AWS-Solution-Architect-Associate Free Practice Test

- (Topic 4)
A company wants to deploy its containerized application workloads to a VPC across three Availability Zones. The company needs a solution that is highly available across Availability Zones. The solution must require minimal changes to the application.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Use Amazon Elastic Container Service (Amazon ECS). Configure Amazon ECS Service Auto Scaling to use target tracking scalin
2. B. Set the minimum capacity to 3. Set the task placement strategy type to spread with an Availability Zone attribute.
3. C. Use Amazon Elastic Kubernetes Service (Amazon EKS) self-managed node
4. D. Configure Application Auto Scaling to use target tracking scalin
5. E. Set the minimum capacity to 3.
6. F. Use Amazon EC2 Reserved Instance
7. G. Launch three EC2 instances in a spread placement grou
8. H. Configure an Auto Scaling group to use target tracking scalin
9. I. Set the minimum capacity to 3.
10. J. Use an AWS Lambda functio
11. K. Configure the Lambda function to connect to a VP
12. L. Configure Application Auto Scaling to use Lambda as a scalable targe
13. M. Set the minimum capacity to 3.

Correct Answer: A
The company wants to deploy its containerized application workloads to a VPC across three Availability Zones, with high availability and minimal changes to the application. The solution that will meet these requirements with the least operational overhead is:
✑ Use Amazon Elastic Container Service (Amazon ECS). Amazon ECS is a fully
managed container orchestration service that allows you to run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install, operate, and scale your own cluster management infrastructure. Amazon ECS also integrates with other AWS services, such as VPC, ELB, CloudFormation, CloudWatch, IAM, and more.
✑ Configure Amazon ECS Service Auto Scaling to use target tracking scaling.
Amazon ECS Service Auto Scaling allows you to automatically adjust the number of tasks in your service based on the demand or custom metrics. Target tracking scaling is a policy type that adjusts the number of tasks in your service to keep a specified metric at a target value. For example, you can use target tracking scaling to maintain a target CPU utilization or request count per task for your service.
✑ Set the minimum capacity to 3. This ensures that your service always has at least
three tasks running across three Availability Zones, providing high availability and fault tolerance for your application.
✑ Set the task placement strategy type to spread with an Availability Zone attribute.
This ensures that your tasks are evenly distributed across the Availability Zones in your cluster, maximizing the availability of your service.
This solution will provide high availability across Availability Zones, require minimal changes to the application, and reduce the operational overhead of managing your own cluster infrastructure.
References:
✑ Amazon Elastic Container Service
✑ Amazon ECS Service Auto Scaling
✑ Target Tracking Scaling Policies for Amazon ECS Services
✑ Amazon ECS Task Placement Strategies

- (Topic 4)
A social media company runs its application on Amazon EC2 instances behind an Application Load Balancer (ALB). The ALB is the origin for an Amazon CloudFront distribution. The application has more than a billion images stored in an Amazon S3 bucket and processes thousands of images each second. The company wants to resize the images dynamically and serve appropriate formats to clients.
Which solution will meet these requirements with the LEAST operational overhead?

1. A. Install an external image management library on an EC2 instanc
2. B. Use the imagemanagement library to process the images.
3. C. Create a CloudFront origin request polic
4. D. Use the policy to automatically resize images and to serve the appropriate format based on the User-Agent HTTP header in the request.
5. E. Use a Lambda@Edge function with an external image management librar
6. F. Associate the Lambda@Edge function with the CloudFront behaviors that serve the images.
7. G. Create a CloudFront response headers polic
8. H. Use the policy to automatically resize images and to serve the appropriate format based on the User-Agent HTTP header in the request.

Correct Answer: C
To resize images dynamically and serve appropriate formats to clients, a Lambda@Edge function with an external image management library can be used. Lambda@Edge allows running custom code at the edge locations of CloudFront, which can process the images on the fly and optimize them for different devices and browsers. An external image management library can provide various image manipulation and optimization features. References:
✑ Lambda@Edge
✑ Resizing Images with Amazon CloudFront & Lambda@Edge

- (Topic 4)
The DNS provider that hosts a company's domain name records is experiencing outages that cause service disruption for a website running on AWS. The company needs to
migrate to a more resilient managed DNS service and wants the service to run on AWS. What should a solutions architect do to rapidly migrate the DNS hosting service?

1. A. Create an Amazon Route 53 public hosted zone for the domain nam
2. B. Import the zone file containing the domain records hosted by the previous provider
3. C. Create an Amazon Route 53 private hosted zone for the domain name Import the zone file containing the domain records hosted by the previous provider.
4. D. Create a Simple AD directory in AW
5. E. Enable zone transfer between the DNS provider and AWS Directory Service for Microsoft Active Directory for the domain records.
6. F. Create an Amazon Route 53 Resolver inbound endpomt in the VP
7. G. Specify the IP addresses that the provider's DNS will forward DNS queries t
8. H. Configure the provider's DNS to forward DNS queries for the domain to the IP addresses that are specified in the inbound endpoint.

