Precise AWS-Certified-Solutions-Architect-Professional Exam Questions and Answers 2021

NEW QUESTION 1
You create a VPN connection, and your VPN device supports Border Gateway Protocol (BGP). Which of the following should be specified to configure the VPN connection?

• A. Classless routing
• B. Classfull routing
• C. Dynamic routing
• D. Static routing

Answer: C

Explanation: If you create a VPN connection, you must specify the type of routing that you plan to use, which will depend upon on the make and model of your VPN devices. If your VPN device supports Border Gateway Protocol (BGP), you need to specify dynamic routing when you configure your VPN connection. If your device does not support BGP, you should specify static routing.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.htmI

NEW QUESTION 2
A user has configured EBS volume with PIOPS. The user is not experiencing the optimal throughput. Which of the following could not be factor affecting I/O performance of that EBS volume?

• A. EBS bandwidth of dedicated instance exceeding the PIOPS
• B. EBS volume size
• C. EC2 bandwidth
• D. Instance type is not EBS optimized

Answer: B

Explanation: If the user is not experiencing the expected IOPS or throughput that is provisioned, ensure that the EC2 bandwidth is not the limiting factor, the instance is EBS-optimized (or include 10 Gigabit network connectMty) and the instance type EBS dedicated bandwidth exceeds the IOPS more than he has provisioned.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html

NEW QUESTION 3
After launching an instance that you intend to serve as a NAT (Network Address Translation) device in a public subnet you modify your route tables to have the NAT device be the target of internet bound traffic of your private subnet. When you try and make an outbound connection to the internet from an instance in the private subnet, you are not successful. Which of the following steps could resolve the issue?

• A. Disabling the Source/Destination Check attribute on the NAT instance
• B. Attaching an Elastic IP address to the instance in the private subnet
• C. Attaching a second Elastic Network Interface (ENI) to the NAT instance, and placing it in the private subnet
• D. Attaching a second Elastic Network Interface (ENI) to the instance in the private subnet, and placing it in the public subnet

Answer: A

NEW QUESTION 4
What is the network performance offered by the c4.8xIarge instance in Amazon EC2?

• A. Very High but variable
• B. 20 Gigabit
• C. 5 Gigabit
• D. 10 Gigabit

Answer: D

Explanation: Networking performance offered by the c4.8xIarge instance is 10 Gigabit. Reference: http://aws.amazon.com/ec2/instance-types/

NEW QUESTION 5
When using string conditions within IAM, short versions of the available comparators can be used instead of the more verbose ones.
streqi is the short version of the string condition.

• A. StringEquaIsIgnoreCase
• B. StringNotEquaIsIgnoreCase
• C. StringLikeStringEqua|s
• D. StringNotEqua|s

Answer: A

Explanation: When using string conditions within IANI, short versions of the available comparators can be used instead of the more verbose versions. For instance, streqi is the short version of StringEqua|s|gnoreCase that checks for the exact match between two strings ignoring their case.
Reference: http://awsdocs.s3.amazonaws.com/SNS/20100331/sns-gsg-2010-03-31.pdf

NEW QUESTION 6
Which of the following cannot be done using AWS Data Pipeline?

• A. Create complex data processing workloads that are fault tolerant, repeatable, and highly available.
• B. Regularly access your data where it's stored, transform and process it at scale, and efficiently transfer the results to another AWS service.
• C. Generate reports over data that has been stored.
• D. Move data between different AWS compute and storage services as well as on-premise data sources at specified intervals.

Answer: C

Explanation: AWS Data Pipeline is a web service that helps you reliably process and move data between different AWS compute and storage services as well as on-premise data sources at specified intervals. With AWS Data Pipeline, you can regularly access your data where it’s stored, transform and process it at scale, and efficiently transfer the results to another AWS.
AWS Data Pipeline helps you easily create complex data processing workloads that are fault tolerant, repeatable, and highly available. AWS Data Pipeline also allows you to move and process data that was
previously locked up in on-premise data silos. Reference: http://aws.amazon.com/datapipe|ine/

NEW QUESTION 7
A web design company currently runs several FTP servers that their 250 customers use to upload and download large graphic files They wish to move this system to AWS to make it more scalable, but they wish to maintain customer privacy and Keep costs to a minimum.
What AWS architecture would you recommend?

• A. ASK their customers to use an S3 client instead of an FTP clien
• B. Create a single S3 bucket Create an IAM user for each customer Put the IAM Users in a Group that has an IAM policy that permits access to sub-directories within the bucket via use of the 'username' Policy variable.
• C. Create a single S3 bucket with Reduced Redundancy Storage turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket for each customer with a Bucket Policy that permits access only to that one customer.
• D. Create an auto-scaling group of FTP servers with a scaling policy to automatically scale-in when minimum network traffic on the auto-scaling group is below a given threshol
• E. Load a central list of ftp users from S3 as part of the user Data startup script on each Instance.
• F. Create a single S3 bucket with Requester Pays turned on and ask their customers to use an S3 client instead of an FTP client Create a bucket tor each customer with a Bucket Policy that permits access only to that one customer.

