Amazon AWS-Certified-Solutions-Architect-Professional Free Practice Questions 2019

Act now and download your aws certified solutions architect professional salary today! Do not waste time for the worthless aws certified solutions architect professional salary tutorials. Download aws certified solutions architect professional salary with real questions and answers and begin to learn aws certified solutions architect professional dumps with a classic professional.

Free AWS-Certified-Solutions-Architect-Professional Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Which of the following cannot be done using AWS Data Pipeline?

  • A. Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
  • B. Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
  • C. Generate reports over data that has been stored.
  • D. Move data between different AWS compute and storage services as well as on-premise data sources at specified intervals.

Answer: C

Explanation: AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on-premise data sources at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to another AWS.
AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was
previously locked up in on-premise data silos. Reference: http://aws.amazon.com/datapipe|ine/

NEW QUESTION 2
Your company policies require encryption of sensitive data at rest. You are considering the possible options for protecting data while storing it at rest on an EBS data volume, attached to an EC2 instance. Which of these options would allow you to encrypt your data at rest? Choose 3 answers

  • A. Implement third party volume encryption tools
  • B. Implement SSL/TLS for all services running on the sewer
  • C. Encrypt data inside your applications before storing it on EBS
  • D. Encrypt data using native data encryption drivers at the file system level
  • E. Do nothing as EBS volumes are encrypted by default

Answer: ACD

NEW QUESTION 3
You are implementing a URL whitelisting system for a company that wants to restrict outbound HTTP'S connections to specific domains from their EC2-hosted applications you deploy a single EC2 instance running proxy software and configure It to accept traffic from all subnets and EC2 instances in the VPC. You configure the proxy to only pass through traffic to domains that you define in its whitelist configuration You have a nightly maintenance window or 10 minutes where ail instances fetch new software updates. Each update Is about 200MB In size and there are 500 instances In the VPC that routinely fetch updates After a few days you notice that some machines are failing to successfully download some, but not all of their updates within the maintenance window. The download URLs used for these updates are correctly listed in the proxy's whitelist configuration and you are able to access them manually using a web browser on the instances. What might be happening? (Choose 2 answers)

  • A. You are running the proxy on an undersized EC2 instance type so network throughput is not sufficient for all instances to download their updates in time.
  • B. You are running the proxy on a sufficiently-sized EC2 instance in a private subnet andits network throughput is being throttled by a NAT running on an undersized EC2 instance.
  • C. The route table for the subnets containing the affected EC2 instances is not configured to direct network traffic for the software update locations to the proxy.
  • D. You have not allocated enough storage to the EC2 instance running the proxy so the network buffer is filling up, causing some requests to fail.
  • E. You are running the proxy in a public subnet but have not allocated enough EIPs to support the needed network throughput through the Internet Gateway (IGW).

Answer: AB

NEW QUESTION 4
While implementing the policy keys in AWS Direct Connect, if you use and the request comes from
an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

  • A. aws:SecureTransport
  • B. aws:EpochIP
  • C. aws:SourceIp
  • D. aws:CurrentTime

Answer: C

Explanation: While implementing the policy keys in Amazon RDS, if you use aws:SourceIp and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed. Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.htmI

NEW QUESTION 5
By default, what is the maximum number of Cache Nodes you can run in Amazon EIastiCache?

  • A. 20
  • B. 50
  • C. 100
  • D. 200

Answer: A

Explanation: In Amazon EIastiCache, you can run a maximum of 20 Cache Nodes. Reference: http://aws.amazon.com/e|asticache/faqs/

NEW QUESTION 6
The Principal element of an IAM policy refers to the specific entity that should be allowed or denied permission, whereas the translates to everyone except the specified entity.

  • A. NotPrincipa|
  • B. Vendor
  • C. Principal
  • D. Action

Answer: A

Explanation: The element NotPrincipa| that is included within your IAM policy statements allows you to specify an exception to a list of principals to whom the access to a specific resource is either allowed or denied. Use the NotPrincipaI element to specify an exception to a list of principals. For example, you can deny access to all principals except the one named in the NotPrincipa| element.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_poIicies_eIements.htmI#PrincipaI

NEW QUESTION 7
A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?

  • A. EBS bandwidth of dedicated instance exceeding the PIOPS
  • B. EBS volume size
  • C. EC2 bandwidth
  • D. Instance type is not EBS optimized

Answer: B

Explanation: If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectMty) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 8
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24. While launching a new EC2 from the console, he is not able to assign the private IP address 10.201.31.6 to this instance. Which is the most likely reason for this issue?

