• Home
  • Articles
  • 2021 Realistic AWS-Solutions-Architect-Professional Dumps Latest Amazon Practice Tests Dumps [Q45-Q61]

2021 Realistic AWS-Solutions-Architect-Professional Dumps Latest Amazon Practice Tests Dumps [Q45-Q61]

Share

2021 Realistic AWS-Solutions-Architect-Professional Dumps Latest Amazon Practice Tests Dumps

AWS-Solutions-Architect-Professional Dumps PDF - AWS-Solutions-Architect-Professional Real Exam Questions Answers


Understanding functional and technical aspects of AWS Solutions Architect Professional Exam Cost Control

The following will be discussed in AWS SOLUTIONS ARCHITECT PROFESSIONAL dumps:

  • Select a cost-effective pricing model for a solution
  • Determine which controls to design and implement that will ensure cost optimization
  • Identify opportunities to reduce cost in an existing solution

 

NEW QUESTION 45
True or False: In Amazon ElastiCache, you can use Cache Security Groups to configure the cache
clusters that are part of a VPC.

  • A. FALSE
  • B. TRUE
  • C. True, this is applicable only to cache clusters that are running in an Amazon VPC environment.
  • D. True, but only when you configure the cache clusters using the Cache Security Groups from the
    console navigation pane.

Answer: A

Explanation:
Amazon ElastiCache cache security groups are only applicable to cache clusters that are not running in
an Amazon Virtual Private Cloud environment (VPC). If you are running in an Amazon Virtual Private
Cloud, Cache Security Groups is not available in the console navigation pane.
Reference:
http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/CacheSecurityGroup.html

 

NEW QUESTION 46
Select the correct statement about Amazon ElastiCache.

  • A. It allows you to quickly deploy your cache environment only if you install software.
  • B. It cannot run in the Amazon Virtual Private Cloud (Amazon VPC) environment.
  • C. It does not integrate with other Amazon Web Services.
  • D. It makes it easy to set up, manage, and scale a distributed in-memory cache environment in the cloud.

Answer: D

Explanation:
ElastiCache is a web service that makes it easy to set up, manage, and scale a distributed in-memory
cache environment in the cloud. It provides a high-performance, scalable, and cost-effective caching
solution, while removing the complexity associated with deploying and managing a distributed cache
environment. With ElastiCache, you can quickly deploy your cache environment, without having to
provision hardware or install software.
Reference: http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/WhatIs.html

 

NEW QUESTION 47
The company Security team queries that all data uploaded into an Amazon S3 bucket must be encrypted. The encryption keys must be highly available and the company must be able to control access on a per-user basis, with different users having access to different encryption keys.
Which of the following architectures will meet these requirements? (Choose two.)

  • A. Use Amazon S3 server-side encryption with AWS KMS-managed keys, create multiple customer master keys, and use key policies to control access to them.
  • B. Use Amazon S3 server-side encryption with Amazon S3-managed keys. Allow Amazon S3 to generate an AWS/S3 master key, and use IAM to control access to the data keys that are generated.
  • C. Use Amazon S3 server-side encryption with customer-managed keys, and use AWS CloudHSM to manage the keys. Use CloudHSM client software to control access to the keys that are generated.
  • D. Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use IAM to control access to the keys that are generated in CloudHSM.
  • E. Use Amazon S3 server-side encryption with customer-managed keys, and use two AWS CloudHSM instances configured in high-availability mode to manage the keys. Use the Cloud HSM client software to control access to the keys that are generated.

Answer: B,C

Explanation:
Explanation
Reference
http://jayendrapatil.com/tag/kms/

 

NEW QUESTION 48
A Solutions Architect is designing the storage layer for a data warehousing application. The data files are large, but they have statically placed metadata at the beginning of each file that describes the size and placement of the file's index. The data files are read in by a fleet of Amazon EC2 instances that store the index size, index location, and other category information about the data file in a database. That database is used by Amazon EMR to group files together for deeper analysis.
What would be the MOST cost-effective, high availability storage solution for this workflow?

  • A. Store the data files on Amazon EBS volumes and allow the EC2 fleet and EMR to mount and unmount the volumes where they are needed.
  • B. Store the content of the data files in Amazon DynamoDB tables with the metadata, index, and data as their own keys.
  • C. Store the data files in Amazon EFS mounted by the EC2 fleet and EMR nodes.
  • D. Store the data files in Amazon S3 and use Range GET for each file's metadata, then index the relevant data.

Answer: D

Explanation:
Explanation
https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html

 

NEW QUESTION 49
In the context of AWS CloudFormation, which of the following statements is correct?

  • A. Actual resource names are a combination of the resource ID, stack, and logical resource name.
  • B. Actual resource name is the logical resource name.
  • C. Actual resource name is the stack resource name.
  • D. Actual resource names are a combination of the stack and logical resource name.