Answer: A

NEW QUESTION 8
By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically. In addition, push synchronization allows you to use Amazon Cognito to send a silent notification to all devices associated with an identity to notify them that
new data is available.

• A. get
• B. post
• C. pull
• D. push

Answer: D

Explanation: By default, Amazon Cognito maintains the last-written version of the data. You can override this behavior and resolve data conflicts programmatically. In addition, push synchronization allows you to use Amazon Cognito to send a silent push notification to all devices associated with an identity to notify them that new data is available.
Reference: http://aws.amazon.com/cognito/faqs/

NEW QUESTION 9
An organization is planning to host an application on the AWS VPC. The organization wants dedicated instances. However, an AWS consultant advised the organization not to use dedicated instances with VPC as the design has a few limitations. Which of the below mentioned statements is not a limitation of dedicated instances with VPC?

• A. All instances launched with this VPC will always be dedicated instances and the user cannot use a default tenancy model for them.
• B. It does not support the AWS RDS with a dedicated tenancy VPC.
• C. The user cannot use Reserved Instances with a dedicated tenancy model.
• D. The EBS volume will not be on the same tenant hardware as the EC2 instance though the user has configured dedicated tenancy.

Answer: C

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. Dedicated instances are Amazon EC2 instances that run in a Virtual Private Cloud (VPC) on hardware that is dedicated to a single customer. The cIient’s dedicated instances are physically isolated at the host hardware level from instances that are not dedicated instances as well as from instances that belong to other AWS accounts.
All instances launched with the dedicated tenancy model of VPC will always be dedicated instances. Dedicated tenancy has a limitation that it may not support a few services, such as RDS. Even the EBS will not be on dedicated hardware. However the user can save some cost as well as reserve some capacity
by using a Reserved Instance model with dedicated tenancy.
Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/dedicated-instance.html

NEW QUESTION 10
You are designing the network infrastructure for an application server in Amazon VPC. Users will access all application instances from the Internet, as well as from an on-premises network. The on-premises
network is connected to your VPC over an AWS Direct Connect link. How would you design routing to meet the above requirements?

• A. Configure a single routing table with a default route via the Internet gatewa
• B. Propagate a default route via BGP on the AWS Direct Connect customer route
• C. Associate the routing table with all VPC subnets.
• D. Configure a single routing table with a default route via the Internet gatewa
• E. Propagate specific routes for the on-premises networks via BGP on the AWS Direct Connect customer route
• F. Associate the routing table with all VPC subnets.
• G. Configure a single routing table with two default routes: on to the Internet via an Internet gateway, the other to the on-premises network via the VPN gatewa
• H. Use this routing table across all subnets in the VPC.
• I. Configure two routing tables: on that has a default router via the Internet gateway, and other that has a default route via the VPN gatewa
• J. Associate both routing tables with each VPC subnet.

Answer: A

NEW QUESTION 11
Select the correct set of options. These are the initial settings for the default security group:

• A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other
• B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
• C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
• D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

Answer: A

NEW QUESTION 12
In Amazon EIastiCache, the default cache port is:

• A. for Memcached 11210 and for Redis 6380.
• B. for Memcached 11211 and for Redis 6380.
• C. for Memcached 11210 and for Redis 6379.
• D. for Memcached 11211 and for Redis 6379.

Answer: D

Explanation: In Amazon EIastiCache, you can specify a new port number for your cache cluster, which by default is 11211 for Memcached and 6379 for Redis.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/GettingStarted.AuthorizeAccess.htm|

NEW QUESTION 13
An organization, which has the AWS account ID as Q99988887777, has created 50 IAM users. All the users are added to the same group examkiller. If the organization has enabled that each IAM user can login with the AWS console, which AWS login URL will the IAM users use??

• A. https://Q99988887777.aws.amazon.com/examkiIIer/
• B. https://signin.aws.amazon.com/examki|Ier/
• C. https://examkiller.signin.aws.amazon.com/999988887777/consoIe/
• D. https://999988887777.signin.aws.amazon.com/consoIe/

Answer: D

Explanation: AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. Once the organization has created the IAM users, they will have a separate AWS console URL to login to the AWS console. The console login URL for the IAM user will be https:// AWS_Account_ID.signin.aws.amazon.com/consoIe/. It uses only the AWS account ID and does not depend on the group or user ID.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAIias.htmI

NEW QUESTION 14
To serve Web traffic for a popular product your chief financial officer and IT director have purchased 10 ml large heavy utilization Reserved Instances (Rls) evenly spread across two availability zones: Route 53 is used to deliver the traffic to an Elastic Load Balancer (ELB). After several months, the product grows even more popular and you need additional capacity As a result, your company purchases two C3.2xIarge medium utilization Ris You register the two c3 2xIarge instances with your ELB and quickly find that the ml large instances are at 100% of capacity and the c3 2xIarge instances have significant capacity that's
unused Which option is the most cost effective and uses EC2 capacity most effectively?

