• Home
  • Articles
  • [Sep 06, 2024] ValidVCE AWS-Solutions-Architect-Associate Exam Practice Test Questions (Updated 686 Questions) [Q27-Q46]

[Sep 06, 2024] ValidVCE AWS-Solutions-Architect-Associate Exam Practice Test Questions (Updated 686 Questions) [Q27-Q46]

Share

[Sep 06, 2024] ValidVCE AWS-Solutions-Architect-Associate Exam Practice Test Questions (Updated 686 Questions)

Pass Amazon AWS-Solutions-Architect-Associate Exam Info and Free Practice Test

NEW QUESTION # 27
An application publishes Amazon SNS messages in response to several events. An AWS Lambda function subscribes to these messages. Occasionally the function will fail while processing a message, so the original event message must be preserved for root cause analysis.
What architecture will meet these requirements without changing the workflow?

  • A. Configure Lambda to write failures to an SQS Dead Letter Queue.
  • B. Configure a Dead Letter Queue for the Amazon SNS topic.
  • C. Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from the queue.
  • D. Configure the Amazon SNS topic to invoke the Lambda function synchronously

Answer: C


NEW QUESTION # 28
You have deployed a three-tier web application in a VPC with a CIOR block of 10 0 0 0/ 28 You initially deploy two web servers, two application servers, two database servers and one NAT instance tor a total of seven EC2 instances The web. Application and database servers are deployed across two availability zones (AZs). You also deploy an ELB in front of the two web servers, and use Route53 for DN5 Web (raffle gradually increases in the first few days following the deployment, so you attempt to double the number of instances in each tier of the application to handle the new load unfortunately some of these new instances fail to launch.
Which of the following could De the root caused? (Choose 2 answers)

  • A. The ELB has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
  • B. AW5 reserves the first and the last private IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
  • C. AW5 reserves the first four and the last IP address in each subnet's CIDR block so you do not have enough addresses left to launch all of the new EC2 instances
  • D. The Internet Gateway (IGW) of your VPC has scaled-up, adding more instances to handle the traffic spike, reducing the number of available private IP addresses for new instance launches
  • E. AW5 reserves one IP address in each subnet's CIDR block for Route53 so you do not have enough addresses left to launch all of the new EC2 instances

Answer: A,C


NEW QUESTION # 29
An online retail company has more than 50 million active customers and receives more than 25,000 orders each day. The company collects purchase data for customers and stores this data in Amazon S3. Additional customer data is stored in Amazon RDS.
The company wants to make all the data available to various teams so that the teams can perform analytics.
The solution must provide the ability to manage fine-grained permissions for the data and must minimize operational overhead.
Which solution will meet these requirements?

  • A. Create a data lake by using AWS Lake Formation. Create an AWS Glue JDBC connection to Amazon RDS. Register the S3 bucket in Lake Formation. Use Lake Formation access controls to limit access.
  • B. Create an Amazon Redshift cluster. Schedule an AWS Lambda function to periodically copy data from Amazon S3 and Amazon RDS to Amazon Redshift. Use Amazon Redshift access controls to limit access.
  • C. Schedule an AWS Lambda function to periodically copy data from Amazon RDS to Amazon S3. Create an AWS Glue crawler. Use Amazon Athena to query the data. Use S3 policies to limit access.
  • D. Migrate the purchase data to write directly to Amazon RDS. Use RDS access controls to limit access.

Answer: A

Explanation:
https://aws.amazon.com/blogs/big-data/manage-fine-grained-access-control-using-aws-lake-formation/


NEW QUESTION # 30
An application running on an Amazon EC2 instance in VPC-A needs to access dies in another EC2 instance in VPC-B Both VPCs are in separate AWS accounts The network administrator needs to design a solution to enable secure access to EC2 instance in VPC-B from VPC-A The connectivity should not have a single point of failure or bandwidth concerns.
Which solution will meet these requirements?

