Best Quality AWS-Certified-Solutions-Architect-Professional Exam Dumps 2021

NEW QUESTION 1
How can a user list the IAM Role configured as a part of the launch config?

• A. as-describe-Iaunch-configs --iam-profiIe
• B. as-describe-Iaunch-configs --show-Iong
• C. as-describe-Iaunch-configs —iam-role
• D. as-describe-Iaunch-configs —roIe

Answer: B

Explanation: As-describe-launch-configs describes all the launch config parameters created by the AWS account in the specified region. Generally it returns values, such as Launch Config name, Instance Type and AMI ID. If the user wants additional parameters, such as the IAM Profile used in the config , he has to run command: as-describe-Iaunch-configs --show-Iong

NEW QUESTION 2
You are responsible for a legacy web application whose server environment is approaching end of life You would like to migrate this application to AWS as quickly as possible, since the application environment currently has the following limitations:
The VM's single 10GB VNIDK is almost full; Nle virtual network interface still uses the 10IV|bps driver, which leaves your 100Mbps WAN connection completely underutilized;
It is currently running on a highly customized. Windows VM within a VMware environment; You do not have me installation media;
This is a mission critical application with an RTO (Recovery Time Objective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS while meeting your business continuity requirements?

• A. Use the EC2 VM Import Connector for vCenter to import the VNI into EC2.
• B. Use Import/Export to import the VNI as an ESS snapshot and attach to EC2.
• C. Use S3 to create a backup of the VM and restore the data into EC2.
• D. Use me ec2-bundle-instance API to Import an Image of the VNI into EC2

Answer: A

NEW QUESTION 3
A government client needs you to set up secure cryptographic key storage for some of their extremely confidential data. You decide that the AWS CIoudHSM is the best service for this. However, there seem to be a few pre-requisites before this can happen, one of those being a security group that has certain ports open. Which of the following is correct in regards to those security groups?

• A. A security group that has no ports open to your network.
• B. A security group that has only port 3389 (for RDP) open to your network.
• C. A security group that has only port 22 (for SSH) open to your network.
• D. A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your networ

Answer: D

Explanation: AWS CIoudHSM provides secure cryptographic key storage to customers by making hardware security modules (HSMs) available in the AWS cloud.
AWS C|oudHSM requires the following environment before an HSM appliance can be provisioned. A virtual private cloud (VPC) in the region where you want the AWS CIoudHSM service.
One private subnet (a subnet with no Internet gateway) in the VPC. The HSM appliance is provisioned into this subnet.
One public subnet (a subnet with an Internet gateway attached). The control instances are attached to this subnet.
An AWS Identity and Access Management (IAM) role that delegates access to your AWS resources to AWS CIoudHSM.
An EC2 instance, in the same VPC as the HSM appliance, that has the SafeNet client software installed. This instance is referred to as the control instance and is used to connect to and manage the HSM appliance.
A security group that has port 22 (for SSH) or port 3389 (for RDP) open to your network. This security group is attached to your control instances so you can access them remotely.

NEW QUESTION 4
You have deployed a web application targeting a global audience across multiple AWS Regions under the domain name.exampIe.com. You decide to use Route53 Latency-Based Routing to serve web requests to users from the region closest to the user. To provide business continuity in the event of server downtime you configure weighted record sets associated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disable all web sewers in one of the regions Route53 does not automatically direct all users to the other region. What could be happening? (Choose 2 answers)

• A. Latency resource record sets cannot be used in combination with weighted resource record sets.
• B. You did not setup an HTTP health check to one or more of the weighted resource record sets associated with me disabled web sewers.
• C. The value of the weight associated with the latency alias resource record set in the region with the disabled sewers is higher than the weight for the other region.
• D. One of the two working web sewers in the other region did not pass its HTTP health check.
• E. You did not set "Evaluate Target Health" to "Yes" on the latency alias resource record set associated with example com in the region where you disabled the servers.

Answer: BE

NEW QUESTION 5
A user is trying to create a vault in AWS Glacier. The user wants to enable notifications. In which of the below mentioned options can the user enable the notifications from the AWS console?

• A. Glacier does not support the AWS console
• B. Archival Upload Complete
• C. Vault Upload Job Complete
• D. Vault Inventory Retrieval Job Complete

Answer: D

Explanation: From AWS console the user can configure to have notifications sent to Amazon Simple Notifications Service (SNS). The user can select specific jobs that, on completion, will trigger the notifications such as Vault Inventory Retrieval Job Complete and Archive Retrieval Job Complete.
Reference: http://docs.aws.amazon.com/amazongIacier/latest/dev/configuring-notifications-console.html

NEW QUESTION 6
In Amazon IAM, what is the maximum length for a role name?

