AWS Certified Solutions Architect - Professional Questions and Answers (Dumps and Practice Questions)
Question : A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling.
If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?
1. 600 seconds
2. 3600 seconds
3. Access Mostly Uused Products by 50000+ Subscribers
4. 0 seconds
Answer: 3
Explanation: The Elastic Load Balancer connection draining feature causes the load balancer to stop sending new requests to the back-end instances when the
instances are deregistering or become unhealthy, while ensuring that inflight requests continue to be served. The user can specify a maximum
time (3600 seconds. for the load balancer to keep the connections alive before reporting the instance as deregistered. If the user does not specify
the maximum timeout period, by default, the load balancer will close the connections to the deregistering instance after 300 seconds.
Question : Company B is launching a new game app for mobile devices. Users will log into the game using their existing social media account to streamline data capture. Company B
would like to directly save player data and scoring information from the mobile app to a DynamoDB table named Score Data. When a user saves their game the progress data will be
stored to the Game state S3 bucket. what is the best approach for storing data to DynamoDB and S3?
1. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the
mobile app via web services.
2. Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
3. Access Mostly Uused Products by 50000+ Subscribers
bucket.
4. Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the
mobile app.
Answer: 2
Explanation: magine that you are creating a mobile app that must access AWS resources such as a game that runs on a mobile device and stores player and score information using
Amazon S3 and DynamoDB.
Most requests to AWS services must be signed with an AWS access key. However, we strongly recommend that you do not embed and distribute long-term AWS credentials with apps that are
downloaded to a user's device, even in an encrypted store. Instead, build your app so that it requests temporary AWS security credentials using web identity federation. The
credentials map to an AWS role that has only the permissions needed to perform the tasks required by the mobile app.
Using web identity federation, you don't need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity
provider-such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible identity provider-and then exchange that external identity for temporary security
credentials in AWS that map to an AWS role that has permissions to use the resources in your AWS account. Using an identity provider helps you keep your AWS account secure, because
you don't have to embed and distribute long-term security credentials with your application.
Question : A newspaper organization has a on-premises application which allows the public to search its back catalogue and retrieve individual newspaper pages via a website
written in Java . They have scanned the old newspapers into JPEGs (approx 17TB) and used Optical Character Recognition (OCR) to populate a commercial search product. The hosting
platform and software are now end of life and the organization wants to migrate Its archive to AWS and produce a cost efficient architecture and still be designed for availability
and durability Which is the most appropriate?
1. Use S3 with reduced redundancy to store and serve the scanned files, install the commercial search application on EC2 Instances and configure with auto-scaling and
an Elastic Load Balancer.
2. Model the environment using CloudFormation use an EC2 instance running Apache webserver and an open source search application, stripe multiple standard EBS volumes
together to store the JPEGs and search index.
3. Access Mostly Uused Products by 50000+ Subscribers
multiple availability zones.
4. Use a single-AZ RDS MySQL instance lo store the search index 33d the JPEG images use an EC2 instance to serve the website and translate user queries into SQL.
5. Use a CloudFront download distribution to serve the JPEGs to the end users and Install the current commercial search product, along with a Java Container Tor the
website on EC2 instances and use Route53 with DNS round-robin.
Answer: 3
Explanation: As S3 is good for storage. Hence option 1 and 3 is good fit. Best durability of S3 is with standard redundancy only. Hence option 3 is suitable.
Related Questions
Question : Company B provides an online image recognition service and utilizes SQS to decouple system components for scaleability
. The SQS consumers poll the imaging queue as often as possible to keep end-to-end throughput as high as possible.
However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses.
How can Company B reduce the number empty responses? "Hint: these are API calls; if you're using an SDK, the SDK might use
a different method name to make this API call but still executes the same API call below against AWS."
"Tip: Understand why the message is correct and what the other API calls do. You might expect to see
a question worded differently, with a different answer, but have the exact same answer options."
1. Set the imaging queue VisibilityTimeout attribute to 20 seconds
2. Set the imaging queue ReceiveMessageWaitTimeSeconds Attribute to 20 seconds
3. Access Mostly Uused Products by 50000+ Subscribers
4. Set the DelaySeconds parameter of a message to 20 seconds
Question : Company Acmeshell is using Amazon SQS to decouple their systems for scaleability. However, they need to send messages up to Kb in size.
What might Company Acmeshell do in order to send more than 256KB of data?
1. Request an increase of the message limit by contacting Amazon
2. Set the MaximumMessageSize attribute to 456KB
3. Access Mostly Uused Products by 50000+ Subscribers
4. Any of the above
Question :
The unique ID for an IAM entity is not available in the IAM console. To get the unique ID, you can use the CLI or API calls.
Which of the following API call will help to get unique ID as per their resources.
1. ListInstanceProfiles
2. ListInstanceProfilesForRole
3. Access Mostly Uused Products by 50000+ Subscribers
4. ListRoles
5. All of the above
Question : The following example shows a CloudTrail log entry for a request made for the IAM
{ "eventVersion": "1.01",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIDACKCEVSQ6C2EXAMPLE",
"arn": "arn:aws:iam::444455556666:user/Alice",
"accountId": "444455556666",
"accessKeyId": "AKIAI44QH8DHBEXAMPLE",
"userName": "Alice",
"sessionContext": {
"attributes": {
"mfaAuthenticated": "false",
"creationDate": "2014-07-15T21:39:40Z"
} },
"invokedBy": "signin.amazonaws.com"
}, "eventTime": "2014-07-15T21:40:14Z",
"eventSource": "iam.amazonaws.com",
"eventName": "GetUserPolicy",
"awsRegion": "us-east-1",
"sourceIPAddress": "signin.amazonaws.com",
"userAgent": "signin.amazonaws.com",
"requestParameters": {
"userName": "Bob",
"policyName": "ReadOnlyAccess-Bob-201407151307"
}, "responseElements": null,
"requestID": "9b4bb6fe-0c68-11e4-a24e-d5e160cfd347",
"eventID": "cf6228c3-127e-4632-980d-505a4d39c01e"
} From this event information, you can determine that
1. the request was made to get a user policy named ReadOnlyAccess-Bob-201407151307 for user Bob
2. the request was made to create a user policy named ReadOnlyAccess-Bob-201407151307 for user Bob
3. Access Mostly Uused Products by 50000+ Subscribers
4. the request was made to update a user policy named ReadOnlyAccess-Bob-201407151307 for user Bob
Question : While working withing an organization called AcmeShell Inc. as an AWS developer, you have created an AWS role
called HRFinanceAdmin, you have created 12 different policies file, each is haing size 1KB+ approx.
While applying all the policies you are having problem. Why ?
1. You can not add more than one policy to role
2. It will not allow more than 10 policy file to a role
3. Access Mostly Uused Products by 50000+ Subscribers
4. All of the above
Question : You have created a role which is common for HR and Finance dept, called HRFinance.
And you started ec2 instance with this role. Now after few days you have
decided to seperate it out both this role and created to role separately
e.g. HRRole and FinanceRole. You first delete the HRFinance role, and tries to apply
both the role to running instance. Select the correct statement for this scenerio
1. You can only associate two IAM role with an EC2 instance at this time, so applying these two roles are fine
2. All the HR and Finance application which were part of HRFinance will be denied access immediately
3. Access Mostly Uused Products by 50000+ Subscribers
4. 1 and 2
5. 2 and 3