning a priority metadata field to SQS messages.

Answer: D

NEW QUESTION 2
Your company runs a customer facing event registration site This site is built with a 3-tier architecture with web and application tier servers and a MySQL database The application requires 6 web tier sewers and 6 application tier servers for normal operation, but can run on a minimum of 65% server capacity and a single NIySQL database. When deploying this application in a region with three availability zones (AZs) which architecture provides high availability?

  • A. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer), and an application tier deployed across 2 AZs with 3 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (RelationalDatabase Service) instance deployed with read replicas in the other AZ.
  • B. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and one RDS (Relational Database Service) Instance deployed with read replicas in the two other AZs.
  • C. A web tier deployed across 2 AZs with 3 EC2 (Elastic Compute Cloud) instances in each AZ inside an Auto Scaling Group behind an ELB (elastic load balancer) and an application tier deployed across 2 AZs with 3 EC2 instances m each AZ inside an Auto Scaling Group behind an ELS and a Multi-AZ RDS (Relational Database Service) deployment.
  • D. A web tier deployed across 3 AZs with 2 EC2 (Elastic Compute Cloud) instances in each AZ Inside an Auto Scaling Group behind an ELB (elastic load balancer). And an application tier deployed across 3 AZs with 2 EC2 instances in each AZ inside an Auto Scaling Group behind an ELB and a MuIti-AZ RDS (Relational Database services) deployment.

Answer: D

NEW QUESTION 3
You are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Which of the below are viable mitigation techniques? (Choose 3 answers)

  • A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.
  • B. Use dedicated instances to ensure that each instance has the maximum performance possible.
  • C. Use an Amazon C|oudFront distribution for both static and dynamic content.
  • D. Use an Elastic Load Balancer with auto scaling groups at the we
  • E. App and Amazon Relational Database Service (RDS) tiers
  • F. Add alert Amazon CIoudWatch to look for high Network in and CPU utilization.
  • G. Create processes and capabilities to quickly add and remove rules to the instance OS firewal

Answer: CEF

NEW QUESTION 4
IAM users do not have permission to create Temporary Security Credentials for federated users and roles by default. In contrast, IAM users can call without the need of any special permissions

  • A. GetSessionName
  • B. GetFederationToken
  • C. GetSessionToken
  • D. GetFederationName

Answer: C

Explanation: Currently the STS API command GetSessionToken is available to every IAM user in your account without previous permission. In contrast, the GetFederationToken command is restricted and explicit permissions need to be granted so a user can issue calls to this particular Action
Reference: http://docs.aws.amazon.com/STS/latest/UsingSTS/STSPermission.htmI

NEW QUESTION 5
How can a user list the IAM Role configured as a part of the launch config?

  • A. as-describe-Iaunch-configs --iam-profiIe
  • B. as-describe-Iaunch-configs --show-Iong
  • C. as-describe-Iaunch-configs —iam-role
  • D. as-describe-Iaunch-configs —roIe

Answer: B

Explanation: As-describe-launch-configs describes all the launch config parameters created by the AWS account in the specified region. Generally it returns values, such as Launch Config name, Instance Type and AMI ID. If the user wants additional parameters, such as the IAM Profile used in the config , he has to run command: as-describe-Iaunch-configs --show-Iong

NEW QUESTION 6
You have been asked to design the storage layer for an application. The application requires disk performance of at least 100,000 IOPS. In addition, the storage layer must be able to survive the loss of an indMdual disk, EC2 instance, or Availability Zone without any data loss. The volume you provide must have a capacity of at least 3 TB. Which of the following designs will meet these objectives?

  • A. Instantiate a c3.8x|arge instance in us-east-1. Provision 4x1TB EBS volumes, attach them to the instance, and configure them as a single RAID 5 volum
  • B. Ensure that EBS snapshots are performed every 15 minutes.
  • C. Instantiate a c3.8xIarge instance in us-east-1. Provision 3xITB EBS volumes, attach them to the Instance, and configure them as a single RAID 0 volum
  • D. Ensure that EBS snapshots are performed every 15 minutes.
  • E. Instantiate an i2.8xIarge instance in us-east-1
  • F. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
  • G. Provision 3x1TB EBS volumes, attach them to the instance, and configure them as a second RAID 0 volum
  • H. Configure synchronous, block-level replication from the ephemeral-backed volume to the EBS-backed volume.
  • I. Instantiate a c3.8xIarge instance in us-east-1. Provision an AWS Storage Gateway and configure it for 3 TB of storage and 100,000 IOP
  • J. Attach the volume to the instance.
  • K. Instantiate an i2.8xIarge instance in us-east-1
  • L. Create a RAID 0 volume using the four 800GB SSD ephemeral disks provided with the instanc
  • M. Configure synchronous, blocklevel replication to an identically configured instance in us-east-1b.