  • A. Set up VPC gateway endpoints for the EC2 instance running in VPC-B
  • B. Create a private virtual interface (VIF) for the EC2 instance running in VPC-B and add appropriate routes from VPC-B
  • C. Set up a VPC peering connection between VPC-A and VPC-B
  • D. Attach a virtual private gateway to VPC-B and enable routing from VPC-A

Answer: C


NEW QUESTION # 31
What is the default maximum number of VPCs allowed per region?

  • A. 0
  • B. 1
  • C. 2
  • D. 3

Answer: A

Explanation:
The maximum number of VPCs allowed per region is 5.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Appendix_Limits.html


NEW QUESTION # 32
A company needs to share an Amazon S3 bucket with an external vendor. The bucket owner must be able to access all objects.
Which action should be taken to share the S3 bucket?

  • A. Update the bucket to enable cross-origin resource sharing (CPORS)
  • B. Update the bucket to be a Requester Pays bucket
  • C. Create a bucket policy to require users to grant bucket-owner-full when uploading objects
  • D. Create an IAM policy to require users to grant bucket-owner-full control when uploading objects.

Answer: C

Explanation:
Explanation
https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-bucket-owner-access/ By default, an S3 object is owned by the AWS account that uploaded it. This is true even when the bucket is owned by another account. To get access to the object, the object owner must explicitly grant you (the bucket owner) access. The object owner can grant the bucket owner full control of the object by updating the access control list (ACL) of the object. The object owner can update the ACL either during a put or copy operation, or after the object is added to the bucket.
Similar: https://aws.amazon.com/it/premiumsupport/knowledge-center/s3-require-object-ownership/ Resolution Add a bucket policy that grants users access to put objects in your bucket only when they grant you (the bucket owner) full control of the object.


NEW QUESTION # 33
A company has a multi-tier application deployed on several Amazon EC2 instances in an Auto Scaling group.
An Amazon RDS for Oracle instance is the application'', data layer that uses Oracle-specific PUSQL functions. Traffic to the application has been steadily increasing This is causing the EC2 instances to become overloaded an i RDS instance to run out of storage. The Auto Scaling group does not have any scaling metrics and defines the minimum healthy instance count only. The company predicts that traffic will continue to increase at a steady but unpredictable rate before leveling off.
What should a solutions architect do to ensure the system can automatically scale for the increased traffic?
(Select TWO)

  • A. Migrate the database to Amazon Aurora to use Auto Scaling storage
  • B. Configure the Auto Scaling group to use the average free memory as the scaling metric.
  • C. Configure an alarm on the RDS for Oracle instance for low free storage space.
  • D. Configure the Auto Scaling group to use the average CPU as the scaling metric.
  • E. Configure storage Auto Scaling on the RDS for Oracle instance.

Answer: C,E


NEW QUESTION # 34
In AWS, which security aspects are the customer's responsibility? Choose 4 answers

  • A. Security Group and ACL (Access Control List) settings
  • B. Life-cycle management of IAM credentials
  • C. Encryption of EBS (Elastic Block Storage) volumes
  • D. Controlling physical access to compute resources
  • E. Decommissioning storage devices
  • F. Patch management on the EC2 instance's operating system

Answer: A,B,C,F

Explanation:
Refere http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf


NEW QUESTION # 35
A user is planning to launch multiple EC2 instance same as current running instance.
Which of the below mentioned parameters is not copied by Amazon EC2 in the launch wizard when the user has selected the option "Launch more like this"?

  • A. Termination protection
  • B. Shutdown behavior
  • C. Storage
  • D. Tenancy setting