Answer: D

Explanation:
Explanation
In AWS CloudFormation, actual resource names are a combination of the stack and logical resource name.
This allows multiple stacks to be created from a template without fear of name collisions between AWS resources.
https://aws.amazon.com/cloudformation/faqs/

 

NEW QUESTION 50
A startup company hosts a fleet of Amazon EC2 instances in private subnets using the latest Amazon Linux 2 AMI. The company's engineers rely heavily on SSH access to the instances for troubleshooting.
The company's existing architecture includes the following:
* A VPC with private and public subnets, and a NAT gateway
* Site-to-Site VPN for connectivity with the on-premises environment
* EC2 security groups with direct SSH access from the on-premises environment The company needs to increase security controls around SSH access and provide auditing of commands executed by the engineers.
Which slrategy should a solutions architect use?

  • A. Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's devices. Enable AWS Config for EC2 security group resource changes. Enable AWS Firewall Manager and apply a security group policy that automatically remediates changes to rules.
  • B. Install and configure EC2 instance Connect on the fleet of EC2 instances. Remove all security group rules attached to EC2 instances that allow inbound TCP on port 22. Advise the engineers to remotely access the instances by using the EC2 Instance Connect CLI.
  • C. instances that allow inbound TCP on port 22. Have the engineers install the AWS Systems Manager Session Manager plugin for their devices and remotely access the instances by using the start-session API call from Systems Manager.
  • D. Update the EC2 security groups to only allow inbound TCP on port 22 to the IP addresses of the engineer's devices. Install the Amazon CloudWatch agent on all EC2 instances and send operating system audit logs to CloudWatch Logs.
  • E. Create an 1AM role with the Ama2onSSMManagedlnstanceCore managed policy attached. Attach the
    1AM role to all the EC2 instances. Remove all security group rules attached to the EC2

Answer: A

 

NEW QUESTION 51
You are responsible for a legacy web application whose server environment is approaching end of life You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations:
* The VM's single 10GB VMDK is almost full;
* Me virtual network interface still uses the 10Mbps driver, which leaves your 100Mbps WAN connection completely underutilized;
* It is currently running on a highly customized. Windows VM within a VMware environment;
* You do not have me installation media;
This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour.
How could you best migrate this application to AWS while meeting your business continuity requirements?

  • A. Use Import/Export to import the VM as an ESS snapshot and attach to EC2.
  • B. Use S3 to create a backup of the VM and restore the data into EC2.
  • C. Use me ec2-bundle-instance API to Import an Image of the VM into EC2
  • D. Use the EC2 VM Import Connector for vCenter to import the VM into EC2.

Answer: D

Explanation:
Explanation
https://aws.amazon.com/developertools/2759763385083070

 

NEW QUESTION 52
What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?

  • A. Role Bases License
  • B. Bring Your Own License
  • C. License Included
  • D. Enterprise License

Answer: B

Explanation:
Explanation
https://aws.amazon.com/oracle/

 

NEW QUESTION 53
A company would like to implement a serverless application by using Amazon API Gateway, AWS Lambda and Amazon DynamoDB. They deployed a proof of concept and stated that the average response time is greater than what their upstream services can accept Amazon CloudWatch metrics did not indicate any issues with DynamoDB but showed that some Lambda functions were hitting their timeout.
Which of the following actions should the Solutions Architect consider to improve performance?
(Choose two.)

  • A. Configure the AWS Lambda function to reuse containers to avoid unnecessary startup time.
  • B. Create an Amazon ElastiCache cluster running Memcached, and configure the Lambda function for VPC integration with access to the Amazon ElastiCache cluster.
  • C. Enable API cache on the appropriate stage in Amazon API Gateway, and override the TTL for individual methods that require a lower TTL than the entire stage.
  • D. Increase the amount of CPU, and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal CPU and timeout configuration for the Lambda function.
  • E. Increase the amount of memory and adjust the timeout on the Lambda function. Complete performance testing to identify the ideal memory and timeout configuration for the Lambda function.

Answer: C,E

Explanation:
https://lumigo.io/blog/aws-lambda-timeout-best-practices/
A: While this will improve the situation, it may not be enough.
B: Memory - The amount of memory available to the function during execution. Choose an amount between 128 MB and 3,008 MB in 64 MB increments. Lambda allocates CPU power linearly in proportion to the amount of memory configured. At 1,792 MB, a function has the equivalent of 1 full vCPU (one vCPU-second of credits per second).
All calls made to AWS Lambda must complete execution within 900 seconds. The default timeout is 3 seconds, but you can set the timeout to any value between 1 and 900 seconds.
C: The problem is not with the DB.
D: AWS API Gateway has a max timeout of 29 seconds for all integration types, which includes Lambda as well. It means that any API call coming through API Gateway cannot exceed 29 seconds. It makes sense for most of the APIs except for few high computational ones.
E: Increase the memory not CPU.

 

NEW QUESTION 54
Which of the following cannot be done using AWS Data Pipeline?

  • A. Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
  • B. Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
  • C. Move data between different AWS compute and storage services as well as on-premise data sources at specified intervals.
  • D. Generate reports over data that has been stored.

Answer: D

 

NEW QUESTION 55
In DynamoDB, which of the following operations is not possible by the console?