  • A. Private address IP 10.201.31.6 is currently assigned to another interface.
  • B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
  • C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
  • D. Private IP address 10.201.31.6 is not part of the associated subnet's IP address rang

Answer: A

Explanation: In Amazon VPC, you can assign any Private IP address to your instance as long as it is: Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes Not currently assigned to another interface Reference: http://aws.amazon.com/vpc/faqs/

NEW QUESTION 9
An organization has setup RDS with VPC. The organization wants RDS to be accessible from the internet. Which of the below mentioned configurations is not required in this scenario?

  • A. The organization must enable the parameter in the console which makes the RDS instance publicly accessible.
  • B. The organization must allow access from the internet in the RDS VPC security group,
  • C. The organization must setup RDS with the subnet group which has an external IP.
  • D. The organization must enable the VPC attributes DNS hostnames and DNS resolutio

Answer: C

Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user’s AWS account. It enables the user to launch AWS resources, such as RDS into a virtual network that the user has defined. Subnets are segments of a VPC's IP address range that the user can designate to a group of VPC resources based on security and operational needs. A DB subnet group is a collection of subnets (generally private) that the user can create in a VPC and which the user assigns to the RDS DB instances. A DB subnet group allows the user to specify a particular VPC when creating DB instances. If the RDS instance is required to be accessible from the internet:
The organization must setup that the RDS instance is enabled with the VPC attributes, DNS hostnames and DNS resolution.
The organization must enable the parameter in the console which makes the RDS instance publicly accessible.
The organization must allow access from the internet in the RDS VPC security group. Reference: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html

NEW QUESTION 10
Within an IAM policy, can you add an IfExists condition at the end of a Null condition?

  • A. Yes, you can add an IfExists condition at the end of a Null condition but not in all Regions.
  • B. Yes, you can add an IfExists condition at the end of a Null condition depending on the condition.
  • C. No, you cannot add an IfExists condition at the end of a Null condition.
  • D. Yes, you can add an IfExists condition at the end of a Null conditio

Answer: C

Explanation: Within an IAM policy, IfExists can be added to the end of any condition operator except the Null condition. It can be used to indicate that conditional comparison needs to happen if the policy key is present in the context of a request; otherwise, it can be ignored.
Reference: http://docs.aws.amazon.com/IAM/Iatest/UserGuide/reference_poIicies_eIements.html

NEW QUESTION 11
You are designing a personal document-archMng solution for your global enterprise with thousands of employee. Each employee has potentially gigabytes of data to be backed up in this archMng solution. The solution will be exposed to the employees as an application, where they can just drag and drop their files to the archMng system. Employees can retrieve their archives through a web interface. The corporate network has high bandwidth AWS Direct Connect connectMty to AWS.
You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

  • A. Manage encryption keys on-premises in an encrypted relational databas
  • B. Set up an on-premises server with sufficient storage to temporarily store files, and then upload them to Amazon S3, providing a client-side master key.
  • C. Mange encryption keys in a Hardware Security ModuIe (HSM) appliance on-premises serve r with sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.
  • D. Nlanage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple Storage Service (S3) with client-side encryption using a KMS customer master key ID, and configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage tier.
  • E. Manage encryption keys in an AWS C|oudHSNI applianc
  • F. Encrypt files prior to uploading on the employee desktop, and then upload directly into Amazon Glacier.

Answer: C

NEW QUESTION 12
How much memory does the cr1.8xIarge instance type provide?

  • A. 224 GB
  • B. 124 GB
  • C. 184 GB
  • D. 244 GB

Answer: D

Explanation: The CR1 instances are part of the memory optimized instances. They offer lowest cost per GB RAM among all the AWS instance families. CR1 instances are part of the new generation of memory optimized instances, which can offer up to 244 GB RAM and run on faster CPUs (Intel Xeon E5-2670 with NUMA support) in comparison to the NI2 instances of the same family. They support cluster networking for bandwidth intensive applications. cr1.8x|arge is one of the largest instance types of the CR1 family, which can offer 244 GB RAM.
Reference: http://aws.amazon.com/ec2/instance-types/

NEW QUESTION 13
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.exampIe.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web sewers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose 2 answers)

  • A. Latency resource record sets cannot be used in combination with weighted resource record sets.
  • B. You did not setup an HTTP health check to one or more of the weighted resource record sets associated with me disabled web sewers.
  • C. The value of the weight associated with the latency alias resource record set in the region with the disabled sewers is higher than the weight for the other region.
  • D. One of the two working web sewers in the other region did not pass its HTTP health check.
  • E. You did not set "Evaluate Target Health" to "Yes" on the latency alias resource record set associated with example com in the region where you disabled the servers.

