AWS Certified Solutions Architect Practice Tests SAA-C01 Exam ««« click here 1000+ Questions
Q101. A restaurant reservation application needs the ability to maintain a waiting list. When a customer tries to reserve a table, and none are available, the customer must be put on the waiting list, and the application must notify the customer when a table becomes free.
What service should the Solutions Architect recommend to ensure that the system respects the order in which the customer requests are put onto the waiting list?
- Amazon SNS
- AWS Lambda with sequential dispatch
- A FIFO queue in Amazon SQS
- A standard queue in Amazon SQS
Q102. A Solutions Architect is designing a solution for a dynamic website, “example.com,” that is deployed in two regions: Tokyo, Japan and Sydney, Australia. The Architect wants to ensure that users located in Australia are directed to the website deployed in the Sydney region and users located in Japan are redirected to the website in the Tokyo region when they browse to “example.com”.
Which service should the Architect use to achieve this goal with the LEAST administrative effort?
- Amazon CloudFront with geolocation routing
- Amazon Route 53
- Application Load Balancer
- Network Load Balancer deployed across multiple regions
Q103. A company has a popular multi-player mobile game hosted in its on-premises datacenter. The current infrastructure can no longer keep up with demand and the company is considering a move to the cloud.
Which solution should a Solutions Architect recommend as the MOST scalable and cost-effective solution to meet these needs?
- Amazon EC2 and an Application Load Balancer
- Amazon S3 and Amazon CloudFront
- Amazon EC2 and Amazon Elastic Transcoder
- AWS Lambda and Amazon API Gateway
Q104. A company has instances in private subnets that require outbound access to the internet.
- Assigning a public IP address to the instance.
- Updating the route table associated with the subnet to point internet traffic through a NAT gateway.
- Updating the security group associated with the subnet to allow ingress on 0.0.0.0/0.
- Routing traffic from the instance through a VPC endpoint that has internet access.
Q105. An organization regularly backs up their application data. The application backups are required to be stored on Amazon S3 for a certain amount of time. The backups should be accessed instantly in the event of a disaster recovery.
Which of the following Amazon S3 storage classes would be the MOST cost-effective option to meet the needs of this scenario?
- Glacier Storage Class
- Standard Storage Class
- Standard ?Infrequent Access (IA)
- Reduced Redundancy Class (RRS)
Q106. An organization runs an online voting system for a television program. During broadcasts, hundreds of thousands of votes are submitted within minutes and sent to a front-end fleet of auto- scaled Amazon EC2 instances. The EC2 instances push the votes to an RDBMS database. The database is unable to keep up with the front-end connection requests.
What is the MOST efficient and cost-effective way of ensuring that votes are processed in a timely manner?
- Each front-end node should send votes to an Amazon SQS queue. Provision worker instances to read the SQS queue and process the message information into RDBMS database.
- As the load on the database increases, horizontally-scale the RDBMS database with additional memory-optimized instances. When voting has ended, scale down the additional instances.
- Re-provision the RDBMS database with larger, memory-optimized instances. When voting ends, re-provision the back-end database with smaller instances.
- Send votes from each front-end node to Amazon DynamoDB. Provision worker instances to process the votes in DynamoDB into the RDBMS database.
Q107. An application publishes Amazon SNS messages in response to several events. An AWS Lambda function subscribes to these messages. Occasionally the function will fail while processing a message, so the original event message must be preserved for root cause analysis.
What architecture will meet these requirements without changing the workflow?
- Subscribe an Amazon SQS queue to the Amazon SNS topic and trigger the Lambda function from the queue.
- Configure Lambda to write failures to an SQS Dead Letter Queue.
- Configure a Dead Letter Queue for the Amazon SNS topic.
- Configure the Amazon SNS topic to invoke the Lambda function synchronously.
Q108. An application uses an Amazon RDS MySQL cluster for the database layer. Database growth requires periodic resizing of the instance. Currently, administrators check the available disk space manually once a week.
How can this process be improved?
