Dec 10, 2023 Detailed New AWS-Solutions-Architect-Professional Exam Questions for Concept Clearance [Q88-Q103]

Dec 10, 2023 Detailed New AWS-Solutions-Architect-Professional Exam Questions for Concept Clearance

AWS-Solutions-Architect-Professional Exam Preparation Material with New AWS-Solutions-Architect-Professional Dumps Questions.

Amazon AWS-Solutions-Architect-Professional (AWS Certified Solutions Architect - Professional) exam is designed to test an individual's expertise in designing and deploying scalable, highly available, and fault-tolerant systems on Amazon Web Services (AWS). AWS Certified Solutions Architect - Professional certification is ideal for professionals who already possess an AWS Certified Solutions Architect - Associate certification and are looking to take the next step in their career by demonstrating their advanced technical skills.

 

NEW QUESTION # 88
A company hosts its product information webpages on AWS. The existing solution uses multiple Amazon C2 instances behind an Application Load Balancer in an Auto Scaling group. The website also uses a custom DNS name and communicates with HTTPS only using a dedicated SSL certificate. The company is planning a new product launch and wants to be sure that users from around the world have the best possible experience on the new website.
What should a solutions architect do to meet these requirements?

• A. Redesign the application to use a Network Load Balancer.
• B. Redesign the application to use Amazon CloudFront.
• C. Redesign the application to use Amazon S3 static website hosting.
• D. Redesign the application to use AWS Elastic Beanstalk.

Answer: B

NEW QUESTION # 89
You have written a CloudFormation template that creates 1 Elastic Load Balancer fronting 2 EC2 Instances.
Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

• A. Outputs
• B. Resources
• C. Parameters
• D. Mappings

Answer: A

Explanation:
Explanation
You can use AWS CloudFormation's sample templates or create your own templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application.
In the following example, the output named BackupLoadBalancerDNSName returns the DNS name for the resource with the logical ID BackupLoadBalancer only when the CreateProdResources condition is true. (The second output shows how to specify multiple outputs.) "Outputs" : {
"BackupLoadBalancerDNSName" : {
"Description": "The DNSName of the backup load balancer", "Value" : { "Fn::GetAtt" : [
"BackupLoadBalancer", "DNSName" ]}, "Condition" : "CreateProdResources"
},
"InstanceID" : {
"Description": "The Instance ID", "Value" : { "Ref" : "EC2Instance" }
}
}
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html

NEW QUESTION # 90
A company is planning to migrate an application from on-premises to AWS. The application currently uses an Oracle database and the company can tolerate a brief downtime of 1 hour when performing the switch to the new infrastructure. As part of the migration, the database engine will be changed to MySQL. A Solutions Architect needs to determine which AWS services can be used to perform the migration while minimizing the amount of work and time required.
Which of the following will meet the requirements?

• A. Use AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy, continue to use AWS DMS to keep the databases in sync until cutting over to the new database. Use AWS Application Discovery Service to identify what embedded SQL code in the application can be converted and what has to be done manually.
• B. Use AWS DMS to help identify the best target deployment between installing the database engine on Amazon EC2 directly or moving to Amazon RDS. Then, use AWS DMS to migrate to the platform. Use AWS Application Discovery Service to identify what embedded SQL code in the application can be converted and what has to be done manually.
• C. Use AWS SCT to generate the schema scripts and apply them on the target prior to migration. Use AWS DMS to begin moving data from the on-premises database to AWS. After the initial copy, continue to use AWS DMS to keep the databases insync until cutting over to the new database. Use AWS SCT to identify what embedded SQL code in the application can be converted and what has to be done manually.
• D. Use AWS SCT to generate the schema scripts and apply them on the target prior to migration. Use AWS DMS to analyse the current schema and provide a recommendation for the optimal database engine.
  Then, use AWS DMS to migrate to the recommended engineer. Use AWS SCT to identify what embedded SQL code in the application can be converted and what has to be done manually.

