RealValidExam AWS-Solutions-Architect-Professional Exam Questions Real AWS-Solutions-Architect-Professional Practice Dumps [Q55-Q71]

RealValidExam AWS-Solutions-Architect-Professional Exam Questions | Real AWS-Solutions-Architect-Professional Practice Dumps

Verified AWS-Solutions-Architect-Professional Exam Dumps Q&As - Provide AWS-Solutions-Architect-Professional with Correct Answers

Understanding functional and technical aspects of AWS Solutions Architect Professional Exam Design for New Solutions

The following will be discussed in AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps:

• Determine security requirements and controls when designing and implementing a solution
• Determine a deployment strategy to meet business requirements when designing and implementing a solution
• Determine a solution design and implementation strategy to meet reliability requirements
• Determine a solution design to meet performance objectives
• Determine a solution design to ensure business continuity

How to study the AWS Solutions Architect Professional Exam

A broad range of AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps for AWS Accredited Developer-Professional Certification have been recognized for certification issues. The reality that students need to prepare attentively does not make certificates easy. It also takes a long time to learn from AWS Accredited Developer-Professional. Every examen includes answers and questions that help students pass their final test. You will pass the test after you have taken and learned our modules. But it doesn't end there; thanks to our full guides, you will still be good in your career. You will produce your goods in the future. To plan any material for you, we have an advanced method. In the development of and commodity, we have used the latest details.

AWS SOLUTIONS ARCHITECT PROFESSIONAL practice test is easy to use, so that anyone can appreciate them. In such dynamic areas, where qualification requires a lot of study, planning, and focus, no one likes loss. An effort is so hard that even the students' nerves can be shattered. Our waste management systems are so legitimate and best that you have no pain to pass your AWS accredited Developer Professional.

For more info read reference:

Amazon Web Services Website

 

NEW QUESTION 55
AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no
AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access
Management (IAM) policy. With that in mind, how is it possible to write a policy to control access to AWS
Direct Connect actions?

• A. You can choose the name of the AWS Direct Connection as the resource.
• B. You can use an asterisk (*) as the resource.
• C. You can create a name for the resource.
• D. You can leave the resource name field blank.

Answer: B

Explanation:
AWS Direct Connect itself has no specific resources for you to control access to. Therefore, there are no
AWS Direct Connect ARNs for you to use in an IAM policy. You use an asterisk (*) as the resource when
writing a policy to control access to AWS Direct Connect actions.
Reference: http://docs.aws.amazon.com/directconnect/latest/UserGuide/using_iam.html

 

NEW QUESTION 56
Doug has created a VPC with CIDR 10.201.0.0/16 in his AWS account. In this VPC he has created a public subnet with CIDR block 10.201.31.0/24.
While launching a new EC2 from the console, he is not able to assign the private IP address
10.201.31.6 to this instance.
Which is the most likely reason for this issue?

• A. Private address IP 10.201.31.6 is currently assigned to another interface.
• B. Private IP address 10.201.31.6 is reserved by Amazon for IP networking purposes.
• C. Private IP address 10.201.31.6 is blocked via ACLs in Amazon infrastructure as a part of platform security.
• D. Private IP address 10.201.31.6 is not part of the associated subnet's IP address range.

Answer: A

Explanation:
In Amazon VPC, you can assign any Private IP address to your instance as long as it is:
Part of the associated subnet's IP address range
Not reserved by Amazon for IP networking purposes
Not currently assigned to another interface
http://aws.amazon.com/vpc/faqs/

 

NEW QUESTION 57
A company wants to ensure that the workloads for each of its business units have complete autonomy and a minimal blast radius in AWS. The Security team must be able to control access to the resources and services in the account to ensure that particular services are not used by the business units.
How can a Solutions Architect achieve the isolation requirements?

• A. Create individual accounts for each business unit and add the account to an OU in AWS Organizations.
  Modify the OU to ensure that the particular services are blocked. Federate each account with an IdP, and create separate roles for the business units and the Security team.
• B. Create individual accounts for each business unit. Federate each account with an IdP and create separate roles and policies for business units and the Security team.
• C. Create one shared account for the entire company. Create individual IAM policies and resource tags for each business unit. Federate the account with an IdP, and create separate roles for the business units and the Security team.
• D. Create one shared account for the entire company. Create separate VPCs for each business unit. Create individual IAM policies and resource tags for each business unit. Federate each account with an IdP, and create separate roles for the business units and the Security team.

Answer: A

 

NEW QUESTION 58
Complete this statemente: "When you load your table directly from an Amazon ___________ table, you have the option to control the amount of provisioned throughput you consume."