- Use the largest instance type for the database.
- Use AWS CloudTrail to monitor storage capacity.
- Use Amazon CloudWatch to monitor storage capacity.
- Use Auto Scaling to increase storage size.
Q109. A customer owns a MySQL database that is accessed by various clients who expect, at most, 100 ms latency on requests. Once a record is stored in the database, it rarely changed. Clients only access one record at a time.
Database access has been increasing exponentially due to increased client demand. The resultant load will soon exceed the capacity of the most expensive hardware available for purchase. The customer wants to migrate to AWS, and is willing to change database systems. Which service would alleviate the database load issue and offer virtually unlimited scalability for the future?
- Amazon RDS
- Amazon DynamoDB
- Amazon Redshift
- AWS Data Pipeline
Q110. A business team requires a structured storage solution to store all of a company’s historical sales data. Currently there are 4 TB of data, which will grow to hundreds of terabytes within a few years. The team must be able to regularly run queries against the data using current business intelligence tools. Fast performance is required despite the dataset growth.
Which solution should the company use?
- Amazon Redshift
- Amazon Aurora
- Amazon DynamoDB
- Amazon S3
Q111. A prediction process requires access to a trained model that is stored in an Amazon S3 bucket. The process takes a few seconds to process an image and make a prediction. The process takes a few seconds to process an image and make a prediction. The process is not overly resource- intensive, does not require any specialized hardware, and takes less than 512 MB of memory to run.
What would be the MOST effective compute solution for this use case?
- Amazon ECS
- Amazon EC2 Spot instances
- AWS Lambda functions
- AWS Elastic Beanstalk
Q112. An application that runs on an Amazon EC2 instance must make secure calls to Amazon S3 buckets.
Which steps can a Solutions Architect take to ensure that the calls are made without exposing credentials?
- Generate an access key ID and a secret key, and assign an IAM role with least privilege.
- Create an IAM policy granting access to all services and assign it to the Amazon EC2 instance profile.
- Create an IAM role granting least privilege and assign it to the Amazon EC2 instance profile.
- Generate temporary access keys to grant users temporary access to the Amazon EC2 instance.
Q113. A Solutions Architect needs to design a centralized logging solution for a group of web applications running on Amazon EC2 instances. The solution requires minimal development effort due to budget constraints.
Which of the following should the Architect recommend?
- Create a crontab job script in each instance to push the logs regularly to Amazon S3.
- Install and configure Amazon CloudWatch Logs agent in the Amazon EC2 instances.
- Enable Amazon CloudWatch Events in the AWS Management Console.
- Enable AWS CloudTrail to map all API calls invoked by the applications.
Q114. A company is using Amazon S3 as its local repository for weekly analysis reports. One of the company-wide requirements is to secure data at rest using encryption. The company chose Amazon S3 server-side encryption. The company wants to know how the object is decrypted when a GET request is issued.
Which of the following answers this question?
- The user needs to place a PUT request to decrypt the object.
- The user needs to decrypt the object using a private key.
- Amazon S3 manages encryption and decryption automatically.
- Amazon S3 provides a server-side key for decrypting the object.
Q115. A company is looking for a fully-managed solution to store its players’ state information for a rapidly growing game. The application runs on multiple Amazon EC2 nodes, which can scale according to the incoming traffic. The request can be routed to any of the nodes, therefore, the state information must be stored in a centralized database. The players’ state information needs to be read with strong consistency and needs conditional updates for any changes.
Which service would be MOST cost-effective, and scale seamlessly?
- Amazon S3
- Amazon DynamoDB
- Amazon RDS
- Amazon Redshift
Q116. An application is running on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. Four instances are required to handle a predictable traffic load. The Solutions Architect wants to ensure that the operation is fault-tolerant up to the loss of one Availability Zone.
Which is the MOST cost-efficient way to meet these requirements?
- Deploy two instances in each of three Availability Zones.
- Deploy two instances in each of two Availability Zones.
- Deploy four instances in each of two Availability Zones.