Answer: C

NEW QUESTION # 91
A company has a latency-sensitive trading platform that uses Amazon DynamoDB as a storage backend. The company configured the DynamoDB table to use on-demand capacity mode. A solutions architect needs to design a solution to improve the performance of the trading platform. The new solution must ensure high availability for the trading platform.
Which solution will meet these requirements with the LEAST latency?

• A. Create a two-node DynamoDB Accelerator (DAX) cluster Configure an application to read and write data by using DAX.
• B. Create a single-node DynamoD8 Accelerator (DAX) cluster. Configure an application to read data by using DAX and to write data directly to the DynamoD8 table.
• C. Create a three-node DynamoDB Accelerator (DAX) cluster. Configure an application to read data by using DAX and to write data directly to the DynamoDB table.
• D. Create a three-node DynamoDB Accelerator (DAX) cluster. Configure an application to read data directly from the DynamoDB table and to write data by using DAX.

Answer: C

Explanation:
Explanation
A DAX cluster can be deployed with one or two nodes for development or test workloads. One- and two-node clusters are not fault-tolerant, and we don't recommend using fewer than three nodes for production use. If a one- or two-node cluster encounters software or hardware errors, the cluster can become unavailable or lose cached data.A DAX cluster can be deployed with one or two nodes for development or test workloads. One- and two-node clusters are not fault-tolerant, and we don't recommend using fewer than three nodes for production use. If a one- or two-node cluster encounters software or hardware errors, the cluster can become unavailable or lose cached data.
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.concepts.cluster.html

NEW QUESTION # 92
A manufacturing company is growing exponentially and has secured funding to improve its IT infrastructure and ecommerce presence. The company's ecommerce platform consists of:
* Static assets primarily comprised of product images stored in Amazon S3.
* Amazon DynamoDB tables that store product information, user information, and order information.
* Web servers containing the application's front-end behind Elastic Load Balancers.
The company wants to set up a disaster recovery site in a separate Region.
Which combination of actions should the solutions architect take to implement the new design while meeting all the requirements? (Select THREE.)

• A. Enable multi-Region targets on the Elastic Load Balancer and target Amazon EC2 instances in both Regions.
• B. Enable Amazon CloudWatch and create CloudWatch alarms that route traffic to the disaster recovery site when application latency exceeds the desired threshold.
• C. Enable Amazon S3 versioning on the source and destination buckets containing static assets to ensure there is a rollback version available in the event of data corruption.
• D. Enable Amazon Route 53 health checks to determine if the primary site is down, and route traffic to the disaster recovery site if there is an issue.
• E. Enable DynamoDB global tables to achieve a multi-Region table replication.
• F. Enable Amazon S3 cross-Region replication on the buckets that contain static assets.

Answer: D,E,F

NEW QUESTION # 93
A solutions architect needs to provide AWS Cost and Usage Report data from a company's AWS Organizations management account The company already has an Amazon S3 bucket to store the reports The reports must be automatically ingested into a database that can be visualized with other toots.
Which combination of steps should the solutions architect take to meet these requirements? (Select THREE )

• A. Create an Amazon EventBridge (Amazon CloudWatch Events) rule that a new object creation in the S3 bucket will trigger
• B. Configure an AWS Glue crawler that a new object creation in the S3 bucket will trigger.
• C. Create an AWS Glue crawler that me AWS Lambda function will trigger to crawl objects in me S3 bucket
• D. Create an AWS Cost and Usage Report configuration to deliver the data into the S3 bucket
• E. Create an AWS Lambda function that a new object creation in the S3 bucket will trigger
• F. Create an AWS Glue crawler that the Amazon EventBridge (Amazon CloudWatCh Events) rule will trigger to crawl objects m the S3 bucket

