DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

2024 SAP-C02 Exam Prep: Practice Tests & Study Materials, AWS Certified Solutions Architect - Professional | SPOTO

The AWS Certified Solutions Architect - Professional (SAP-C02) exam is a crucial step for individuals in the solutions architect role. This certification assesses advanced technical skills and experience in designing optimized AWS solutions, aligning with the AWS Well-Architected Framework. SPOTO offers comprehensive 2024 SAP-C02 exam preparation with practice tests and study materials. Their resources include exam questions and answers, exam dumps, sample questions, and free quizzes, providing a holistic approach to exam readiness. With SPOTO's exam simulator and mock exams, you can simulate real exam scenarios, practice exam questions, and refine your exam strategies. Their study materials cover key concepts and best practices essential for success in the SAP-C02 exam. Prepare effectively with SPOTO's practice tests and study materials to excel in the AWS Certified Solutions Architect - Professional (SAP-C02) exam and advance your career as a skilled solutions architect in AWS technology.

Take other online exams
Question #1
2. A life sciences company is using a combination of open source tools to manage data analysis workflows and Docker containers running on servers in its on-premises data center to process genomics data. Sequencing data is generated and stored on a local storage area network (SAN), and then the data is processed. The research and development teams are running into capacity issues and have decided to re-architect their genomics analysis platform on AWS to scale based on workload demands and reduce the turnaro
A. Use regularly scheduled AWS Snowball Edge devices to transfer the sequencing data into AWS
B. Use AWS Data Pipeline to transfer the sequencing data to Amazon S3
C. Use AWS DataSync to transfer the sequencing data to Amazon S3
D. Use an AWS Storage Gateway file gateway to transfer the sequencing data to Amazon S3
View answer
Correct Answer: A
Question #2
6. A health and beauty online retailer ships thousands of orders daily to 85 countries worldwide with more than 25,000 items and carries inventory from 600 different manufacturers. The company processes thousands of online orders each day from these countries and its website is localized in 15 languages. As a global online business, the company’s website faces continual security threats and challenges in the form of HTTP flood attacks, distributed denial of service (DDoS) attacks, rogue robots that flood it
A. Create a deny rule for the blocked countries in the NACL associated with each of the EC2 instances
B. Use WAF IP set statement that specifies the IP addresses that you want to allow through
C. Use WAF geo match statement listing the countries that you want to block
D. Use ALB gec match statement listing the countries that you want to block
E. Use ALB IP set statement that specifies the IP addresses that you want to allow through
View answer
Correct Answer: BC
Question #3
3. A company wants to run a serverless application on AWS. The company plans to provision its application in Docker containers running in an Amazon ECS cluster. The application requires a MySQL database and the company plans to use Amazon RDS. The company has documents that need to be accessed frequently for the first 3 months, and rarely after that. The document must be retained for 7 years. What is the MOST cost-effective solution to meet these requirements?
A. Create an ECS cluster using On-Demand Instances
B. Create an ECS cluster using a fleet of Spot Instances, with Spot Instance draining enabled
C. Create an ECS cluster using On-Demand Instances
D. Create an ECS cluster using a fleet of Spot Instances with Spot Instance draining enabled
View answer
Correct Answer: B
Question #4
21. A company wants to provide a desktop as a service (DaaS) to a number of employees using Amazon WorkSpaces. WorkSpaces will need to access files and services hosted on premises with authorization based on the company’s Active Directory. Network connectivity will be provided through an existing AWS Direct Connect connection. The solution has the following requirements: Credentials from Active Directory should be used to access on-premises files and services. Credentials from Active Directory should not be
A. Create an AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) directory within the WorkSpaces VPC
B. Create a service account in the on-premises Active Directory with the required permissions
C. Create a service account in the on-premises Active Directory with the required permissions
D. Create an AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) directory in the AWS Directory Service within the WorkSpaces VPC
View answer
Correct Answer: C
Question #5
56. A world-leading video creation and distribution company has recently migrated to AWS Cloud for digitally transforming their movie business. The company wants to speed up its media distribution process and improve data security while also reducing costs and eliminating errors. The company wants to set up a Digital Cinema Network that would allow it to connect the space-constrained movie theater environment to content stored in Amazon S3 as well as to accelerate the online distribution of movies and adver
A. Use AWS DataSync to migrate existing data to Amazon S3 as well as access the S3 data for ongoing updates
B. Use File Gateway configuration of AWS Storage Gateway to migrate data to Amazon S3 and then use S3 Transfer Acceleration for ongoing updates from the on-premises applications
C. Use AWS DataSync to migrate existing data to Amazon S3 and then use File Gateway to retain access to the migrated data for ongoing updates from the on-premises applications
D. Use S3 Transfer Acceleration to migrate existing data to Amazon S3 and then use DataSync for ongoing updates from the on-premises applications
View answer
Correct Answer: C
Question #6
9. A company wants to change its internal cloud billing strategy for each of its business units. Currently, the cloud governance team shares reports for overall cloud spending with the head of each business unit. The company uses AWS Organizations to manage the separate AWS accounts for each business unit. The existing tagging standard in Organizations includes the application, environment, and owner. The cloud governance team wants a centralized solution so each business unit receives monthly reports on it
A. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
B. Configure AWS Budgets in the organization’s master account and configure budget alerts that are grouped by application, environment, and owner
C. Configure AWS Budgets in each account and configure budget alerts that are grouped by application, environment, and owner
D. Enable AWS Cost and Usage Reports in the organization’s master account and configure reports grouped by application, environment, and owner
View answer
Correct Answer: B
Question #7
5. A social media company has configured a CloudFront distribution to distribute both static and dynamic content from a web application that needs user authorization and session tracking for dynamic content. The web application is running behind an Application Load Balancer. The cache behavior for the CloudFront distribution has been configured to forward the Authorization, Host, and Date HTTP whitelist headers as well as forward a session cookie to the origin. All other cache behavior settings are set to t
A. Remove the Date and Authorization HTTPS headers from the whitelist headers section of the cache behavior
B. Remove the Host HTTP header from the whitelist headers section and remove the session cookie from the whitelist cookies section for the default cache behavior
C. Create separate cache behaviors for static and dynamic content Remove the Date as well as Host HTTP headers from the whitelist headers section on both of the cache behaviors
D. Create separate cache behaviors for static and dynamic content Remove the Date HTTP header from the whitelist headers section on both of the cache behaviors
View answer
Correct Answer: D
Question #8
9. A financial company with multiple departments wants to expand its on-premises environment to the AWS Cloud. The company must retain centralized access control using an existing on premises Active Directory (AD) service. Each department should be allowed to create AWS accounts with preconfigured networking and should have access to only a specific list of approved services. Departments are not permitted to have account administrator permissions. What should a solutions architect do to meet these security
A. Configure AWS Identity and Access Management (IAM) with a SAML identity provider (IdP) linked to the on-premises Active Directory, and create a role to grant access
B. Deploy an AWS Control Tower landing zone
C. Deploy an Amazon Cloud Directory
D. Configure AWS Directory Service for Microsoft Active Directory with AWS Single Sign-On
View answer
Correct Answer: B
Question #9
5. A media company is serving video files stored in Amazon S3 using Amazon CloudFront. The development team needs access to the logs to diagnose faults and perform service monitoring. The log files from CloudFront may contain sensitive information about users. The company uses a log processing service to remove sensitive information before making the logs available to the development team. The company has the following requirements for the unprocessed logs: The logs must be encrypted at rest and must be accessible by the log processing service only – Only the data protection team can control access to the unprocessed log files. – AWS CloudFormation templates must be stored in AWS CodeCommit. – AWS CodePipeline must be triggered on commit to perform updates made to CloudFormation templates. – CloudFront is already writing the unprocessed logs to an Amazon S3 bucket, and the log processing service is operating against this S3 bucket.Which combination of steps should a solutions architect take to meet the company’s requirements? (Choose two.)
