2024 AWS CERTIFIED SOLUTIONS
ARCHITECT PROFESSIONAL EXAM
WITH CORRECT ANSWERS
A top university has launched its serverless online portal using Lambda and
API Gateway in AWS that enables its students to enroll, manage their class
schedule, and see their grades online. After a few weeks, the portal abruptly
stopped working and lost all of its data. The university hired an external
cyber security consultant and based on the investigation, the outage was
due to an SQL injection vulnerability on the portal's login page in which the
attacker simply injected the malicious SQL code. You also need to track
historical changes to the rules and metrics associated to your firewall.
Which of the following is the most suitable and cost-effective solution to
avoid another SQL Injection attack against their infrastructure in AWS?
Block the IP address of the attacker in the Network Access Control List of
your VPC and then set up a CloudFront distribution. Set up AWS WAF to add
a web access control list (web A - CORRECT-ANSWERSD
A company has created multiple accounts in AWS to support the rapid
growth of its cloud services. The multiple accounts are used to separate their
various departments such as finance, human resources, engineering, and
many others. Each account is managed by a Systems Administrator which
has the root access for that specific account only. There is a requirement to
centrally manage policies across multiple AWS accounts by allowing or
denying particular AWS services for individual accounts, or for groups of
accounts.
Which is the most suitable solution that you should implement with the
LEAST amount of complexity?
Set up AWS Organizations and Organizational Units (OU) to connect all AWS
accounts of each department. Create custom IAM Policy to allow or deny the
use of certain AWS services for each account.
Connect all departments by setting up a cross-account access to each of the
AWS accounts of the company. Create - CORRECT-ANSWERSC
You are a Cloud Engineer and currently managing an enterprise financial
auditing system that generates regular analytics reports from your firm's
application log files. All log data are collected in an Amazon S3 bucket which
,are then processed by a daily Amazon Elastic MapReduce job. It generates
daily reports and aggregated tables in CSV format, which is stored in another
S3 bucket and then transferred to an Amazon Redshift data warehouse. Your
manager tasked you to optimize the cost structure for this system. Which of
the following options will lower costs without compromising performance or
data integrity?
Launch Spot EC2 Instances for Amazon EMR jobs and then use Reserved
Instances for Amazon Redshift. Choose the Amazon S3 One Zone-Infrequent
Access storage class to store all data in S3.
Launch On-Demand EC2 instances for both Amazon EMR jobs and Amazon
Redshift. Choose the Amazon S3 Standard storage class to - CORRECT-
ANSWERSC
A leading media company has a hybrid architecture where its on-premises
data center is connected to AWS via a Direct Connect connection. They also
have a repository of over 50-TB digital videos and media files. These files are
stored on their on-premises tape library and are used by their Media Asset
Management (MAM) system. Due to the sheer size of their data, they want to
implement an automated catalog system that will enable them to search
their files using facial recognition. A catalog will store the faces of the people
who are present in these videos including a still image of each person.
Eventually, the media company would like to migrate these media files to
AWS including the MAM video contents.
Which of the following options provides a solution which uses the LEAST
amount of ongoing management overhead and will cause MINIMAL disruption
to the existing system?
Set up a tape gateway appliance on-premises and - CORRECT-ANSWERSD
A well-funded startup company is building a mobile app that showcases their
latest fashion accessories and gadgets. The marketing manager hired a
famous model with millions of Instagram followers to promote their new
products and hence, it is expected that the app will be a huge hit once it is
launched in the market. It must have the ability to automatically scale to
handle millions of views of its static contents and to allow users to store their
own photos of themselves wearing fashionable accessories with a maximum
of 100-character caption. In this scenario, which of the following would fulfill
this requirement?
1. Use Cognito to handle the user authentication and management.
2. Use an RDS database to store user data.
3. Create an S3 bucket to store all of the user photos and other static files.
4. Distribute the static contents using CloudFront to improve scalability.
,1. Configure an on-premises Active Direct - CORRECT-ANSWERSD
An unusual API activity and intra-VPC port scanning have been identified by
the security team of your department. They noticed that there are multiple
port scans being triggered to your EC2 instances from a specific IP address.