• A. DataPipeline
• B. RDS
• C. S3
• D. DynamoDB

Answer: D

Explanation:
When you load your table directly from an Amazon DynamoDB table, you have the option to control the amount of Amazon DynamoDB provisioned throughput you consume.
http://docs.aws.amazon.com/redshift/latest/dg/t_Loading_tables_with_the_COPY_command.html

 

NEW QUESTION 59
A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:
* Consolidate all accounts into one organization.
* Allow full access to the Amazon EC2 service from the master account and the secondary accounts.
* Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)

• A. Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
• B. Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.
• C. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
• D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
• E. Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.

Answer: A,B

 

NEW QUESTION 60
Can a Direct Connect link be connected directly to the Internet?

• A. No
• B. Yes, this can be done if you pay for it.
• C. Yes
• D. Yes, this can be done only for certain regions.

Answer: A

Explanation:
AWS Direct Connect is a network service that provides an alternative to using the Internet to utilize AWS
cloud service. Hence, a Direct Connect link cannot be connected to the Internet directly.
Reference: http://aws.amazon.com/directconnect/faqs/

 

NEW QUESTION 61
As a part of building large applications in the AWS Cloud, the Solutions Architect is required to implement the perimeter security protection. Applications running on AWS have the following endpoints:
* Application Load Balancer
* Amazon API Gateway regional endpoint
* Elastic IP address-based EC2 instances.
* Amazon S3 hosted websites.
* Classic Load Balancer
The Solutions Architect must design a solution to protect all of the listed web front ends and provide the following security capabilities:
* DDoS protection
* SQL injection protection
* IP address whitelist/blacklist
* HTTP flood protection
* Bad bot scraper protection
How should the Solutions Architect design the solution?

• A. Secure the endpoints by using network ACLs and security groups and adding rules to enforce the company's requirements. Use AWS Lambda to automatically update the rules.
• B. Deploy Amazon CloudFront in front of all the endpoints. The CloudFront distribution provides perimeter protection. Add AWS Lambda-based automation to provide additional security.
• C. Deploy Amazon CloudFront in front of all the endpoints. Deploy AWS WAF and AWS Shield Advanced. Add AWS WAF rules to enforce the company's requirements. Use AWS Lambda to automate and enhance the security posture.
• D. Deploy AWS WAF and AWS Shield Advanced on all web endpoints. Add AWS WAF rules to enforce the company's requirements.

Answer: D

 

NEW QUESTION 62
A Solutions Architect designed a system based on Amazon Kinesis Data Streams. After the workflow was
put into production, the company noticed it performed slowly and identified Kinesis Data Streams as the
problem. One of the streams has a total of 10 Mb/s throughput.
What should the Solutions Architect recommend to improve performance?

• A. Use AWS Lambda to preprocess the data and transform the records into a simpler format, such as
  CSV.
• B. Run the UpdateShardCountcommand to increase the number of shards in the stream
• C. Run the MergeShard command to reduce the number of shards that the consumer can more easily
  process.
• D. Change the workflow to use Amazon Kinesis Data Firehose to gain a higher throughput.

Answer: B

 

NEW QUESTION 63
A company has an application that generates a weather forecast that is updated every 15 minutes with an output resolution of 1 billion unique positions, each approximately 20 bytes in size (20 Gigabytes per forecast). Every hour, the forecast data is globally accessed approximately 5 million times (1,400 requests per second), and up to 10 times more during weather events. The forecast data is overwritten every update. Users of the current weather forecast application expect responses to queries to be returned in less than two seconds for each request.
Which design meets the required request rate and response time?

• A. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an API Gateway endpoint with AWS Lambda functions responding to queries as the origin. Create an Amazon Lambda@Edge function that caches the data locally at edge locations for 15 minutes.
• B. Store forecast locations in an Amazon EFS volume. Create an Amazon CloudFront distribution that targets an Elastic Load Balancing group of an Auto Scaling fleet of Amazon EC2 instances that have mounted the Amazon EFS volume. Set the set cache-control timeout for 15 minutes in the CloudFront distribution.
• C. Store forecast locations in an Amazon ES cluster. Use an Amazon CloudFront distribution targeting an Amazon API Gateway endpoint with AWS Lambda functions responding to queries as the origin.
  Enable API caching on the API Gateway stage with a cache-control timeout set for 15 minutes.
• D. Store forecast locations in an Amazon S3 as individual objects. Create an Amazon CloudFront distribution targeting an Elastic Load Balancing group of an Auto Scaling fleet of EC2 instances, querying the origin of the S3 object. Set the cache-control timeout for 15 minutes in the
  3CloudFront distribution.