A. Create an AWS KMS key that allows the AWS Logs Delivery account to generate data keys for encryption Configure S3 default encryption to use server-side encryption with KMS managed keys (SSEKMS) on the log storage bucket using the new KMS key
B. Create an AWS KMS key that follows the CloudFront service role to generate data keys for encryption Configure S3 default encryption to use KMS managed keys (SSE-KMS) on the log storage bucket using the new KMS key Modify the KMS key policy to allow the log processing service to perform decrypt operations
C. Configure S3 default encryption to use AWS KMS managed keys (SSE-KMS) on the log storage bucket using the AWS Managed S3 KMS key
D. Create a new CodeCommit repository for the AWS KMS key template
E. Use the existing CodeCommit repository for the AWS KMS key template
View answer
Correct Answer: AD
Question #10
6. A company has several Amazon EC2 instances to both public and private subnets within a VPC that is not connected to the corporate network. A security group associated with the EC2 instances allows the company to use the Windows remote desktop protocol (RDP) over the internet to access the instances. The security team has noticed connection attempts from unknown sources. The company wants to implement a more secure solution to access the EC2 instances. Which strategy should a solutions architect implement
A. Deploy a Linux bastion host on the corporate network that has access to all instances in the VPC
B. Deploy AWS Systems Manager Agent on the EC2 instances
C. Deploy a Linux bastion host with an Elastic IP address in the public subnet
D. Establish a Site-to-Site VPN connecting the corporate network to the VPC
View answer
Correct Answer: A
Question #11
4. A financial services company receives a regular data feed from its credit card servicing partner. Approximately 5,000 records are sent every 15 minutes in plaintext, delivered over HTTPS directly into an Amazon S3 bucket with server-side encryption. This feed contains sensitive credit card primary account number (PAN) data. The company needs to automatically mask the PAN before sending the data to another S3 bucket for additional internal processing. The company also needs to remove and merge specific fi
A. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
B. Trigger an AWS Lambda function on file delivery that extracts each record and writes it to an Amazon SQS queue
C. Create an AWS Glue crawler and custom classifier based on the data feed formats and build a table definition to match
D. Create an AWS Glue crawler and custom classifier based upon the data feed formats and build a table definition to match
View answer
Correct Answer: A
Question #12
49. A mobile app based social media company is using Amazon CloudFront to deliver media-rich content to its audience across the world. The Content Delivery Network (CDN) offers a multi-tier cache by default, with regional edge caches that improve latency and lower the load on the origin servers when the object is not already cached at the edge. However, there are certain content types that bypass the regional edge cache and go directly to the origin. Which of the following content types skip the regional ed
A. E-commerce assets such as product photos
B. User-generated videos
C. Dynamic content, as determined at request time (cache-behavior configured to forward all headers)
D. Static content such as style sheets, JavaScript files
E. Proxy methods PUT/POST/PATCH/OPTIONS/DELETE go directly to the origin
View answer
Correct Answer: CE
Question #13
A solutions architect has an operational workload deployed on Amazon EC2 instances in an Auto Scaling group. The VPC architecture spans two Availability Zones (AZ) with a subnet in each that the Auto Scaling group is targeting. The VPC is connected to an on-premises environment and connectivity cannot be interrupted. The maximum size of the Auto Scaling group is 20 instances in service. The VPC IPv4 addressing is as follows: – VPC CIDR: 10.0.0.0/23 – AZ1 subnet CIDR: 10.0.0.0/24 – AZ2 subnet CIDR: 10.0.1.0/24 Since deployment, a third AZ has become available in the Region. The solutions architect wants to adopt the new AZ without adding additional IPv4 address space and without service downtime. Which solution will meet these requirements?
A. Configure the Aurora MySQL DB cluster to publish slow query and error logs to Amazon CloudWatch Logs
B. Implement the AWS X-Ray SDK to trace incoming HTTP requests on the EC2 instances and implement tracing of SQL queries with the X-Ray SDK for Java
C. Configure the Aurora MySQL DB cluster to stream slow query and error logs to Amazon Kinesis
D. Install and configure an Amazon CloudWatch Logs agent on the EC2 instances to send the Apache logs to CloudWatch Logs
E. Enable and configure AWS CloudTrail to collect and analyze application activity from Amazon EC2 and Aurora
View answer
Correct Answer: A
Question #14
53. An Internet-of-Things (loT) company has developed an end-to-end cloud-based solution that provides customers with integrated loT functionality in devices including baby monitors, security cameras and entertainment systems. The company is using Kinesis Data Streams (KDS) to process loT data from these devices. Multiple consumer applications are using the incoming data streams and the engineers have noticed a performance lag for the data delivery speed between producers and consumers of the data streams.
A. Swap out Kinesis Data Streams with SQS FIFO queues to support the desired read throughput for the downstream applications
B. Swap out Kinesis Data Streams with SQS Standard queues to support the desired read throughput for the downstream applications
C. Use Enhanced Fanout feature of Kinesis Data Streams to support the desired read throughput for the downstream applications
D. Swap out Kinesis Data Streams with Kinesis Data Firehose to support the desired read throughput for the downstream applications
View answer
Correct Answer: C
Question #15
A company uses AWS Organizations to manage one parent account and nine member accounts. The number of member accounts is expected to grow as the business grows. A security engineer has requested consolidation of AWS CloudTrail logs into the parent account for compliance purposes. Existing logs currently stored in Amazon S3 buckets in each individual member account should not be lost. Future member accounts should comply with the logging strategy. Which operationally efficient solution meets these requirements?
A. Use the file gateway option in AWS Storage Gateway to replace the existing Windows file server, and point the existing file share to the new file gateway
B. Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon FSx
C. Use AWS Data Pipeline to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
D. Use AWS DataSync to schedule a daily task to replicate data between the on-premises Windows file server and Amazon Elastic File System (Amazon EFS)
View answer
Correct Answer: A
Question #16
1. A solutions architect is designing a disaster recovery strategy for a three-tier application. The application has an RTO of 30 minutes and an RPO of 5 minutes for the data tier. The application and web tiers are stateless and leverage a fleet of Amazon EC2 instances. The data tier consists of a 50 TB Amazon Aurora database. Which combination of steps satisfies the RTO and RPO requirements while optimizing costs? (Choose two.)
A. Create daily snapshots of the EC2 instances and replicate the snapshots to another Region
B. Deploy a hot standby of the application to another Region
C. Create snapshots of the Aurora database every 5 minutes
D. Create a cross-Region Aurora Replica of the database
E. Create an AWS Backup job to replicate data to another Region
View answer
Correct Answer: AD
Question #17
7. A financial services provider recently migrated to AWS Cloud as it needed high-powered computing to run financial simulations to value and manage insurance retirement products by leveraging its financial simulation platform to reduce simulation time by leveraging GPU optimized instances. The DevOps team at the company has provisioned a new GPU optimized EC2 instance x by choosing all default options in the AWS management console. The team can ping instance x from other instances in the VPC. The other ins
A. Instance x is in the default security group
B. Instance x is in the default security group
C. Instance x is in the default security group
D. Instance x is in the default security group
View answer
Correct Answer: D
Question #18
A company is currently in the design phase of an application that will need an RPO of less than 5 minutes and an RTO of less than 10 minutes. The solutions architecture team is forecasting that the database will store approximately 10 TB of data. As part of the design, they are looking for a database solution that will provide the company with the ability to fail over to a secondary Region. Which solution will meet these business requirements at the LOWEST cost?