Answer: D,E,F

NEW QUESTION # 94
A company uses AWS Cloud Formation to deploy applications within multiple VPCs that are all attached to a transit gateway. Each VPC that sends traffic to the public internet must send the traffic through a shared services VPC. Each subnet within a VPC uses the default VPC route table, and the traffic is routed to the transit gateway. The transit gateway uses its default route table for any VPC attachment.
A security audit reveals that an Amazon EC2 instance that is deployed within a VPC can communicate with an EC2 instance that is deployed in any of the company's other VPCs. A solutions architect needs to limit the traffic between the VPCs. Each VPC must be able to communicate only with a predefined, limited set of authorized VPCs.
What should the solutions architect do to meet these requirements?

• A. Update all the security groups that are used within a VPC to deny outbound traffic to security groups that are used within the unauthorized VPCs
• B. Update the network ACL of each subnet within a VPC to allow outbound traffic only to the authorized VPCs. Remove all deny rules except the default deny rule.
• C. Update the main route table of each VPC to route traffic only to the authorized VPCs through the transit gateway.
• D. Create a dedicated transit gateway route table for each VPC attachment. Route traffic only to the authorized VPCs.

Answer: D

Explanation:
Explanation
Q: How do I control which Amazon Virtual Private Clouds (VPCs) can communicate with each other? You can segment your network by creating multiple route tables in an AWS Transit Gateway and associate Amazon VPCs and VPNs to them. This will allow you to create isolated networks inside an AWS Transit Gateway similar to virtual routing and forwarding (VRFs) in traditional networks. The AWS Transit Gateway will have a default route table. The use of multiple route tables is optional.

NEW QUESTION # 95
You are designing an SSL/TLS solution that requires HTTPS clients to be authenticated by the Web server using client certificate authentication. The solution must be resilient.
Which of the following options would you consider for configuring the Web server infrastructure?
Choose 2 answers

• A. Configure your Web servers with EIPs.
  Place the Web servers in a Route53 Record Set, and configure health checks against all Web servers.
• B. Configure ELB with HTTPS listeners, and place the Web servers behind it.
• C. Configure your Web servers as the origins for a CloudFront distribution.
  Use custom SSL certificates on your CloudFront distribution.
• D. Configure ELB with TCP listeners on TCP/443, and place the Web servers behind it.

Answer: B,C

Explanation:
TCP/443 or HTTPS listener either way you can configure, but you can only upload ssl certificate on HTTPS listener.

NEW QUESTION # 96
A company has an application that generates reports and stores them in an Amazon bucket Amazon S3 bucket.
When a user accesses their report, the application generates a signed URL to allow the user to download the report. The company's security team has discovered that the files are public and that anyone can download them without authentication. The company has suspended the generation of new reports until the problem is resolved.
Which set of action will immediately remediate the security issue without impacting the application's normal workflow?

• A. Create an AWS Lambda 'function that applies all policy for users who are not authenticated. Create a scheduled event to invoke the Lambda function.
• B. Review the AWS Trusted advisor bucket permissions check and implement the recommend actions.
• C. Use the Block Public Access feature in Amazon S3 to set the IgnorePublicAcis option to TRUE on the bucket.
• D. Run a scrip that puts a Private ACL on all of the object in the bucket.

Answer: B

NEW QUESTION # 97
A media storage application uploads user photos to Amazon S3 for processing. End users are reporting that some uploaded photos are not being processed properly. The Application Developers trace the logs and find that AWS Lambda is experiencing execution issues when thousands of users are on the system simultaneously.
Issues are caused by:
* Limits around concurrent executions.
* The performance of Amazon DynamoDB when saving data.
Which actions can be taken to increase the performance and reliability of the application? (Choose two.)

• A. Evaluate and adjust the write capacity units (WCUs) for the DynamoDB tables.
• B. Configure a dead letter queue that will reprocess failed or timed-out Lambda functions.
• C. Evaluate and adjust the read capacity units (RCUs) for the DynamoDB tables.
• D. Use S3 Transfer Acceleration to provide lower-latency access to end users.
• E. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.