Correct Answer: A
To migrate the DNS hosting service to a more resilient managed DNS service on AWS, the company should use Amazon Route 53, which is a highly available and scalable cloud DNS web service. Route 53 can host public DNS records for the company’s domain name and provide reliable and secure DNS resolution. To rapidly migrate the DNS hosting service, the company should create a public hosted zone for the domain name in Route 53, which is a container for the domain’s DNS records. Then, the company should import the zone file containing the domain records hosted by the previous provider, which is a text file that defines the DNS records for the domain. This way, the company can quickly transfer the existing DNS records to Route 53 without manually creating them. After importing the zone file, the company should update the domain registrar to use the name servers that Route 53 assigns to the hosted zone. This will ensure that DNS queries for the domain name are routed to Route 53 and resolved by the imported records.

- (Topic 4)
A company's developers want a secure way to gain SSH access on the company's Amazon EC2 instances that run the latest version of Amazon Linux. The developers work remotely and in the corporate office.
The company wants to use AWS services as a part of the solution. The EC2 instances are hosted in a VPC private subnet and access the internet through a NAT gateway that is deployed in a public subnet.
What should a solutions architect do to meet these requirements MOST cost-effectively?

1. A. Create a bastion host in the same subnet as the EC2 instance
2. B. Grant the ec2:CreateVpnConnection 1AM permission to the developer
3. C. Install EC2 Instance Connect so that the developers can connect to the EC2 instances.
4. D. Create an AWS Site-to-Site VPN connection between the corporate network and the VP
5. E. Instruct the developers to use the Site-to-Site VPN connection to access the EC2 instances when the developers are on the corporate networ
6. F. Instruct the developers to set up another VPN connection for access when they work remotely.
7. G. Create a bastion host in the public subnet of the VP
8. H. Configure the security groups and SSH keys of the bastion host to only allow connections and SSH authentication from the developers' corporate and remote network
9. I. Instruct the developers to connect through the bastion host by using SSH to reach the EC2 instances.
10. J. Attach the AmazonSSMManagedlnstanceCore 1AM policy to an 1AM role that is associated with the EC2 instance
11. K. Instruct the developers to use AWS Systems Manager Session Manager to access the EC2 instances.

Correct Answer: D
AWS Systems Manager Session Manager is a service that enables you to securely connect to your EC2 instances without using SSH keys or bastion hosts. You can use Session Manager to access your instances through the AWS Management Console, the AWS CLI, or the AWS SDKs. Session Manager uses IAM policies and roles to control who can access which instances. By attaching the AmazonSSMManagedlnstanceCore IAM policy to an IAM role that is associated with the EC2 instances, you grant the Session Manager service the necessary permissions to perform actions on your instances. You also need to attach another IAM policy to the developers’ IAM users or roles that allows them to start sessions to the instances. Session Manager uses the AWS Systems Manager Agent (SSM Agent) that is installed by default on Amazon Linux 2 and other supported Linux distributions. Session Manager also encrypts all session data between your client and your instances, and streams session logs to Amazon S3, Amazon CloudWatch Logs, or both for auditing purposes. This solution is the most cost-effective, as it does not require any additional resources or services, such as bastion hosts, VPN connections, or NAT gateways. It also simplifies the security and management of SSH access, as it eliminates the need for SSH keys, port opening, or firewall rules. References:
✑ What is AWS Systems Manager?
✑ Setting up Session Manager
✑ Getting started with Session Manager
✑ Controlling access to Session Manager
✑ Logging Session Manager activity

- (Topic 3)
A company has a web application with sporadic usage patterns There is heavy usage at the beginning of each month moderate usage at the start of each week and unpredictable usage during the week The application consists of a web server and a MySQL database server running inside the data center The company would like to move the application to the AWS Cloud and needs to select a cost-effective database platform that will not require database modifications
Which solution will meet these requirements?

1. A. Amazon DynamoDB
2. B. Amazon RDS for MySQL
3. C. MySQL-compatible Amazon Aurora Serverless
4. D. MySQL deployed on Amazon EC2 in an Auto Scaling group

Correct Answer: C
Amazon RDS for MySQL is a fully-managed relational database service that makes it easy
to set up, operate, and scale MySQL deployments in the cloud. Amazon Aurora Serverless is an on-demand, auto-scaling configuration for Amazon Aurora (MySQL-compatible edition), where the database will automatically start up, shut down, and scale capacity up or down based on your application’s needs. It is a simple, cost-effective option for infrequent, intermittent, or unpredictable workloads.