Premium

AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)



Question : An application is running Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of TBs.
The whole process runs for 60 minutes and the output of the job is stored to S3. Which of the below mentioned options is
the most cost effective solution in this case?
: An application is running Hadoop jobs. The application reads data from DynamoDB and generates a temporary file of TBs.
1. Use an on demand instance to run Hadoop jobs and configure them with EBS volumes for persistent storage.
2. Use Spot Instances to run Hadoop jobs and configure them with ephermal storage for output file storage.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Use an on demand instance to run Hadoop jobs and configure them with ephemeral storage for output file storage.

Correct Answer : Get Lastest Questions and Answer :
Exp AWS EC2 Spot Instances allow the user to quote his own price for the EC2 computing capacity. The user can simply bid on the spare Amazon EC2 instances and run them whenever his
bid exceeds the current Spot Price. The Spot Instance pricing model complements the On-Demand and Reserved Instance pricing models, providing potentially the most cost-effective
option for obtaining compute capacity, depending on the application. The only challenge with a Spot Instance is data persistence as the instance can be terminated whenever the spot
price exceeds the bid price.
In the current scenario a Hadoop job is a temporary job and does not run for a longer period. It fetches data from a persistent DynamoDB. Thus, even if the instance gets terminated
there will be no data loss and the job can be re-run. As the output files are large temporary files, it will be useful to store data on ephermal storage for cost savings. Spot
Instances allow you to name your own price for Amazon EC2 computing capacity. You simply bid on spare Amazon EC2 instances and run them whenever your bid exceeds the current Spot
Price, which varies in real-time based on supply and demand. The Spot Instance pricing model complements the On-Demand and Reserved Instance pricing models, often providing the most
cost-effective computing capacity, depending on your application.

Spot Instances can significantly lower your computing costs for time-flexible, interruption-tolerant tasks. Spot prices are often significantly less than On-Demand prices for the
same EC2 instance types (see current Spot prices below). Additionally, for some distributed, fault-tolerant tasks (like web-crawling or Monte Carlo applications), you may be able to
simultaneously accelerate your computing and save money by opportunistically running Spot Instances. Spot Instances are spare Amazon EC2 instances for which you can name your own
price. The Spot Price is set by Amazon EC2, which fluctuates in real-time according to Spot Instances supply and demand. When your bid exceed the Spot Price, your Spot instance is
launched and your instance will run until the Spot Price exceed your bid (a Spot interruption) or you choose to terminate them. (See Understanding Spot Requests below for more
details about how Spot bids are fulfilled.)

To use Spot Instances, you place a Spot Instance request that specifies the instance type, the Availability Zone desired, the number of Spot Instances desired, and the maximum price
you are willing to pay per instance hour (your bid).

To determine how that maximum price compares to past Spot Prices, the Spot Price history for the past 90 days is available via the Amazon EC2 API and the AWS Management Console. See
the video to the right for more information.






Question : QuickTechie.com has setup a web application in the AWS VPC. The organization is running a database on the EC instance
and the application server connects to the DB server only on the internal IP. The organization is looking for HA and DR for the database.
Which of the below mentioned options fulfils the organization's need for a DB backup?
: QuickTechie.com has setup a web application in the AWS VPC. The organization is running a database on the EC instance
1. Setup the database on the instance with an elastic network interface which will have a fixed private IP address and also keep a hot standby running in a separate zone
with a different subnet.
2. Setup the database in the private subnet and keep a hot standby running in the public subnet for immediate failover.
 3. Access Mostly Uused Products by 50000+ Subscribers
with a different subnet.
4. Use the AWS storage gateway with VPC to switchover from the primary to secondary DB in separate zones.


Correct Answer : Get Lastest Questions and Answer :
Explanation: An elastic network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. An ENI can include the following attributes:
a primary private IP address
one or more secondary private IP addresses
one Elastic IP address per private IP address
one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of
using an existing network interface
one or more security groups
a MAC address
a source/destination check flag
a description

You can create a network interface, attach it to an instance, detach it from an instance, and attach it to another instance. The attributes of a network interface follow the network
interface as it is attached or detached from an instance and reattached to another instance. When you move a network interface from one instance to another, network traffic is
redirected to the new instance.
Each instance in a VPC has a default network interface. The default network interface has a primary private IP address in the IP address range of its VPC. You can create and attach
additional network interfaces. The maximum number of network interfaces that you can use varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance
Type.

