AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 3)
A company operates a fleet of servers on premises and operates a fleet of Amazon EC2 instances in its organization in AWS Organizations. The company's AWS accounts contain hundreds of VPCs. The company wants to connect its AWS accounts to its on-premises network. AWS Site-to-Site VPN connections are already established to a single AWS account. The company wants to control which VPCs can communicate with other VPCs.
Which combination of steps will achieve this level of control with the LEAST operational effort? (Choose three.)

1. A. Create a transit gateway in an AWS accoun
2. B. Share the transit gateway across accounts by using AWS Resource Access Manager (AWS RAM).
3. C. Configure attachments to all VPCs and VPNs.
4. D. Set up transit gateway route table
5. E. Associate the VPCs and VPNs with the route tables.
6. F. Configure VPC peering between the VPCs.
7. G. Configure attachments between the VPCs and VPNs.
8. H. Set up route tables on the VPCs and VPNs.

Correct Answer: ABC

- (Exam Topic 1)
A company wants to use a third-party software-as-a-service (SaaS) application. The third-party SaaS application is consumed through several API calls. The third-party SaaS application also runs on AWS inside a VPC.
The company will consume the third-party SaaS application from inside a VPC. The company has internal security policies that mandate the use of private connectivity that does not traverse the internet. No resources that run in the company VPC are allowed to be accessed from outside the company’s VPC. All permissions must conform to the principles of least privilege.
Which solution meets these requirements?

1. A. Create an AWS PrivateLink interface VPC endpoin
2. B. Connect this endpoint to the endpoint service that the third-party SaaS application provide
3. C. Create a security group to limit the access to the endpoin
4. D. Associate the security group with the endpoint.
5. E. Create an AWS Site-to-Site VPN connection between the third-party SaaS application and the company VP
6. F. Configure network ACLs to limit access across the VPN tunnels.
7. G. Create a VPC peering connection between the third-party SaaS application and the company VPUpdate route tables by adding the needed routes for the peering connection.
8. H. Create an AWS PrivateLink endpoint servic
9. I. Ask the third-party SaaS provider to create an interface VPC endpoint for this endpoint servic
10. J. Grant permissions for the endpoint service to the specific account of the third-party SaaS provider.

Correct Answer: A
Reference architecture - https://docs.aws.amazon.com/vpc/latest/privatelink/privatelink-access-saas.html Note from documentation that Interface Endpoint is at client side

- (Exam Topic 2)
A solutions architect is designing an AWS account structure for a company that consists of multiple teams. All the teams will work in the same AWS Region. The company needs a VPC that is connected to the on-premises network. The company expects less than 50 Mbps of total traffic to and from the on-premises network.
Which combination of steps will meet these requirements MOST cost-effectively? (Select TWO.)

1. A. Create an AWS Cloud Formation template that provisions a VPC and the required subnet
2. B. Deploy the template to each AWS account.
3. C. Create an AWS Cloud Formation template that provisions a VPC and the required subnet
4. D. Deploy the template to a shared services account Share the subnets by using AWS Resource Access Manager.
5. E. Use AWS Transit Gateway along with an AWS Site-to-Site VPN for connectivity to the on-premises networ
6. F. Share the transit gateway by using AWS Resource Access Manager.
7. G. Use AWS Site-to-Site VPN for connectivity to the on-premises network.
8. H. Use AWS Direct Connect for connectivity to the on-premises network.

Correct Answer: BD

- (Exam Topic 3)
A company hosts a VPN in an on-premises data center. Employees currently connect to the VPN to access files in their Windows home directories. Recently, there has been a large growth in the number of employees who work remotely. As a result, bandwidth usage for connections into the data center has begun to reach 100% during business hours.
The company must design a solution on AWS that will support the growth of the company's remote workforce, reduce the bandwidth usage for connections into the data center, and reduce operational overhead.
Which combination of steps will meet these requirements with the LEAST operational overhead? (Select TWO.)

1. A. Create an AWS Storage Gateway Volume Gatewa
2. B. Mount a volume from the Volume Gateway to the on-premises file server.
3. C. Migrate the home directories to Amazon FSx for Windows File Server.
4. D. Migrate the home directories to Amazon FSx for Lustre.
5. E. Migrate remote users to AWS Client VPN
6. F. Create an AWS Direct Connect connection from the on-premises data center to AWS.

Correct Answer: BD

- (Exam Topic 1)
A company has 50 AWS accounts that are members of an organization in AWS Organizations Each account contains multiple VPCs The company wants to use AWS Transit Gateway to establish connectivity between the VPCs in each member account Each time a new member account is created, the company wants to automate the process of creating a new VPC and a transit gateway attachment.
Which combination of steps will meet these requirements? (Select TWO)

1. A. From the management account, share the transit gateway with member accounts by using AWS Resource Access Manager
2. B. Prom the management account, share the transit gateway with member accounts by using an AWS Organizations SCP
3. C. Launch an AWS CloudFormation stack set from the management account that automatical^/ creates a new VPC and a VPC transit gateway attachment in a member accoun
4. D. Associate the attachment with the transit gateway in the management account by using the transit gateway ID.
5. E. Launch an AWS CloudFormation stack set from the management account that automatical^ creates a new VPC and a peering transit gateway attachment in a member accoun
6. F. Share the attachment with the transit gateway in the management account by using a transit gateway service-linked role.
7. G. From the management account, share the transit gateway with member accounts by using AWS Service Catalog

Correct Answer: AC
https://aws.amazon.com/blogs/mt/self-service-vpcs-in-aws-control-tower-using-aws-service-catalog/ https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-transitgatewayattachme