AWS-Certified-Solutions-Architect-Professional Free Practice Test

- (Exam Topic 3)
A North American company with headquarters on the East Coast is deploying a new web application running on Amazon EC2 in the us-east-1 Region. The application should dynamically scale to meet user demand and maintain resiliency. Additionally, the application must have disaster recover capabilities in an active-passive configuration with the us-west-1 Region.
Which steps should a solutions architect take after creating a VPC in the us-east-1 Region?

1. A. Create a VPC in the us-west-1 Regio
2. B. Use inter-Region VPC peering to connect both VPC
3. C. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in theus-east-1 Regio
4. D. Deploy EC2 instances across multiple AZs in each Region as part of an Auto Scalinggroup spanning both VPCs and served by the ALB.
5. E. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Regio
6. F. Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the AL
7. G. Deploy the same solution to the us-west-1 Regio
8. H. Create an Amazon Route 53 record set with a failover routing policy and health checks enabled to provide high availability across both Regions.
9. I. Create a VPC in the us-west-1 Regio
10. J. Use inter-Region VPC peering to connect both VPC
11. K. Deploy an Application Load Balancer (ALB) that spans both VPC
12. L. Deploy EC2 instances across multiple Availability Zones as part of an Auto Scaling group in each VPC served by the AL
13. M. Create an Amazon Route 53 record that points to the ALB.
14. N. Deploy an Application Load Balancer (ALB) spanning multiple Availability Zones (AZs) to the VPC in the us-east-1 Regio
15. O. Deploy EC2 instances across multiple AZs as part of an Auto Scaling group served by the AL
16. P. Deploy the same solution to the us-west-1 Regio
17. Q. Create separate Amazon Route 53 records in each Region that point to the ALB in the Regio
18. R. Use Route 53 health checks to provide high availability across both Regions.

Correct Answer: B

- (Exam Topic 2)
A company has a data lake in Amazon S3 that needs to be accessed by hundreds of applications across many AWS accounts. The company's information security policy states that the S3 bucket must not be accessed over the public internet and that each application should have the minimum permissions necessary to function.
To meet these requirements, a solutions architect plans to use an S3 access point that is restricted to specific VPCs for each application.
Which combination of steps should the solutions architect take to implement this solution? (Select TWO.)

1. A. Create an S3 access point for each application in the AWS account that owns the S3 bucke
2. B. Configureeach access point to be accessible only from the application's VP
3. C. Update the bucket policy to require access from an access point.
4. D. Create an interface endpoint for Amazon S3 in each application's VP
5. E. Configure the endpoint policy to allow access to an S3 access poin
6. F. Create a VPC gateway attachment for the S3 endpoint.
7. G. Create a gateway endpoint for Amazon S3 in each application's VP
8. H. Configure the endpoint policy to allow access to an S3 access poin
9. I. Specify the route table that is used to access the access point.
10. J. Create an S3 access point for each application in each AWS account and attach the access points to the S3 bucke
11. K. Configure each access point to be accessible only from the application's VP
12. L. Update the bucket policy to require access from an access point.
13. M. Create a gateway endpoint for Amazon S3 in the data lake's VP
14. N. Attach an endpoint policy to allow access to the S3 bucke
15. O. Specify the route table that is used to access the bucket.

Correct Answer: AC
https://joe.blog.freemansoft.com/2020/04/protect-data-in-cloud-with-s3-access.html

- (Exam Topic 3)
A company hosts a software as a service (SaaS) solution on AWS. The solution has an Amazon API Gateway API that serves an HTTPS endpoint. The API uses AWS Lambda functions for compute. The Lambda functions store data in an Amazon Aurora Serverless VI database.
The company used the AWS Serverless Application Model (AWS SAM) to deploy the solution. The solution extends across multiple Availability Zones and has no disaster recovery (DR) plan.
A solutions architect must design a DR strategy that can recover the solution in another AWS Region. The solution has an R TO of 5 minutes and an RPO of 1 minute.
What should the solutions architect do to meet these requirements?