  • A. Updating an item
  • B. Blocking an item
  • C. Deleting an item
  • D. Copying an item

Answer: B

Explanation:
Explanation
By using the console to manage DynamoDB, you can perform the following: adding an item, deleting an item, updating an item, and copying an item.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/AddUpdateDeleteItems.html

 

NEW QUESTION 56
A company is processing data on a daily basis. The results of the operations are stored in an Amazon S3 bucket, analyzed daily for one week, and then must remain immediately accessible for occasional analysis.
What is the MOST cost-effective storage solution alternative to the current configuration?

  • A. Configure a lifecycle policy to transition the objects to Amazon S3 Standard-Infrequent Access (S3 Standard-IA) after 30 days.
  • B. Configure a lifecycle policy to delete the objects after 30 days.
  • C. Configure a lifecycle policy to transition the objects to Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA) after 30 days.
  • D. Configure a lifecycle policy to transition the objects to Amazon S3 Glacier after 30 days.

Answer: C

 

NEW QUESTION 57
A company experienced a breach of highly confidential personal information due to permission issues on an Amazon S3 bucket. The information security team has tightened the bucket policy to restrict access.
Additionally, to be better prepared for future attacks, these requirements must be met:
* Identity remote IP addresses that are accessing the bucket objects.
* Receive alerts when the security policy on the bucket is changed
* Remediate the policy changes automatically
Which strategies should the solutions architect use?

  • A. Use Amazon Macie with an S3 bucket to identity access patterns and remote IP addresses. Use AWS Lambda with Macie to automatically remediate S3 bucket policy changes Use Macie automatic alerting capabilities for alerts.
  • B. Use Amazon Athena with S3 access logs to identity remote IP addresses Use AWS Config rules with AWS Systems Manager Automation to automatically remediate S3 bucket policy changes. Use Amazon SNS with AWS Config rules for alerts.
  • C. Use S3 access logs with Amazon Elasticsearch Service and Kibana to identify remote IP addresses. Use an Amazon Inspector assessment template to automatically remediate S3 bucket policy changes. Use Amazon SNS for alerts.
  • D. Use Amazon CloudWatch Logs with CloudWatch filters to identify remote IP addresses. Use CloudWatch Events rules with aws Lambada to automatically remediate S3 bucket policy changes Use Amazon SES with CloudWatch Events rules for alerts

Answer: B

 

NEW QUESTION 58
A company is preparing to deploy a new serverless workload. A solutions architect needs to configure permissions for invoking an AWS Lambda function. The function will be triggered by an Amazon EventBridge (Amazon CloudWatch Events) rule. Permissions should be configured using the principle of least privilege.
Which solution will meet these requirements?

  • A. Add an execution role to the function with lambda:InvokeFunction as the action and * as the principal.
  • B. Add a resource-based policy to the function with lambda:' as the action and Service:events.amazonaws.com as the principal.
  • C. Add an execution rote to the function with lambda:InvokeFunction as the action and Service:eventsamazonaws.com as the principal.
  • D. Add a resource-based policy to the function with lambda:InvokeFunction as the action and Service:events.amazonaws.com as the principal.

Answer: B

Explanation:
Explanation/Reference:

 

NEW QUESTION 59
What is the default maximum number of VPCs allowed per region?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
The maximum number of VPCs allowed per region is 5.
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html

 

NEW QUESTION 60
A startup company recently migrated a large ecommerce website to AWS The website has experienced a
70% increase in sales. Software engineers are using a private GitHub repository to manage code. The devops team is using Jenkins for builds and unit testing. The engineers need to receive notifications for bad builds and zero downtime during deployments. The engineers also need to ensure any changes to production are seamless for users and can be rolled back in the event of a major issue.
The software engineers have decided to use AWS CodePipeline to manage their build and deployment process. Which solution will meet these requirements?

  • A. Use GitHub websockets to trigger the CodePipeline pipeline. Use the Jenkins plugin for AWS Code Build to conduct unit testing. Send alerts to an Amazon SNS topic for any bad builds. Deploy in an in-place all-at-once deployment configuration using AWS CodeDeploy.
  • B. Use GitHub webhooks to trigger the CodePipeline pipeline. Use the Jenkins plugin for AWS CodeBuild to conduct unit testing. Deploy in a blue/green deployment using AWS CodeDeploy.
  • C. Use GitHub websockets to trigger the CodePipeline pipeline. Use AWS X-Ray for unit testing and static code analysis. Deploy in an in-place, all-at-once deployment configuration using AWS CodeDeploy
  • D. Use GitHub websockets to trigger the CodePipeline pipeline. Use AWS X-Ray for unit testing and static code analysis. Send alerts to an Amazon SNS topic for any bad builds. Deploy in a blue/green deployment using AWS CodeDeploy

Answer: B

 

NEW QUESTION 61
......

AWS-Solutions-Architect-Professional Premium Exam Engine pdf Download: https://www.pdfvce.com/Amazon/AWS-Solutions-Architect-Professional-exam-pdf-dumps.html

AWS-Solutions-Architect-Professional Exam [2021] Dumps Amazon PDF Questions: https://drive.google.com/open?id=1lbqDT_j31TDsVPt0dlX9YMX2mAHh_lPO 

Related Articles

more
Amazon AWS-Solutions-Architect-Professional Certification Practice Exam