Answer: C

NEW QUESTION 7
In Amazon Cognito what is a silent push notification?

  • A. It is a push message that is received by your application on a user's device that will not be seen by theusen
  • B. It is a push message that is received by your application on a user's device that will return the user's geolocation.
  • C. It is a push message that is received by your application on a user's device that will not be heard by the usen
  • D. It is a push message that is received by your application on a user's device that will return the user's authentication credentials.

Answer: A

Explanation: Amazon Cognito uses the Amazon Simple Notification Service (SNS) to send silent push notifications to devices. A silent push notification is a push message that is received by your application on a user's device that will not be seen by the user.
Reference: http://aws.amazon.com/cognito/faqs/

NEW QUESTION 8
Which of following IAM policy elements lets you specify an exception to a list of actions?

  • A. NotException
  • B. ExceptionAction
  • C. Exception
  • D. NotAction

Answer: D

Explanation: The NotAction element lets you specify an exception to a list of actions. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html

NEW QUESTION 9
A web-startup runs its very successful social news application on Amazon EC2 with an Elastic Load Balancer, an Auto-Scaling group of Java/Tomcat application-servers, and DynamoDB as data store. The main web-application best runs on m2 x large instances since it is highly memory- bound Each new deployment requires semi-automated creation and testing of a new AMI for the application servers which takes quite a while ana is therefore only done once per week.
Recently, a new chat feature has been implemented in nodejs and wails to be integrated in the architecture. First tests show that the new component is CPU bound Because the company has some experience with using Chef, they decided to streamline the deployment process and use AWS Ops Works as an application life cycle tool to simplify management of the application and reduce the deployment cycles.
What configuration in AWS Ops Works is necessary to integrate the new chat module in the most cost-efficient and filexible way?

  • A. Create one AWS OpsWorks stack, create one AWS Ops Works layer, create one custom recipe
  • B. Create one AWS OpsWorks stack create two AWS Ops Works layers, create one custom recipe
  • C. Create two AWS OpsWorks stacks create two AWS Ops Works layers, create one custom recipe
  • D. Create two AWS OpsWorks stacks create two AWS Ops Works layers, create two custom recipe

Answer: C

NEW QUESTION 10
An organization is setting up their website on AWS. The organization is working on various security measures to be performed on the AWS EC2 instances. Which of the below mentioned security mechanisms will not help the organization to avoid future data leaks and identify security weaknesses?

  • A. Run penetration testing on AWS with prior approval from Amazon.
  • B. Perform SQL injection for application testing.
  • C. Perform a Code Check for any memory leaks.
  • D. Perform a hardening test on the AWS instanc

Answer: C

Explanation: AWS security follows the shared security model where the user is as much responsible as Amazon. Since Amazon is a public cloud it is bound to be targeted by hackers. If an organization is planning to host their application on AWS EC2, they should perform the below mentioned security checks as a measure to find any security weakness/data leaks:
Perform penetration testing as performed by attackers to find any vulnerability. The organization must take an approval from AWS before performing penetration testing
Perform hardening testing to find if there are any unnecessary ports open Perform SQL injection to find any DB security issues
The code memory checks are generally useful when the organization wants to improve the application performance.
Reference: http://aws.amazon.com/security/penetration-testing/

NEW QUESTION 11
A company is storing data on Amazon Simple Storage Service (S3). The company's security policy mandates that data is encrypted at rest. Which of the following methods can achieve this?
Choose 3 answers

  • A. Use Amazon S3 server-side encryption with AWS Key Management Service managed keys.
  • B. Use Amazon S3 server-side encryption with customer-provided keys.
  • C. Use Amazon S3 server-side encryption with EC2 key pair.
  • D. Use Amazon S3 bucket policies to restrict access to the data at rest.
  • E. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.
  • F. Use SSL to encrypt the data while in transit to Amazon S3.

Answer: ABE

NEW QUESTION 12
In Amazon EIastiCache, which of the following statements is correct?

  • A. When you launch an EIastiCache cluster into an Amazon VPC private subnet, every cache node is assigned a public IP address within that subnet.
  • B. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
  • C. If your AWS account supports only the EC2-VPC platform, E|astiCache will never launch your cluster in a VPC.
  • D. EIastiCache is not fully integrated with Amazon Virtual Private Cloud (VPC).