Attaching multiple network interfaces to an instance is useful when you want to:
Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution. A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. It enables the user to launch AWS
resources into a virtual network that the user has defined. An Elastic Network Interface (ENI) is a virtual network interface that the user can attach to an instance in a VPC.
The user can create a management network using two separate network interfaces. The ENI provides the same private and public IP and can be remapped to different instances. In this
scenario if the instances are running in a separate zone, the user will not be able to map the ENI to another instance. Thus, the user has to create an ENI with a separate subnet but
in the same zone. When the primary DB fails, the organization can quickly map the ENI to a hot standby.






Question : QuickTechie.com has people in the IT operations team who are responsible to manage the AWS infrastructure.
QuickTechie wants to setup that only the information security team manager from this team can change the rules of
the security group in the VPC. Which of the below mentioned IAM policies will help in this scenario?
: QuickTechie.com has people in the IT operations team who are responsible to manage the AWS infrastructure.
1. { "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], "Resource": "arn:aws:ec2:region:account:security-group/*", } }, { "Effect": "Allow", "Action":
"ec2:DescribeSecurityGroups", "Resource": "*" } ] }
2. { "Version": "2012-10-17", "Statement":[{ "Effect":"Deny", "Action": [ "ec2:AuthorizeSecurityGroupIngress", "ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], "Resource": "arn:aws:ec2:region:account:security-group/*", } } ] }
 3. Access Mostly Uused Products by 50000+ Subscribers
"ec2:RevokeSecurityGroupIngress", "ec2:RevokeSecurityGroupEgress"], } } ] }
4. { "Version": "2012-10-17", "Statement":[{ "Effect":"Allow", "Action": [ "vpc:AuthorizeSecurityGroupIngress", "vpc:AuthorizeSecurityGroupEgress"], "Resource":
"arn:aws:ec2:region:account:security-group/*", } } ] }


Correct Answer : Get Lastest Questions and Answer :
Explanation: A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. The user can create subnets as per the requirement within a VPC. The
VPC also works with IAM and the organization can create IAM users who have access to various VPC services. The organization can setup access for the IAM user based on the subnet.
Thus, each user will be able to manage/launch an instance only in that subnet. The below policy grants users permission to create and delete inbound and outbound rules for any
security group within a specific VPC. The policy does this by applying a condition key (ec2:Vpc) to the security group resource for the Authorize and Revoke actions.:
{ "Version": "2012-10-17",
"Statement":[
{ "Effect":"Allow",
"Action": [
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:RevokeSecurityGroupIngress",
"ec2:RevokeSecurityGroupEgress"],
"Resource": "arn:aws:ec2:region:account:security-group/*" },
{ "Effect": "Allow",
"Action": "ec2:DescribeSecurityGroups",
"Resource": "*" }
]}




Related Questions

Question : You deployed your company website using Elastic Beanstalk and you enabled log file
rotation to S3. An Elastic Map Reduce job is periodically analyzing the logs on S3 to build a
usage dashboard that you share with your CIO. You recently improved overall performance
of the website using Cloud Front for dynamic content delivery and your website as the
origin
After this architectural change, the usage dashboard shows that the traffic on your website
dropped by an order of magnitude. How do you fix your usage dashboard'?

 : You deployed your company website using Elastic Beanstalk and you enabled log file
1. Enable Cloud Front to deliver access logs to S3 and use them as input of the Elastic Map Reduce job.
2. Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic Map Reduce job
3. Access Mostly Uused Products by 50000+ Subscribers
4. Use Elastic Beanstalk "Rebuild Environment" option to update log delivery to the Elastic Map Reduce job.
5. Use Elastic Beanstalk 'Restart App server(s)" option to update log delivery to the Elastic Map Reduce job.




Question : A large real-estate brokerage is exploring the option of adding a cost-effective location based alert to their existing mobile application. The application backend
infrastructure currently runs on AWS. Users who opt in to this service will receive alerts on their mobile device regarding real-estate offers in proximity to their location.
For the alerts to be relevant, delivery time needs to be in the few minute count. And an existing mobile app has 5 million users across the USA. Which one of the following
architectural suggestions would you make to the customer?
 : A large real-estate brokerage is exploring the option of adding a cost-effective location based alert to their existing mobile application. The application backend
1. The mobile application will submit its location to a web service endpoint utilizing Elastic Load Balancing and EC2 instances. DynamoDB will be used to store and
retrieve relevant offers. EC2 instances will communicate with mobile carriers/device providers to push alerts back to mobile application.
2. Use AWS DirectConnect or VPN to establish connectivity with mobile carriers. EC2 instances will receive the mobile applications's location through carrier connection.
RDS will be used to store and relevant offers. EC2 instances will communicate with mobile carriers to push alerts back to the mobile application.
 3. Access Mostly Uused Products by 50000+ Subscribers
AWS Mobile Push will be used to send offers to the mobile application
4. The mobile application will send device location using AWS Mobile Push. EC2 instances will retrieve the relevant offers from DynamoDB.
EC2 instances will communicate with mobile carriers/device providers to push alerts back to the mobile application.




