AWS Solutions Architect Practice Exam III

------------------------------

----------------------------

------------------------------------

----------------------------------

A large financial company has recently adopted a hybrid cloud architecture to integrate their on-premises data center and their AWS Cloud. Your manager has instructed you to create a new VPC network topology which must support all Internet-facing web applications as well as the internally-facing applications that is accessed by employees only over VPN. To ensure high-availability and fault tolerance, both of their Internet-facing and internally-facing financial applications must be able to leverage at least two AZs for high availability. What is the minimum number of subnets that you must create within your VPC to accommodate these requirements?

4 subnets

You are working for a startup company that has resources deployed on the AWS Cloud. Your company is now going through a set of scheduled audits by an external auditing firm for compliance. Which of the following services available in AWS can be utilized to help ensure the right information are present for auditing purposes?

A

Your company is in a hurry of deploying their new web application written in NodeJS to AWS. As the Solutions Architect of the company, you were assigned to do the deployment without worrying about the underlying infrastructure that runs the application. Which service will you use to easily deploy and manage your new web application in AWS?

AWS Elastic Beanstalk

Your manager has asked you to deploy a mobile application that can collect votes for a popular singing competition. Millions of users from around the world will submit votes using their mobile phones. These votes must be collected and stored in a highly scalable and highly available data store which will be queried for real-time ranking. Which of the following combination of services should you use to meet this requirement?

Amazon DynamoDB and AWS AppSync

You are working for a data analytics company as a Software Engineer, which has a client that is setting up an innovative checkout-free grocery store. You developed a monitoring application that uses smart sensors to collect the items that your customers are getting from the grocery's refrigerators and shelves then automatically maps it to their accounts. To know more about the buying behavior of your customers, you want to analyze the items that are constantly being bought and store the results in S3 for durable storage. What service can you use to easily capture, transform, and load streaming data into Amazon S3, Amazon Elasticsearch Service, and Splunk?

Amazon Kinesis Data Firehose

You are working for a Social Media Analytics company as its head data analyst. You want to collect gigabytes of data per second from websites and social media feeds to gain insights from data generated by its offerings and continuously improve the user experience. To meet this design requirement, you have developed an application hosted on an Auto Scaling group of Spot EC2 instances which processes the data and stores the results to DynamoDB and Redshift. Which AWS service can you use to collect and process large streams of data records in real time?

Amazon Kinesis Data Streams

You are working as an IT Consultant for a large investment bank that generates large financial datasets with millions of rows. The data must be stored in a columnar fashion to reduce the number of disk I/O requests and reduce the amount of data needed to load from the disk. The bank has an existing third-party business intelligence application which will connect to the storage service and then generate daily and monthly financial reports for its clients around the globe. In this scenario, which is the best storage service to use to meet the requirement?

Amazon Redshift

You are working for a large IT consultancy company as a Solutions Architect. One of your clients is launching a file sharing web application in AWS which requires a durable storage service for hosting their static contents such as PDFs, Word Documents, high resolution images and many others. Which type of storage service should you use to meet this requirement?

Amazon S3

You are working as a Solutions Architect for a multinational financial firm. They have a global online trading platform in which the users from all over the world regularly upload terabytes of transactional data to a centralized S3 bucket. What AWS feature should you use in your present system to improve throughput and ensure consistently fast data transfer to the Amazon S3 bucket, regardless of your user's location?

Amazon S3 Transfer Acceleration

You are working for a large telecommunications company where you need to run analytics against all combined log files from your Application Load Balancer as part of the regulatory requirements. Which AWS services can be used together to collect logs and then easily perform log analysis?

Amazon S3 for storing ELB log files and Amazon EMR for analyzing the log files.

A VPC has a non-default public subnet which has four On-Demand EC2 instances that can be accessed over the Internet. Using the AWS CLI, you launched a fifth instance that uses the same subnet, Amazon Machine Image (AMI), and security group which are being used by the other instances. Upon testing, you are not able to access the new instance. Which of the following is the most suitable solution to solve this problem?