- Deploy one instance in each of three Availability Zones.
Q117. A Solutions Architect is designing a three-tier web application that includes an Auto Scaling group of Amazon EC2 instances running behind an ELB Classic Load Balancer. The security team requires that all web servers must be accessible only through the Load Balancer, and that none of the web servers are directly accessible from the Internet.
How should the Architect meet these requirements?
- Use a Load Balancer installed on an Amazon EC2 instance.
- Configure the web servers’ security group to deny traffic from the public Internet.
- Create an Amazon CloudFront distribution in front of the ELB Classic Load Balancer.
- Configure the web tier security group to allow only traffic from the ELB Classic Load Balancer.
Q118. A Solutions Architect is designing a web application that will be hosted on Amazon EC2 instances in a public subnet. The web application uses a MySQL database in a private subnet. The database should be accessible to database administrators.
Which of the following options should the Architect recommend? (Choose two.)
- Create a bastion host in a public subnet, and use the bastion host to connect to the database.
- Log in to the web servers in the public subnet to connect to the database.
- Perform DB maintenance after using SSH to connect to the NAT Gateway in a public subnet.
- Create an IPSec VPN tunnel between the customer site and the VPC, and use the VPN tunnel to connect to the database.
- Attach an Elastic IP address to the database.
Q119. A web application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation the application writes 50 KB/s to the tale, but can scale up to 500 KB/ s during peak hours. The application is currently throttling errors from the DynamoDB table during peak hours.
What is the MOST cost-efficient change to support the increased traffic with minimal changes to the application?
- Use Amazon SQS to manage the write operations to the DynamoDB table.
- Change DynamoDB table configuration to 600 write capacity units.
- Increase the number of Amazon EC2 instances to support the traffic.
- Configure Amazon DynamoDB Auto Scaling to handle the extra demand.
Q120. One company wants to share the contents of their Amazon S3 bucket with another company. Security requirements mandate that only the other company’s AWS accounts have access to the contents of the Amazon S3 bucket.
Which Amazon S3 feature will allow secure access to the Amazon S3 bucket?
- Bucket policy
- Object tagging
- CORS configuration
- Lifecycle policy
Q121. A Solutions Architect is designing a service that must have four Amazon EC2 instances running between 8 AM and 6 PM daily. The service requires one EC2 instance outside of those hours.
What is the MOST cost-effective way to provide enough compute?
- Use one Amazon EC2 Reserved Instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
- Use one Amazon EC2 On-Demand instance and use an Auto Scaling group to add and remove EC2 instances based on CPU utilization.
- Use one Amazon EC2 On-Demand instance and use an Auto Scaling Group scheduled action to add three EC2 Spot instances at 7:30 AM and remove three instances at 6:10 PM.
- Use one Amazon EC2 Reserved Instance and use an Auto Scaling Group scheduled action to add three EC2 On-Demand instances at 7:30 AM and remove three instances at 6:10 PM.
Q122. A company plans to use an Amazon VPC to deploy a web application consisting of an elastic load balancer, a fleet of web and application servers, and an Amazon RDS MySQL database that should not be accessible from the Internet. The proposed design must be highly available and distributed over two Availability Zones.
What would be the MOST appropriate VPC design for this specific use case?
- Two public subnets for the elastic load balancer, two public subnets for the web servers, and two public subnets for Amazon RDS.
- One public subnet for the elastic load balancer, two private subnets for the web servers, and two private subnets for Amazon RDS.
- One public subnet for the elastic load balancer, one public subnet for the web servers, and one private subnet for the database.
- Two public subnets for the elastic load balancer, two private subnets for the web servers, and two private subnets for RDS.
Q123. A workload in an Amazon VPC consists of a single web server launched from a custom AMI.
Session state is stored in a database.
How should the Solutions Architect modify this workload to be both highly available and scalable?