Answer: A,B

Explanation:
Explanation
B:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.ht D: https://aws.amazon.com/blogs/compute/robust-serverless-application-design-with-aws-lambda-dlq/c

NEW QUESTION # 98
A company has an application hosted on Amazon EC2 instances in two VPCs across different AWS Regions. To communicate with each other, the instances use the internet for connectivity. The security team wants to ensure that no communication between the instances happens over the internet.
What should a solutions architect do to accomplish this?

• A. Create a VPC endpoint and update the route table of the EC2 instances' subnet.
• B. Create a NAT gateway and update the route table of the EC2 instances' subnet.
• C. Create a VPN connection and update the route table of the EC2 instances' subnet.
• D. Create a VPC peering connection and update the route table of the EC2 instances' subnet.

Answer: D

NEW QUESTION # 99
A Solutions Architect is migrating a 10 TB PostgreSQL database to Amazon RDS for PostgreSQL. The company's internet link is 50 MB with a VPN in the Amazon VPC, and the Solutions Architect needs to migrate the data and synchronize the changes before the cutover. The cutover must take place within an 8-day period.
What is the LEAST complex method of migrating the database securely and reliably?

• A. Order an AWS Snowball device and copy the database by using the AWS Schema Conversion Tool. When the data is available in Amazon S3, use AWS DMS to load it to Amazon RDS, and configure a job to synchronize changes before the cutover.
• B. Order an AWS Snowball device and copy a database dump to the device. After the data has been copied to Amazon S3, import it to the Amazon RDS instance. Set up log shipping over a VPN to synchronize changes before the cutover.
• C. Order an AWS Snowball device and copy the database using the AWS DMS. When the database is available in Amazon 3, use AWS DMS to load it to Amazon RDS, and configure a job to synchronize changes before the cutover.
• D. Create an AWS DMS job to continuously replicate the data from on premises to AWS. Cutover to Amazon RDS after the data is synchronized.

Answer: D

NEW QUESTION # 100
A Solutions Architect must build a highly available infrastructure for a popular global video game that runs on a mobile phone platform. The application runs on Amazon EC2 instances behind an Application Load Balancer. The instances run in an Auto Scaling group across multiple Availability Zones. The database tier is an Amazon RDS MySQL. Multi-AZ instance. The entire application stack is deployed in both us-east-1 and eu-central-1. Amazon Route 53 is used to route traffic to the two installations using a latency-based routing policy. A weighted routing policy is configured in Route 53 as a fail over to another region in case the installation in a region becomes unresponsive.
During the testing of disaster recovery scenarios, after blocking access to the Amazon RDS MySQL instance in eu-central-1 from all the application instances running in that region. Route 53 does not automatically failover all traffic to us-east-1.
Based on this situation, which changes would allow the infrastructure to failover to us-east-1?
(Choose two.)

• A. Specify a weight of 100 for the record pointing to the primary Application Load Balancer in us-east-1 and a weight of 60 for the pointing to the primary Application Load Balancer in eu-central-1.
• B. Write a URL in the application that performs a health check on the database layer.
  Add it as a health check within the weighted routing policy in both regions.
• C. Set the value of Evaluate Target Health to Yes on the latency alias resources for both eu-central-1 and us-east-1.
• D. Specify a weight of 100 for the record pointing to the primary Application Load Balancer in us-east-1 and a weight of 0 for the record pointing to the primary Application Load Balancer in eu-central-1.

Answer: B,C

NEW QUESTION # 101
A Solutions Architect is building a containerized NET Core application that will run in AWS Fargate The backend of the application requires Microsoft SQL Server with high availability All tiers of the application must be highly available The credentials used for the connection string to SQL Server should not be stored on disk within the .NET Core front-end containers.
Which strategies should the Solutions Architect use to meet these requirements'?