Answer: C

Explanation:
The Amazon EC2 console provides a "Launch more like this" wizard option that enables the user to use a current instance as a template for launching other instances. This option automatically populates the Amazon EC2 launch wizard with certain configuration details from the selected instance.
The following configuration details are copied from the selected instance into the launch wizard: AMI ID Instance type Availability Zone, or the VPC and subnet in which the selected instance is located Public IPv4 address. If the selected instance currently has a public IPv4 address, the new instance receives a public IPv4 address - regardless of the selected instance's default public IPv4 address setting.
For more information about public IPv4 addresses, see Public IPv4 Addresses and External DNS Hostnames.
Placement group, if applicable
IAM role associated with the instance, if applicable Shutdown behavior setting (stop or terminate) Termination protection setting (true or false) CloudWatch monitoring (enabled or disabled) Amazon EBS-optimization setting (true or false) Tenancy setting, if launching into a VPC (shared or dedicated) Kernel ID and RAM disk ID, if applicable User data, if specified Tags associated with the instance, if applicable Security groups associated with the instance The following configuration details are not copied from your selected instance; instead, the wizard applies their default settings or behavior:
(VPC only) Number of network interfaces: The default is one network interface, which is the primary network interface (eth0).
Storage: The default storage configuration is determined by the AMI and the instance type.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/launching-instance.html


NEW QUESTION # 36
You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?

  • A. The AMI is missing a required part.
  • B. You need to create storage in EBS first.
  • C. You've reached your volume limit.
  • D. The snapshot is corrupt.

Answer: B

Explanation:
Amazon EC2 provides a virtual computing environments, known as an instance.
After you launch an instance, AWS recommends that you check its status to confirm that it goes from the pending status to the running status, the not terminated status.
The following are a few reasons why an Amazon EBS-backed instance might immediately terminate:
You've reached your volume limit.
The AMI is missing a required part.
The snapshot is corrupt.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_InstanceStraightToTerminated.html


NEW QUESTION # 37
A company has an application running on Amazon EC2 instances in a private subnet. The application needs to store and retrieve data in Amazon S3 To reduce costs, the company wants to configure its AWS resources in a cost-effective manner.
How should the company accomplish this?

  • A. Deploy AWS Storage Gateway to access the S3 buckets
  • B. Deploy a NAT gateway to access the S3 buckets
  • C. Deploy an S3 interface endpoint to access the S3 buckets.
  • D. Deploy an S3 gateway endpoint to access the S3 buckets

Answer: D


NEW QUESTION # 38
A large media company hosts a web application on AWS. The company wants to start caching confidential media files so that users around the world will have reliable access to the files. The content is stored in Amazon S3 buckets. The company must deliver the content quickly, regardless of where the requests originate geographically.
Which solution will meet these requirements?

  • A. Use AWS DataSync to connect the S3 buckets to the web application.
  • B. Use Amazon Simple Queue Service (Amazon SQS) to connect the S3 buckets to the web application.
  • C. Deploy AWS Global Accelerator to connect the S3 buckets to the web application.
  • D. Deploy Amazon CloudFront to connect the S3 buckets to CloudFront edge servers.

Answer: D

Explanation:
Explanation
CloudFront uses a local cache to provide the response, AWS Global accelerator proxies requests and connects to the application all the time for the response.
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3


NEW QUESTION # 39
A company is designing a new web application that will run on Amazon EC2 Instances. The application will use Amazon DynamoDB for backend data storage. The application traffic will be unpredictable. T company expects that the application read and write throughput to the database will be moderate to high. The company needs to scale in response to application traffic.
Which DynamoDB table configuration will meet these requirements MOST cost-effectively?

  • A. Configure DynamoDB with provisioned read and write by using the DynamoDB Standard Infrequent Access (DynamoDB Standard-IA) table class. Set DynamoDB auto scaling to a maximum defined capacity.
  • B. Configure DynamoDB with provisioned read and write by using the DynamoDB Standard table class.
    Set DynamoDB auto scaling to a maximum defined capacity.
  • C. Configure DynamoDB in on-demand mode by using the DynamoDB Standard table class.
  • D. Configure DynamoDB in on-demand mode by using the DynamoDB Standard Infrequent Access (DynamoDB Standard-IA) table class.