A. Modify the statement to specify “Effect”: “Deny”, “Action”:[“Update:*”] for all logical RDS resources
B. Modify the statement to specify “Effect”: “Deny”, “Action”:[“Update:Delete”] for all logical RDS resources
C. Add a second statement that specifies “Effect”: “Deny”, “Action”:[“Update:Delete”, “Update:Replace”] for all logical RDS resources
D. Add a second statement that specifies “Effect”: “Deny”, “Action”:[“Update:*”] for all logical RDS resources
View answer
Correct Answer: B
Question #19
19. An AWS customer has a web application that runs on premises. The web application fetches data from a third-party API that is behind a firewall. The third party accepts only one public CIDR block in each client’s allow list. The customer wants to migrate their web application to the AWS Cloud. The application will be hosted on a set of Amazon EC2 instances behind an Application Load Balancer (ALB) in a VPC. The ALB is located in public subnets. The EC2 instances are located in private subnets. NAT gatewa
A. Associate a block of customer-owned public IP addresses to the VPC
B. Register a block of customer-owned public IP addresses in the AWS account
C. Create Elastic IP addresses from the block of customer-owned IP addresses
D. Register a block of customer-owned public IP addresses in the AWS account
View answer
Correct Answer: B
Question #20
70. A US-based retailer wants to ensure website availability as the company’s traditional infrastructure hasn’t been easy to scale. By moving its e-commerce platform to AWS, the company. which sees 880,000 unique visitors/day, can scale with demand and has improved availability. Last year, the company handled record Black Friday orders of nearly 10,000 orders/hour. The engineering team at the company now wants to finetune the disaster recovery strategy for its database tier. To kick-off the engagement, as a
A. Recovery time objective (RTO), expressed in hours, represents how much data you could lose when a disaster happens
B. You can share automated Amazon RDS snapshots with up to 20 AWS accounts
C. Automated backups are limited to a single AWS Region while manual snapshots and Read Replicas are supported across multiple Regions
D. Recovery time objective (RTO) represents the number of hours it takes, to return the Amazon RDS database to a working state after a disaster
E. Similar to an Amazon RDS Multi-AZ configuration, failover to a Read Replica is an automated process that requires no manual intervention after initial configurations
F. Database snapshots are user-initiated backups of your complete DB instance that serve as full backups
View answer
Correct Answer: CDF
Question #21
7. A company is using Amazon Aurora MySQL for a customer relationship management (CRM) application. The application requires frequent maintenance on the database and the Amazon EC2 instances on which the application runs. For AWS Management Console access, the system administrators authenticate against AWS Identity and Access Management (IAM) using an internal identity provider. For database access, each system administrator has a user name and password that have previously been configured within the databa
A. Create a new AWS Systems Manager Parameter Store entry for each database password
B. Create a new AWS Secrets Manager entry for each database password
C. Enable IAM database authentication on the database
D. Enable IAM database authentication on the database
View answer
Correct Answer: C
Question #22
2. A company has a primary Amazon S3 bucket that receives thousands of objects every day. The company needs to replicate these objects into several other S3 buckets from various AWS accounts. A solutions architect is designing a new AWS Lambda function that is triggered when an object is created in the main bucket and replicates the object into the target buckets. The objects do not need to be replicated in real time. There is concern that this function may impact other critical Lambda functions due to Lamb
A. Set the new Lambda function reserved concurrency limit to ensure the executions do not impact other critical Lambda functions
B. Increase the execution timeout of the new Lambda function to 5 minutes
C. Configure S3 event notifications to add events to an Amazon SQS queue in a separate account
D. Ensure the new Lambda function implements an exponential backoff algorithm
View answer
Correct Answer: A
Question #23
71. A global healthcare company wants to develop a solution called Health Information Systems (HIS) on AWS Cloud that would allow the providers, payers, and government agencies to collaborate, anticipate and navigate the changing healthcare landscape. While pursuing this endeavor, the company would like to decrease its IT operational overhead so it could focus more intently on its core business healthcare analytics. The solution should help the company eliminate the bottleneck created by manual provisioning
A. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can’t perform that action
B. SCPs do not affect service-linked role
C. If a user or role has an IAM permission policy that grants access to an action that is either not allowed or explicitly denied by the applicable SCPs, the user or role can still perform that action
D. SCPs affect all users and roles in attached accounts, including the root user
E. SCPs affect service-linked roles
F. SCPs affect all users and roles in attached accounts, excluding the root user
View answer
Correct Answer: ABD
Question #24
13. A company is designing a data processing platform to process a large number of files in an Amazon S3 bucket and store the results in Amazon DynamoDB. These files will be processed once and must be retained for 1 year. The company wants to ensure that the original files and resulting data are highly available in multiple AWS Regions. Which solution will meet these requirements?
A. Create an S3 CreateObject event notification to copy the file to Amazon Elastic Block Store (Amazon EBS)
B. Create an S3 CreateObject event notification to copy the file to Amazon Elastic File System (Amazon EFS)
C. Copy the files to an S3 bucket in another Region by using cross-Region replication
D. Copy the files to an S3 bucket in another Region by using cross-Region replication
View answer
Correct Answer: D
Question #25
18. A company recently completed a large-scale migration to AWS. Development teams that support various business units have their own accounts in AWS Organizations. A central cloud team is responsible for controlling which services and resources can be accessed, and for creating operational strategies for all teams within the company. Some teams are approaching their account service quotas. The cloud team needs to create an automated and operationally efficient solution to proactively monitor service quotas
A. Create a scheduled AWS Config rule to trigger an AWS Lambda function to call the GetServiceQuota API
B. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an AWS Lambda function to refresh the AWS Trusted Advisor service limits checks and retrieve the most current utilization and service limit data
C. Create an Amazon CloudWatch alarm that triggers an AWS Lambda function to call the Amazon CloudWatch GetInsightRuleReport API to retrieve the most current utilization and service limit data
D. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that triggers an AWS Lambda function to refresh the AWS Trusted Advisor service limits checks and retrieve the most current utilization and service limit data
View answer
Correct Answer: B
Question #26
A solutions architect needs to define a reference architecture for a solution for three-tier applications with web, application, and NoSQL data layers. The reference architecture must meet the following requirements: – High availability within an AWS Region. – Able to fail over in 1 minute to another AWS Region for disaster recovery. – Provide the most efficient solution while minimizing the impact on the user experience. Which combination of steps will meet these requirements? (Choose three.)