• A. 128 characters
• B. 512 characters
• C. 64 characters
• D. 256 characters

Answer: C

Explanation: In Amazon IAM, the maximum length for a role name is 64 characters.
Reference: http://docs.aws.amazon.com/IANI/latest/UserGuide/LimitationsOnEntities.html

NEW QUESTION 7
How can multiple compute resources be used on the same pipeline in AWS Data Pipeline?

• A. You can use multiple compute resources on the same pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field.
• B. You can use multiple compute resources on the same pipeline by defining multiple cluster definition files.
• C. You can use multiple compute resources on the same pipeline by defining multiple clusters for your actMty.
• D. You cannot use multiple compute resources on the same pipelin

Answer: A

Explanation: MuItipIe compute resources can be used on the same pipeline in AWS Data Pipeline by defining multiple cluster objects in your definition file and associating the cluster to use for each actMty via its runsOn field, which allows pipelines to combine AWS and on-premise resources, or to use a mix of instance types for their actMties.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 8
Identify a true statement about using an IAM role to grant permissions to applications running on Amazon EC2 instances.

• A. When AWS credentials are rotated, developers have to update only the root Amazon EC2 instance that uses their credentials.
• B. When AWS credentials are rotated, developers have to update only the Amazon EC2 instance on which the password policy was applied and which uses their credentials.
• C. When AWS credentials are rotated, you don't have to manage credentials and you don't have to worry about long-term security risks.
• D. When AWS credentials are rotated, you must manage credentials and you should consider precautions for long-term security risks.

Answer: C

Explanation: Using IAM roles to grant permissions to applications that run on EC2 instances requires a bit of extra configuration. Because role credentials are temporary and rotated automatically, you don't have to manage credentials, and you don't have to worry about long-term security risks.
Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.htmI

NEW QUESTION 9
When does an AWS Data Pipeline terminate the AWS Data Pipeline-managed compute resources?

• A. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 2 hours.
• B. When the final actMty that uses the resources is running
• C. AWS Data Pipeline terminates AWS Data Pipeline-managed compute resources every 12 hours.
• D. When the final actMty that uses the resources has completed successfully orfailed

Answer: D

Explanation: Compute resources will be provisioned by AWS Data Pipeline when the first actMty for a scheduled time that uses those resources is ready to run, and those instances will be terminated when the final actMty that uses the resources has completed successfully or failed.
Reference: https://aws.amazon.com/datapipe|ine/faqs/

NEW QUESTION 10
An IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the below mentioned options will AWS S3 not verify?

• A. The object owner has provided access to the IAM user
• B. Permission provided by the parent of the IAM user on the bucket
• C. Permission provided by the bucket owner to the IAM user
• D. Permission provided by the parent ofthe IAM user

Answer: B

Explanation: If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket as well as the policy defined by the object owner.
Reference:
http://docs.aws.amazon.com/AmazonS3/Iatest/dev/access-control-auth-workflow-object-operation.htmI

NEW QUESTION 11
If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical .

• A. OR
• B. NAND
• C. NOR
• D. AND

Answer: A

Explanation: If a single condition within an IAM policy includes multiple values for one key, it will be evaluated using a logical OR.
Reference: http://docs.aws.amazon.com/IAM/Iatest/UserGuide/reference_poIicies_eIements.html

NEW QUESTION 12
A 3-tier e-commerce web application is current deployed on-premises and will be migrated to AWS for greater scalability and elasticity The web server currently shares read-only data using a network distributed file system The app server tier uses a clustering mechanism for discovery and shared session state that depends on IP multicast The database tier uses shared-storage clustering to provide database fall over capability, and uses several read slaves for scaling Data on all servers and the distributed file system directory is backed up weekly to off-site tapes
Which AWS storage and database architecture meets the requirements of the application?

