AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 1)
A company is providing weather data over a REST-based API to several customers. The API is hosted by Amazon API Gateway and is integrated with different AWS Lambda functions for each API operation. The company uses Amazon Route 53 for DNS and has created a resource record of weather.example.com. The company stores data for the API in Amazon DynamoDB tables. The company needs a solution that will give the API the ability to fail over to a different AWS Region.
Which solution will meet these requirements?

1. A. Deploy a new set of Lambda functions in a new Regio
2. B. Update the API Gateway API to use an edge-optimized API endpoint with Lambda functions from both Regions as target
3. C. Convert the DynamoDB tables to global tables.
4. D. Deploy a new API Gateway API and Lambda functions in another Regio
5. E. Change the Route 53 DNS record to a multivalue answe
6. F. Add both API Gateway APIs to the answe
7. G. Enable target health monitorin
8. H. Convert the DynamoDB tables to global tables.
9. I. Deploy a new API Gateway API and Lambda functions in another Regio
10. J. Change the Route 53 DNS record to a failover recor
11. K. Enable target health monitorin
12. L. Convert the DynamoDB tables to global tables.
13. M. Deploy a new API Gateway API in a new Regio
14. N. Change the Lambda functions to global functions.Change the Route 53 DNS record to a multivalue answe
15. O. Add both API Gateway APIs to the answe
16. P. Enable target health monitorin
17. Q. Convert the DynamoDB tables to global tables.

Correct Answer: C
https://docs.aws.amazon.com/apigateway/latest/developerguide/dns-failover.html

- (Exam Topic 2)
A company runs a Python script on an Amazon EC2 instance to process data. The script runs every
10 minutes. The script ingests files from an Amazon S3 bucket and processes the files. On average, the script takes approximately 5 minutes to process each file The script will not reprocess a file that the script has already processed.
The company reviewed Amazon CloudWatch metrics and noticed that the EC2 instance is idle for approximately 40% of the time because of the file processing speed. The company wants to make the workload highly available and scalable. The company also wants to reduce long-term management overhead.
Which solution will meet these requirements MOST cost-effectively?

1. A. Migrate the data processing script to an AWS Lambda functio
2. B. Use an S3 event notification to invoke the Lambda function to process the objects when the company uploads the objects.
3. C. Create an Amazon Simple Queue Service (Amazon SQS) queu
4. D. Configure Amazon S3 to send event notifications to the SQS queu
5. E. Create an EC2 Auto Scaling group with a minimum size of one instanc
6. F. Update the data processing script to poll the SQS queu
7. G. Process the S3 objects that the SQS message identifies.
8. H. Migrate the data processing script to a container imag
9. I. Run the data processing container on an EC2instanc
10. J. Configure the container to poll the S3 bucket for new objects and to process the resulting objects.
11. K. Migrate the data processing script to a container image that runs on Amazon Elastic Container Service (Amazon ECS) on AWS Fargat
12. L. Create an AWS Lambda function that calls the Fargate RunTaskAPI operation when the container processes the fil
13. M. Use an S3 event notification to invoke the Lambda function.

Correct Answer: D

Which of following IAM policy elements lets you specify an exception to a list of actions?

1. A. NotException
2. B. ExceptionAction
3. C. Exception
4. D. NotAction

Correct Answer: D
The NotAction element lets you specify an exception to a list of actions. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPoIicyLanguage_EIementDescriptions.html

Which of the following is NOT an advantage of using AWS Direct Connect?

1. A. AWS Direct Connect provides users access to public and private resources by using two different connections while maintaining network separation between the public and private environments.
2. B. AWS Direct Connect provides a more consistent network experience than Internet-based connections.
3. C. AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS.
4. D. AWS Direct Connect reduces your network cost

Correct Answer: A
AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you can establish private connectMty between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections.
By using industry standard 802.1q VLANs, this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources such as objects stored in Amazon S3 using public IP address space, and private resources such as Amazon EC2
instances running within an Amazon Virtual Private Cloud (VPC) using private IP space, while maintaining network separation between the public and private environments.
Reference: http://aws.amazon.com/directconnect/#detaiIs

You are designing a personal document-archMng solution for your global enterprise with thousands of employee. Each employee has potentially gigabytes of data to be backed up in this archMng solution. The solution will be exposed to the employees as an application, where they can just drag and drop their files to the archMng system. Employees can retrieve their archives through a web interface. The corporate network has high bandwidth AWS Direct Connect connectMty to AWS.
You have a regulatory requirement that all data needs to be encrypted before being uploaded to the cloud.
How do you implement this in a highly available and cost-efficient way?

1. A. Manage encryption keys on-premises in an encrypted relational databas
2. B. Set up an on-premises server with sufficient storage to temporarily store files, and then upload them to Amazon S3, providing a client-side master key.
3. C. Mange encryption keys in a Hardware Security ModuIe (HSM) appliance on-premises serve r with sufficient storage to temporarily store, encrypt, and upload files directly into Amazon Glacier.
4. D. Nlanage encryption keys in Amazon Key Management Service (KMS), upload to Amazon Simple Storage Service (S3) with client-side encryption using a KMS customer master key ID, and configure Amazon S3 lifecycle policies to store each object using the Amazon Glacier storage tier.
5. E. Manage encryption keys in an AWS C|oudHSNI applianc
6. F. Encrypt files prior to uploading on the employee desktop, and then upload directly into Amazon Glacier.

Correct Answer: C