- Create a launch configuration with a desired capacity of two web servers across multiple Availability Zones. Create an Auto Scaling group with the AMI ID of the web server image. Use Amazon Route 53 latency-based routing to balance traffic across the Auto Scaling group.
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple regions. Use an Application Load Balancer (ALB) to balance traffic across the Auto Scaling group.
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use an ALB to balance traffic across the Auto Scaling group.
- Create a launch configuration with the AMI ID of the web server image. Create an Auto Scaling group using the newly-created launch configuration, and a desired capacity of two web servers across multiple Availability Zones. Use Amazon Route 53 weighted routing to balance traffic across the Auto Scaling group.
Q124. A Solutions Architect is developing a new web application on AWS. The services must scale to support an increasing load. The Architect wants to focus on software development and deploying new features rather than provisioning or managing servers.
Which AWS service is appropriate?
- Auto Scaling
- Elastic Beanstalk
- EC2 Container Service
Q125. A company wants to migrate a three-tier web application to AWS. The company wants to control the placement of the instances and have visibility into underlying sockets and cores for licensing purposes.
Which compute model should a Solutions Architect choose to accomplish this task?
- EC2 Reserved Instances
- EC2 Spot Instances
- EC2 Dedicated Hosts
- EC2 Placement Groups
Q126. An application runs on multiple Amazon EC2 instances. Each running instance of the application must have access to a shared file system.
Where should the data be stored?
- Amazon S3
- Amazon DynamoDB
- Amazon EFS
- Amazon EBS
Q127. A Solutions Architect is designing a microservice to process records from Amazon Kinesis Streams. The metadata must be stored in Amazon DynamoDB. The microservice must be capable of concurrently processing 10,000 records daily as they arrive in the Kinesis stream.
The MOST scalable way to design the microservice is:
- As an AWS Lambda function.
- As a process on an Amazon EC2 instance.
- As a Docker container running on Amazon ECS.
- As a Docker container on an EC2 instance.
Q128. A university is running an internal web application on AWS that students can access from the university network to check their exam results. The web application runs on Amazon EC2 instances and pulls results from an Amazon DynamoDB table. Auto Scaling is currently configured to add a new web server when CPU is greater than 80% for 5 minutes. DynamoDB is configured to increase both read and write capacity units by five when utilization is greater than 80%. Exam results are released at 9:00 a.m. each Monday, and 80% of students, attempt to access their unique result within the first 30 minutes. Despite Auto Scaling being enabled, students are complaining of slow response times and errors when they view the site. There are no performance complaints after 9:30 a.m. on Monday.
Which recommendation should a Solutions Architect make to improve performance in a cost- effective manner?
- Scale out the EC2 instances to ensure that the environment scales up and down based on the highest load.
- Implement Amazon DynamoDB Accelerator to improve database performance and remove the need to scale the read/write units.
- Use a scheduled job to scale out EC2 before 9:00 a.m. on Monday and to scale down after 9:30
- Use Amazon CloudFront to cache web request and reduce the load on EC2 and DynamoDB.
Q129. As part of a migration strategy, a Solutions Architect needs to analyze workloads that can be optimized for performance and cost. The Solutions Architect has identified a stateless application that serves static content as a potential candidate to move to the cloud. The Solutions Architect has the flexibility to choose an identity solution between Facebook, Twitter, and Amazon.
Which AWS solution offers flexibility and ease of use, and the LEAST operational overhead for this migration?
- Use AWS Identity and Access Management (IAM) for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.
- Use a third-party solution for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.
- Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, Amazon API Gateway, and AWS Lambda.
- Use Amazon Cognito for managing identities, and migrate the application to run on Amazon S3, EC2 Spot Instances, and Amazon EC2.
Q130. A company needs to capture all client connection information from its Application Load Balancer every five minutes. This data will be used to analyze traffic patterns and troubleshoot the application.
How can a Solutions Architect meet this requirement?
- Enable AWS CloudTrail for the Application Load Balancer.
- Enable Access Logs on the Application Load Balancer.
- Install CloudWatch Agent on the Application Load Balancer.
- Enable CloudWatch metrics on the Application Load Balancer.
Q131. An application runs on EC2 instances behind an Elastic Load Balancing Application Load Balancer. The instances run in an EC2 Auto Scaling group across multiple Availability Zones. The application provides a RESTful interface with both synchronous and asynchronous operations. The asynchronous operations require up to 5 minutes to complete. Although the application must remain available at all times, after business hours, the traffic going to the application is greatly reduced and often results in the Auto Scaling group running the minimum number of On-Demand Instances.
What should the Solutions Architect recommend to optimize the cost of the environment after business hours?
- Change the Availability Zones in which the instances were created to another Availability Zone in the same region with a lower cost.
- Replace all On-Demand Instances with Spot Instances in the Auto Scaling group.
- Purchase Reserved Instances for the minimum number of Auto Scaling instances.
- Reduce the number of minimum instances to 0. New requests to the Application Load Balancer create new instances.
Q132. A Solutions Architect is designing a web application for document sharing. The users will upload documents that are then made available to other users. There will be tens of thousands of these documents.
What is the MOST cost-effective storage solution?
- Amazon EFS
- Amazon S3
- Amazon Glacier
- Amazon EBS
Q133. A Solutions Architect was tasked with reviewing several templates that build VPCs and ensuring that they meet specific security requirements. After reviewing the templates, the Architect realizes that all of the templates are missing important security best practices.
What should the Architect do to implement security best practices in an efficient manner?
- Use VPC peering to enforce network consistency
- Restrict users from deploying an AWS CloudFormation template
- Provide the teams a nested AWS CloudFormation template that builds the VPC correctly
- Create AWS Identity and Access Management (IAM) policies that enforce the corporate VPC architecture standards
Q134. A Solutions Architect has been given the following requirements for a company’s VPC:
The solution is a two-tiered application with a web tier and a database tier.
All web traffic to the environment must be directed from the Internet to an Application Load Balancer.
The web servers and the databases should not obtain public IP addresses or be directly accessible from the public Internet.
Because of security requirements, databases may not share a route table or subnet with any other service.
The environment must be highly available within the same VPC for all services.
What is the minimum number of subnets that the Solutions Architect will need based on these requirements and best practices?
Q135. An application currently stores objects in Amazon S3-Standard. The application accesses new objects frequently for one week. After one week, they are accessed occasionally for analysis batch jobs. A Solutions Architect has been asked to reduce storage costs for the application while allowing immediate access for batch jobs.
How can costs be reduced without reducing data durability?
- Create a lifecycle policy that moves Amazon S3 data to Amazon S3 One Zone-Infrequent Access storage after 7 days. After 30 days, move the data to Amazon Glacier.
- Keep the data on Amazon S3, and create a lifecycle policy to move S3 data to Amazon Glacier after 7 days.
- Move all Amazon S3 data to S3 Standard-Infrequent Access storage, and create a lifecycle policy to move the data to Amazon Glacier after 7 days.
- Keep the data on Amazon S3, then create a lifecycle policy to move the data to S3 Standard- Infrequent Access storage after 7 days.
Q136. A company is building a critical ingestion service on AWS that will receive 1,000 incoming events per second. The events must be processed in order, and no events may be lost. Multiple applications will need to process each event. The company will expose the service as RESTful calls through an API Gateway.
What should a Solutions Architect use to receive the events based on these requirements?
- Amazon Kinesis Data Stream
- Amazon DynamoDB
- Amazon SQS
- Amazon SNS
Q137. An AWS Lambda function requires access to an Amazon RDS for SQL Server instance. It is against company policy to store passwords in Lambda functions.
How can a Solutions Architect enable the Lambda function to retrieve the database password without violating company policy?
- Add an IAM policy for IAM database access to the Lambda execution role.
- Store a one-way hash of the password in the Lambda function.
- Have the Lambda function use the AWS Systems Manager Parameter Store.
- Connect to the Amazon RDS for SQL Server instance by using a role assigned to the Lambda function.
Q138. A company has two different types of reporting needs on their 200-GB data warehouse:
Data scientists run a small number of concurrent ad hoc SQL queries that can take several minutes each to run.
Display screens throughout the company run many fast SQL queries to populate dashboards.
Which design would meet these requirements with the LEAST cost?
- Replicate relevant data between Amazon Redshift and Amazon DynamoDB. Data scientists use Redshift. Dashboards use DynamoDB.
- Configure auto-replication between Amazon Redshift and Amazon RDS. Data scientists use Redshift.
Dashboards use RDS.
- Use Amazon Redshift for both requirements, with separate query queues configured in workload management.
- Use Amazon Redshift for Data Scientists. Run automated dashboard queries against Redshift and store the results in Amazon ElastiCache. Dashboards query ElastiCache.
Q139. A company has an application that uses Amazon CloudFront for content that is hosted on an Amazon S3 bucket. After an unexpected refresh, the users are still seeing old content.
Which step should the Solutions Architect take to ensure that new content is displayed?
- Perform a cache refresh on the CloudFront distribution that is serving the content.
- Perform an invalidation on the CloudFront distribution that is serving the content.
- Create a new cache behavior path with the updated content.
- Change the TTL value for removing the old objects.
Q140. A company expects its user base to increase five times over one year. Its application is hosted in one region and uses an Amazon RDS MySQL database, an ELB Application Load Balancer, and Amazon ECS to host the website and its microservices.
Which design changes should a Solutions Architect recommend to support the expected growth? (Choose two.)
- Move static files from ECS to Amazon S3
- Use an Amazon Route 53 geolocation routing policy
- Scale the environment based on real-time AWS CloudTrail logs
- Create a dedicated Elastic Load Balancer for each microservice
- Create RDS read replicas and change the application to use these replicas
Q141. A company is rolling out a new web service, but is unsure how many customers the service will attract. However, the company is unwilling to accept any downtime.
What could a Solutions Architect recommend to the company in order to keep track of customers’ current session data?
- Amazon EC2
- Amazon RDS
- AWS CloudTrail
- Amazon DynamoDB
Q142. A web application is running on Amazon EC2 instances behind an Elastic Load Balancing Application Load Balancer (ALB). The EC2 instances should receive no traffic, except for web requests to the application.
Based on these requirements, what security group rules should be put on the Amazon EC2 instances?
- An inbound rule allowing traffic from the security group attached to the ALB
- An inbound rule allowing traffic from the network ACLs attached to the ALB
- An outbound rule allowing traffic to the security group attached to the ALB
- An outbound rule blocking all traffic to the Internet
Q143. A Solutions Architect must migrate a monolithic on-premises application to AWS. It is a web application with a load balancer, web server, application server, and relational database. The key requirement driving the migration is that the application should perform better and be more elastic.
Which of the following architectures would meet these requirements?
- Re-host the application on Amazon EC2 with lift and shift of existing application code. Configure an Elastic Load Balancing load balancer to handle incoming requests. Use Amazon CloudWatch alarms to receive notification of scaling issues. Increase and decrease the size of the Amazon EC2 instances using AWS CLI or AWS Management Console as required.
- Re-architect the application as a three-tier application. Move the database to Amazon RDS. Use read replicas and Amazon ElastiCache with RDS for better performance. Use an Application Load Balancer to forward incoming requests to web and application servers running on-premises.
- Re-platform the application as a three-tier application. Use Elastic Load Balancing for incoming requests. Use EC2 for web and application tiers. Use RDS at the database tier. Use CloudWatch alarms and Auto Scaling for horizontal scaling at the web tier.
- Re-architect the application as Service Oriented Architecture (SOA). Run database and application servers on-premises. Run web-facing EC2 servers. Use an Enterprise Service Bus to handle communications between different parts of the application running on-premises and in the cloud.
Q144. A company has asked the Solutions Architect to modify its AWS-hosted internal application to allow for load balancing. The customer requests always come from the company domain (example.net). The company requires that incoming HTTP and HTTPS traffic is routed based on the path element of the URL in the request.
Which implementation can satisfy all requirements?
- Configure a Network Load Balancer with listeners for appropriate path patterns for the target groups.
- Configure an Application Load Balancer with host-based routing based on the domain field in the HTTP header.
- Configure a Network Load Balancer and enable cross-zone load balancing to ensure that all EC2 instances are used.
- Configure an Application Load Balancer with listeners for appropriate path patterns for the target group.
Q145. A Solutions Architect is asked to improve the fault tolerance of an existing Python application. The web application places 1-MB images is an S3 bucket. The application then uses a single t2.large instance to transform the image to include a watermark with the company’s brand before writing the image back to the S3 bucket.
What should the Solutions Architect recommend to increase the fault tolerance of the solution?
- Convert the code to a Lambda function triggered by scheduled Amazon CloudWatch Events.
- Increase the instance size to m4.xlarge and configure Enhanced Networking.
- Convert the code to a Lambda function triggered by Amazon S3 events.
- Create an Amazon SQS queue to send the images to the t2.large instance.
Q146. A Solutions Architect has been asked to deliver video content stored on Amazon S3 to specific users from Amazon CloudFront while restricting access by unauthorized users.
How can the Architect implement a solution to meet these requirements?
- Configure CloudFront to use signed-URLs to access Amazon S3.
- Store the videos as private objects in Amazon S3, and let CloudFront serve the objects by using only Origin Access Identity (OAI).
- Use Amazon S3 static website as the origin of CloudFront, and configure CloudFront to deliver the videos by generating a signed URL for users.
- Use OAI for CloudFront to access private S3 objects and select the Restrict Viewer Access option in CloudFront cache behavior to use signed URLs.
Q147. A Solutions Architect needs to deploy a node.js-based web application that is highly available and scales automatically. The Marketing team needs to roll back on application releases quickly, and they need to have an operational dashboard. The Marketing team does not want to manage deployment of OS patches to the Linux servers.
Use of which AWS service will satisfy these requirements?
- Amazon EC2
- Amazon API Gateway
- AWS Elastic Beanstalk
- Amazon EC2 Container Service
Q148. A company has a website running on Amazon EC2. The application DNS name points to an Elastic IP address associated with the EC2 instance. In the event of an attack on the website coming from a specific IP address, the company wants a way to block the offending IP address.
Which tool or service should a Solutions Architect recommend to block the IP address?
- Security groups
- Network ACL
- AWS WAF
- AWS Shield
Q149. A customer is looking for a storage archival solution for 1,000 TB of data. The customer requires that the solution be durable and data be available within a few hours of requesting it, but not exceeding a day. The solution should be as cost-effective as possible. To meet security compliance policies, data must be encrypted at rest. The customer expects they will need to fetch the data two times in a year.
Which storage solution should a Solutions Architect recommend to meet these requirements?
- Copy data to Amazon S3 buckets by using server-side encryption. Move data to Amazon S3 to reduce redundancy storage (RRS).
- Copy data to encrypted Amazon EBS volumes, then store data into Amazon S3.
- Copy each object into a separate Amazon Glacier vault, and let Amazon Glacier take care of encryption.
- Copy data to Amazon S3 with server-side encryption. Configure lifecycle management policies to move data to Amazon Glacier after 0 days.
Q150. A web application runs on 10 EC2 instances launched from a single customer Amazon Machine Image (AMI). The EC2 instances are behind an Internet Application Load Balancer. Amazon Route 53 provides DNS for the application.
How should a Solutions Architect automate recovery when a web server instance stops replying to request?
- Launch the instances in an Auto Scaling group with an Elastic Load Balancing health check.
- Launch instances in multiple Availability Zones and set the load balancer to Multi-AZ.
- Add CloudWatch alarm actions for each instance to restart if the Status Check (Any) fails.
- Add Route 53 records for each instance with an instance health check.