Answer: A

 

NEW QUESTION 64
The two policies that you attach to an IAM role are the access policy and the trust policy. The trust policy identifies who can assume the role and grants the permission in the AWS Lambda account principal by adding the _______ action.

• A. sts:InvokeAsync
• B. aws:AssumeAdmin
• C. sts:AssumeRole
• D. lambda:InvokeAsync

Answer: C

Explanation:
Explanation
The
two policies that you attach to an IAM role are the access policy and the trust policy. Remember that adding an account to the trust policy of a role is only half of establishing the trust relationship. By default, no users in the trusted accounts can assume the role until the administrator for that account grants the users the permission to assume the role by adding the Amazon Resource Name (ARN) of the role to an Allow element for the sts:AssumeRole action. http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage_modify.html

 

NEW QUESTION 65
A company operates pipelines across North America and South America. The company assesses pipeline inspection gauges with imagery and ultrasonic sensor data to monitor the condition of its pipelines. The pipelines are in areas with intermittent or unavailable internet connectivity. The imager data at each site requires terabytes of storage each month. The company wants a solution to collect the data at each site in monthly intervals and to store the data with high durability. The imagery captured must be preprocessed and uploaded to a central location for persistent Storage.
Which actions should a solutions architect take to meet these requirements?

• A. Deploy AWS IoT Greengrass on eligible hardware across the sites. Configure AWS Lambda on the devices for preprocessing. Ship the devices back to the closest AWS Region and store the data in Amazon S3 buckets
• B. Deploy AWS Snowball devices at local sites in a cluster configuration. Configure AWS Lambda for preprocessing. Ship the devices back to the closest AWS Region and store the data in Amazon S3 buckets
• C. Deploy AWS Snowball Edge devices at local sites in a cluster configuration. Configure AWS Lambda for preprocessing Ship the devices back to the closest AWS Region and store the date in Amazon S3 buckets.
• D. Deploy AWS IoT Greengrass on eligible hardware across the sites. Configure AWS Lambda on the devices for preprocessing Upload the processed date to Amazon S3 buckets in AWS Regions closest to the sites

Answer: D

 

NEW QUESTION 66
You are designing a multi-platform web application for AWS. The application will run on EC2 instances and will be accessed from PCs, tablets and smart phones, supported accessing platforms are Windows, MacOS, IOS and Android. Separate sticky session and SSL certificate setups are required for different platform types. Which of the following describes the most cost effective and performance efficient architecture setup?

• A. Assign multiple ELBs to an EC2 Instance or group of EC2 instances running the common components of the web application. One ELB for each platform type.
  Session stickiness and SSL termination are done at the ELBs.
• B. Set up two ELBs. The first ELB handles SSL certificates for all platforms and the second ELB handles session stickiness for all platforms.
  For each ELB, run separate EC2 instance groups to handle the web application for each platform.
• C. Set up one ELB for all platforms to distribute load among multiple instance under it.
  Each EC2 instance implements all functionality for a particular platform.
• D. Setup a hybrid architecture to handle session state and SSL certificates on-prem and separate EC2 Instance groups running web applications for different platform types running in a VPC.

Answer: A

Explanation:
One ELB cannot handle different SSL certificates but since we are using sticky sessions it must be handled at the ELB level. SSL could be handled on the EC2 instances only with TCP configured ELB, ELB supports sticky sessions only in HTTP/HTTPS configurations.
The way the Elastic Load Balancer does session stickiness is on a HTTP/HTTPS listener is by utilizing an HTTP cookie. If SSL traffic is not terminated on the Elastic Load Balancer and is terminated on the back-end instance, the Elastic Load Balancer has no visibility into the HTTP headers and therefore can not set or read any of the HTTP headers being passed back and forth.
http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-sticky- sessions.html

 

NEW QUESTION 67
If you have a running instance using an Amazon EBS boot partition, you can call the _______ API to release the compute resources but preserve the data on the boot partition.

• A. Ping Instance
• B. Terminate Instances
• C. AMI Instance
• D. Stop Instances

Answer: D

Explanation:
Explanation
If you have a running instance using an Amazon EBS boot partition, you can also call the Stop Instances API to release the compute resources but preserve the data on the boot partition.
https://aws.amazon.com/ec2/faqs/#How_quickly_will_systems_be_running

 

NEW QUESTION 68
You need a persistent and durable storage to trace call activity of an IVR (Interactive Voice Response)
system. Call duration is mostly in the 2-3 minutes timeframe. Each traced call can be either active or
terminated. An external application needs to know each minute the list of currently active calls. Usually
there are a few calls/second, but once per month there is a periodic peak up to 1000 calls/second for a
few hours. The system is open 24/7 and any downtime should be avoided. Historical data is periodically
archived to files. Cost saving is a priority for this project.
What database implementation would better fit this scenario, keeping costs as low as possible?