To fix the issue immediately, your team has decided to simply block the
offending IP address. You are also instructed to fortify their existing cloud
infrastructure security from the most frequently occurring network and
transport layer DDoS attacks.
Which of the following is the most suitable method to satisfy the above
requirement in AWS?
Deny access from the IP Address block by adding a specific rule to all of the
Security Groups. Use a combination of AWS WAF and AWS Config to protect
your cloud resources against common web attacks.
Block the offending IP address using Route 53. Use Amazon Macie to
automatically discover, classify, and protect sensitive data in AWS, including
DDoS attac - CORRECT-ANSWERSC
In an effort to ensure and strengthen data security, your company has
launched a company-wide bug bounty program to find and patch up security
vulnerabilities in your web applications as well as the underlying cloud
resources. You are working as a Cloud Engineer and decided to focus on
checking system vulnerabilities of your AWS resources.
Which of the following are the best techniques to avoid Distributed Denial of
Service (DDoS) attacks for your cloud infrastructure hosted in AWS? (Choose
2)
Use an Application Load Balancer (ALB) to reduce the risk of overloading
your application by distributing traffic across many backend instances.
Integrate AWS WAF and the ALB to protect your web applications from
common web exploits that could affect application availability.
Add multiple Elastic Network Interfaces to each EC2 instance and use
Enhanced Networking to increase the network bandwidth.
Use an Amazon CloudFront - CORRECT-ANSWERSAC
An innovative Business Process Outsourcing (BPO) startup is planning to
launch a scalable and cost-effective call center system using AWS. The
system should be able to receive inbound calls from thousands of customers
and generate user contact flows. Callers must have the capability to perform
basic tasks such as changing their password or checking their balance
without them having to speak to a call center agent. It should also have
advanced deep learning functionalities such as automatic speech recognition
, (ASR) to achieve highly engaging user experiences and lifelike
conversational interactions. A feature that allows the solution to query other
business applications and send relevant data back to callers must also be
implemented.
Which of the following is the MOST suitable solution that the Solutions
Architect should implement?
Set up a cloud-based contact center using the Amazon Connect service.
Create a conver - CORRECT-ANSWERSA
As a Solutions Architect in a top IT consultancy firm, your role is to
implement a reliable and highly available system that can recover from
infrastructure or service disruptions. In addition, it should dynamically
acquire computing resources to meet demand and mitigate service
disruptions such as misconfigurations or transient network issues. Which of
the following is the most suitable option that you can implement to satisfy
the above requirement?
Use serverless architecture which eliminates the need for you to run and
maintain servers or carry out traditional compute activities.
Scale horizontally to increase aggregate system availability. Replace one
large resource with multiple small resources to reduce the impact of a single
failure on the overall system. Distribute requests across multiple, smaller
resources to ensure that they don't share a common point of failure.
Implement Auto-Scaling on your EC2 inst - CORRECT-ANSWERSB
The department of education just recently decided to leverage on AWS cloud
infrastructure to supplement their current on-premises network. They are
building a new learning portal that teaches kids basic computer science
concepts and provides innovative gamified courses for teenagers where they
can gain higher rankings, power-ups and badges. A Solutions Architect is
instructed to build a highly available cloud infrastructure in AWS with
multiple Availability Zones. The department wants to increase the
application's reliability and gain actionable insights using application logs. A
Solutions Architect needs to aggregate logs, automate log analysis for errors
and immediately notify the IT Operations team when errors breached a
certain threshold.
Which of the following is the MOST suitable solution that the Architect should
implement?
Download and install the AWS X-Ray agent in the on-premises servers and
send the logs - CORRECT-ANSWERSD
An electronics company has an on-premises network as well as a cloud
infrastructure in AWS. The on-site data storage which is used by their
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.