Answer: C

Explanation:
The most cost-effective DynamoDB table configuration for the web application is to configure DynamoDB in on-demand mode by using the DynamoDB Standard table class. This configuration will allow the company to scale in response to application traffic and pay only for the read and write requests that the application performs on the table.
On-demand mode is a flexible billing option that can handle thousands of requests per second without capacity planning. On-demand mode automatically adjusts the table's capacity based on the incoming traffic, and charges only for the read and write requests that are actually performed. On-demand mode is suitable for applications with unpredictable or variable workloads, or applications that prefer the ease of paying for only what they use1.
The DynamoDB Standard table class is the default and recommended table class for most workloads. The DynamoDB Standard table class offers lower throughput costs than the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class, and is more cost-effective for tables where throughput is the dominant cost. The DynamoDB Standard table class also offers the same performance, durability, and availability as the DynamoDB Standard-IA table class2.
The other options are not correct because they are either not cost-effective or not suitable for the use case.
Configuring DynamoDB with provisioned read and write by using the DynamoDB Standard table class, and setting DynamoDB auto scaling to a maximum defined capacity is not correct because this configuration requires manual estimation and management of the table's capacity, which adds complexity and cost to the solution. Provisioned mode is a billing option that requires users to specify the amount of read and write capacity units for their tables, and charges for the reserved capacity regardless of usage. Provisioned mode is suitable for applications with predictable or stable workloads, or applications that require finer-grained control over their capacity settings1. Configuring DynamoDB with provisioned read and write by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class, and setting DynamoDB auto scaling to a maximum defined capacity is not correct because this configuration is not cost-effective for tables with moderate to high throughput. The DynamoDB Standard-IA table class offers lower storage costs than the DynamoDB Standard table class, but higher throughput costs. The DynamoDB Standard-IA table class is optimized for tables where storage is the dominant cost, such as tables that store infrequently accessed data2.
Configuring DynamoDB in on-demand mode by using the DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class is not correct because this configuration is not cost-effective for tables with moderate to high throughput. As mentioned above, the DynamoDB Standard-IA table class has higher throughput costs than the DynamoDB Standard table class, which can offset the savings from lower storage costs.
References:
Table classes - Amazon DynamoDB
Read/write capacity mode - Amazon DynamoDB


NEW QUESTION # 40
A solutions architect is moving the static content from a public website hosted on Amazon EC2 instances to an Amazon S3 bucket. An Amazon CloudFront distribution will be used to deliver the static assets. The security group used by the EC2 instances restricts access to a limited set of IP ranges. Access to the static content should be similarly restricted.
Which combination of steps will meet these requirements? (Select TWO.)

  • A. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the S3 bucket hosting the static content.
  • B. Create a new security group that includes the same IP restrictions that exist in the current EC2 security group. Associate this new security group with the CloudFront distribution.
  • C. Create a new IAM role and associate the role with the distribution. Change the permissions either on the S3 bucket or on the files within the S3 bucket so that only the newly created IAM role has read and download permissions.
  • D. Create an origin access identity (OAI) and associate it with the distribution. Change the permissions in the bucket policy so that only the OAI can read the objects.
  • E. Create an AWS WAF web ACL that includes the same IP restrictions that exist in the EC2 security group. Associate this new web ACL with the CloudFront distribution.

Answer: D,E


NEW QUESTION # 41
How can the domain's zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer?

  • A. By using an Amazon Route 53 Alias record
  • B. By using an AAAA record
  • C. By using an A record
  • D. By using an Amazon Route 53 CNAME record

Answer: B


NEW QUESTION # 42
You have been asked to set up a public website on AWS with the following criteria:
You want the database and the application server running on an Amazon VPC. You want the database to be able to connect to the Internet so that it can be automatically updated to the correct patch level.
You do not want to receive any incoming traffic from the Internet to the database.
Which solutions would be the best to satisfy all the above requirements for your planned public website on AWS? (Choose 2 answers)

  • A. Set up the public website on a public subnet and set up the database in a private subnet which connects to the Internet via a NAT instance.
  • B. Set up both the public website and the database on a private subnet and block all incoming requests from the Internet with a Network Access Control List (NACL). Set up a Security group between the public website and the database which only allows access via port 80.
  • C. Set up both the public website and the database on a public subnet, and block all incoming requests from the Internet with a security group which only allows access from the IP of the public website.
  • D. Set up both the public website and the database on a public subnet and block all incoming requests from the Internet with a Network Access Control List (NACL)

Answer: A,C

Explanation:
Explanation/Reference:
Explanation:
You want the database to be able to connect to the Internet you need to either set it up on a public subnet or set it up on a private subnet which connects to the Internet via a NAT instance
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html


NEW QUESTION # 43
A client notices that their engineers often make mistakes when creating Amazon SQS queues for their backend system.
Which action should a Solutions Architect recommend to improve this process?