1. A. Create a read replica of the Aurora Serverless VI database in the target Regio
2. B. Use AWS SAM to create a runbook to deploy the solution to the target Regio
3. C. Promote the read replica to primary in case of disaster.
4. D. Change the Aurora Serverless VI database to a standard Aurora MySQL global database that extends across the source Region and the target Regio
5. E. Use AWS SAM to create a runbook to deploy the solution to the target Region.
6. F. Create an Aurora Serverless VI DB cluster that has multiple writer instances in the target Region.Launch the solution in the target Regio
7. G. Configure the two Regional solutions to work in an active-passive configuration.
8. H. Change the Aurora Serverless VI database to a standard Aurora MySQL global database that extends across the source Region and the target Regio
9. I. Launch the solution in the target Regio
10. J. Configure the two Regional solutions to work in an active-passive configuration.

Correct Answer: D
This option allows the solutions architect to use Aurora global database to replicate data across multiple AWS Regions with low latency and high availability1. By launching the solution in the target Region,
the solutions architect can ensure that the API Gateway, Lambda functions, and other resources are ready to serve traffic in case of a disaster in the source Region. By configuring the two Regional solutions to work in an active-passive configuration, the solutions architect can minimize costs and avoid data conflicts by having only one primary Region that accepts write operations and one secondary Region that serves as a
standby2. The RTO and RPO requirements can be met by using Aurora global database, which supports sub-second failover times and near real-time replication1.
References:
Working with Amazon Aurora global database
Active-passive failover

- (Exam Topic 2)
A retail company needs to provide a series of data files to another company, which is its business partner These files are saved in an Amazon S3 bucket under Account A. which belongs to the retail company. The business partner company wants one of its 1AM users. User_DataProcessor. to access the files from its own AWS account (Account B).
Which combination of steps must the companies take so that User_DataProcessor can access the S3 bucket successfully? (Select TWO.)

1. A. Turn on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account
2. B. In Account
3. C. set the S3 bucket policy to the following:
4. D. In Account
5. E. set the S3 bucket policy to the following:
6. F. In Account
7. G. set the permissions of User_DataProcessor to the following:
8. H. In Account Bt set the permissions of User_DataProcessor to the following:

Correct Answer: CD
https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/

- (Exam Topic 2)
A company has multiple business units that each have separate accounts on AWS. Each business unit manages its own network with several VPCs that have CIDR ranges that overlap. The company’s marketing team has created a new internal application and wants to make the application accessible to all the other business units. The solution must use private IP addresses only.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Instruct each business unit to add a unique secondary CIDR range to the business unit's VP
2. B. Peer the VPCs and use a private NAT gateway in the secondary range to route traffic to the marketing team.
3. C. Create an Amazon EC2 instance to serve as a virtual appliance in the marketing account's VP
4. D. Create an AWS Site-to-Site VPN connection between the marketing team and each business unit's VP
5. E. Perform NAT where necessary.
6. F. Create an AWS PrivateLink endpoint service to share the marketing applicatio
7. G. Grant permission to specific AWS accounts to connect to the servic
8. H. Create interface VPC endpoints in other accounts to access the application by using private IP addresses.
9. I. Create a Network Load Balancer (NLB) in front of the marketing application in a private subne
10. J. Create an API Gateway AP
11. K. Use the Amazon API Gateway private integration to connect the API to the NL
12. L. Activate IAM authorization for the AP
13. M. Grant access to the accounts of the other business units.

Correct Answer: C
With AWS PrivateLink, the marketing team can create an endpoint service to share their internal application with other accounts securely using private IP addresses. They can grant permission to specific AWS accounts to connect to the service and create interface VPC endpoints in the other accounts to access the application by using private IP addresses. This option does not require any changes to the network of the other business units, and it does not require peering or NATing. This solution is both scalable and secure.
https://aws.amazon.com/blogs/networking-and-content-delivery/connecting-networks-with-overlapping-ip-range