AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 1)
A company is using an on-premises Active Directory service for user authentication. The company wants to use the same authentication service to sign in to the company's AWS accounts, which are using AWS Organizations. AWS Site-to-Site VPN connectivity already exists between the on-premises environment and all the company's AWS accounts.
The company's security policy requires conditional access to the accounts based on user groups and roles. User identities must be managed in a single location.
Which solution will meet these requirements?

1. A. Configure AWS Single Sign-On (AWS SSO) to connect to Active Directory by using SAML 2.0.Enable automatic provisioning by using the System for Cross- domain Identity Management (SCIM) v2.0 protoco
2. B. Grant access to the AWS accounts by using attribute-based access controls (ABACs).
3. C. Configure AWS Single Sign-On (AWS SSO) by using AWS SSO as an identity sourc
4. D. Enable automatic provisioning by using the System for Cross-domain Identity Management (SCIM) v2.0 protoco
5. E. Grant access to the AWS accounts by using AWS SSO permission sets.
6. F. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use a SAML 2.0 identity provide
7. G. Provision IAM users that are mapped to the federated user
8. H. Grant access that corresponds to appropriate groups in Active Director
9. I. Grant access to the required AWS accounts by using cross-account IAM users.
10. J. In one of the company's AWS accounts, configure AWS Identity and Access Management (IAM) to use an OpenID Connect (OIDC) identity provide
11. K. Provision IAM roles that grant access to the AWS account for the federated users that correspond to appropriate groups in Active Director
12. L. Grant access to the required AWS accounts by using cross-account IAM roles.

Correct Answer: D
https://aws.amazon.com/blogs/aws/new-attributes-based-access-control-with-aws-single-sign-on/

- (Exam Topic 3)
A company has a complex web application that leverages Amazon CloudFront for global scalability and performance Over time, users report that the web application is slowing down
The company's operations team reports that the CloudFront cache hit ratio has been dropping steadily. The cache metrics report indicates that query strings on some URLs are inconsistently ordered and are specified sometimes in mixed-case letters and sometimes in lowercase letters.
Which set of actions should the solutions architect take to increase the cache hit ratio as quickly as possible?

1. A. Deploy a Lambda@Edge function to sort parameters by name and force them lo be lowercase Select the CloudFront viewer request trigger to invoke the function
2. B. Update the CloudFront distribution to disable caching based on query string parameters.
3. C. Deploy a reverse proxy after the load balancer to post-process the emitted URLs in the application to force the URL strings to be lowercase.
4. D. Update the CloudFront distribution to specify casing-insensitive query string processing.

Correct Answer: A
because Amazon CloudFront considers the case of parameter names and values when caching based on query string parameters , thus inconsistent query strings may cause CloudFront to forward mixed-cased/misordered requests to the origin. Triggering a Lambda@Edge function based on a viewer request event to sort parameters by name and force them to be lowercase is the best choice. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/QueryStringParameters.html#query-str https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-cloudfront-trigger-events.html
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examp

- (Exam Topic 3)
A media storage application uploads user photos to Amazon S3 for processing by AWS Lambda functions. Application state is stored in Amazon DynamoOB tables. Users are reporting that some uploaded photos are not being processed properly. The application developers trace the logs and find that Lambda is experiencing photo processing issues when thousands of users upload photos simultaneously. The issues are the result of Lambda concurrency limits and the performance of DynamoDB when data is saved.
Which combination of actions should a solutions architect take to increase the performance and reliability of the application? (Select TWO.)

1. A. Evaluate and adjust the RCUs for the DynamoDB tables.
2. B. Evaluate and adjust the WCUs for the DynamoDB tables.
3. C. Add an Amazon ElastiCache layer to increase the performance of Lambda functions.
4. D. Add an Amazon Simple Queue Service (Amazon SQS) queue and reprocessing logic between Amazon S3 and the Lambda functions.
5. E. Use S3 Transfer Acceleration to provide lower latency to users.

Correct Answer: BD
B:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.ReadWriteCapacityMode.h
D: https://aws.amazon.com/blogs/compute/robust-serverless-application-design-with-aws-lambda-dlq/c

- (Exam Topic 3)
A large education company recently introduced Amazon Workspaces to provide access to internal applications across multiple universities. The company is storing user profiles on an Amazon FSx (or Windows File Server file system. The tile system is configured with a DNS alias and is connected to a self-managed Active Directory. As more users begin to use the Workspaces, login time increases to unacceptable levels.
An investigation reveals a degradation in performance of the file system. The company created the file system on HDD storage with a throughput of 16 MBps. A solutions architect must improve the performance of the file system during a defined maintenance window.
What should the solutions architect do to meet these requirements with the LEAST administrative effort?

1. A. Use AWS Backup to create a point-ln-lime backup of the file syste
2. B. Restore the backup to a new FSx for Windows File Server file syste
3. C. Select SSD as the storage type Select 32 MBps as the throughput capacit
4. D. When the backup and restore process Is completed, adjust the DNS alias accordingl
5. E. Delete the original file system.
6. F. Disconnect users from the file syste
7. G. In the Amazon FSx console, update the throughput capacity to 32 MBp
8. H. Update the storage type to SS
9. I. Reconnect users to the file system.
10. J. Deploy an AWS DataSync agent onto a new Amazon EC2 Instanc
11. K. Create a tas
12. L. Configure the existing file system as the source locatio
13. M. Configure a new FSx for Windows File Server file system with SSD storage and 32 MBps of throughput as the target locatio
14. N. Schedule the tas
15. O. When the task is completed, adjust the DNS alias accordingl
16. P. Delete the original file system.
17. Q. Enable shadow copies on the existing file system by using a Windows PowerShell comman
18. R. Schedule the shadow copy job to create a point-in-time backup of the file syste
19. S. Choose to restore previous version
20. T. Create a new FSx for Windows File Server file system with SSD storage and 32 MBps of throughpu
21. . When the copy job is completed, adjust the DNS alia
22. . Delete the original file system.

Correct Answer: C
https://docs.aws.amazon.com/fsx/latest/WindowsGuide/migrate-files-to-fsx-datasync.html

- (Exam Topic 3)
A company has an application that is deployed on Amazon EC2 instances behind an Application Load Balancer (ALB). The instances are part of an Auto Scaling group. The application has unpredictable workloads and frequently scales out and in. The company's development team wants to analyze application logs to find ways to improve the application's performance. However, the logs are no longer available after instances scale in.
Which solution will give the development team the ability to view the application logs after a scale-in event?

1. A. Enable access logs for the AL
2. B. Store the logs in an Amazon S3 bucket.
3. C. Configure the EC2 instances lo publish logs to Amazon CloudWatch Logs by using the unified CloudWatch agent.
4. D. Modify the Auto Scaling group to use a step scaling policy.
5. E. Instrument the application with AWS X-Ray tracing.

Correct Answer: B
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html