AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 3)
A company runs a web application on AWS. The web application delivers static content from an Amazon S3 bucket that is behind an Amazon CloudFront distribution. The application serves dynamic content by using an Application Load Balancer (ALB) that distributes requests to a fleet of Amazon EC2 instances in Auto Scaling groups. The application uses a domain name setup in Amazon Route 53.
Some users reported occasional issues when the users attempted to access the website during peak hours. An operations team found that the ALB sometimes returned HTTP 503 Service Unavailable errors. The company wants to display a custom error message page when these errors occur. The page should be displayed immediately for this error code.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Set up a Route 53 failover routing polic
2. B. Configure a health check to determine the status of the ALB endpoint and to fail over to the failover S3 bucket endpoint.
3. C. Create a second CloudFront distribution and an S3 static website to host the custom error pag
4. D. Set up a Route 53 failover routing polic
5. E. Use an active-passive configuration between the two distributions.
6. F. Create a CloudFront origin group that has two origin
7. G. Set the ALB endpoint as the primary origi
8. H. For the secondary origin, set an S3 bucket that is configured to host a static website Set up origin failover for the CloudFront distributio
9. I. Update the S3 static website to incorporate the custom error page.
10. J. Create a CloudFront function that validates each HTTP response code that the ALB return
11. K. Create an S3 static website in an S3 bucke
12. L. Upload the custom error page to the S3 bucket as a failove
13. M. Update the function to read the S3 bucket and to serve the error page to the end users.

Correct Answer: C

- (Exam Topic 3)
A scientific company needs to process text and image data from an Amazon S3 bucket. The data is collected from several radar stations during a live, time-critical phase of a deep space mission. The radar stations upload the data to the source S3 bucket. The data is prefixed by radar station identification number.
The company created a destination S3 bucket in a second account. Data must be copied from the source S3 bucket to the destination S3 bucket to meet a compliance objective. The replication occurs through the use of an S3 replication rule to cover all objects in the source S3 bucket.
One specific radar station is identified as having the most accurate data. Data replication at this radar station must be monitored for completion within 30 minutes after the radar station uploads the objects to the source S3 bucket.
What should a solutions architect do to meet these requirements?

1. A. Set up an AWS DataSync agent to replicate the prefixed data from the source S3 bucket to the destination S3 bucke
2. B. Select to use all available bandwidth on the task, and monitor the task to ensure that it is in the TRANSFERRING statu
3. C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert if this status changes.
4. D. In the second account, create another S3 bucket to receive data from the radar station with the most accurate dat
5. E. Set up a new replication rule for this new S3 bucket to separate the replication from the other radar station
6. F. Monitor the maximum replication time to the destinatio
7. G. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert when the time exceeds the desired threshold.
8. H. Enable Amazon S3 Transfer Acceleration on the source S3 bucket, and configure the radar station with the most accurate data to use the new endpoin
9. I. Monitor the S3 destination bucket's TotalRequestLatency metri
10. J. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert if this status changes.
11. K. Create a new S3 replication rule on the source S3 bucket that filters for the keys that use the prefix of the radar station with the most accurate dat
12. L. Enable S3 Replication Time Control (S3 RTC). Monitor the maximum replication time to the destinatio
13. M. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to trigger an alert when the time exceeds the desired threshold.

Correct Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-time-control.html

- (Exam Topic 2)
A company built an application based on AWS Lambda deployed in an AWS CloudFormation stack. The last production release of the web application introduced an issue that resulted in an outage lasting several minutes. A solutions architect must adjust the deployment process to support a canary release.
Which solution will meet these requirements?

1. A. Create an alias for every new deployed version of the Lambda functio
2. B. Use the AWS CLI update-alias command with the routing-config parameter to distribute the load.
3. C. Deploy the application into a new CloudFormation stac
4. D. Use an Amazon Route 53 weighted routing policy to distribute the load.
5. E. Create a version for every new deployed Lambda functio
6. F. Use the AWS CLIupdate-function-contiguration command with the routing-config parameter to distribute the load.
7. G. Configure AWS CodeDeploy and use CodeDeployDefault.OneAtATime in the Deployment configuration to distribute the load.

Correct Answer: A
https://aws.amazon.com/blogs/compute/implementing-canary-deployments-of-aws-lambda-functions-with-alias

- (Exam Topic 2)
A company is updating an application that customers use to make online orders. The number of attacks on the application by bad actors has increased recently.
The company will host the updated application on an Amazon Elastic Container Service (Amazon ECS) cluster. The company will use Amazon DynamoDB to store application data. A public Application Load Balancer (ALB) will provide end users with access to the application. The company must prevent prevent attacks and ensure business continuity with minimal service interruptions during an ongoing attack.
Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

1. A. Create an Amazon CloudFront distribution with the ALB as the origi
2. B. Add a custom header and random value on the CloudFront domai
3. C. Configure the ALB to conditionally forward traffic if the header and value match.
4. D. Deploy the application in two AWS Region
5. E. Configure Amazon Route 53 to route to both Regions with equal weight.
6. F. Configure auto scaling for Amazon ECS task
7. G. Create a DynamoDB Accelerator (DAX) cluster.
8. H. Configure Amazon ElastiCache to reduce overhead on DynamoDB.
9. I. Deploy an AWS WAF web ACL that includes an appropriate rule grou
10. J. Associate the web ACL with the Amazon CloudFront distribution.

Correct Answer: AE
The company should create an Amazon CloudFront distribution with the ALB as the origin. The company should add a custom header and random value on the CloudFront domain. The company should configure the ALB to conditionally forward traffic if the header and value match. The company should also deploy an AWS WAF web ACL that includes an appropriate rule group. The company should associate the web ACL with the Amazon CloudFront distribution. This solution will meet the requirements most cost-effectively because Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a
developer-friendly environment1. By creating an Amazon CloudFront distribution with the ALB as the origin, the company can improve the performance and availability of its application by caching static content at edge locations closer to end users. By adding a custom header and random value on the CloudFront domain, the company can prevent direct access to the ALB and ensure that only requests from CloudFront are forwarded to the ECS tasks. By configuring the ALB to conditionally forward traffic if the header and value match, the company can implement origin access identity (OAI) for its ALB origin. OAI is a feature that enables you to restrict access to your content by requiring users to access your content through CloudFront URLs2. By deploying an AWS WAF web ACL that includes an appropriate rule group, the company can prevent attacks and ensure business continuity with minimal service interruptions during an ongoing attack. AWS WAF is a web application firewall that lets you monitor and control web requests that are forwarded to your web applications. You can use AWS WAF to define customizable web security rules that control which traffic can access your web applications and which traffic should be blocked3. By associating the web ACL with the Amazon CloudFront distribution, the company can apply the web security rules to all requests that are forwarded by CloudFront.
The other options are not correct because:
Deploying the application in two AWS Regions and configuring Amazon Route 53 to route to both Regions with equal weight would not prevent attacks or ensure business continuity. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service that routes end users to Internet applications by translating names like www.example.com into numeric IP addresses4. However, routing traffic to multiple Regions would not protect against attacks or provide failover in case of an outage. It would also increase operational complexity and costs compared to using CloudFront and
AWS WAF.
Configuring auto scaling for Amazon ECS tasks and creating a DynamoDB Accelerator (DAX) cluster would not prevent attacks or ensure business continuity. Auto scaling is a feature that enables you to automatically adjust your ECS tasks based on demand or a schedule. DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement. However, these features would not protect against attacks or provide failover in case of an outage. They would also increase operational complexity and costs compared to using CloudFront and AWS WAF.
Configuring Amazon ElastiCache to reduce overhead on DynamoDB would not prevent attacks or ensure business continuity. Amazon ElastiCache is a fully managed in-memory data store service that makes it easy to deploy, operate, and scale popular open-source compatible in-memory data stores. However, this service would not protect against attacks or provide failover in case of an outage. It would also increase operational complexity and costs compared to using CloudFront and AWS WAF.
References:
https://aws.amazon.com/cloudfront/
https://aws.amazon.com/waf/
https://aws.amazon.com/route53/
https://aws.amazon.com/dynamodb/dax/
https://aws.amazon.com/elasticache/

- (Exam Topic 3)
A solutions architect works for a government agency that has strict disaster recovery requirements. All Amazon Elastic Block Store (Amazon EBS) snapshots are required to be saved in at least two additional AWS Regions. The agency also is required to maintain the lowest possible operational overhead.
Which solution meets these requirements?

1. A. Configure a policy in Amazon Data Lifecycle Manager (Amazon DLM) to run once daily to copy the EBS snapshots to the additional Regions.
2. B. Use Amazon EventBridge (Amazon CloudWatch Events) to schedule an AWS Lambda function to copy the EBS snapshots to the additional Regions.
3. C. Set up AWS Backup to create the EBS snapshot
4. D. Configure Amazon S3 cross-Region replication to copy the EBS snapshots to the additional Regions.
5. E. Schedule Amazon EC2 Image Builder to run once daily to create an AMI and copy the AMI to the additional Regions

Correct Answer: A