Answer: BE

NEW QUESTION 14
A read only news reporting site with a combined web and application tier and a database tier that receives large and unpredictable traffic demands must be able to respond to these traffic fluctuations automatically. What AWS services should be used meet these requirements?

  • A. Stateless instances for the web and application tier synchronized using EIastiCache Memcached in an autoscaimg group monitored with CIoudWatch and RDS with read replicas.
  • B. Stateful instances for the web and application tier in an autoscaling group monitored with CIoudWatch and RDS with read replicas.
  • C. Stateful instances for the web and application tier in an autoscaling group monitored with CIoudWatc
  • D. And multi-AZ RDS.
  • E. Stateless instances for the web and application tier synchronized using EIastiCache Memcached in an autoscaling group monitored with CIoudWatch and multi-AZ RDS.

Answer: A

NEW QUESTION 15
Auto Scaling requests are signed with a signature calculated from the request and the user’s private key.

  • A. SSL
  • B. AES-256
  • C. HMAC-SHA1
  • D. X.509

Answer: C

NEW QUESTION 16
True or False : "|n the context of Amazon EIastiCache, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node."

  • A. True, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node since, each has a unique node identifier.
  • B. True, from the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node.
  • C. False, you can connect to a cache node, but not to a cluster configuration endpoint.
  • D. False, you can connect to a cluster configuration endpoint, but not to a cache nod

Answer: B

Explanation: This is true. From the appIication's point of view, connecting to the cluster configuration endpoint is no different than connecting directly to an indMdual cache node. In the process of connecting to cache nodes, the application resolves the configuration endpoint's DNS name. Because the configuration endpoint maintains CNAME entries for all of the cache nodes, the DNS name resolves to one of the nodes; the client can then connect to that node.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/latest/UserGuide/AutoDiscovery.HowAutoDiscoveryW orks.htmI

NEW QUESTION 17
Which statement is NOT true about a stack which has been created in a Virtual Private Cloud (VPC) in AWS OpsWorks?

  • A. Subnets whose instances cannot communicate with the Internet are referred to as public subnets.
  • B. Subnets whose instances can communicate only with other instances in the VPC and cannot communicate directly with the Internet are referred to as private subnets.
  • C. All instances in the stack should have access to any package repositories that your operating system depends on, such as the Amazon Linux or Ubuntu Linux repositories.
  • D. Your app and custom cookbook repositories should be accessible for all instances in the stac

Answer: A

Explanation: In AWS OpsWorks, you can control user access to a stack's instances by creating it in a virtual private cloud (VPC). For example, you might not want users to have direct access to your stack's app servers or databases and instead require that all public traffic be channeled through an Elastic Load Balancer.
A VPC consists of one or more subnets, each of which contains one or more instances. Each subnet has an associated routing table that directs outbound traffic based on its destination IP address.
Instances within a VPC can generally communicate with each other, regardless of their subnet. Subnets whose instances can communicate with the Internet are referred to as public subnets. Subnets whose instances can communicate only with other instances in the VPC and cannot communicate directly with the Internet are referred to as private subnets.
AWS OpsWorks requires the VPC to be configured so that every instance in the stack, including instances in private subnets, has access to the following endpoints:
The AWS OpsWorks service, https://opsworks-instance-service.us-east-1.amazonaws.com . Amazon S3
The package repositories for Amazon Linux or Ubuntu 12.04 LTS, depending on which operating system you specify.
Your app and custom cookbook repositories. Reference:
http://docs.aws.amazon.com/opsworks/latest/userguide/workingstacks-vpc.htmI#workingstacks-vpc-basi cs

NEW QUESTION 18
With respect to AWS Lambda permissions model, at the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the role.

  • A. configuration
  • B. execution
  • C. delegation
  • D. dependency

Answer: B

Explanation: Regardless of how your Lambda function is invoked, AWS Lambda always executes the function. At the time you create a Lambda function, you specify an IAM role that AWS Lambda can assume to execute your Lambda function on your behalf. This role is also referred to as the execution role.
Reference: http://docs.aws.amazon.com/Iambda/latest/dg/lambda-dg.pdf

Thanks for reading the newest AWS-Certified-Solutions-Architect-Professional exam dumps! We recommend you to try the PREMIUM Certleader AWS-Certified-Solutions-Architect-Professional dumps in VCE and PDF here: https://www.certleader.com/AWS-Certified-Solutions-Architect-Professional-dumps.html (272 Q&As Dumps)