  • A. Write a script to create the Amazon SQS queue using AWS Lambda.
  • B. Use AWS CloudFormation Templates to manage the Amazon SQS queue creation.
  • C. Use AWS Elastic Beanstalk to automatically create the Amazon SQS queues.
  • D. Use the AWS CLI to create queues using AWS IAM Access Keys.

Answer: B

Explanation:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-create- queue.html#create-queue-cloudformation


NEW QUESTION # 44
Your company has recently extended its datacenter into a VPC on AVVS to add burst computing capacity as needed Members of your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2 instances as necessary You don't want to create new IAM users for each NOC member and make those users sign in again to the AWS Management Console Which option below will meet the needs for your NOC members?

  • A. Use your on-premises SAML 2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOC members to sign in to the AWS Management Console.
  • B. Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the AWS Management Console.
  • C. Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AVVS Management Console.
  • D. Use your on-premises SAML 2 O-compliant identity provider (IDP) to grant the NOC members federated access to the AWS Management Console via the AWS single sign-on (SSO) endpoint.

Answer: A


NEW QUESTION # 45
A company is hosting a web application on AWS using a single Amazon EC2 instance that stores user-uploaded documents in an Amazon EBS volume For better scalability and availability the company duplicated the architecture and created a second EC2 instance and EBS volume in another Availability Zone:
placing both behind an Application Load Balancer After completing this change users reported that each time they refreshed the website they could see one subset of their documents or the other but never all of the documents at the same time What should a solutions architect propose to ensure users see all of their documents at once?

  • A. Configure the Application Load Balancer to direct a user to the server with the documents
  • B. Configure the Application Load Balancer to send the request to both servers Return each document from the correct server
  • C. Copy the data from both EBS volumes to Amazon EFS Modify the application to save new documents to Amazon EFS
  • D. Copy the data so both EBS volumes contain all the documents

Answer: C

Explanation:
Explanation
https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-ec2 Amazon EFS provides file storage in the AWS Cloud. With Amazon EFS, you can create a file system, mount the file system on an Amazon EC2 instance, and then read and write data to and from your file system. You can mount an Amazon EFS file system in your VPC, through the Network File System versions 4.0 and 4.1 (NFSv4) protocol. We recommend using a current generation Linux NFSv4.1 client, such as those found in the latest Amazon Linux, Redhat, and Ubuntu AMIs, in conjunction with the Amazon EFS Mount Helper. For instructions, see Using the amazon-efs-utils Tools.
For a list of Amazon EC2 Linux Amazon Machine Images (AMIs) that support this protocol, see NFS Support. For some AMIs, you'll need to install an NFS client to mount your file system on your Amazon EC2 instance. For instructions, see Installing the NFS Client.
You can access your Amazon EFS file system concurrently from multiple NFS clients, so applications that scale beyond a single connection can access a file system. Amazon EC2 instances running in multiple Availability Zones within the same AWS Region can access the file system, so that many users can access and share a common data source.
How Amazon EFS Works with Amazon EC2

https://docs.aws.amazon.com/efs/latest/ug/how-it-works.html#how-it-works-ec2


NEW QUESTION # 46
......

Pass Your Amazon Exam with AWS-Solutions-Architect-Associate Exam Dumps: https://freedumps.validvce.com/AWS-Solutions-Architect-Associate-exam-collection.html

Related Articles

more
Amazon AWS-Solutions-Architect-Associate Certification Practice Exam

We are dedicated in providing the most reliable and latest vce dumps for certification exam, our valid dumps and free vce files will guarantee you pass test 100%.

Latest VCE Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ValidVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy