[Oct 11, 2021] New 2021 Amazon AWS-Solutions-Architect-Associate Exam Dumps with PDF from Prep4sureExam (Updated 625 Questions) [Q120-Q141]

New 2021 AWS-Solutions-Architect-Associate exam questions Welcome to download the newest Prep4sureExam AWS-Solutions-Architect-Associate PDF dumps (625  Q&As)

P.S. Free 2021 AWS Certified Solutions Architect AWS-Solutions-Architect-Associate  dumps are available on Google Drive shared by Prep4sureExam

NEW QUESTION 120
A company's website receives 50,000 requests each second. The company wants to use multiple applications to analyze the navigation patterns of the website users so that the experience can be personalized. Which AWS services or feature should a solutions architect use to collect page clicks for the website and process them sequentially for each user?

• A. Amazon Simple Queue Service (Amazon SQS) FIFO queue
• B. Amazon Simple Queue Service (Amazon SQS) standard queue
• C. Amazon Kinesis Data Streams
• D. AWS CloudTrail

Answer: C

 

NEW QUESTION 121
A company's website provides users with downloadable historical performance reports. The website needs a solution that will scale to meet the company's website demands globally. The solution should be cost effective, limit the? provisioning of Into and provide the fastest possible response time.
Which combination should a solutions architect recommend to meet these requirements?

• A. AWS Lambda and Amazon DynamoDB
• B. Amazon CloudFront and Amazon S3
• C. Amazon Route 53 with internal Application Load Balances
• D. Application Load Balancer with Amazon EC2 Auto Scaling

Answer: B

 

NEW QUESTION 122
You need to set up a security certificate for a client's e-commerce website as it will use the HTTPS protocol. Which of the below AWS services do you need to access to manage your SSL server certificate?

• A. Amazon Route 53
• B. AWS Directory Service
• C. AWS Identity & Access Management
• D. AWS CloudFormation

Answer: C

Explanation:
AWS Identity and Access Management (IAM) is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS.
All your SSL server certificates are managed by AWS Identity and Access management (IAM).
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html

 

NEW QUESTION 123
All Amazon EC2 instances are assigned two IP addresses at launch. Which are those?

• A. A private IP address and a public IP address
• B. 2 Elastic IP addresses
• C. A private IP address and an Elastic IP address
• D. A public IP address and an Elastic IP address

Answer: A

Explanation:
In Amazon EC2-Classic every instance is given two IP Addresses: a private IP address and a public IP address Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#differences

 

NEW QUESTION 124
You are designing a web application that stores static assets in an Amazon Simple Storage Service (S3) bucket. You expect this bucket to immediately receive over 150 PUT requests per second. What should you do to ensure optimal performance?

• A. Use multi-part upload.
• B. Add a random prefix to the key names.
• C. Amazon S3 will automatically manage performance at this scale.
• D. Use a predictable naming scheme, such as sequential numbers or date time sequences, in the key names

Answer: C

 

NEW QUESTION 125
An organization is setting up a highly scalable application using Elastic Beanstalk. The organization is using ELB and RDS with VPC. The organization has public and private subnets within the cloud.
Which of the below mentioned configurations will not work in this scenario?

• A. The configuration must have two private subnets in separate AZs.
• B. The configuration must have public and private subnets in the same AZ.
• C. The EC2 instance should have a public IP assigned to it.
• D. To setup RDS in a private subnet and ELB in a public subnet.

Answer: C

Explanation:
The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. If the organization is planning to implement a scalable secure application using RDS, VPC and ELB the organization should follow below mentioned configurations:
Setup RDS in a private subnet Setup ELB in a public subnet
Since RDS needs a subnet group, the organization should have two private subnets in the same zone The ELB needs private and public subnet to be part of same AZs It is not required that instances should have a public IP assigned to them. The instances can be a part of a private subnet and the organization can setup a corresponding routing mechanism.
Reference:
http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-rds.html

 

NEW QUESTION 126
Which of the following items are required to allow an application deployed on an EC2 instance to write data to a DynamoDB table? Assume that no security keys are allowed to be stored on the EC2 instance.
(Choose 2 answers)

• A. Add an lAM User to a running EC2 instance.
• B. launch an EC2 Instance with the lAM Role included in the launch configuration.
• C. Create an lAM Role that allows write access to the DynamoDB tab le.
• D. Create an lAM User that al lows write access to the Dynamo DB tab le.
• E. Add an lAM Role to a running EC2 instance.

Answer: B,C

Explanation:
Reference:
http://docs.aws.amazon.com/amazondynamodb/latest/deveIoperguide/TicTacToe.Phase3.html

 

NEW QUESTION 127
A company's production application runs online transaction processing (OLTP) transactions on an Amazon RDS MySQL DB instance The company is launching a new reporting tool that will access the same data The reporting tool must be highly available and not impact the performance of the production application.
How can this be achieved?

• A. Create a Multi-AZ RDS Read Replica of the production RDS DB instance
• B. Create a Single-AZ RDS Read Replica of the production RDS DB instance Create a second Single-AZ RDS Read Replica from the replica
• C. Create hourly snapshots of the production RDS DB instance
• D. Create multiple RDS Read Replicas of the production RDS DB instance Place the Read Replicas in an Auto Scaling group

Answer: A

Explanation:
Reference:
https://aws.amazon.com/blogs/database/best-storage-practices-for-running-production-workloadson-hosted-datab Amazon RDS Read Replicas Now Support Multi-AZ Deployments Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. In addition to providing scalability for read-heavy workloads, Read Replicas can be promoted to become a standalone database instance when needed.
Amazon RDS Multi-AZ deployments provide enhanced availability for database instances within a single AWS Region. With Multi-AZ, your data is synchronously replicated to a standby in a different Availability Zone (AZ). In the event of an infrastructure failure, Amazon RDS performs an automatic failover to the standby, minimizing disruption to your applications.
You can now use Read Replicas with Multi-AZ as part of a disaster recovery (DR) strategy for your production databases. A well-designed and tested DR plan is critical for maintaining business continuity after a disaster. A Read Replica in a different region than the source database can be used as a standby database and promoted to become the new production database in case of a regional disruption.
https://aws.amazon.com/about-aws/whats-new/2018/01/amazon-rds-read-replicas-now-support-multi-az-d cess.

 

NEW QUESTION 128
Your company has an on-premises multi-tier PHP web application, which recently experienced downtime due to a large burst In web traffic due to a company announcement Over the coming days, you are expecting similar announcements to drive similar unpredictable bursts, and are looking to find ways to quickly improve your infrastructures ability to handle unexpected increases in traffic.
The application currently consists of 2 tiers A web tier which consists of a load balancer and several Linux Apache web servers as well as a database tier which hosts a Linux server hosting a MySQL database.
Which scenario below will provide full site functionality, while helping to improve the ability of your application in the short timeframe required?

• A. Migrate to AWS Use VM import 'Export to quickly convert an on-premises web server to an AMI create an Auto Scaling group, which uses the imported AMI to scale the web tier based on incoming traffic Create an RDS read replica and setup replication between the RDS instance and on-premises MySQL server to migrate the database.
• B. Hybrid environment Create an AMI which can be used of launch web serfers in EC2 Create an Auto Scaling group which uses the * AMI to scale the web tier based on incoming traffic Leverage Elastic Load Balancing to balance traffic between on-premises web servers and those hosted in AWS.
• C. Offload traffic from on-premises environment Setup a CloudFront distribution and configure CloudFront to cache objects from a custom origin Choose to customize your object cache behavior, and select a TTL that objects should exist in cache.
• D. Failover environment: Create an S3 bucket and configure it tor website hosting Migrate your DNS to Route53 using zone (lie import and leverage Route53 DNS failover to failover to the S3 hosted website.

Answer: D

 

NEW QUESTION 129
An on-premises workload consists of a single server with an Apache instance and a MYSQL database. The Solutions Architect plans to migrate the on-premises database to MYSQL on Amazon RDS using multiple Availability Zones.
What solution ensure that the remaining workload will be highly available?

• A. Provision the workload in an Auto Scaling group across Availability Zones, with a minimum of two servers. Use a Route 53 DNS simple routing policy to direct traffic to healthy servers
• B. Provision the workload in an Auto Scaling group, with a minimum of two servers. Use an Amazon Route 53 DNS-weighted routing policy to direct traffic to healthy servers
• C. Provision the workload in an Auto Scaling group across Availability Zones, with a minimum of two Amazon EC2 instances. Use an Application Load Balancer in front of an Auto Scaling group
• D. Provision at least two EC2 instances across two separate regions. Use an Application Load Balancer to direct traffic between the instances

Answer: A

 

NEW QUESTION 130
A Solutions Architect is concerned that the current security group rules for a database tier are too permissive and may permit requests that should be restricted. Below are the current security group permissions for the database tier:
Protocol: TCP
Port Range: 1433 (MS SQL)
Source: ALL
Currently, the only identified resource that needs to connect to the databases is the application tier consisting of an Auto Scaling group of EC2 instances.
What changes can be made to this security group that would offer the users LEAST privilege?

• A. Change the source to the VPC CIDR block.
• B. Change the source to the application instances IDs.
• C. Change the source to the security group ID attached to the application instances.
• D. Change the source to -1 to remove source IP addresses previously unseen.

Answer: C

 

NEW QUESTION 131
A company has a two-tier application architecture that runs in public and private subnets Amazon EC2 instances running the web application are in the public subnet and a database runs on the private subnet The web application instances and the database are running in a single Availability Zone (AZ).
Which combination of steps should a solutions architect take to provide high availability for this architecture?
(Select TWO.)

• A. Create new public and private subnets in a new AZ Create a database using Amazon EC2 in one AZ
• B. Create new public and private subnets in the same VPC each in a new AZ Migrate the database to an Amazon RDS multi-AZ deployment
• C. Create an Amazon EC2 Auto Scaling group and Application Load Balancer spanning multiple AZs
• D. Add the existing web application instances to an Auto Scaling group behind an Application Load Balancer
• E. Create new public and private subnets in the same AZ for high availability

Answer: B,C

Explanation:
Explanation
You can take advantage of the safety and reliability of geographic redundancy by spanning your Auto Scaling group across multiple Availability Zones within a Region and then attaching a load balancer to distribute incoming traffic across those zones. Incoming traffic is distributed equally across all Availability Zones enabled for your load balancer.
Note
An Auto Scaling group can contain Amazon EC2 instances from multiple Availability Zones within the same Region. However, an Auto Scaling group can't contain instances from multiple Regions.
When one Availability Zone becomes unhealthy or unavailable, Amazon EC2 Auto Scaling launches new instances in an unaffected zone. When the unhealthy Availability Zone returns to a healthy state, Amazon EC2 Auto Scaling automatically redistributes the application instances evenly across all of the zones for your Auto Scaling group. Amazon EC2 Auto Scaling does this by attempting to launch new instances in the Availability Zone with the fewest instances. If the attempt fails, however, Amazon EC2 Auto Scaling attempts to launch in other Availability Zones until it succeeds.
You can expand the availability of your scaled and load-balanced application by adding an Availability Zone to your Auto Scaling group and then enabling that zone for your load balancer. After you've enabled the new Availability Zone, the load balancer begins to route traffic equally among all the enabled zones.
High Availability (Multi-AZ) for Amazon RDS
Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments.
Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for MariaDB, MySQL, Oracle, and PostgreSQL DB instances use Amazon's failover technology. SQL Server DB instances use SQL Server Database Mirroring (DBM) or Always On Availability Groups (AGs).
In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption. For more information on Availability Zones, see Regions, Availability Zones, and Local Zones

https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-add-availability-zone.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.MultiAZ.html

 

NEW QUESTION 132
Your application provides data transformation services. Files containing data to be transformed are first uploaded to Amazon S3 and then transformed by a fleet of spot EC2 instances. Files submitted by your premium customers must be transformed with the highest priority. How should you implement such a system?

• A. Use a DynamoDB table with an attribute defining the priority level. Transformation instances will scan the table for tasks, sorting the results by priority level.
• B. Use a single SQS queue. Each message contains the priority level. Transformation instances poll high-priority messages first.
• C. Use two SQS queues, one for high priority messages, the other for default priority. Transformation instances first poll the high priority queue; if there is no message, they poll the default priority queue.
• D. Use Route 53 latency based-routing to send high priority tasks to the closest transformation instances.

Answer: C

 

NEW QUESTION 133
A company hosts more than 300 global websites and applications. The company requires a platform to analyze more than 30 TB of clickstream data each day. What should a solutions architect do to transmit and process the clickstream data?

• A. Create an Auto Scaling group of Amazon EC2 instances to process the data and send it to an Amazon S3 data lake for Amazon Redshift to use for analysis.
• B. Design an AWS Data Pipeline to archive the data to an Amazon S3 bucket and run an Amazon EMR cluster with the data to generate analytics.
• C. Cache the data to Amazon CloudFront. Store the data in an Amazon S3 bucket. When an object is added to the S3 bucket, run an AWS Lambda function to process the data for analysis.
• D. Collect the data from Amazon Kinesis Data Streams. Use Amazon Kinesis Data firehose to transmit the data to an Amazon S3 data lake. Load the data in Amazon Redshift for analysis.

Answer: C

 

NEW QUESTION 134
A company is using an Amazon S3 bucket located in us-west-2 to serve videos to their customers. Their customers are located all around the world and the videos are requested a lot during peak hours. Customers in Europe complain about experiencing slow downloaded speeds, and during peak hours, customers in all locations report experiencing HTTP 500 errors.
What can a Solutions Architect do to address these issues?

• A. Replicate the bucket in eu-west-1 and use an Amazon Route 53 failover routing policy to determine which bucket it should serve the request to.
• B. Place an elastic load balancer in front of the Amazon S3 bucket to distribute the load during peak hours.
• C. Use an Amazon Route 53 weighted routing policy for the CloudFront domain name to distribute the GET request between CloudFront and the Amazon S3 bucket directly.
• D. Cache the web content with Amazon CloudFront and use all Edge locations for content delivery.

Answer: C

 

NEW QUESTION 135
Which one of the below doesn't affect Amazon CloudFront billing?

• A. Requests
• B. Dedicated IP SSL Certificates
• C. Data Transfer Out
• D. Distribution Type

Answer: D

Explanation:
Amazon CloudFront is a web service for content delivery. CloudFront delivers your content using a global network of edge locations and works seamlessly with Amazon S3 which durably stores the original and definitive versions of your files.
Amazon CloudFront billing is maily affected by
Data Transfer Out
Edge Location Traffic Distribution
Requests
Dedicated IP SSL Certificates
Reference: http://calculator.s3.amazonaws.com/index.html

 

NEW QUESTION 136
A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption Due to new compliance requirements, all existing and new data in this database must be encrypted How should this be accomplished?

• A. Create an RDS read replica with encryption at rest enabled Promote the read replica to master and switch the application over to the new master Delete the old RDS instance.
• B. Take a snapshot of the RDS instance Create an encrypted copy of the snapshot Restore the RDS instance from the encrypted snapshot
• C. Enable RDS Multi-AZ mode with encryption at rest enabled Perform a failover to the standby instance to delete the original instance
• D. Create an Amazon S3 bucket with server-side encryption enabled Move all the data to Amazon S3 Delete the RDS instance

Answer: B

Explanation:
Explanation
How do I encrypt Amazon RDS snapshots?
The following steps are applicable to Amazon RDS for MySQL, Oracle, SQL Server, PostgreSQL, or MariaDB.
Important: If you use Amazon Aurora, you can restore an unencrypted Aurora DB cluster snapshot to an encrypted Aurora DB cluster if you specify an AWS Key Management Service (AWS KMS) encryption key when you restore from the unencrypted DB cluster snapshot. For more information, see Limitations of Amazon RDS Encrypted DB Instances.
Open the Amazon RDS console, and then choose Snapshots from the navigation pane.
Select the snapshot that you want to encrypt.
Under Snapshot Actions, choose Copy Snapshot.
Choose your Destination Region, and then enter your New DB Snapshot Identifier.
Change Enable Encryption to Yes.
Select your Master Key from the list, and then choose Copy Snapshot.
After the snapshot status is available, the Encrypted field will be True to indicate that the snapshot is encrypted.
You now have an encrypted snapshot of your DB. You can use this encrypted DB snapshot to restore the DB instance from the DB snapshot.
https://aws.amazon.com/premiumsupport/knowledge-center/encrypt-rds-snapshots/

 

NEW QUESTION 137
A solutions architect is designing a system that will store personally identifiable information (Pll) in an Amazon S3 bucket. Due to compliance and regulatory requirements, both the master keys and the unencrypted data should never be sent to AWS.
Which Amazon S3 encryption technique should the architect choose?

• A. Amazon S3 server-side encryption with AWS KMS managed encryption keys (SSE-KMS)
• B. Amazon S3 client-side encryption with a client-side master key
• C. Amazon S3 server-side encryption with customer-provided encryption keys (SSE-C)
• D. Amazon S3 client-side encryption with an AWS Key Management Service {AWS KMS) managed customer master key (CMK)

Answer: C

 

NEW QUESTION 138
A company has application services that have been containerized and deployed on multiple Amazon EC2 instances with public IPs. An Apache Kafka cluster has been deployed to the EC2 instances. A PostgreSQL database has been migrated to Amazon RDS for PostgreSQL. The company expects a significant increase of orders on its platform when a new version of its flagship product is released.
What changes to the current architecture will reduce operational overhead and support the product release?

• A. Deploy the application on a Kubernetes cluster created on the EC2 instances behind an Application Load Balancer. Deploy the DB instance in Multi-AZ mode and enable storage auto scaling. Create an Amazon Managed Streaming for Apache Kafka cluster and configure the application services to use the cluster. Store static content in Amazon S3 behind an Amazon CloudFront distribution.
• B. Create an EC2 Auto Scaling group behind an Application Load Balancer. Deploy the DB instance in Multi-AZ mode and enable storage auto scaling. Create Amazon Kinesis data streams and configure the application services to use the data streams. Store and serve static content directly from Amazon S3.
• C. Deploy the application on Amazon Elastic Kubernetes Service (Amazon EKS) with AWS Fargate and enable auto scaling behind an Application Load Balancer. Create additional read replicas for the DB instance. Create an Amazon Managed Streaming for Apache Kafka cluster and configure the application services to use the cluster. Store static content in Amazon S3 behind an Amazon CloudFront distribution.
• D. Create an EC2 Auto Scaling group behind an Application Load Balancer. Create additional read replicas for the DB instance. Create Amazon Kinesis data streams and configure the application services to use the data streams. Store and serve static content directly from Amazon S3.

Answer: B

 

NEW QUESTION 139
An operations team has a standard that states IAM policies should not be applied directly to users. Some new members have not been following this standard. The operation manager needs a way to easily identify the users with attached policies.
What should a solutions architect do to accomplish this?

• A. Monitor using AWS CloudTrail
• B. Publish 1AM user changes lo Amazon SNS
• C. Create an AWS Config rule to run daily
• D. Run AWS Lambda when a user is modified

Answer: A

 

NEW QUESTION 140
MySQL installations default to port _____.

• A. 0
• B. 1
• C. 2
• D. 3

Answer: C

 

NEW QUESTION 141
......

AWS-Solutions-Architect-Associate exam questions from Prep4sureExam dumps: https://www.prep4sureexam.com/AWS-Solutions-Architect-Associate-dumps-torrent.html (625  Q&As)

Free 2021 AWS Certified Solutions Architect AWS-Solutions-Architect-Associate dumps are available on Google Drive shared by Prep4sureExam: https://drive.google.com/open?id=17T0VZCr-gjNL76ZVqsx96DpYk0OnJFcj