Associate an Elastic IP address to the fifth EC2 instance

Your web application is relying entirely on slower disk-based databases, causing it to perform slowly. To improve its performance, you integrated an in-memory data store to your web application using ElastiCache. How does Amazon ElastiCache improve database performance?

By caching database query results.

You installed sensors to track the number of visitors that goes to the park. The data is sent everyday to an Amazon Kinesis stream with default settings for processing, in which a consumer is configured to process the data every other day. You noticed that your S3 bucket is not receiving all of the data that is being sent to the Kinesis stream. You checked the sensors if they are properly sending the data to Amazon Kinesis and verified that the data is indeed sent everyday. What could be the reason for this?

By default, the data records are only accessible for 24 hours from the time they are added to a Kinesis stream.

You are a new Solutions Architect in your department and you have created 7 CloudFormation templates. Each template has been defined for a specific purpose. What determines the cost of using these new CloudFormation templates?

CloudFormation templates are free but you are charged for the underlying resources it builds.

You are setting up the cloud architecture for an international money transfer service to be deployed in AWS which will have thousands of users around the globe. The service should be available 24/7 to avoid any business disruption and should be resilient enough to handle the outage of an entire AWS region. To meet this requirement, you have deployed your AWS resources to multiple AWS Regions. You need to use Route 53 and configure it to set all of your resources to be available all the time as much as possible. When a resource becomes unavailable, your Route 53 should detect that it's unhealthy and stop including it when responding to queries. Which of the following is the most fault tolerant routing configuration that you should use in this scenario?

Configure an Active-Active Failover with Weighted routing policy.

You are unable to connect to your new EC2 instance via SSH from your home computer, which you have recently deployed. However, you were able to successfully access other existing instances in your VPC without any issues. Which of the following should you check and possibly correct to restore connectivity?

Configure the Security Group of the EC2 instance to permit ingress traffic over port 22 from your IP.

Your company has an e-commerce application that saves the transaction logs to an S3 bucket. You are instructed by the CTO to configure the application to keep the transaction logs for one month for troubleshooting purposes, and then afterwards, purge the logs. What should you do to accomplish this requirement?

Configure the lifecycle configuration rules on the Amazon S3 bucket to purge the transaction logs after a month

You are the Solutions Architect for your company's AWS account of approximately 300 IAM users. They have a new company policy that will change the access of 100 of the IAM users to have a particular sort of access to Amazon S3 buckets. What will you do to avoid the time-consuming task of applying the policy at the individual user?

Create a new IAM group and then add the users that require access to the S3 bucket. Afterwards, apply the policy to IAM group

A large insurance company has an AWS account that contains three VPCs (DEV, UAT and PROD) in the same region. UAT is peered to both PROD and DEV using a VPC peering connection. All VPCs have non-overlapping CIDR blocks. The company wants to push minor code releases from Dev to Prod to speed up time to market. Which of the following options helps the company accomplish this?

Create a new VPC peering connection between PROD and DEV with the appropriate routes.

A tech company is currently using Auto Scaling for their web application. A new AMI now needs to be used for launching a fleet of EC2 instances. Which of the following changes needs to be done?

Create a new launch configuration.

In your VPC, you have a Classic Load Balancer distributing traffic to 2 running EC2 instances in ap-southeast-1a AZ and 8 EC2 instances in ap-southeast-1b AZ. However, you noticed that half of your incoming traffic goes to ap-southeast-1a AZ which over-utilize its 2 instances but underutilize the other 8 instances in the other AZ. What could be the most likely cause of this problem?

Cross-Zone Load Balancing is disabled.

You are a Solutions Architect for a major TV network. They have a web application running on eight Amazon EC2 instances, consuming about 55% of resources on each instance. You are using Auto Scaling to make sure that eight instances are running at all times. The number of requests that this application processes are consistent and do not experience spikes. Your manager instructed you to ensure high availability of this web application at all times to avoid any loss of revenue. You want the load to be distributed evenly between all instances. You also want to use the same Amazon Machine Image (AMI) for all EC2 instances. How will you be able to achieve this?

