Exam (elaborations)
2024 AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE TEST 1 EXAM WITH CORRECT ANSWERS
- Course
- Institution
2024 AWS CERTIFIED SOLUTIONS ARCHITECT ASSOCIATE TEST 1 EXAM WITH CORRECT ANSWERS
[Show more]
Content preview
2024 AWS CERTIFIED SOLUTIONSARCHITECT ASSOCIATE TEST 1
EXAM WITH CORRECT ANSWERS
An IT company provides S3 bucket access to specific users within the same
account for completing project specific work. With changing business
requirements, cross-account S3 access requests are also growing every
month. The company is looking for a solution that can offer user level as well
as account-level access permissions for the data stored in S3 buckets.
As a Solutions Architect, which of the following would you suggest as the
MOST optimized way of controlling access for this use-case?
A. Use Identity and Access Management (IAM) policies
B. Use Amazon S3 Bucket Policies
C. Use Access Control Lists (ACLs)
D. Use Security Groups - CORRECT-ANSWERSB
An analytics company wants to improve the performance of its big data
processing workflows running on Amazon EFS. Which of the following
performance modes should be used for EFS to address this requirement?
A. Provisioned Throughput
B. Bursting Throughput
C. Max I/O
D. General Purpose - CORRECT-ANSWERSC
The development team at an e-commerce startup has set up multiple
microservices running on EC2 instances under an Elastic Load Balancer. The
team wants to route traffic to multiple back-end services based on the
content of the request.
Which of the following types of load balancers would allow routing based on
the content of the request?
A. Classic Load Balancer
B. Application Load Balancer
C. Network Load Balancer
D. Both Application Load Balancer and Network Load Balancer - CORRECT-
ANSWERSB
,A tax computation software runs on Amazon EC2 instances behind a Classic
Load Balancer. The instances are managed by an Auto Scaling Group. The
tax computation software has an optimization module, which can take up to
10 minutes to find the optimal answer.
How do you ensure that when the Auto Scaling Group initiates a scale-in
event, the users do not see their current requests interrupted?
A. Create an ASG Scheduled Action
B. Enable Stickiness on the CLB
C. Enable ELB health checks on the ASG
D. Increase the deregistration delay to more than 10 minutes - CORRECT-
ANSWERSD
An HTTP application is deployed on an Auto Scaling Group, is accessible from
an Application Load Balancer that provides HTTPS termination, and accesses
a PostgreSQL database managed by RDS.
How should you configure the security groups? (Select three)
A. The security group of RDS should have an inbound rule from the security
group of the EC2 instances in the ASG on port 5432
B. The security group of the EC2 instances should have an inbound rule from
the security group of the ALB on port 80
C. The security group of the ALB should have an inbound rule from anywhere
on port 80
D. The security group of the EC2 instances should have an inbound rule from
the security group of the RDS database on port 5432
E. The security group of RDS should have an inbound rule from the security
group of the EC2 instances in the ASG on port 80
F. The security group of the ALB should have an inbound rule from anywhere
on port 443 - CORRECT-ANSWERSA, B, F
Your company has an on-premises Distributed File System Replication
(DFSR) service to keep files synchronized on multiple Windows servers, and
would like to migrate to AWS cloud.
What do you recommend as a replacement for the DFSR?
A. FSx for Windows
B. FSx for Lustre
C. EFS
D. Amazon S3 - CORRECT-ANSWERSA
The engineering manager for a content management application wants to
set up RDS read replicas to provide enhanced performance and read
scalability. The manager wants to understand the data transfer charges
while setting up RDS read replicas.
,Which of the following would you identify as correct regarding the data
transfer charges for RDS read replicas?
A. There are data transfer charges for replicating data within the same
Availability Zone
B. There are data transfer charges for replicating data across AWS Regions
C. There are data transfer charges for replicating data within the same AWS
Region
D. There are no data transfer charges for replicating data across AWS
Regions - CORRECT-ANSWERSB
To improve the performance and security of the application, the engineering
team at a company has created a CloudFront distribution with an Application
Load Balancer as the custom origin. The team has also set up a Web
Application Firewall (WAF) with CloudFront distribution. The security team at
the company has noticed a surge in malicious attacks from a specific IP
address to steal sensitive data stored on the EC2 instances.
As a solutions architect, which of the following actions would you recommend
to stop the attacks?
A. Create a deny rule for the malicious IP in the NACL associated with each of
the instances
B. Create a deny rule for the malicious IP in the Security Groups associated
with each of the instances
C. Create an IP match condition in the WAF to block the malicious IP address
D. Create a ticket with AWS support to take action against the malicious IP -
CORRECT-ANSWERSC
A manufacturing company receives unreliable service from its data center
provider because the company is located in an area prone to natural
disasters. The company is not ready to fully migrate to the AWS Cloud, but it
wants a failover environment on AWS in case the on-premises data center
fails. The company runs web servers that connect to external vendors. The
data available on AWS and on-premises must be uniform.
Which of the following solutions would have the LEAST amount of downtime?
A. Set up a Route 53 failover record. Execute an AWS CloudFormation
template from a script to provision EC2 instances behind an Application Load
Balancer. Set up AWS Storage Gateway with stored volumes to back up data
to S3
B. Set up a Route 53 failover record. Run an AWS Lambda function to
execute an AWS CloudFormation template to launch two EC2 instances. Set
up AWS Storage Gateway with stored volumes to back up data to S3. Set u -
CORRECT-ANSWERSD
, A systems administrator has created a private hosted zone and associated it
with a Virtual Private Cloud (VPC). However, the DNS queries for the private
hosted zone remain unresolved.
As a Solutions Architect, can you identify the Amazon VPC options to be
configured in order to get the private hosted zone to work?
A. Enable DNS hostnames and DNS resolution for private hosted zones
B. Remove any overlapping namespaces for the private and public hosted
zones
C. Fix the Name server (NS) record and Start Of Authority (SOA) records that
may have been created with wrong configurations
D. Fix conflicts between your private hosted zone and any Resolver rule that
routes traffic to your network for the same domain name, as it results in
ambiguity over the route to be taken - CORRECT-ANSWERSA
The DevOps team at a leading social media company uses AWS OpsWorks,
which is a fully managed configuration management service. OpsWorks
eliminates the need to operate your configuration management systems or
worry about maintaining its infrastructure.
Can you identify the configuration management tools for which OpsWorks
provides managed instances? (Select two)
A. Ansible
B. Chef
C. Puppet
D. CFEngine
E. Salt - CORRECT-ANSWERSB, C
A financial services company has developed its flagship application on AWS
Cloud with data security requirements such that the encryption key must be
stored in a custom application running on-premises. The company wants to
offload the data storage as well as the encryption process to Amazon S3 but
continue to use the existing encryption key.
Which of the following S3 encryption options allows the company to leverage
Amazon S3 for storing data with given constraints?
A. Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
B. Server-Side Encryption with Customer-Provided Keys (SSE-C)
C. Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS
Key Management Service (SSE-KMS)
D. Client-Side Encryption with data encryption is done on the client-side
before sending it to Amazon S3 - CORRECT-ANSWERSB
One of the biggest football leagues in Europe has granted the distribution
rights for live streaming its matches in the US to a silicon valley based
streaming services company. As per the terms of distribution, the company
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Elitaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $27.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
73091 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now