Answer: B

Explanation: The VPC must allow non-dedicated EC2 instances. You cannot use EIastiCache in a VPC that is configured for dedicated instance tenancy.
Reference: http://docs.aws.amazon.com/AmazonE|astiCache/latest/UserGuide/AmazonVPC.EC.htmI

NEW QUESTION 13
Once the user has set EIastiCache for an application and it is up and running, which services, does Amazon not provide for the user:

  • A. The ability for client programs to automatically identify all of the nodes in a cache cluster, and to initiate and maintain connections to all of these nodes
  • B. Automating common administrative tasks such as failure detection and recovery, and software patching
  • C. Providing default Time To Live (TTL) in the AWS Elasticache Redis Implementation for different type of data.
  • D. Providing detailed monitoring metrics associated with your Cache Nodes, enabling you to diagnose and react to issues very quickly

Answer: C

Explanation: Amazon provides failure detection and recovery, and software patching and monitoring tools which is called CIoudWatch. In addition it provides also Auto Discovery to automatically identify and initialize all nodes of cache cluster for Amazon EIastiCache.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/Whatls.html

NEW QUESTION 14
You are running a news website in the eu-west-1 region that updates every 15 minutes. The website has a world-wide audience it uses an Auto Scaling group behind an Elastic Load Balancer and an Amazon
RDS database Static content resides on Amazon S3, and is distributed through Amazon CIoudFront. Your Auto Scaling group is set to trigger a scale up event at 60% CPU utilization, you use an Amazon RDSextra large DB instance with 10.000 Provisioned IOPS its CPU utilization is around 80%. While freeable memory is in the 2 GB range.
Web analytics reports show that the average load time of your web pages is around 1.5 to 2 seconds, but your SEO consultant wants to bring down the average load time to under 0.5 seconds.
How would you improve page load times for your users? (Choose 3 answers)

  • A. Lower the scale up trigger of your Auto Scaling group to 30% so it scales more aggressively.
  • B. Add an Amazon EIastiCache caching layer to your application for storing sessions and frequent DB quenes
  • C. Configure Amazon CIoudFront dynamic content support to enable caching of re-usable content from your site
  • D. Switch the Amazon RDS database to the high memory extra large Instance type
  • E. Set up a second installation in another region, and use the Amazon Route 53 latency-based routing feature to select the right region.

Answer: ABD

NEW QUESTION 15
What feature of the load balancing service attempts to force subsequent connections to a service to be redirected to the same node as long as it is online?

  • A. Node balance
  • B. Session retention
  • C. Session multiplexing
  • D. Session persistence

Answer: D

Explanation: Session persistence is a feature of the load balancing service. It attempts to force subsequent connections to a service to be redirected to the same node as long as it is online.
Reference:
http://docs.rackspace.com/Ioadbalancers/api/v1.0/clb-devguide/content/Concepts-d1e233.htmI

NEW QUESTION 16
The following policy can be attached to an IAM group. It lets an IAM user in that group access a "home directory" in AWS S3 that matches their user name using the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:*"], "Effect": "A||ow",
"Resource": ["arn:aws:s3::zbucket-name"], "Condition":{"StringLike":{"s3:prefix":["home/${aws:username}/*"]}}
}!
{
"Action":["s3:*"], "Effect":"AI|ow",
"Resource": ["arn:aws:s3:::bucket-name/home/${aws:username}/*"]
}
}

  • A. True
  • B. False

Answer: B

NEW QUESTION 17
How does in-memory caching improve the performance of applications in E|astiCache?

  • A. It improves application performance by deleting the requests that do not contain frequently accessed data.
  • B. It improves application performance by implementing good database indexing strategies.
  • C. It improves application performance by using a part of instance RAM for caching important data.
  • D. It improves application performance by storing critical pieces of data in memory for low-latency acces

Answer: D

Explanation: In Amazon EIastiCache, in-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally intensive calculations.
Reference: http://aws.amazon.com/elasticache/faqs/#g4

NEW QUESTION 18
You create a VPN connection, and your VPN device supports Border Gateway Protocol (BGP). Which of the following should be specified to configure the VPN connection?

  • A. Classless routing
  • B. Classfull routing
  • C. Dynamic routing
  • D. Static routing

Answer: C

Explanation: If you create a VPN connection, you must specify the type of routing that you plan to use, which will depend upon on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), you need to specify dynamic routing when you configure your VPN connection. If your device does not support BGP, you should specify static routing.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.htmI

Recommend!! Get the Full AWS-Certified-Solutions-Architect-Professional dumps in VCE and PDF From Surepassexam, Welcome to Download: https://www.surepassexam.com/AWS-Certified-Solutions-Architect-Professional-exam-dumps.html (New 272 Q&As Version)