• A. Create an Auto Scaling group to run SQL Server on Amazon EC2 Create a secret in AWS Secrets Manager for the credentials to SQL Server running on EC2 Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to SQL Server on EC2 Specify the ARN of the secret m Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string Set up the NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
• B. Create a Multi-AZ deployment of SQL Server on Amazon RDS Create a secret in AWS Secrets Manager for the credentials to the RDS database Create an Amazon.
  ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to the RDS database in Secrets Manager Specify the ARN of the secret in Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string Set up the NET Core service in Fargate using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
• C. Set up SQL Server to run in Fargate with Service Auto Scaling. Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to SQL Server running in Fargate Specify the ARN of the secret in AWS Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be injected into the containers as environment variables on startup for reading into the application to construct the connection string. Set up the NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.
• D. Create a Multi-AZ deployment of SQL Server on Amazon RDS Create a secret in AWS Secrets Manager for the credentials to the RDS database Create non-persistent empty storage for the NET Core containers in the Fargate task definition to store the sensitive information Create an Amazon ECS task execution role that allows the Fargate task definition to get the secret value for the credentials to the RDS database in Secrets Manager Specify the ARN of the secret in Secrets Manager in the secrets section of the Fargate task definition so the sensitive data can be written to the non-persistent empty storage on startup for reading into the application to construct the connection string Set up the NET Core service using Service Auto Scaling behind an Application Load Balancer in multiple Availability Zones.

Answer: B

NEW QUESTION # 102
A company has multiple AWS accounts as part of an organization created with AWS Organizations. Each account has a VPC in the us-east-2 Region and is used for either production or development workloads.
Amazon EC2 instances across production accounts need to communicate with each other, and EC2 instances across development accounts need to communicate with each other, but production and development instances should not be able to communicate with each other.
To facilitate connectivity, the company created a common network account. The company used AWS Transit Gateway to create a transit gateway in the us-east-2 Region in the network account and shared the transit gateway with the entire organization by using AWS Resource Access Manager. Network administrators then attached VPCs in each account to the transit gateway, after which the EC2 instances were able to communicate across accounts. However, production and development accounts were also able to communicate with one another.
Which set of steps should a solutions architect take to ensure production traffic and development traffic are completely isolated?

• A. Create separate route tables for production and development traffic. Delete each account's association and route propagation to the default AWS Transit Gateway route table. Attach development VPCs to the development AWS Transit Gateway route table and production VPCs to the production route table, and enable automatic route propagation on each attachment.
• B. Create a tag on each VPC attachment with a value of either production or development, according to the type of account being attached. Modify the AWS Transit Gateway routing table to route production tagged attachments to one another and development tagged attachments to one another.
• C. Modify the security groups assigned to development EC2 instances to block traffic from production EC2 instances. Modify the security groups assigned to production EC2 instances to block traffic from development EC2 instances.
• D. Create a tag on each VPC attachment with a value of either production or development, according to the type of account being attached. Using the Network Manager feature of AWS Transit Gateway, create policies that restrict traffic between VPCs based on the value of this tag.

Answer: A

NEW QUESTION # 103
......

Understanding functional and technical aspects of AWS Solutions Architect Professional Exam Continuous Improvement for Existing SolutionsCost Control

The following will be discussed in AWS SOLUTIONS ARCHITECT PROFESSIONAL exam dumps:

• Determine a strategy to improve the reliability of an existing solution
• Determine a strategy to improve the security of an existing solution
• Troubleshoot solution architectures
• Determine a strategy to improve the performance of an existing solution
• Determine a strategy to improve an existing solution for operational excellence

 

AWS-Solutions-Architect-Professional 2023 Training With 221 QA's: https://www.prep4pass.com/AWS-Solutions-Architect-Professional_exam-braindumps.html

Amazon AWS-Solutions-Architect-Professional Certification Exam Questions: https://drive.google.com/open?id=19utfZSOTkwP8WnxqNyac5UqqHgjBbPRv