Question : Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for
their pets. Each collar will push 30kb of biometric data In JSON format in every 2 seconds to a collection platform that will process and analyze the data providing health trending
information back to the pet owners and veterinarians via a web portal. Management has tasked you to architect the collection platform ensuring the following requirements are met.
Provide the ability for real-time analytics of the inbound biometric data. Ensure processing of the biometric data is highly durable. Elastic and parallel. The results of the
analytic processing should be persisted for data mining. Which architecture outlined below wil meet the initial requirements for the collection platform?
 : Your company is in the process of developing a next generation pet collar that collects biometric information to assist families with promoting healthy lifestyles for
1. Utilize S3 to collect the inbound sensor data, analyze the data from S3 with a daily scheduled Data Pipeline and save the results to a Redshift Cluster.
2. Utilize Amazon Kinesis to collect the inbound sensor data, analyze the data with Kinesis clients and save the results to a Redshift cluster using EMR.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Utilize EMR to collect the inbound sensor data, analyze the data from EMR with Amazon Kinesis and save the results to DynamoDB.


Question : You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link
each accounts bill to a Master AWS account using Consolidated Billing. To make sure you keep within budget you would like to implement a way for administrators in the Master
account to have access to stop, delete and/or terminate resources in both the Dev and Test accounts. Identify which option will allow you to achieve this goal.


 : You are looking to migrate your Development (Dev) and Test environments to AWS. You have decided to use separate AWS accounts to host each environment. You plan to link
1. Create IAM users in the Master account with full Admin permissions. Create crossaccount roles in the Dev and Test accounts that grant the Master account access to the
resources in the account by inheriting permissions from the Master account.
2. Create IAM users and a cross-account role in the Master account that grants full Admin permissions to the Dev and Test accounts.
 3. Access Mostly Uused Products by 50000+ Subscribers
4. Link the accounts using Consolidated Billing. This will give IAM users in the Master account access to resources in the Dev and Test accounts



Question : You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC).
The previous architect has already deployed a 3-tier VPC. The configuration is as follows:
VPC vpc-2f8t>C447
IGW ig-2d8bc445
NACL acl-2080c448

Subnets and Route Tables:
Web server's subnet-258bc44d
Application server's subnet-248bc44c
Database server's subnet-9189c6f9

Route Tables:
rrb-218bc449
rtb-238bc44b

Associations:
subnet-258bc44d rtb-218bc449
Subnet-248bc44c rtb-238tX44b
subnet-9189c6f9 rtb-238bc44b
You are now ready to begin deploying EC2 instances into the VPC. Web servers must have direct access to the internet. Application and database servers cannot have direct access to
the internet. Which configuration below will allow you the ability to remotely administer your application and database servers, as well as allow these servers to retrieve updates
from the Internet?
 : You've been brought in as solutions architect to assist an enterprise customer with their migration of an e-commerce platform to Amazon Virtual Private Cloud (VPC).
1. Create a bastion and NAT Instance in subnet-248bc44c and add a route from rtb-238bc44b to subnet-258bc44d.
2. Add a route from rtb-238bc44b to igw-2d8bc445 and add a bastion and NAT instance within suonet-248bc44c.
 3. Access Mostly Uused Products by 50000+ Subscribers
subnet-248bc44c.
4. Create a bastion and NAT instance in subnet-258bc44d and add a route from rtb-238bc44b to the NAT instance.


Question : You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route Latency-Based
Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets
associated with two web servers in separate Availability Zones per region. During a DR test you notice that when you disable all web servers in one of the regions Route53 does
not automatically direct all users to the other region. What could be happening? (Choose 2 answers)

A. Latency resource record sets cannot be used in combination with weighted resource record sets.
B. You did not setup an http health check for one or more of the weighted resource record sets associated with the disabled web servers.
C. The value of the weight associated with the latency alias resource record set in the region with the disabled servers is higher than the weight for the other region.
D. One of the two working web servers in the other region did not pass its HTTP health check.
E. You did not set "Evaluate Target Health" to "Yes" on the latency alias resource record set associated with example.com in the region where you disabled the servers.



 : You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.example.com. You decide to use Route Latency-Based
1. A,C
2. D,E
 3. Access Mostly Uused Products by 50000+ Subscribers
4. B,C