Deploy four EC2 instances in one Availability Zone and four in another availability zone in the same region behind an Amazon Elastic Load Balancer.

You are working as a Solutions Architect for a tech company where you are instructed to build a web architecture using On-Demand EC2 instances and a database in AWS. However, due to budget constraints, the company instructed you to choose a database service in which they no longer need to worry about database management tasks such as hardware or software provisioning, setup, configuration, scaling and backups. Which database service in AWS is best to use in this scenario?

DynamoDB

A global online sports betting company has its popular web application hosted in AWS. They are planning to develop a new online portal for their new business venture and they hired you to implement the cloud architecture for a new online portal that will accept bets globally for world sports. You started to design the system with a relational database that runs on a single EC2 instance, which requires a single EBS volume that can support up to 30,000 IOPS. In this scenario, which Amazon EBS volume type can you use that will meet the performance requirements of this new online portal?

EBS Provisioned IOPS SSD

A new online banking platform has been re-designed to have a microservices architecture in which complex applications are decomposed into smaller, independent services. The new platform is using Docker considering that application containers are optimal for running small, decoupled services. Which service can you use to migrate this new platform to AWS?

ECS

You are a Solutions Architect working for an aerospace engineering company which recently adopted a hybrid cloud infrastructure with AWS. One of your tasks is to launch a VPC with both public and private subnets for their EC2 instances as well as their database instances respectively. Which of the following statements are true regarding Amazon VPC subnets?

Each subnet maps to a single Availability Zone. Every subnet that you create is automatically associated with the main route table for the VPC.

You currently have an Augment Reality (AR) mobile game which has a serverless backend. It is using a DynamoDB table which was launched using the AWS CLI to store all the user data and information gathered from the players and a Lambda function to pull the data from DynamoDB. The game is being used by millions of users each day to read and store data. How would you design the application to improve its overall performance and make it more scalable while keeping the costs low?

Enable DynamoDB Accelerator (DAX) and ensure that the Auto Scaling is enabled and increase the maximum provisioned read and write capacity. Use API Gateway in conjunction with Lambda and turn on the caching on frequently accessed data and enable DynamoDB global replication.

You are working for an investment bank as their IT Consultant. You are working with their IT team to handle the launch of their digital wallet system. The applications will run on multiple EBS-backed EC2 instances which will store the logs, transactions, and billing statements of the user in an S3 bucket. Due to tight security and compliance requirements, you are exploring options on how to safely store sensitive data on the EBS volumes and S3. Which of the below options should be carried out on AWS when storing sensitive data?

Enable EBS Encryption Enable Amazon S3 Server-Side and Client-Side Encryption

You are a new Solutions Architect in a large insurance firm. To maintain compliance with HIPPA laws, all data being backed up or stored on Amazon S3 needs to be encrypted at rest. In this scenario, what is the best method of encryption for your data, assuming S3 is being used for storing financial-related data?

Enable SSE on an S3 bucket to make use of AES-256 encryption Encrypt the data locally using your own encryption keys, then copy the data to Amazon S3 over HTTPS endpoints

One of your clients wants to leverage on Amazon S3 and Amazon Glacier as part of their backup and archive infrastructure. They created a new S3 bucket called "tutorialsdojobackup". To support this integration between AWS and their on-premises network, they decided to use a third-party software. Which approach will limit the access of the third party software to the Amazon S3 bucket only and not to other AWS resources?

In IAM, setup a custom user policy for the third party software that is limited to the Amazon S3 API in the "tutorialsdojobackup" bucket.

Your company has recently deployed a new web application which uses a serverless-based architecture in AWS. Your manager instructed you to implement CloudWatch metrics to monitor your systems more effectively. You know that Lambda automatically monitors functions on your behalf and reports metrics through Amazon CloudWatch. In this scenario, what types of data do these metrics monitor?

Invocations Errors

You are trying to convince a team to use Amazon RDS Read Replica for your multi-tier web application. What are two benefits of using read replicas?

It provides elasticity to your Amazon RDS database. Improves performance of the primary database by taking workload from it.

You are working for a startup as its AWS Chief Architect. You are currently assigned on a project that develops an online registrationb) It t platform for events, which uses Simple Workflow for complete control of your orchestration logic. A decider ingests the customer name, address, contact number, and email address while the activity workers update the customer with the status of their online application status via email. Recently, you were having problems with your online registration platform which was solved by checking the decision task of your workflow. In SWF, what is the purpose of a decision task?

It tells the decider the state of the workflow execution.

A leading media company has an application hosted in an EBS-backed EC2 instance which uses Simple Workflow Service (SWF) to handle its sequential background jobs. The application works well in production and your manager asked you to also implement the same solution to other areas of their business. In which other scenarios can you use both Simple Workflow Service (SWF) and Amazon EC2 as a solution?

Managing a multi-step and multi-decision checkout process of an e-commerce mobile app. Orchestrating the execution of distributed business processes.

One of your clients is leveraging on Amazon S3 in the ap-southeast-1 region to store their training videos for their employee onboarding process. The client is storing the videos using the Standard Storage class. Where are your client's training videos replicated?

Multiple facilities in ap-southeast-1

You are working for an insurance firm as their Senior Solutions Architect. The firm has an application which processes thousands of customer data stored in an Amazon MySQL database with Multi-AZ deployments configuration for high availability in case of downtime. For the past few days, you noticed an increasing trend of read and write operations, which is increasing the latency of the queries to your database. You are planning to use the standby database instance to balance the read and write operations from the primary instance. When running your primary Amazon RDS Instance as a Multi-AZ deployment, can you use the standby instance for read and write operations?

No

You are working as a Solutions Architect for an aerospace manufacturer which heavily uses AWS. They are running a cluster of multi-tier applications that spans multiple servers for your wind simulation model and how it affects your state-of-the-art wing design. Currently, you are experiencing a slowdown in your applications and upon further investigation, it was discovered that it is due to latency issues. Which of the following EC2 features should you use to optimize performance for a compute cluster that requires low network latency?

Placement Groups

A company is using a custom shell script to automate the deployment and management of their EC2 instances. The script is using various AWS CLI commands such as revoke-security-group-ingress, revoke-security-group-egress, run-scheduled-instances and many others. In the shell script, what does the revoke-security-group-ingress command do?

Removes one or more ingress rules from a security group.

You are a Solutions Architect in your company where you are tasked to set up a cloud infrastructure. In the planning, it was discussed that you will need two EC2 instances which should continuously run for three years. The CPU utilization of the EC2 instances is also expected to be stable and predictable. Which is the most cost-efficient Amazon EC2 Pricing type that is most appropriate for this scenario?

Reserved Instances

You are working for a large financial firm and you are instructed to set up a Linux bastion host. It will allow access to the Amazon EC2 instances running in their VPC. For security purposes, only the clients connecting from the corporate external public IP address 175.45.116.100 should have SSH access to the host. Which is the best option that can meet the customer's requirement?

Security Group Inbound Rule: Protocol - TCP. Port Range - 22, Source 175.45.116.100/32

Your IT Manager instructed you to set up a bastion host in the cheapest, most secure way, and that you should be the only person that can access it via SSH. Which of the following steps would satisfy your IT Manager's request?

Set up a small EC2 instance and a security group which only allows access on port 22 via your IP address

A company is hosting EC2 instances that are on non-production environment and processing non-priority batch loads, which can be interrupted at any time. What is the best instance purchasing option which can be applied to your EC2 instances in this case?

Spot Instances

The media company that you are working for has a video transcoding application running on Amazon EC2. Each EC2 instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. This application has a large backlog of videos which need to be transcoded. Your manager would like to reduce this backlog by adding more EC2 instances, however, these instances are only needed until the backlog is reduced. In this scenario, which type of Amazon EC2 instance is the most cost-effective type to use without sacrificing performance?