A. Use an Amazon Route 53 weighted routing policy set to 100/0 across the two selected Regions
B. Use an Amazon Route 53 failover routing policy for failover from the primary Region to the disaster recovery Region
C. Use a global table within Amazon DynamoDB so data can be accessed in the two selected Regions
D. Back up data from an Amazon DynamoDB table in the primary Region every 60 minutes and then write the data to Amazon S3
E. Implement a hot standby model using Auto Scaling groups for the web and application layers across multiple Availability Zones in the Regions
View answer
Correct Answer: ADE
Question #27
A social media company has its corporate headquarters in New York with an on-premises data center using an AWS Direct Connect connection to the AWS VPC. The branch offices in San Francisco and Miami use Site-to-Site VPN connections to connect to the AWS VPC. The company is looking for a solution to have the branch offices send and receive data with each other as well as with their corporate headquarters. As a Solutions Architect Professional, which of the following solutions would you recommend to meet
A. Set up VPC Peering between branch offices and corporate headquarters which will enable branch offices to send and receive data with each other as well as with their corporate headquarters
B. Set up VPC CloudHub between branch offices and corporate headquarters which will enable branch offices to send and receive data with each other as well as with their corporate headquarters
C. Configure VPC Endpoints between branch offices and corporate headquarters which will enable branch offices to send and receive data with each other as well as with their corporate headquarters
D. Configure Public Virtual Interfaces (VIFs) between branch offices and corporate headquarters which will enable branch offices to send and receive data with each other as well as with their corporate headquarters
View answer
Correct Answer: B
Question #28
A company is planning a large event where a promotional offer will be introduced. The company’s website is hosted on AWS and backed by an Amazon RDS for PostgreSQL DB instance. The website explains the promotion and includes a sign-up page that collects user information and preferences. Management expects large and unpredictable volumes of traffic periodically, which will create many database writes. A solutions architect needs to build a solution that does not change the underlying data model and ensure
A. Immediately before the event, scale up the existing DB instance to meet the anticipated demand
B. Use Amazon SQS to decouple the application and database layers
C. Migrate to Amazon DynamoDB and manage throughput capacity with automatic scaling
D. Use Amazon ElastiCache for Memcached to increase write capacity to the DB instance
View answer
Correct Answer: D
Question #29
An e-commerce company is planning to migrate its IT infrastructure from the on-premises data center to AWS Cloud to ramp up its capabilities well in time for the upcoming Holiday Sale season. The company’s CTO has hired you as an AWS Certified Solutions Architect Professional to design a distributed, highly available and loosely coupled order processing application. The application is responsible for receiving and processing orders before storing them in a DynamoDB table. The application has seen sporad
A. Ingest the orders in an SQS queue and trigger a Lambda function to process them
B. Ingest the orders via a Step Function state machine and trigger an ECS container to process them
C. Push the orders to Kinesis Data Streams and use Amazon EC2 instances to process them
D. Push the orders to an SNS topic and subscribe a Lambda function to process them
View answer
Correct Answer: A
Question #30
A company runs an application on a fleet of Amazon EC2 instances. The application requires low latency and random access to 100 GB of data. The application must be able to access the data at up to 3.000 IOPS. A Development team has configured the EC2 launch template to provision a 100-GB Provisioned IOPS (PIOPS) Amazon EBS volume with 3 000 IOPS provisioned. A Solutions Architect is tasked with lowering costs without impacting performance and durability. Which action should be taken?
A. Create an Amazon EFS file system with the performance mode set to Max I/O
B. Create an Amazon EFS file system with the throughput mode set to Provisioned
C. Update the EC2 launch template to allocate a new 1-TB EBS General Purpose SSO (gp2) volume
View answer
Correct Answer: A
Question #31
A company built an ecommerce website on AWS using a three-tier web architecture. The application is Java-based and composed of an Amazon CloudFront distribution, an Apache web server layer of Amazon EC2 instances in an Auto Scaling group, and a backend Amazon Aurora MySQL database. Last month, during a promotional sales event, users reported errors and timeouts while adding items to their shopping carts. The operations team recovered the logs created by the web servers and reviewed Aurora DB cluster performance metrics. Some of the web servers were terminated before logs could be collected and the Aurora metrics were not sufficient for query performance analysis. Which combination of steps must the solutions architect take to improve application performance visibility during peak traffic events? (Choose three.)
A. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in one AWS Region and three Availability Zones
B. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in two AWS Regions and two Availability Zones in each Region
C. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in one AWS Region and three Availability Zones
D. Use an Application Load Balancer (ALB) in front of an Auto Scaling group of WordPress Amazon EC2 instances in two AWS Regions and three Availability Zones in each Region
View answer
Correct Answer: BCE
Question #32
48. A multi-national retail company wants to modernize its applications and minimize its data center infrastructure. The company wants to explore a hybrid cloud environment with AWS so that it can start leveraging AWS services for some of its data analytics workflows. The engineering team at the retail company wants to establish a dedicated, encrypted, low latency. and high throughput connection between its data center and AWS Cloud. The engineering team has set aside sufficient time to account for the oper
A. Use AWS Direct Connect to establish a connection between the data center and AWS Cloud
B. Use site-to-site VPN to establish a connection between the data center and AWS Cloud
C. Use AWS Direct Connect along with a site-to-site VPN to establish a connection between the data center and AWS Cloud
D. Use VPC transit gateway to establish a connection between the data center and AWS Cloud
View answer
Correct Answer: C
Question #33
69. A big data analytics company is leveraging AWS Cloud to process Internet of Things (loT) sensor data from the field devices of an agricultural sciences company. The analytics company stores the loT sensor data in Amazon DynamoDB tables. To detect anomalous behaviors and respond quickly. all changes to the items stored in the DynamoDB tables must be logged in near real-time. As an AWS Certified Solutions Architect Professional, which of the following solutions would you recommend to meet the requirements
A. Set up DynamoDB Streams to capture and send updates to a Lambda function that outputs records to Kinesis Data Analytics
B. Configure event patterns in CloudWatch Events to capture DynamoDB API call events and set up Lambda function as a target to analyze anomalous behavior
C. Set up Cloud Trail to capture all API calls that update the DynamoDB tables
D. Set up DynamoDB Streams to capture and send updates to a Lambda function that outputs records directly to Kinesis Data Analytics (KDA)
View answer
Correct Answer: A
Question #34
58. The engineering team at a retail company has deployed a fleet of EC2 instances under an Auto Scaling group (ASG). The instances under the ASG span two Availability Zones (AZ) within the eu-west-1 region. All the incoming requests are handled by an Application Load Balancer (ALB) that routes the requests to the EC2 instances under the ASG. A planned migration went wrong last week when two instances (belonging to AZ 1) were manually terminated and desired capacity was reduced causing the Availability Zones to become unbalanced. Later that day. another instance (belonging to AZ 2) was detected as unhealthy by the Application Load Balancer’s health check. Which of the following options represent the correct outcomes for the aforesaid events? (Select two)
A. Amazon EC2 Auto Scaling creates a new scaling activity for terminating the unhealthy instance and then terminates it
B. As the Availability Zones got unbalanced Amazon EC2 Auto Scaling will compensate by rebalancing the Availability Zones
C. As the Availability Zones got unbalanced Amazon EC2 Auto Scaling will compensate by rebalancing the Availability Zones When rebalancing Amazon EC2 Auto Scaling launches new instances before terminating the old ones, so that rebalancing does not compromise the performance or availability of your application
D. Amazon EC2 Auto Scaling creates a new scaling activity for launching a new instance to replace the unhealthy instance
E. Amazon EC2 Auto Scaling creates a new scaling activity to terminate the unhealthy instance and launch the new instance simultaneously
View answer
Correct Answer: AC
Question #35
52. A leading community marketplace company allows property owners and travelers to connect with each other for the purpose of renting unique vacation spaces around the world. The engineering team at the company uses Amazon MySQL RDS DB cluster because it simplifies much of the time-consuming administrative tasks typically associated with databases. The team uses Multi-Availability Zone (Multi-AZ) deployment to further automate its database replication and augment data durability. The current cluster config
A. Multi-AZ follows synchronous replication and spans at least two Availability Zones within a single region
B. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region
C. Multi-AZ follows asynchronous replication and spans at least two Availability Zones within a single region
D. Multi-AZ follows asynchronous replication and spans one Availability Zone within a single region
View answer
Correct Answer: A
Question #36
59. An online florist and gift retailer serves customers in the US as well as Europe. The company recently decided to go all-in on AWS and use the platform to host its website, order and stock management systems and fulfillment applications. The company wants to migrate its on-premises Oracle database to Aurora MySQL. The company has hired an AWS Certified Solutions Architect Professional to carry out the migration with minimal downtime using AWS DMS. The company has mandated that the migration must have mi
A. Use the table metrics of the DMS task to verify the statistics for tables being migrated including the DDL statements completed
B. Use AWS Schema Conversion Tool for the migration task so it can compare the source and target data and report any mismatches
C. Configure DMS premigration assessment on the migration task so the assessment can compare the source and target data and report any mismatches
D. Configure DMS data validation on the migration task so it can compare the source and target data for the DMS task and report any mismatches
View answer
Correct Answer: D
Question #37
12. A financial company needs to create a separate AWS account for a new digital wallet application. The company uses AWS Organizations to manage its accounts. A solutions architect uses the IAM user Support1 from the master account to create a new member account with finance1@example.com as the email address. What should the solutions architect do to create IAM users in the new member account?