• A. Use DynamoDB with a "Calls" table and a Global Secondary Index on a "Is Active" attribute that is
  present for active calls only. In this way the Global Secondary Index is sparse and more effective.
• B. Use RDS Multi-AZ with a "CALLS" table and an indexed "STATE" field that can be equal to "ACTIVE"or
  'TERMINATED". In this way the SQL query is optimized by the use of the Index.
• C. Use DynamoDB with a "Calls" table and a Global Secondary Index on a "State" attribute that can equal
  to "active" or "terminated". In this way the Global Secondary Index can be used for all items in the table.
• D. Use RDS Multi-AZ with two tables, one for "ACTIVE_CALLS" and one for "TERMINATED_CALLS". In
  this way the "ACTIVE_CALLS" table is always small and effective to access.

Answer: D

 

NEW QUESTION 69
A photo-sharing and publishing company receives 10,000 to 150,000 images daily. The company receives the images from multiple suppliers and users registered with the service. The company is moving to AWS and wants to enrich the existing metadata by adding data using Amazon Rekognition.
The following is an example of the additional data:

As part of the cloud migration program, the company uploaded existing image data to Amazon S3 and told users to upload images directly to Amazon S3.
What should the Solutions Architect do to support these requirements?

• A. Use Amazon Kinesis to stream data based on an S3 event. Use an application running in Amazon EC2 to extract metadata from the images. Then store the data on Amazon DynamoDB and Amazon CloudSearch and create an index. Use a web front-end with search capabilities backed by CloudSearch.
• B. Trigger AWS Lambda based on an S3 event notification to create additional metadata using Amazon Rekognition. Use Amazon DynamoDB to store the metadata and Amazon ES to create an index. Use a web front-end to provide search capabilities backed by Amazon ES.
• C. Start an Amazon SQS queue based on S3 event notifications. Then have Amazon SQS send the metadata information to Amazon DynamoDB. An application running on Amazon EC2 extracts data from Amazon Rekognition using the API and adds data to DynamoDB and Amazon ES. Use a web front-end to provide search capabilities backed by Amazon ES.
• D. Trigger AWS Lambda based on an S3 event notification to create additional metadata using Amazon Rekognition. Use Amazon RDS MySQL Multi-AZ to store the metadata information and use Lambda to create an index. Use a web front-end with search capabilities backed by Lambda.

Answer: B

Explanation:
Explanation
https://github.com/aws-samples/lambda-refarch-imagerecognition

 

NEW QUESTION 70
A customer has a website which shows all the deals available across the market. The site experiences a load of 5 large EC2 instances generally.
However, a week before Thanksgiving vacation they encounter a load of almost 20 large instances. The load during that period varies over the day based on the office timings.
Which of the below mentioned solutions is cost effective as well as help the website achieve better performance?

• A. Setup to run 10 instances during the pre-vacation period and only scale up during the office time by launching 10 more instances using the AutoScaling schedule.
• B. During the pre-vacation period setup a scenario where the organization has 15 instances running and 5 instances to scale up and down using Auto Scaling based on the network I/O policy.
• C. During the pre-vacation period setup 20 instances to run continuously.
• D. Keep only 10 instances running and manually launch 10 instances every day during office hours.

Answer: A

Explanation:
AWS provides an on demand, scalable infrastructure. AWS EC2 allows the user to launch On- Demand instances and the organization should create an AMI of the running instance. When the organization is experiencing varying loads and the time of the load is not known but it is higher than the routine traffic it is recommended that the organization launches a few instances before hand and then setups AutoScaling with policies which scale up and down as per the EC2 metrics, such as Network I/O or CPU utilization. If the organization keeps all 10 additional instances as a part of the AutoScaling policy sometimes during a sudden higher load it may take time to launch instances and may not give an optimal performance. This is the reason it is recommended that the organization keeps an additional 5 instances running and the next 5 instances scheduled as per the AutoScaling policy for cost effectiveness.

 

NEW QUESTION 71
......

Get Top-Rated Amazon AWS-Solutions-Architect-Professional Exam Dumps Now: https://www.realvalidexam.com/AWS-Solutions-Architect-Professional-real-exam-dumps.html

Pass Your AWS-Solutions-Architect-Professional Dumps Free Latest Amazon Practice Tests: https://drive.google.com/open?id=12SVdXAy94t-FCsW7kPzkC7F_eRc3C443