Spot instances

You are working as a Solutions Architect for a leading airline company where you are building a decoupled application in AWS using EC2, Auto Scaling group, S3 and SQS. You designed the architecture in such a way that the EC2 instances will consume the message from the SQS queue and will automatically scale up or down based on the number of messages in the queue. In this scenario, which of the following statements is false about SQS?

Standard queues preserve the order of messages.

You are working for a tech company that uses a lot of EBS volumes in their EC2 instances. An incident occurred that requires you to delete the EBS volumes and then re-create them again. What step should you do before you delete the EBS volumes?

Store a snapshot of the volume.

You are a Solutions Architect for a global news company. You are configuring a fleet of EC2 instances in a subnet which currently is in a VPC with an Internet gateway attached. All of these EC2 instances can be accessed from the Internet. You then launch another subnet and launch an EC2 instance in it, however you are not able to access the EC2 instance from the Internet. What could be the possible reasons for this issue?

The Amazon EC2 instance does not have a public IP address associated with it. The route table is not configured properly to send traffic from the EC2 instance to the Internet through the Internet gateway.

You are working as a Cloud Engineer for a top aerospace engineering firm. One of your tasks is to set up a document storage system using S3 for all of the engineering files. In Amazon S3, which of the following statements are true?

The total volume of data and number of objects you can store are unlimited. The largest object that can be uploaded in a single PUT is 5 GB.

You are working for a FinTech startup as their AWS Solutions Architect. You deployed an application on different EC2 instances with Elastic IP addresses attached for easy DNS resolution and configuration. These servers are only accessed from 8 AM to 6 PM and can be stopped from 6 PM to 8 AM for cost efficiency using Lambda with the script that automates this based on tags. Which of the following will occur when an EC2-VPC instance with an associated Elastic IP is stopped and started?

The underlying host for the instance is possibly changed. All data on the attached instance-store devices will be lost.

You are automating the creation of EC2 instances in your VPC. Hence, you wrote a python script to trigger the Amazon EC2 API to request 50 EC2 instances in a single Availability Zone. However, you noticed that after 20 successful requests, subsequent requests failed. What could be a reason for this issue and how would you resolve it?

There is a soft limit of 20 instances per region which is why subsequent requests failed. Just submit the limit increase form to AWS and retry the failed requests once approved.

An online job site is using NGINX for its application servers hosted in EC2 instances and MongoDB Atlas for its database-tier. MongoDB Atlas is a fully automated third-party cloud service which is not provided by AWS, but supports VPC peering to connect to your VPC. Which of the following items are invalid VPC peering configurations?

Transitive Peering Edge to Edge routing via a gateway

A travel company has a suite of web applications hosted in an Auto Scaling group of On-Demand EC2 instances behind an Application Load Balancer that handles traffic from various web domains such as i-love-manila.com, i-love-boracay.com, i-love-cebu.com and many others. To improve security and lessen the overall cost, you are instructed to secure the system by allowing multiple domains to serve SSL traffic without the need to reauthenticate and reprovision your certificate everytime you add a new domain. This migration from HTTP to HTTPS will help improve their SEO and Google search ranking. Which of the following is the most cost-effective solution to meet the above requirement?

Upload all SSL certificates of the domains in the ALB using the console and bind multiple certificates to the same secure listener on your load balancer. ALB will automatically choose the optimal TLS certificate for each client using Server Name Indication (SNI).

A music company is storing data on Amazon Simple Storage Service (S3). The company's security policy requires that data are encrypted at rest. Which of the following methods can achieve this?

Use Amazon S3 server-side encryption with customer-provided keys. Encrypt the data on the client-side before ingesting to Amazon S3 using their own master key.

You are designing a social media website for a startup company and the founders want to know the ways to mitigate distributed denial-of-service (DDoS) attacks to their website. Which of the following are not viable mitigation techniques?

Use Dedicated EC2 instances to ensure that each instance has the maximum performance possible. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.