A. Sign in to the AWS Management Console with AWS account root user credentials by using the 64- character password from the initial AWS Organizations email sent to finance1@example
B. From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account
C. Go to the AWS Management Console sign-in page
D. Go to the AWS Management Console sign-in page
View answer
Correct Answer: B
Question #38
57. An e-commerce company runs a data archival workflow once a month for its on- premises data center which is connected to the AWS Cloud over a minimally used 10-Gbps Direct Connect connection using a private virtual interface to its virtual private cloud (VPC). The company internet connection is 200 Mbps, and the usual archive size is around 140 TB that is created on the first Friday of a month. The archive must be transferred and available in Amazon S3 by the next Monday morning. As a Solutions Architect
A. Order multiple AWS Snowball Edge appliances, transfer the data in parallel to these appliances and ship them to AWS which will then copy the data from the Snowball Edge appliances to S3
B. Configure a private virtual interface on the 10-Gbps Direct Connect connection and then copy the data securely to S3 over the connection
C. Configure a public virtual interface on the 10-Gbps Direct Connect connection and then copy the data to S3 over the connection
D. Configure a VPC endpoint for S3 and then leverage the Direct Connect connection for data transfer with VPC endpoint as the target
View answer
Correct Answer: C
Question #39
3. A company has a Microsoft SQL Server database in its data center and plans to migrate data to Amazon Aurora MySQL. The company has already used the AWS Schema Conversion Tool to migrate triggers, stored procedures and other schema objects to Aurora MySQL. The database contains 1 TB of data and grows less than 1 MB per day. The company’s data center is connected to AWS through a dedicated 1Gbps AWS Direct Connect connection. The company would like to migrate data to Aurora MySQL and perform reconfiguratio
A. Shut down applications over the weekend
B. Create an AWS DMS replication instance and task to migrate existing data and ongoing replication from SQL Server to Aurora MySQL
C. Create a database snapshot of SQL Server on Amazon S3
D. Create a SQL Server native backup file on Amazon S3
View answer
Correct Answer: D
Question #40
15. A company is building a sensor data collection pipeline in which thousands of sensors write data to an Amazon Simple Queue Service (Amazon SQS) queue every minute. The queue is processed by an AWS Lambda function that extracts a standard set of metrics from the sensor data. The company wants to send the data to Amazon CloudWatch. The solution should allow for viewing individual and aggregate sensor metrics and interactively querying the sensor log data using CloudWatch Logs Insights. What is the MOST co
A. Write the processed data to CloudWatch Logs in the CloudWatch embedded metric format
B. Write the processed data to CloudWatch Logs
C. Write the processed data to CloudWatch Logs in a structured format
D. Configure the CloudWatch Logs agent for AWS Lambda
View answer
Correct Answer: A
Question #41
6. A company’s service for video game recommendations has just gone viral. The company has new users from all over the world. The website for the service is hosted on a set of Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer (ALB). The website consists of static content with different resources being loaded depending on the device type. Users recently reported that the load time for the website has increased. Administrators are reporting high loads on the EC2 instances that
A. Create separate Auto Scaling groups based on device types
B. Move content to Amazon S3
C. Create a separate ALB for each device type
D. Move content to Amazon S3
View answer
Correct Answer: A
Question #42
16. A car rental company has built a serverless REST API to provide data to its mobile app. The app consists of an Amazon API Gateway API with a Regional endpoint, AWS Lambda functions, and an Amazon Aurora MySQL Serverless DB cluster. The company recently opened the API to mobile apps of partners. A significant increase in the number of requests resulted, causing sporadic database memory errors. Analysis of the API traffic indicates that clients are making multiple HTTP GET requests for the same queries in
A. Convert the API Gateway Regional endpoint to an edge-optimized endpoint
B. Implement an Amazon ElastiCache for Redis cache to store the results of the database calls
C. Modify the Aurora Serverless DB cluster configuration to increase the maximum amount of available memory
D. Enable throttling in the API Gateway production stage
View answer
Correct Answer: B
Question #43
16. A company is storing data on premises on a Windows file server. The company produces 5 GB of new data daily. The company migrated part of its Windows-based workload to AWS and needs the data to be available on a file system in the cloud. The company already has established an AWS Direct Connect connection between the on-premises network and AWS. Which data migration strategy should the company use?
A. Update the Auto Scaling group to use the AZ2 subnet only
B. Terminate the EC2 instances in the AZ1 subnet
C. Create a new VPC with the same IPv4 address space and define three subnets, with one for each AZ
D. Update the Auto Scaling group to use the AZ2 subnet only
View answer
Correct Answer: B
Question #44
64. A silicon valley based unicorn startup recently launched a video-sharing social networking service called KitKot. The startup uses AWS Cloud to manage the IT infrastructure. Users upload video files up to 1 GB in size to a single EC2 instance based application server which stores them on a shared EFS file system. Another set of EC2 instances managed via an Auto Scaling group. periodically scans the EFS share directory for new files to process and generate new videos (for thumbnails and composite visual
A. Create an hourly cron job on the application server to synchronize the contents of the EFS share with S3
B. Refactor the application to run from Amazon 53 instead of the EFS file system and upload the video files directly to an S3 bucket via an API Gateway based REST APL Configure an S3 trigger to invoke a Lambda function each time a file is uploaded and the Lambda in turn processes the video and stores the processed files in another bucket
C. Refactor the application to run from S3 instead of EFS and upload the video files directly to an S3 bucket
D. Refactor the application to run from S3 instead of EFS and upload the video files directly to an S3 bucket
View answer
Correct Answer: C
Question #45
14. A company is running an Apache Hadoop cluster on Amazon EC2 instances. The Hadoop cluster stores approximately 100 TB of data for weekly operational reports and allows occasional access for data scientists to retrieve data. The company needs to reduce the cost and operational complexity for storing and serving this data. Which solution meets these requirements in the MOST cost-effective manner?
A. Move the Hadoop cluster from EC2 instances to Amazon EMR
B. Write a script that resizes the EC2 instances to a smaller instance type during downtime and resizes the instances to a larger instance type before the reports are created
C. Move the data to Amazon S3 and use Amazon Athena to query the data for reports
D. Migrate the data to Amazon DynamoDB and modify the reports to fetch data from DynamoDB
View answer
Correct Answer: A
Question #46
73. A digital media company wants to use AWS Cloudfront to manage its content. Firstly. it would like to allow only those new users who have paid the annual subscription fee the ability to download the application installation file. Secondly. only the subscribers should be able to view the files in the members area. As a Solutions Architect Professional, which of the following would you recommend as the MOST optimal solutions to deliver restricted content to the bona fide end users? (Select two)
A. Use CloudFront signed URLs to restrict access to the application installation file
B. Use CloudFront signed cookies to restrict access to all the files in the members’ area of the website
C. Use CloudFront signed cookies to restrict access to the application installation file
D. Require HTTPS for communication between CloudFront and your 53 origin
E. Use CloudFront signed URLs to restrict access to all the files in the members area of the website
View answer
Correct Answer: AB
Question #47
63. An international integrated property management company wants to improve employee communication and productivity by using SharePoint to deploy a content and collaboration platform with document and records management functionality. The company wants to establish an AWS Direct Connect link to connect the AWS Cloud with the internal corporate network using AWS Storage Gateway. Using AWS Direct Connect would enable the company to deliver on its performance benchmark requirements including a three second or
A. Create an inbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint
B. Create an outbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint
C. Create a universal endpoint on Route 53 Resolver and then Route 53 Resolver can receive and forward queries to resolvers on the on-premises network via this endpoint
D. Create an inbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint
E. Create an outbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint
View answer
Correct Answer: DE
Question #48
4. A security engineer determined that an existing application retrieves credentials to an Amazon RDS for MySQL database from an encrypted file in Amazon S3. For the next version of the application, the security engineer wants to implement the following application design changes to improve security: – The database must use strong, randomly generated passwords stored in a secure AWS managed service. – The application resources must be deployed through AWS CloudFormation. – The application must rotate credentials for the database every 90 days. A solutions architect will generate a CloudFormation template to deploy the application. Which resources specified in the CloudFormation template will meet the security engineer’s requirements with the LEAST amount of operational overhead?
A. Generate the database password as a secret resource using AWS Secrets Manager
B. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
C. Generate the database password as a secret resource using AWS Secrets Manager
D. Generate the database password as a SecureString parameter type using AWS Systems Manager Parameter Store
View answer
Correct Answer: C
Question #49
9. An e-commerce company wants to test its blue-green deployment on the customer base in the next couple of days. Most of the customers use mobile phones which are prone to DNS caching. The company has only two days left before the big sale will be launched. As a Solutions Architect Professional, which of the following methods would you suggest to test the deployment on as many users as possible in the given time frame?
A. Use Elastic Load Balancer to distribute traffic across deployments
B. Use Route 53 weighted routing to spread traffic across different deployments
C. Use AWS CodeDeploy deployment options to choose the right deployment
D. Use AWS Global Accelerator to distribute a portion of traffic to a particular deployment
View answer
Correct Answer: D
Question #50
20. A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts. A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks. Trusted access has been enabled in Organizations. What should the sol
A. Create a stack set in the Organizations member accounts
B. Create stacks in the Organizations member accounts
C. Create a stack set in the Organizations master account
D. Create stacks in the Organizations master account
View answer
Correct Answer: C
Question #51
5. A company recently transformed its legacy infrastructure provisioning scripts to AWS CloudFormation templates. The newly developed templates are hosted in the company’s private GitHub repository. Since adopting CloudFormation, the company has encountered several issues with updates to the CloudFormation templates, causing execution or creating an environment. Management is concerned by the increase in errors and has asked a Solutions Architect to design the automated testing of CloudFormation template up
A. Use AWS CodePipeline to create a change set from the CloudFormation templates stored in the private GitHub repository
B. Mirror the GitHub repository to AWS CodeCommit using AWS Lambda
C. Use AWS CodePipeline to create and execute a change set from the CloudFormation templates stored in the GitHub repository
D. Mirror the GitHub repository to AWS CodeCommit using AWS Lambda
View answer
Correct Answer: B
Question #52
54. A leading medical imaging equipment and diagnostic imaging solutions provider uses AWS Cloud to run its healthcare data flows through more than 500,000 medical imaging devices globally. The solutions provider stores close to one petabyte of medical imaging data on Amazon S3 to provide the durability and reliability needed for their critical data. A research assistant working with the radiology department is trying to upload a high-resolution image into 53 via the public internet. The image size is appro
A. The research assistant does not need to pay any transfer charges for the image upload
B. The research assistant only needs to pay S3 transfer charges for the image upload
C. The research assistant only needs to pay S3TA transfer charges for the image upload
D. The research assistant needs to pay both S3 transfer charges and S3TA transfer charges for the image upload
View answer
Correct Answer: A
Question #53
5. A company has a three-tier application running on AWS with a web server, an application server, and an Amazon RDS MySQL DB instance. A solutions architect is designing a disaster recovery (DR) solution with an RPO of 5 minutes. Which solution will meet the company’s requirements?
A. Configure AWS Backup to perform cross-Region backups of all servers every 5 minutes
B. Maintain another running copy of the web and application server stack in the DR Region using AWS CloudFormation drift detection
C. Use Amazon EC2 Image Builder to create and copy AMIs of the web and application server to both the primary and DR Regions
D. Create AMIs of the web and application servers in the DR Region
View answer
Correct Answer: C
Question #54
3. A company has five physical data centers in specific locations around the world. Each data center has hundreds of physical servers with a mix of Windows and Linux-based applications and database services. Each data center also has an AWS Direct Connect connection of 10 Gbps to AWS with a company-approved VPN solution to ensure that data transfer is secure. The company needs to shut down the existing data centers as quickly as possible and migrate the servers and applications to AWS. Which solution meets
A. Install the AWS Server Migration Service (AWS SMS) connector onto each physical machine
B. Install the AWS DataSync agent onto each physical machine
C. Install the CloudEndure Migration agent onto each physical machine
D. Install the AWS Application Discovery Service agent onto each physical machine
View answer
Correct Answer: A
Question #55
8. A digital marketing company uses S3 to store artifacts that may only be accessible to an EC2 instance x in a given VPC. The security team at the company is apprehensive about an attack vector wherein any team member with access to this instance could also set up an EC2 instance in another VPC to access these artifacts. As an AWS Certified Solutions Architect Professional, which of the following solutions will you recommend to prevent such unauthorized access to the artifacts in S3?
A. Configure an S3 VPC endpoint and create an S3 bucket policy to allow access only from this VPC endpoint
B. Set up a highly restricted Security Group for the EC2 instance X and create an S3 bucket policy to allow access only from this Security Group
C. Set up an IAM role that allows access to the artifacts in S3 and create an S3 bucket policy to allow access only from this role attached to the instance profile
D. Attach an Elastic IP to the EC2 instance X and create an S3 bucket policy to allow access only from this Elastic IP
View answer
Correct Answer: A
Question #56
65. A leading mobility company wants to use AWS for its connected cab application that would collect sensor data from its electric cab fleet to give drivers dynamically updated map information. The company would like to build its new sensor service by leveraging fully serverless components that are provisioned and managed automatically by AWS. The development team at the company does not want an option that requires the capacity to be manually provisioned, as it does not want to respond manually to changing
A. Ingest the sensor data in an Amazon SQS standard queue, which is polled by an application running on an EC2 instance and the data is written into an auto-scaled DynamoDB table for downstream processing
B. Ingest the sensor data in a Kinesis Data Stream, which is polled by a Lambda function in batches and the data is written into an auto-scaled DynamoDB table for downstream processing
C. Ingest the sensor data in an Amazon SQS standard queue, which is polled by a Lambda function in batches and the data is written into an auto-scaled DynamoDB table for downstream processing
D. Ingest the sensor data in a Kinesis Data Stream, which is polled by an application running on an EC2 instance and the data is written into an auto-scaled DynamoDB table for downstream processing
View answer
Correct Answer: C
Question #57
8. A company’s AWS architecture currently uses access keys and secret access keys stored on each instance to access AWS services. Database credentials are hard-coded on each instance. SSH keys for command-line remote access are stored in a secured Amazon S3 bucket. The company has asked its solutions architect to improve the security posture of the architecture without adding operational complexity. Which combination of steps should the solutions architect take to accomplish this? (Choose three.)