• A. Web servers: store read-only data in S3, and copy from S3 to root volume at boot tim
• B. App servers: share state using a combination of DynamoDB and IP unicas
• C. Database: use RDS with multi-AZ deployment and one or more read replica
• D. Backup: web sewers, app sewers, and database backed up weekly to Glacier using snapshots.
• E. Web sewers: store read-only data in an EC2 NFS sewer; mount to each web server at boot tim
• F. App servers: share state using a combination of DynamoDB and IP multicas
• G. Database: use RDS with multi-AZ deployment and one or more Read Replica
• H. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.
• I. Web sewers: store read-only data in S3, and copy from S3 to root volume at boot tim
• J. App sewers: share state using a combination of DynamoDB and IP unicas
• K. Database: use RDS with multi-AZ deployment and one or more Read Replica
• L. Backup: web and app sewers backed up weekly via AMIs, database backed up via DB snapshots.
• M. Web sewers: store read-only data in S3, and copy from S3 to root volume at boot tim
• N. App sewers: share state using a combination of DynamoDB and IP unicas
• O. Database: use RDS with multi-AZ deploymen
• P. Backup: web and app servers backed up weekly via AMIs, database backed up via DB snapshots.

Answer: C

NEW QUESTION 13
Which of the following is true of an instance profile when an IAM role is created using the console?

• A. The instance profile uses a different name.
• B. The console gives the instance profile the same name as the role it corresponds to.
• C. The instance profile should be created manually by a user.
• D. The console creates the role and instance profile as separate actions.

Answer: B

Explanation: Amazon EC2 uses an instance profile as a container for an IAM role. When you create an IAM role using the console, the console creates an instance profile automatically and gives it the same name as the role it corresponds to. If you use the AWS CLI, API, or an AWS SDK to create a role, you create the role and instance profile as separate actions, and you might give them different names.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roIes_use_switch-role-ec2_instance-profiles.html

NEW QUESTION 14
You are developing a new mobile application and are considering storing user preferences in AWS.2w This would provide a more uniform cross-device experience to users using multiple mobile devices to access the application. The preference data for each user is estimated to be 50KB in size Additionally 5 million customers are expected to use the application on a regular basis. The solution needs to be
cost-effective, highly available, scalable and secure, how would you design a solution to meet the above requirements?

• A. Setup an RDS MySQL instance in 2 availability zones to store the user preference dat
• B. Deploy apublic facing application on a server in front of the database to manage security and access credentials
• C. Setup a DynamoDB table with an item for each user having the necessary attributes to hold the user preference
• D. The mobile application will query the user preferences directly from the DynamoDB tabl
• E. Utilize ST
• F. Web Identity Federation, and DynamoDB Fine Grained Access Control to authenticate and authorize access.
• G. Setup an RDS MySQL instance with multiple read replicas in 2 availability zones to store the user preference data .The mobile application will query the user preferences from the read replica
• H. Leverage the MySQL user management and access prMlege system to manage security and access credentials.
• I. Store the user preference data in S3 Setup a DynamoDB table with an item for each user and an item attribute pointing to the user’ S3 objec
• J. The mobile application will retrieve the S3 URL from DynamoDB and then access the S3 object directly utilize STS, Web identity Federation, and S3 ACLs to authenticate and authorize access.

Answer: B

NEW QUESTION 15
A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers. Which of the following are the two flows?

• A. Authenticated and non-authenticated
• B. Public and private
• C. Enhanced and basic
• D. Single step and multistep

Answer: C

Explanation: A user authenticating with Amazon Cognito will go through a multi-step process to bootstrap their credentials. Amazon Cognito has two different flows for authentication with public providers: enhanced and basic.
Reference: http://docs.aws.amazon.com/cognito/devguide/identity/concepts/authentication-f|ow/

NEW QUESTION 16
The following are AWS Storage services? Choose 2 Answers

• A. AWS Relational Database Service (AWS RDS)
• B. AWS EIastiCache
• C. AWS Glacier
• D. AWS Import/Export

Answer: BD

NEW QUESTION 17
True or False: In Amazon EIastiCache replication groups of Redis, for performance tuning reasons, you can change the roles of the cache nodes within the replication group, with the primary and one of the replicas exchanging roles.

• A. True, however, you get lower performance.
• B. FALSE
• C. TRUE
• D. False, you must recreate the replication group to improve performance tunin

Answer: C

Explanation: In Amazon EIastiCache, a replication group is a collection of Redis Cache Clusters, with one primary read-write cluster and up to five secondary, read-only clusters, which are called read replicas. You can change the roles of the cache clusters within the replication group, with the primary cluster and one of the replicas exchanging roles. You might decide to do this for performance tuning reasons.
Reference: http://docs.aws.amazon.com/AmazonEIastiCache/Iatest/UserGuide/Replication.Redis.Groups.htmI