An online stocks trading application that stores financial data in an S3 bucket has a lifecycle policy that moves older data to Glacier every month. There is a strict compliance requirement where a surprise audit can happen at anytime and you should be able to retrieve the required data in under 15 minutes under all circumstances. Your manager instructed you to ensure that retrieval capacity is available when you need it and should handle up to 150 MB/s of retrieval throughput. Which of the following should you do to meet the above requirement?

Use Expedited Retrieval to access the financial data. Purchase provisioned retrieval capacity.

You are a new Solutions Architect working for a financial company. Your manager wants to have the ability to automatically transfer obsolete data from their S3 bucket to a low cost storage system in AWS. What is the best solution you can provide to them?

Use Lifecycle Policies in S3 to move obsolete data to Glacier.

A document sharing website is using AWS as its cloud infrastructure. Free users can upload a total of 5 GB data while premium users can upload as much as 5 TB. Their application uploads the user files, which can have a max file size of 1 TB, to an S3 Bucket. In this scenario, what is the best way for the application to upload the large files in S3?

Use Multipart Upload

Your customer has clients all across the globe that access product files stored in several S3 buckets, which are behind each of their own CloudFront web distributions. They currently want to deliver their content to a specific client, and they need to make sure that only that client can access the data. Currently, all of their clients can access their S3 buckets directly using an S3 URL or through their CloudFront distribution. Which of the following options should you implement to meet the above requirements?

Use S3 pre-signed URLs to ensure that only their client can access the files. Remove permission to use Amazon S3 URLs to read the files for anyone else.

A manufacturing company has EC2 instances running in AWS. The EC2 instances are configured with Auto Scaling. There are a lot of requests being lost because of too much load on the servers. The Auto Scaling is launching new EC2 instances to take the load accordingly yet, there are still some requests that are being lost. Which of the following is the most cost-effective solution to avoid losing recently submitted requests?

Use an SQS queue to decouple the application components

You are working as a Solutions Architect for a global game development company. They have a web application currently running on twenty EC2 instances as part of an Auto Scaling group. All twenty instances have been running at a maximum of 100% CPU Utilization for the past 40 minutes however, the Auto Scaling group has not added any additional EC2 instances to the group. What could be the root cause of this issue?

You already have 20 on-demand instances running in your entire VPC. The maximum size of your Auto Scaling group is set to twenty.

You were recently promoted to a technical lead role in your DevOps team. Your company has an existing VPC which is quite un-utilized for the past few months. The business manager instructed you to integrate your on-premises data center and your VPC. You explained the list of tasks that you'll be doing and mentioned about a Virtual Private Network (VPN) connection. The business manager is not tech-savvy but he is interested to know what a VPN is and its benefits. What is one of the major advantages of having a VPN in AWS?

You can connect your AWS cloud resources to on-premises data centers using VPN connections

You have a VPC that has a CIDR block of 10.31.0.0/27 which is connected to your on-premises data center. There was a requirement to create a Lambda function that will process massive amounts of cryptocurrency transactions every minute and then store the results to EFS. After you set up the serverless architecture and connected Lambda function to your VPC, you noticed that there is an increase in invocation errors with EC2 error types such as EC2ThrottledException on certain times of the day. Which of the following are the possible causes of this issue?

You only specified one subnet in your Lambda function configuration. That single subnet runs out of available IP addresses and there is no other subnet or Availability Zone which can handle the peak load. Your VPC does not have sufficient subnet ENIs or subnet IPs.

In Amazon EC2, you can manage your instances from the moment you launch them up to their termination. You can flexibly control your computing costs by changing the EC2 instance state. Which of the following statements is true regarding EC2 billing?

You will be billed when your On-Demand instance is preparing to hibernate with a stopping state. You will be billed when your Reserved instance is in terminated state.

You are working as an IT Consultant for a large media company where you are tasked to design a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this S3 bucket to immediately receive over 2000 PUT requests and 3500 GET requests per second at peak hour. What should you do to ensure optimal performance?

c) performance at this scale.