A. Use Amazon EC2 instance profiles with an IAM role
B. Use AWS Secrets Manager to store access keys and secret access keys
C. Use AWS Systems Manager Parameter Store to store database credentials
D. Use a secure fleet of Amazon EC2 bastion hosts for remote access
E. Use AWS KMS to store database credentials F
View answer
Correct Answer: ABD
Question #58
50. A leading gaming company runs multiple game platforms that need to store game state, player data, session history. and leaderboards. The company is looking to move to AWS Cloud to scale reliably to millions of concurrent users and requests while ensuring consistently low latency measured in single-digit milliseconds. The engineering team at the company is evaluating multiple in-memory data stores with the ability to power its on-demand, live leaderboard. The company’s leaderboard requires high availabil
A. Develop the leaderboard using RDS Aurora as it meets the in-memory
B. Develop the leaderboard using DynamoDB with DynamoDB Accelerator (DAX) as it meets the in-memory
C. Develop the leaderboard using ElastiCache Redis as it meets the in-memory, high availability, low latency requirements
D. Develop the leaderboard using AWS Neptune as it meets the in-memory, high availability, low latency requirements
E. Develop the leaderboard using DynamoDB as it meets the in-memory, high availability, low latency requirements
View answer
Correct Answer: BC
Question #59
62. An IT company wants to move all its clients belonging to the regulated and security- sensitive industries such as financial services and healthcare to the AWS Cloud as it wants to leverage the out-of-box security-specific capabilities offered by AWS. The Security team at the company is developing a framework to validate the adoption of AWS best practices and industry-recognized compliance standards. The AWS Management Console is the preferred method for the in-house teams wanting to provision resources.
A. Leverage CloudWatch Events near-real-time capabilities to monitor system events patterns to trigger Lambda functions to automatically revert non-authorized changes in AWS resources
B. Leverage CloudTrail integration with SNS to automatically notify unauthorized API activities
C. Leverage CloudWatch Logs agent to collect all the AWS SDK logs
D. Leverage Config rules to audit changes to AWS resources and monitor the compliance of the configuration by running the evaluations for the rule at a frequency that you choose
E. Enable trails and set up CloudTrail events to review and monitor management activities of all AWS accounts via logging into CloudWatch Logs using a KMS key
View answer
Correct Answer: DE
Question #60
1. A company has an on-premises monitoring solution using a PostgreSQL database for persistence of events. The database is unable to scale due to heavy ingestion and it frequently runs out of storage. The company wants to create a hybrid solution and has already set up a VPN connection between its network and AWS. The solution should include the following attributes: – Managed AWS services to minimize operational complexity. – A buffer that automatically scales to match the throughput of data and requires no ongoing administration. – A visualization tool to create dashboards to observe events in near-real time. Support for semi-structured JSON data and dynamic schemas. Which combination of components will enable the company to create a monitoring solution that will satisfy these requirements? (Choose two.)
A. Use Amazon Kinesis Data Firehose to buffer events
B. Create an Amazon Kinesis data stream to buffer events
C. Configure an Amazon Aurora PostgreSQL DB cluster to receive events
D. Configure Amazon Elasticsearch Service (Amazon ES) to receive events
E. Configure an Amazon Neptune DB instance to receive events
View answer
Correct Answer: BC
Question #61
72. A leading car information and shopping platform helps more than 20 million web and mobile users each month browse automobile dealer inventory. read vehicle reviews, and consume other automobile-related content by leveraging its library of 50 million vehicle photos uploaded by auto dealers. The company is planning a key update with even better image quality and faster load times on the company’s website as well as mobile apps but the existing image-handling solution based on Cloudera MapReduce clusters i
A. Since Lambda functions can scale extremely quickly, it’s a good idea to deploy a CloudWatch Alarm that notifies your team when function metrics such as ConcurrentExecutions or Invocations exceeds the expected threshold
B. Lambda allocates compute power in proportion to the memory you allocate to your function
C. The bigger your deployment package, the slower your Lambda function will cold-start
D. If you intend to reuse code in more than one Lambda function, you should consider creating a Lambda Layer for the reusable code
E. Serverless architecture and containers complement each other and you should leverage Docker containers within the Lambda functions
F. By default Lambda functions always operate from an AWS-owned VPC and hence have access to any public internet address or public AWS APIs
View answer
Correct Answer: ADF
Question #62
6. A company wants to migrate its corporate data center from on premises to the AWS Cloud. The data center includes physical servers and VMs that use VMware and Hyper-V. An administrator needs to select the correct services to collect data for the initial migration discovery process. The data format should be supported by AWS Migration Hub. The company also needs the ability to generate reports from the data. Which solution meets these requirements?
A. Use the AWS Agentless Discovery Connector for data collection on physical servers and all VMs
B. Use the AWS Application Discovery Service agent for data collection on physical servers and all VMs
C. Use the AWS Application Discovery Service agent for data collection on physical servers and Hyper-V
D. Use the AWS Systems Manager agent for data collection on physical servers
View answer
Correct Answer: C
Question #63
8. A mobile app has become very popular, and usage has gone from a few hundred to millions of users. Users capture and upload images of activities within a city, and provide ratings and recommendations. Data access patterns are unpredictable. The current application is hosted on Amazon EC2 instances behind an Application Load Balancer (ALB). The application is experiencing slowdowns and costs are growing rapidly. Which changes should a solutions architect make to the application architecture to control cost
A. Create an Amazon CloudFront distribution and place the ALB behind the distribution
B. Store static content in an Amazon S3 bucket using the Intelligent Tiering storage class
C. Place AWS Global Accelerator in front of the ALB
D. Move the application code to AWS Fargate containers and swap out the EC2 instances with the Fargate containers
View answer
Correct Answer: B
Question #64
68. A blog hosting company has an existing SaaS product architected as an on-premises three-tier web application. The blog content is posted and updated several times a day by multiple authors, so the Linux web servers serve content from a centralized file share on a NAS server. The CTO at the company has done an extensive technical review and highlighted to the company management that the existing infrastructure is not optimized. The company would like to migrate to AWS so that the resources can be dynamic
A. Attach an EFS file system to the on-premises servers to act as the NAS server
B. Set up an on-premises file gateway using Storage Gateway to replace the NAS server and then replicate the existing content to AWS On the AWS Cloud mount the same Storage Gateway bucket to the EC2 instance based web servers to serve the content
C. Provision a cluster of EC2 instances based web servers running behind an Application Load Balancer on AWS Share an EBS volume among all instances for accessing the content Develop custom code to periodically synchronize this volume with the NAS server
D. Provision EC2 instances based web servers with an Auto Scaling group
View answer
Correct Answer: A
Question #65
67. An e-commerce company has hired an AWS Certified Solutions Architect Professional to design a dual-tier storage layer for its flagship application running on EC2 instances. One of the tiers of this storage layer is a data tier that should support a POSIX file system shared across many systems. The other tier of this storage layer is a service tier that supports static file content that requires block storage with more than 100k IOPS. Which of the following solutions represent the BEST combination of AWS
A. Use EC2 Instance Store as the service tier of the storage layer
B. Use EBS volumes with Provisioned IOPS as the service tier of the storage layer
C. Use Amazon S3 as the data tier of the storage layer
D. Use EC2 Instance Store as the data tier of the storage layer
E. Use EFS as the data tier of the storage layer
View answer
Correct Answer: AE
Question #66
10. A company is configuring connectivity to a multi-account AWS environment to support application workloads that serve users in a single geographic region. The workloads depend on a highly available, on-premises legacy system deployed across two locations. It is critical for the AWS workloads to maintain connectivity to the legacy system, and a minimum of 5 Gbps of bandwidth is required. All application workloads within AWS must have connectivity with one another. Which solution will meet these requiremen
A. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on–premises location
B. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location
C. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from two DX partners for each on-premises location
D. Configure multiple AWS Direct Connect (DX) 10 Gbps dedicated connections from a DX partner for each on-premises location
View answer
Correct Answer: B
Question #67
1. A company plans to migrate to AWS. A solutions architect uses AWS Application Discovery Service over the fleet and discovers that there is an Oracle data warehouse and several PostgreSQL databases. Which combination of migration patterns will reduce licensing costs and operational overhead? (Choose two.)
A. Lift and shift the Oracle data warehouse to Amazon EC2 using AWS DMS
B. Migrate the Oracle data warehouse to Amazon Redshift using AWS SCT and AWS DMS
C. Lift and shift the PostgreSQL databases to Amazon EC2 using AWS DMS
D. Migrate the PostgreSQL databases to Amazon RDS for PostgreSQL using AWS DMS
E. Migrate the Oracle data warehouse to an Amazon EMR managed cluster using AWS DMS
View answer
Correct Answer: DE
Question #68
51. A retail company recently saw a huge spike in its monthly AWS spend. Upon further investigation, it was found that some developers had accidentally launched Amazon RDS instances in unexpected Regions. The company has hired you as an AWS Certified Solutions Architect Professional to establish best practices around least privileges for developers and control access to on-premises as well as AWS Cloud resources using Active Directory. The company has mandated you to institute a mechanism to control costs b
A. Set up an IAM user for each developer and add them to the developer IAM group that has the PowerUserAccess managed policy attached to it
B. Configure SAML-based authentication tied to an IAM role that has the AdministrativeAccess managed policy attached to it
C. Configure SAML-based authentication tied to an IAM role that has the PowerUserAccess managed policy attached to it
D. Configure SAML-based authentication tied to an IAM role that has a PowerUserAccess managed policy and a customer-managed policy that denies all the developers access to any AWS services except AWS Service Catalog
View answer
Correct Answer: C
Question #69
61. A leading telecommunications company has built a portfolio of Software-as-a-Service applications focusing on voice, video, chat, contact center, and enterprise-class API solutions powered by one global cloud communications platform. As part of this strategy. they have developed their multi-cloud storage (MCS) solution on Amazon RDS for MySQL but it’s running into performance issues despite using Read Replicas. The company has hired you as an AWS Certified Solutions Architect Professional to address thes
A. Spin up EC2 instances in each AWS region, install MySQL databases and migrate the existing data into these new databases
B. Use Amazon Aurora Global Database to enable fast local reads with low latency in each region
C. Use Amazon DynamoDB Global Tables to provide fast, local, read and write performance in each region
D. Spin up a Redshift cluster in each AWS region
View answer
Correct Answer: B
Question #70
75. A leading hotel reviews website has a repository of more than one million high-quality digital images. When this massive volume of images became too cumbersome to handle in-house, the company decided to offload the content to a central repository on Amazon S3 as part of its hybrid cloud strategy. The company now wants to reprocess its entire collection of photographic images to change the watermarks. The company wants to use Amazon EC2 instances and Amazon SQS in an integrated workflow to generate the s
A. Use message timers to postpone the delivery of certain messages to the queue by one minute
B. Use delay queues to postpone the delivery of certain messages to the queue by one minute
C. Use visibility timeout to postpone the delivery of certain messages to the queue by one minute
D. Use dead-letter queues to postpone the delivery of certain messages to the queue by one minute
View answer
Correct Answer: A
Question #71
20. A company provides a centralized Amazon EC2 application hosted in a single shared VPC. The centralized application must be accessible from client applications running in the VPCs of other business units. The centralized application front end is configured with a Network Load Balancer (NLB) for scalability. Up to 10 business unit VPCs will need to be connected to the shared VPC. Some of the business unit VPC CIDR blocks overlap with the shared VPC, and some overlap with each other. Network connectivity to the centralized application in the shared VPC should be allowed from authorized business unit VPCs only. Which network configuration should a solutions architect use to provide connectivity from the client applications in the business unit VPCs to the centralized application in the shared VPC?
A. Create a public certificate for the required domain in AWS Certificate Manager and deploy it to CloudFront, an Application Load Balancer, and Amazon EC2 instances
B. Acquire a public certificate from a third-party vendor and deploy it to CloudFront, an Application Load Balancer, and Amazon EC2 instances
C. Provision Amazon EBS encrypted volumes using AWS KMS and ensure explicit encryption of data when writing to Amazon EBS
D. Provision Amazon EBS encrypted volumes using AWS KMS
E. Use SSL or encrypt data while communicating with the external system using a VPN
F. Communicate with the external system using plaintext and use the VPN to encrypt the data in transit
View answer
Correct Answer: A
Question #72
11. A financial company needs to create a separate AWS account for a new digital wallet application. The company uses AWS Organizations to manage its accounts. A solutions architect uses the IAM user Support1 from the master account to create a new member account with finance1@example.com as the email address. What should the solutions architect do to create IAM users in the new member account?
A. Sign in to the AWS Management Console with AWS account root user credentials by using the 64- character password from the initial AWS Organizations email sent to finance1@example
B. From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account
C. Go to the AWS Management Console sign-in page
D. Go to the AWS Management Console sign-in page
View answer
Correct Answer: A
Question #73
17. A company has application services that have been containerized and deployed on multiple Amazon EC2 instances with public IPs. An Apache Kafka cluster has been deployed to the EC2 instances. A PostgreSQL database has been migrated to Amazon RDS for PostgreSQL. The company expects a significant increase of orders on its platform when a new version of its flagship product is released. What changes to the current architecture will reduce operational overhead and support the product release?
A. Create an EC2 Auto Scaling group behind an Application Load Balancer
B. Create an EC2 Auto Scaling group behind an Application Load Balancer
C. Deploy the application on a Kubernetes cluster created on the EC2 instances behind an Application Load Balancer
D. Deploy the application on Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate and enable auto scaling behind an Application Load Balancer
View answer
Correct Answer: D
Question #74
74. A Wall Street based trading firm is modernizing its message queuing system by migrating from self-managed message-oriented middleware systems to Amazon SQS. The firm is using SQS to migrate several trading applications to the cloud to ensure high availability and cost efficiency while simplifying administrative complexity and overhead. The development team at the firm expects a peak rate of about 2,400 transactions per second to be processed via SQS. It is important that the messages are processed in th
A. Use Amazon SQS standard queue to process the messages
B. Use Amazon SQS FIFO queue in batch mode of 4 transactions per operation to process the transactions at the peak rate
C. Use Amazon SQS FIFO queue in batch mode of 8 transactions per operation to process the transactions at the peak rate
D. Use Amazon SQS FIFO queue in batch mode of 12 transactions per operation to process the transactions at the peak rate
View answer
Correct Answer: C
Question #75
60. A leading pharmaceutical company has significant investments in running Oracle and PostgreSQL services on Amazon RDS which provide their scientists with near real- time analysis of millions of rows of manufacturing data generated by continuous manufacturing equipment with 1,600 data points per row. The business analytics team has been running ad-hoc queries on these databases to prepare daily reports for senior management. The engineering team has observed that the database performance takes a hit whene
A. Use AWS Glue to replicate the data from the databases into Amazon Redshift
B. Use Amazon EMR to replicate the data from the databases into Amazon Redshift
C. Use Amazon Kinesis Data Streams to replicate the data from the databases into Amazon Redshift
D. Use AWS Database Migration Service to replicate the data from the databases into Amazon Redshift
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.