• A. Configure Autoscaling group and Launch Configuration with ELB to add up to 10 more on-demand m1 .|arge instances when triggered by Cloudwatc
• B. Shut off c3.2x|arge instances.
• C. Configure ELB with two c3.2xIarge instances and use on-demand Autoscaling group for up to two additional c3.2x|arge instance
• D. Shut off m1 .Iarge instances.
• E. Route traffic to EC2 m1 .Iarge and c3.2xIarge instances directly using Route 53 latency based routing and health check
• F. Shut off ELB.
• G. Use a separate ELB for each instance type and distribute load to ELBs with Route 53 weighted round robin.

Answer: B

NEW QUESTION 15
A user is creating a PIOPS volume. What is the maximum ratio the user should configure between PIOPS and the volume size?

• A. 5
• B. 10
• C. 20
• D. 30

Answer: D

Explanation: Provisioned IOPS volumes are designed to meet the needs of I/O-intensive workloads, particularly database workloads that are sensitive to storage performance and consistency in random access I/O throughput. A provisioned IOPS volume can range in size from 10 GB to 1 TB and the user can provision up to 4000 IOPS per volume.
The ratio of IOPS provisioned to the volume size requested can be a maximum of 30; for example, a volume with 3000 IOPS must be atleast 100 GB.
Reference: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVo|umeTypes.htm|

NEW QUESTION 16
An organization is setting up a highly scalable application using Elastic Beanstalk. They are using Elastic Load Balancing (ELB) as well as a Virtual Private Cloud (VPC) with public and private subnets. They have the following requirements:
. All the EC2 instances should have a private IP
. All the EC2 instances should receive data via the ELB's. Which of these will not be needed in this setup?

• A. Launch the EC2 instances with only the public subnet.
• B. Create routing rules which will route all inbound traffic from ELB to the EC2 instances.
• C. Configure ELB and NAT as a part of the public subnet only.
• D. Create routing rules which will route all outbound traffic from the EC2 instances through NA

Answer: A

Explanation: The Amazon Virtual Private Cloud (Amazon VPC) allows the user to define a virtual networking environment in a private, isolated section of the Amazon Web Services (AWS) cloud. The user has complete control over the virtual networking environment. If the organization wants the Amazon EC2 instances to have a private IP address, he should create a public and private subnet for VPC in each Availability Zone (this is an AWS Elastic Beanstalk requirement). The organization should add their public resources, such as ELB and NAT to the public subnet, and AWS Elastic Beanstalk will assign them unique elastic IP addresses (a static, public IP address). The organization should launch Amazon EC2 instances in a private subnet so that AWS Elastic Beanstalk assigns them non-routable private IP addresses. Now the organization should configure route tables with the following rules:
. route all inbound traffic from ELB to EC2 instances
. route all outbound traffic from EC2 instances through NAT
Reference: http://docs.aws.amazon.com/elasticbeanstaIk/latest/dg/AWSHowTo-vpc.html

NEW QUESTION 17
An organization is making software for the CIA in US

• A. CIA agreed to host the application on AWS but ina secure environmen
• B. The organization is thinking of hosting the application on the AWS GovC|oud regio
• C. Which of the below mentioned difference is not correct when the organization is hosting on the AWS GovCIoud in comparison with the AWS standard region?
• D. The billing for the AWS GovCLoud will be in a different account than the Standard AWS account.
• E. GovCIoud region authentication is isolated from Amazon.com.
• F. Physical and logical administrative access only to U.
• G. persons.
• H. It is physically isolated and has logical network isolation from all the other region

Answer: A

Explanation: AWS GovCIoud (US) is an isolated AWS region designed to allow U.S. government agencies and customers to move sensitive workloads into the cloud by addressing their specific regulatory and compliance requirements. The AWS GovCIoud (US) Region adheres to the U.S. International Traffic in
Arms Regulations (ITAR) requirements. It has added advantages, such as: Restricting physical and logical administrative access to U.S. persons only
There will be a separate AWS GovCIoud (US) credentials, such as access key and secret access key than the standard AWS account
The user signs in with the IAM user name and password
The AWS GovCIoud (US) Region authentication is completely isolated from Amazon.com
If the organization is planning to host on EC2 in AWS GovCIoud then it will be billed to standard AWS account of organization since AWS GovCIoud billing is linked with the standard AWS account and is not be billed separately
Reference: http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/whatis.htmI